jarsign.c

clang -cc1 -cc1 -triple x86_64-pc-linux-gnu -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name jarsign.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -analyzer-config-compatibility-mode=true -mrelocation-model pic -pic-level 2 -fhalf-no-semantic-interposition -mframe-pointer=all -fmath-errno -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fdebug-compilation-dir=/var/lib/jenkins/workspace/nss-scan-build/nss/lib/jar -ffunction-sections -fdata-sections -fcoverage-compilation-dir=/var/lib/jenkins/workspace/nss-scan-build/nss/lib/jar -resource-dir /usr/lib/llvm-18/lib/clang/18 -D HAVE_STRERROR -D LINUX -D linux -D XP_UNIX -D XP_UNIX -D MOZILLA_CLIENT=1 -D DEBUG -U NDEBUG -D _DEFAULT_SOURCE -D _BSD_SOURCE -D _POSIX_SOURCE -D SDB_MEASURE_USE_TEMP_DIR -D _REENTRANT -D DEBUG -U NDEBUG -D _DEFAULT_SOURCE -D _BSD_SOURCE -D _POSIX_SOURCE -D SDB_MEASURE_USE_TEMP_DIR -D _REENTRANT -D NSS_DISABLE_SSE3 -D NSS_NO_INIT_SUPPORT -D USE_UTIL_DIRECTLY -D NO_NSPR_10_SUPPORT -D SSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -D NSS_X86_OR_X64 -D NSS_X64 -I ../../../dist/Linux4.19_x86_64_gcc_glibc_PTH_64_DBG.OBJ/include -I ../../../dist/public/nss -I ../../../dist/private/nss -internal-isystem /usr/lib/llvm-18/lib/clang/18/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/14/../../../../x86_64-linux-gnu/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -std=c99 -ferror-limit 19 -fgnuc-version=4.2.1 -analyzer-output=html -analyzer-config stable-report-filename=true -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/scan-build-2024-05-18-082241-28900-1 -x c jarsign.c

File:	s/lib/jar/jarsign.c
Warning:	line 237, column 5 Value stored to 'rv' is never read

Bug Summary

Annotated Source Code

1	/* This Source Code Form is subject to the terms of the Mozilla Public
2	* License, v. 2.0. If a copy of the MPL was not distributed with this
3	* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4
5	/*
6	* JARSIGN
7	*
8	* Routines used in signing archives.
9	*/
10
11	#include "jar.h"
12	#include "jarint.h"
13	#include "secpkcs7.h"
14	#include "pk11func.h"
15	#include "sechash.h"
16
17	/* from libevent.h */
18	typedef void (ETVoidPtrFunc)(void data);
19
20	/* key database wrapper */
21	/* static SECKEYKeyDBHandle jar_open_key_database (void); /
22	/* CHUNQ is our bite size */
23
24	#define CHUNQ64000 64000
25	#define FILECHUNQ32768 32768
26
27	/*
28	* J A R _ c a l c u l a t e _ d i g e s t
29	*
30	* Quick calculation of a digest for
31	* the specified block of memory. Will calculate
32	* for all supported algorithms, now MD5.
33	*
34	* This version supports huge pointers for WIN16.
35	*
36	*/
37	JAR_Digest *PR_CALLBACK
38	JAR_calculate_digest(void *data, long length)
39	{
40	PK11Context *md5 = 0;
41	PK11Context *sha1 = 0;
42	JAR_Digest dig = PORT_ZNew(JAR_Digest)(JAR_Digest )PORT_ZAlloc_Util(sizeof(JAR_Digest));
43	long chunq;
44	unsigned int md5_length, sha1_length;
45
46	if (dig == NULL((void*)0)) {
47	/* out of memory allocating digest */
48	return NULL((void*)0);
49	}
50
51	md5 = PK11_CreateDigestContext(SEC_OID_MD5);
52	if (md5 == NULL((void*)0)) {
53	PORT_ZFreePORT_ZFree_Util(dig, sizeof(JAR_Digest));
54	return NULL((void*)0);
55	}
56	sha1 = PK11_CreateDigestContext(SEC_OID_SHA1);
57	if (sha1 == NULL((void*)0)) {
58	PK11_DestroyContext(md5, PR_TRUE1);
59	/* added due to bug Bug 1250214 - prevent the 2nd memory leak */
60	PORT_ZFreePORT_ZFree_Util(dig, sizeof(JAR_Digest));
61	return NULL((void*)0);
62	}
63
64	if (length >= 0) {
65	PK11_DigestBegin(md5);
66	PK11_DigestBegin(sha1);
67
68	do {
69	chunq = length;
70
71	PK11_DigestOp(md5, (unsigned char *)data, chunq);
72	PK11_DigestOp(sha1, (unsigned char *)data, chunq);
73	length -= chunq;
74	data = ((char *)data + chunq);
75	} while (length > 0);
76
77	PK11_DigestFinal(md5, dig->md5, &md5_length, MD5_LENGTH16);
78	PK11_DigestFinal(sha1, dig->sha1, &sha1_length, SHA1_LENGTH20);
79
80	PK11_DestroyContext(md5, PR_TRUE1);
81	PK11_DestroyContext(sha1, PR_TRUE1);
82	}
83	return dig;
84	}
85
86	/*
87	* J A R _ d i g e s t _ f i l e
88	*
89	* Calculates the MD5 and SHA1 digests for a file
90	* present on disk, and returns these in JAR_Digest struct.
91	*
92	*/
93	int
94	JAR_digest_file(char filename, JAR_Digest dig)
95	{
96	JAR_FILEPRFileDesc * fp;
97	PK11Context *md5 = 0;
98	PK11Context *sha1 = 0;
99	unsigned char buf = (unsigned char )PORT_ZAllocPORT_ZAlloc_Util(FILECHUNQ32768);
100	int num;
101	unsigned int md5_length, sha1_length;
102
103	if (buf == NULL((void*)0)) {
104	/* out of memory */
105	return JAR_ERR_MEMORY((-0x2000) + 300 + 4);
106	}
107
108	if ((fp = JAR_FOPEN(filename, "rb")JAR_FOPEN_to_PR_Open(filename, "rb")) == 0) {
109	/* perror (filename); FIX XXX XXX XXX XXX XXX XXX */
110	PORT_FreePORT_Free_Util(buf);
111	return JAR_ERR_FNF((-0x2000) + 300 + 2);
112	}
113
114	md5 = PK11_CreateDigestContext(SEC_OID_MD5);
115	sha1 = PK11_CreateDigestContext(SEC_OID_SHA1);
116
117	if (md5 == NULL((void)0) \|\| sha1 == NULL((void)0)) {
118	if (md5) {
119	PK11_DestroyContext(md5, PR_TRUE1);
120	}
121	if (sha1) {
122	PK11_DestroyContext(sha1, PR_TRUE1);
123	}
124	/* can't generate digest contexts */
125	PORT_FreePORT_Free_Util(buf);
126	JAR_FCLOSEPR_Close(fp);
127	return JAR_ERR_GENERAL((-0x2000) + 300 + 1);
128	}
129
130	PK11_DigestBegin(md5);
131	PK11_DigestBegin(sha1);
132
133	while (1) {
134	if ((num = JAR_FREADPR_Read(fp, buf, FILECHUNQ32768)) == 0)
135	break;
136
137	PK11_DigestOp(md5, buf, num);
138	PK11_DigestOp(sha1, buf, num);
139	}
140
141	PK11_DigestFinal(md5, dig->md5, &md5_length, MD5_LENGTH16);
142	PK11_DigestFinal(sha1, dig->sha1, &sha1_length, SHA1_LENGTH20);
143
144	PK11_DestroyContext(md5, PR_TRUE1);
145	PK11_DestroyContext(sha1, PR_TRUE1);
146
147	PORT_FreePORT_Free_Util(buf);
148	JAR_FCLOSEPR_Close(fp);
149
150	return 0;
151	}
152
153	/*
154	* J A R _ o p e n _ k e y _ d a t a b a s e
155	*
156	*/
157
158	void *
159	jar_open_key_database(void)
160	{
161	return NULL((void*)0);
162	}
163
164	int
165	jar_close_key_database(void *keydb)
166	{
167	/* We never do close it */
168	return 0;
169	}
170
171	/*
172	* j a r _ c r e a t e _ p k 7
173	*
174	*/
175
176	static void
177	jar_pk7_out(void arg, const char buf, unsigned long len)
178	{
179	JAR_FWRITEPR_Write((JAR_FILEPRFileDesc *)arg, buf, len);
180	}
181
182	int
183	jar_create_pk7(CERTCertDBHandle certdb, void keydb, CERTCertificate *cert,
184	char password, JAR_FILEPRFileDesc infp, JAR_FILEPRFileDesc * outfp)
185	{
186	SEC_PKCS7ContentInfo *cinfo;
187	const SECHashObject *hashObj;
188	void mw = NULL((void)0);
189	void *hashcx;
190	unsigned int len;
191	int status = 0;
192	SECStatus rv;
193	SECItem digest;
194	unsigned char digestdata[32];
195	unsigned char buffer[4096];
196
197	if (outfp == NULL((void)0) \|\| infp == NULL((void)0) \|\| cert == NULL((void*)0))
198	return JAR_ERR_GENERAL((-0x2000) + 300 + 1);
199
200	/* we sign with SHA */
201	hashObj = HASH_GetHashObject(HASH_AlgSHA1);
202
203	hashcx = (*hashObj->create)();
204	if (hashcx == NULL((void*)0))
205	return JAR_ERR_GENERAL((-0x2000) + 300 + 1);
206
207	(*hashObj->begin)(hashcx);
208	while (1) {
209	int nb = JAR_FREADPR_Read(infp, buffer, sizeof buffer);
210	if (nb == 0) { /* eof */
211	break;
212	}
213	(*hashObj->update)(hashcx, buffer, nb);
214	}
215	(*hashObj->end)(hashcx, digestdata, &len, 32);
216	(*hashObj->destroy)(hashcx, PR_TRUE1);
217
218	digest.data = digestdata;
219	digest.len = len;
220
221	/* signtool must use any old context it can find since it's
222	calling from inside javaland. */
223	PORT_SetErrorPORT_SetError_Util(0);
224	cinfo = SEC_PKCS7CreateSignedData(cert, certUsageObjectSigner, NULL((void*)0),
225	SEC_OID_SHA1, &digest, NULL((void*)0), mw);
226	if (cinfo == NULL((void*)0))
227	return JAR_ERR_PK7((-0x2000) + 300 + 11);
228
229	rv = SEC_PKCS7IncludeCertChain(cinfo, NULL((void*)0));
230	if (rv != SECSuccess) {
231	status = PORT_GetErrorPORT_GetError_Util();
232	SEC_PKCS7DestroyContentInfo(cinfo);
233	return status;
234	}
235
236	/* Having this here forces signtool to always include signing time. */
237	rv = SEC_PKCS7AddSigningTime(cinfo);
	Value stored to 'rv' is never read
238	/* don't check error */
239	PORT_SetErrorPORT_SetError_Util(0);
240
241	/* if calling from mozilla thread*/
242	rv = SEC_PKCS7Encode(cinfo, jar_pk7_out, outfp, NULL((void)0), NULL((void)0), mw);
243	if (rv != SECSuccess)
244	status = PORT_GetErrorPORT_GetError_Util();
245	SEC_PKCS7DestroyContentInfo(cinfo);
246	if (rv != SECSuccess) {
247	return ((status < 0) ? status : JAR_ERR_GENERAL((-0x2000) + 300 + 1));
248	}
249	return 0;
250	}