Silence a clang-analyze warning The check is already effectively performed later in the function, but implicitly, so Clang's analysis fail to notice the functions are in fact safe. Pulling the check up to the top helps Clang to verify the behaviour.

commit: 42d47f0fb5414bc5cb07e0353303a6d81297dda3 [log] [tgz]
author: Nicholas Wilson <nicholas.wilson@realvnc.com> Wed Apr 13 11:53:27 2016 +0100
committer: Nicholas Wilson <nicholas.wilson@realvnc.com> Wed Apr 13 11:57:36 2016 +0100
tree: b8a4e1518b18803b80246e629d189178dfbfd395
parent: 5d5e421d089bf02488f5a0f06ae3a727ff9aadd7 [diff] [blame]
diff --git a/library/x509_csr.c b/library/x509_csr.c
index f8c45f8..603d06b 100644
--- a/library/x509_csr.c
+++ b/library/x509_csr.c

@@ -104,7 +104,7 @@
     /*
      * Check for valid input
      */
-    if( csr == NULL || buf == NULL )
+    if( csr == NULL || buf == NULL || buflen == 0 )
         return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
 
     mbedtls_x509_csr_init( csr );
@@ -274,14 +274,14 @@
     /*
      * Check for valid input
      */
-    if( csr == NULL || buf == NULL )
+    if( csr == NULL || buf == NULL || buflen == 0 )
         return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
 
 #if defined(MBEDTLS_PEM_PARSE_C)
     mbedtls_pem_init( &pem );
 
     /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
-    if( buflen == 0 || buf[buflen - 1] != '\0' )
+    if( buf[buflen - 1] != '\0' )
         ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
     else
         ret = mbedtls_pem_read_buffer( &pem,
commit	42d47f0fb5414bc5cb07e0353303a6d81297dda3	[log] [tgz]
author	Nicholas Wilson <nicholas.wilson@realvnc.com>	Wed Apr 13 11:53:27 2016 +0100
committer	Nicholas Wilson <nicholas.wilson@realvnc.com>	Wed Apr 13 11:57:36 2016 +0100
tree	b8a4e1518b18803b80246e629d189178dfbfd395
parent	5d5e421d089bf02488f5a0f06ae3a727ff9aadd7 [diff] [blame]