Merge pull request #7019 from tom-cosgrove-arm/dont-use-cast-assignment-in-ssl_server2.c
Don't use cast-assignment in ssl_server.c
diff --git a/ChangeLog.d/fix-example-programs-no-args.txt b/ChangeLog.d/fix-example-programs-no-args.txt
new file mode 100644
index 0000000..57fe37a
--- /dev/null
+++ b/ChangeLog.d/fix-example-programs-no-args.txt
@@ -0,0 +1,4 @@
+Bugfix
+ * Fix behavior of certain sample programs which could, when run with no
+ arguments, access uninitialized memory in some cases. Fixes #6700 (which
+ was found by TrustInSoft Analyzer during REDOCS'22) and #1120.
diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c
index e2e49e3..995694a 100644
--- a/programs/hash/generic_sum.c
+++ b/programs/hash/generic_sum.c
@@ -169,7 +169,7 @@
mbedtls_md_init(&md_ctx);
- if (argc == 1) {
+ if (argc < 2) {
const int *list;
mbedtls_printf("print mode: generic_sum <mbedtls_md> <file> <file> ...\n");
diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c
index 25371ba..1f4cd59 100644
--- a/programs/pkey/dh_genprime.c
+++ b/programs/pkey/dh_genprime.c
@@ -71,7 +71,7 @@
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_entropy_init(&entropy);
- if (argc == 0) {
+ if (argc < 2) {
usage:
mbedtls_printf(USAGE);
goto exit;
diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c
index 85ee435..029558d 100644
--- a/programs/pkey/gen_key.c
+++ b/programs/pkey/gen_key.c
@@ -200,7 +200,7 @@
mbedtls_ctr_drbg_init(&ctr_drbg);
memset(buf, 0, sizeof(buf));
- if (argc == 0) {
+ if (argc < 2) {
usage:
mbedtls_printf(USAGE);
#if defined(MBEDTLS_ECP_C)
diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c
index 8ed88da..c80dcd0 100644
--- a/programs/pkey/key_app.c
+++ b/programs/pkey/key_app.c
@@ -103,7 +103,7 @@
mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
- if (argc == 0) {
+ if (argc < 2) {
usage:
mbedtls_printf(USAGE);
goto cleanup;
diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c
index 2dbb79e..862c93f 100644
--- a/programs/pkey/key_app_writer.c
+++ b/programs/pkey/key_app_writer.c
@@ -220,7 +220,7 @@
mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
- if (argc == 0) {
+ if (argc < 2) {
usage:
mbedtls_printf(USAGE);
goto exit;
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index b124065..03034d1 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -867,7 +867,7 @@
mbedtls_test_enable_insecure_external_rng();
#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
- if (argc == 0) {
+ if (argc < 2) {
usage:
if (ret == 0) {
ret = 1;
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index 4e54be8..3b040aa 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -370,7 +370,7 @@
mbedtls_pk_init(&pkey);
mbedtls_ctr_drbg_init(&ctr_drbg);
- if (argc == 0) {
+ if (argc < 2) {
usage:
mbedtls_printf(USAGE);
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 3beb56e..2fa9a81 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -1638,7 +1638,7 @@
signal(SIGINT, term_handler);
#endif
- if (argc == 0) {
+ if (argc < 2) {
usage:
if (ret == 0) {
ret = 1;
diff --git a/programs/test/query_compile_time_config.c b/programs/test/query_compile_time_config.c
index 8f763fa..df0fe4a 100644
--- a/programs/test/query_compile_time_config.c
+++ b/programs/test/query_compile_time_config.c
@@ -40,7 +40,7 @@
{
int i;
- if (argc == 1 || strcmp(argv[1], "-h") == 0) {
+ if (argc < 2 || strcmp(argv[1], "-h") == 0) {
mbedtls_printf(USAGE, argv[0]);
return MBEDTLS_EXIT_FAILURE;
}
diff --git a/programs/util/pem2der.c b/programs/util/pem2der.c
index 4a25f21..5dd367a 100644
--- a/programs/util/pem2der.c
+++ b/programs/util/pem2der.c
@@ -189,7 +189,7 @@
memset(buf, 0, sizeof(buf));
memset(der_buffer, 0, sizeof(der_buffer));
- if (argc == 0) {
+ if (argc < 2) {
usage:
mbedtls_printf(USAGE);
goto exit;
diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c
index 6135238..a9656c6 100644
--- a/programs/x509/cert_app.c
+++ b/programs/x509/cert_app.c
@@ -161,7 +161,7 @@
memset(&cacrl, 0, sizeof(mbedtls_x509_crl));
#endif
- if (argc == 0) {
+ if (argc < 2) {
usage:
mbedtls_printf(USAGE);
goto exit;
diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c
index 1126e60..8ef5932 100644
--- a/programs/x509/cert_req.c
+++ b/programs/x509/cert_req.c
@@ -159,7 +159,7 @@
mbedtls_ctr_drbg_init(&ctr_drbg);
memset(buf, 0, sizeof(buf));
- if (argc == 0) {
+ if (argc < 2) {
usage:
mbedtls_printf(USAGE);
goto exit;
diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index 287dd34..0daee56 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -329,7 +329,7 @@
memset(buf, 0, sizeof(buf));
memset(serial, 0, sizeof(serial));
- if (argc == 0) {
+ if (argc < 2) {
usage:
mbedtls_printf(USAGE);
goto exit;
diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c
index f06987c..d74a488 100644
--- a/programs/x509/crl_app.c
+++ b/programs/x509/crl_app.c
@@ -70,7 +70,7 @@
*/
mbedtls_x509_crl_init(&crl);
- if (argc == 0) {
+ if (argc < 2) {
usage:
mbedtls_printf(USAGE);
goto exit;
diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c
index 8cfe4a4..83e2546 100644
--- a/programs/x509/req_app.c
+++ b/programs/x509/req_app.c
@@ -70,7 +70,7 @@
*/
mbedtls_x509_csr_init(&csr);
- if (argc == 0) {
+ if (argc < 2) {
usage:
mbedtls_printf(USAGE);
goto exit;