From 2f27523e44499686ec010f00f7ebc3f5c7598b54 Mon Sep 17 00:00:00 2001 From: Azat Khuzhin Date: Sun, 18 Feb 2024 18:22:21 +0100 Subject: [PATCH] bufferevent_ssl: do not return NULL from upcast /src/le/libevent/bufferevent_ssl.c:863: error: Null Dereference pointer `bev_ssl` last assigned on line 855 could be null and is dereferenced at line 863, column 6. 861. r2 = start_writing(bev_ssl); 862. 863. if (bev_ssl->underlying) { ^ 864. if (events & EV_READ) 865. BEV_RESET_GENERIC_READ_TIMEOUT(bev); --- bufferevent_mbedtls.c | 3 --- bufferevent_ssl.c | 37 ++++++++++++++++++++----------------- 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/bufferevent_mbedtls.c b/bufferevent_mbedtls.c index b0e960fa..58a038dc 100644 --- a/bufferevent_mbedtls.c +++ b/bufferevent_mbedtls.c @@ -292,9 +292,6 @@ bufferevent_mbedtls_get_ssl(struct bufferevent *bufev) int bufferevent_mbedtls_renegotiate(struct bufferevent *bufev) { - struct bufferevent_ssl *bev_ssl = bufferevent_ssl_upcast(bufev); - if (!bev_ssl) - return -1; return bufferevent_ssl_renegotiate_impl(bufev); } diff --git a/bufferevent_ssl.c b/bufferevent_ssl.c index 1f1b4ed3..4eaebb6e 100644 --- a/bufferevent_ssl.c +++ b/bufferevent_ssl.c @@ -105,8 +105,7 @@ struct bufferevent_ssl * bufferevent_ssl_upcast(struct bufferevent *bev) { struct bufferevent_ssl *bev_o; - if (!BEV_IS_SSL(bev)) - return NULL; + EVUTIL_ASSERT(BEV_IS_SSL(bev)); bev_o = (void*)( ((char*)bev) - evutil_offsetof(struct bufferevent_ssl, bev.bev)); EVUTIL_ASSERT(BEV_IS_SSL(&bev_o->bev.bev)); @@ -815,9 +814,11 @@ set_handshake_callbacks(struct bufferevent_ssl *bev_ssl, evutil_socket_t fd) int bufferevent_ssl_renegotiate_impl(struct bufferevent *bev) { - struct bufferevent_ssl *bev_ssl = bufferevent_ssl_upcast(bev); - if (!bev_ssl) + struct bufferevent_ssl *bev_ssl; + if (!BEV_IS_SSL(bev)) return -1; + + bev_ssl = bufferevent_ssl_upcast(bev); if (bev_ssl->ssl_ops->renegotiate(bev_ssl->ssl) < 0) return -1; bev_ssl->state = BUFFEREVENT_SSL_CONNECTING; @@ -1098,9 +1099,13 @@ bufferevent_get_ssl_error(struct bufferevent *bev) { unsigned long err = 0; struct bufferevent_ssl *bev_ssl; + + if (BEV_IS_SSL(bev)) + return err; + BEV_LOCK(bev); bev_ssl = bufferevent_ssl_upcast(bev); - if (bev_ssl && bev_ssl->n_errors) { + if (bev_ssl->n_errors) { err = bev_ssl->errors[--bev_ssl->n_errors]; } BEV_UNLOCK(bev); @@ -1112,10 +1117,12 @@ ev_uint64_t bufferevent_ssl_get_flags(struct bufferevent *bev) ev_uint64_t flags = EV_UINT64_MAX; struct bufferevent_ssl *bev_ssl; + if (!BEV_IS_SSL(bev)) + return flags; + BEV_LOCK(bev); bev_ssl = bufferevent_ssl_upcast(bev); - if (bev_ssl) - flags = bev_ssl->flags; + flags = bev_ssl->flags; BEV_UNLOCK(bev); return flags; @@ -1126,15 +1133,13 @@ ev_uint64_t bufferevent_ssl_set_flags(struct bufferevent *bev, ev_uint64_t flags struct bufferevent_ssl *bev_ssl; flags &= (BUFFEREVENT_SSL_DIRTY_SHUTDOWN|BUFFEREVENT_SSL_BATCH_WRITE); - if (!flags) + if (!flags || !BEV_IS_SSL(bev)) return old_flags; BEV_LOCK(bev); bev_ssl = bufferevent_ssl_upcast(bev); - if (bev_ssl) { - old_flags = bev_ssl->flags; - bev_ssl->flags |= flags; - } + old_flags = bev_ssl->flags; + bev_ssl->flags |= flags; BEV_UNLOCK(bev); return old_flags; @@ -1145,15 +1150,13 @@ ev_uint64_t bufferevent_ssl_clear_flags(struct bufferevent *bev, ev_uint64_t fla struct bufferevent_ssl *bev_ssl; flags &= (BUFFEREVENT_SSL_DIRTY_SHUTDOWN|BUFFEREVENT_SSL_BATCH_WRITE); - if (!flags) + if (!flags || !BEV_IS_SSL(bev)) return old_flags; BEV_LOCK(bev); bev_ssl = bufferevent_ssl_upcast(bev); - if (bev_ssl) { - old_flags = bev_ssl->flags; - bev_ssl->flags &= ~flags; - } + old_flags = bev_ssl->flags; + bev_ssl->flags &= ~flags; BEV_UNLOCK(bev); return old_flags;