Check for NULL dereference before using secure free (#2151)

* Check for NULL dereference before using secure free

Signed-off-by: Hussain1811 <Sadiq.Hussain.M@ibm.com>
* Skip failing CI test (#2157)

* Skip failing CI test

Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
* Fix typo

Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
---------

Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
---------

Signed-off-by: Hussain1811 <Sadiq.Hussain.M@ibm.com>
Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
Co-authored-by: Hussain1811 <Sadiq.Hussain.M@ibm.com>
Co-authored-by: Douglas Stebila <dstebila@users.noreply.github.com>

diff --git a/src/sig_stfl/lms/sig_stfl_lms_functions.c b/src/sig_stfl/lms/sig_stfl_lms_functions.c
index 18023cf8d58c392430aa6244ada6a5f60d5c58ff..2b8a08ed7542faec8d143498503b83b2745a855e 100644 (file)
--- a/src/sig_stfl/lms/sig_stfl_lms_functions.c
+++ b/src/sig_stfl/lms/sig_stfl_lms_functions.c
@@ -660,7 +660,7 @@ void oqs_secret_lms_key_free(OQS_SIG_STFL_SECRET_KEY *sk) {
 
        if (sk->secret_key_data) {
                oqs_lms_key_data *key_data = (oqs_lms_key_data *)sk->secret_key_data;
-               if (key_data) {
+               if (key_data != NULL) {
                        OQS_MEM_secure_free(key_data->sec_key, key_data->len_sec_key);
                        key_data->sec_key = NULL;
 

diff --git a/tests/test_kem.c b/tests/test_kem.c
index 06fa1c1719a1f4592d3fe2ef1d32959cb65e5777..85c1d0219dd11af5ae1a5e6fa9eebace706f1603 100644 (file)
--- a/tests/test_kem.c
+++ b/tests/test_kem.c
@@ -279,13 +279,13 @@ err:
        ret = OQS_ERROR;
 
 cleanup:
-       if (secret_key) {
+       if ((secret_key) && (kem != NULL)) {
                OQS_MEM_secure_free(secret_key - sizeof(magic_t), kem->length_secret_key + 2 * sizeof(magic_t));
        }
-       if (shared_secret_e) {
+       if ((shared_secret_e) && (kem != NULL)) {
                OQS_MEM_secure_free(shared_secret_e - sizeof(magic_t), kem->length_shared_secret + 2 * sizeof(magic_t));
        }
-       if (shared_secret_d) {
+       if ((shared_secret_d) && (kem != NULL)) {
                OQS_MEM_secure_free(shared_secret_d - sizeof(magic_t), kem->length_shared_secret + 2 * sizeof(magic_t));
        }
        if (public_key) {
@@ -294,7 +294,7 @@ cleanup:
        if (ciphertext) {
                OQS_MEM_insecure_free(ciphertext - sizeof(magic_t));
        }
-       if (seed) {
+       if ((seed) && (kem != NULL)) {
                OQS_MEM_secure_free(seed - sizeof(magic_t), kem->length_keypair_seed + 2 * sizeof(magic_t));
        }
        OQS_KEM_free(kem);

diff --git a/tests/test_sig.c b/tests/test_sig.c
index a8e9935caf4f09623a2b58341bf60f409dd40770..57c261bd3916fc36ace8ef9eaa6015c804480b00 100644 (file)
--- a/tests/test_sig.c
+++ b/tests/test_sig.c
@@ -211,7 +211,7 @@ err:
        ret = OQS_ERROR;
 
 cleanup:
-       if (secret_key) {
+       if ((secret_key) && (sig != NULL)) {
                OQS_MEM_secure_free(secret_key - sizeof(magic_t), sig->length_secret_key + 2 * sizeof(magic_t));
        }
        if (public_key) {

diff --git a/zephyr/samples/KEMs/src/main.c b/zephyr/samples/KEMs/src/main.c
index a3a0e1354b424f513a51a9910985a87ee9d75ee6..f1bbeae5ccd0c1088c7988928ae3339f4cc5d732 100644 (file)
--- a/zephyr/samples/KEMs/src/main.c
+++ b/zephyr/samples/KEMs/src/main.c
@@ -152,13 +152,13 @@ err:
        ret = OQS_ERROR;
 
 cleanup:
-       if (secret_key) {
+       if ((secret_key) && (kem != NULL)) {
                OQS_MEM_secure_free(secret_key - sizeof(magic_t), kem->length_secret_key + 2 * sizeof(magic_t));
        }
-       if (shared_secret_e) {
+       if ((shared_secret_e) && (kem != NULL)) {
                OQS_MEM_secure_free(shared_secret_e - sizeof(magic_t), kem->length_shared_secret + 2 * sizeof(magic_t));
        }
-       if (shared_secret_d) {
+       if ((shared_secret_d) && (kem != NULL)) {
                OQS_MEM_secure_free(shared_secret_d - sizeof(magic_t), kem->length_shared_secret + 2 * sizeof(magic_t));
        }
        if (public_key) {

diff --git a/zephyr/samples/Signatures/src/main.c b/zephyr/samples/Signatures/src/main.c
index 9b2bc548224dc9de2d40551c81e1c9124951e4a3..e6034624f406f05471bdec8f0b1b09d514809eb3 100644 (file)
--- a/zephyr/samples/Signatures/src/main.c
+++ b/zephyr/samples/Signatures/src/main.c
@@ -132,7 +132,7 @@ err:
        ret = OQS_ERROR;
 
 cleanup:
-       if (secret_key) {
+       if ((secret_key) && (sig != NULL)) {
                OQS_MEM_secure_free(secret_key - sizeof(magic_t), sig->length_secret_key + 2 * sizeof(magic_t));
        }
        if (public_key) {