validation.c

clang -cc1 -cc1 -triple x86_64-pc-linux-gnu -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name validation.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -analyzer-config-compatibility-mode=true -mrelocation-model pic -pic-level 2 -fhalf-no-semantic-interposition -mframe-pointer=all -fmath-errno -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fdebug-compilation-dir=/var/lib/jenkins/workspace/nss-scan-build/nss/cmd/validation -ffunction-sections -fdata-sections -fcoverage-compilation-dir=/var/lib/jenkins/workspace/nss-scan-build/nss/cmd/validation -resource-dir /usr/lib/llvm-19/lib/clang/19 -D HAVE_STRERROR -D LINUX -D linux -D XP_UNIX -D XP_UNIX -D NSPR20 -D DEBUG -U NDEBUG -D _DEFAULT_SOURCE -D _BSD_SOURCE -D _POSIX_SOURCE -D SDB_MEASURE_USE_TEMP_DIR -D _REENTRANT -D DEBUG -U NDEBUG -D _DEFAULT_SOURCE -D _BSD_SOURCE -D _POSIX_SOURCE -D SDB_MEASURE_USE_TEMP_DIR -D _REENTRANT -D NSS_DISABLE_SSE3 -D NSS_NO_INIT_SUPPORT -D USE_UTIL_DIRECTLY -D NO_NSPR_10_SUPPORT -D SSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I ../../../dist/Linux6.12_x86_64_gcc_glibc_PTH_64_DBG.OBJ/include -I ../../../dist/public/nss -I ../../../dist/private/nss -I ../../../dist/public/dbm -I ../../../dist/public/seccmd -internal-isystem /usr/lib/llvm-19/lib/clang/19/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/14/../../../../x86_64-linux-gnu/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -std=c99 -ferror-limit 19 -fgnuc-version=4.2.1 -fskip-odr-check-in-gmf -analyzer-output=html -analyzer-config stable-report-filename=true -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/scan-build-2025-01-06-222215-268153-1 -x c validation.c

File:	s/cmd/validation/validation.c
Warning:	line 228, column 5 Value stored to 'rv' is never read

Bug Summary

Annotated Source Code

1	/* This Source Code Form is subject to the terms of the Mozilla Public
2	* License, v. 2.0. If a copy of the MPL was not distributed with this
3	* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4
5	#ifdef _CRTDBG_MAP_ALLOC
6	#include <stdlib.h>
7	#include <crtdbg.h>
8	#endif
9
10	#include "nspr.h"
11	#include "secutil.h"
12	#include "pk11func.h"
13	#include "nss.h"
14	#include "secport.h"
15	#include "secpkcs5.h"
16	#include "sechash.h"
17	#include "certdb.h"
18	#include "secmod.h"
19
20	static char *progName;
21	PRBool debug = PR_FALSE0;
22
23	#define ERR_USAGE2 2
24	#define ERR_PK11GETSLOT13 13
25
26	static void
27	Usage()
28	{
29	#define FPSPR_fprintf(PR_GetSpecialFD(PR_StandardError), PR_fprintf(PR_STDERRPR_GetSpecialFD(PR_StandardError),
30	FPSPR_fprintf(PR_GetSpecialFD(PR_StandardError), "Usage: %s [-d certdir] [-P dbprefix] [-h tokenname]\n",
31	progName);
32	FPSPR_fprintf(PR_GetSpecialFD(PR_StandardError), "\t\t [-k slotpwfile \| -K slotpw] [-v]\n");
33
34	exit(ERR_USAGE2);
35	}
36
37	typedef enum {
38	tagULong,
39	tagVersion,
40	tagUtf8
41	} tagType;
42
43	typedef struct {
44	const char *attributeName;
45	tagType attributeStorageType;
46	} attributeTag;
47
48	enum {
49	opt_CertDir = 0,
50	opt_TokenName,
51	opt_SlotPWFile,
52	opt_SlotPW,
53	opt_DBPrefix,
54	opt_Debug
55	};
56
57	static secuCommandFlag validation_options[] = {
58	{ /* opt_CertDir */ 'd', PR_TRUE1, 0, PR_FALSE0 },
59	{ /* opt_TokenName */ 'h', PR_TRUE1, 0, PR_FALSE0 },
60	{ /* opt_SlotPWFile */ 'k', PR_TRUE1, 0, PR_FALSE0 },
61	{ /* opt_SlotPW */ 'K', PR_TRUE1, 0, PR_FALSE0 },
62	{ /* opt_DBPrefix */ 'P', PR_TRUE1, 0, PR_FALSE0 },
63	{ /* opt_Debug */ 'v', PR_FALSE0, 0, PR_FALSE0 }
64	};
65
66	void
67	dump_Raw(char label, CK_ATTRIBUTE attr)
68	{
69	int i;
70	unsigned char value = (unsigned char )attr->pValue;
71	printf("0x");
72	for (i = 0; i < attr->ulValueLen; i++) {
73	printf("%02x", value[i]);
74	}
75	printf("<%s>\n", label);
76	}
77
78	SECStatus
79	dump_validations(CK_OBJECT_CLASS objc, CK_ATTRIBUTE *template, int count,
80	attributeTag tags, PK11SlotInfo slot)
81	{
82	PK11GenericObject objs, obj;
83
84	objs = PK11_FindGenericObjects(slot, objc);
85
86	for (obj = objs; obj != NULL((void*)0); obj = PK11_GetNextGenericObject(obj)) {
87	int i;
88	printf("Validation Object:\n");
89	PK11_ReadRawAttributes(NULL((void*)0), PK11_TypeGeneric, obj, template, count);
90	for (i = 0; i < count; i++) {
91	CK_ULONG ulong;
92	CK_VERSION version;
93	int len = template[i].ulValueLen;
94	printf(" %s: ", tags[i].attributeName);
95	if (len < 0) {
96	printf("<failed>\n");
97	} else if (len == 0) {
98	printf("<empty>\n");
99	} else
100	switch (tags[i].attributeStorageType) {
101	case tagULong:
102	if (len != sizeof(CK_ULONG)) {
103	dump_Raw("bad ulong", &template[i]);
104	break;
105	}
106	ulong = (CK_ULONG )template[i].pValue;
107	printf("%ld\n", ulong);
108	break;
109	case tagVersion:
110	if (len != sizeof(CK_VERSION)) {
111	dump_Raw("bad version", &template[i]);
112	break;
113	}
114	version = (CK_VERSION )template[i].pValue;
115	printf("%d.%d\n", version.major, version.minor);
116	break;
117	case tagUtf8:
118	printf("%.s\n", len, (char )template[i].pValue);
119	break;
120	default:
121	dump_Raw("unknown tag", &template[i]);
122	break;
123	}
124	PORT_FreePORT_Free_Util(template[i].pValue);
125	template[i].pValue = NULL((void*)0);
126	template[i].ulValueLen = 0;
127	}
128	}
129	PK11_DestroyGenericObjects(objs);
130	return SECSuccess;
131	}
132
133	int
134	main(int argc, char **argv)
135	{
136	secuPWData slotPw = { PW_NONE, NULL((void*)0) };
137	secuPWData p12FilePw = { PW_NONE, NULL((void*)0) };
138	PK11SlotInfo slot = NULL((void)0);
139	char slotname = NULL((void)0);
140	char *dbprefix = "";
141	char nssdir = NULL((void)0);
142	SECStatus rv;
143	secuCommand validation;
144	int local_errno = 0;
145
146	CK_ATTRIBUTE validation_template[] = {
147	{ CKA_NSS_VALIDATION_TYPE((0x80000000UL \| 0x4E534350) + 36), NULL((void*)0), 0 },
148	{ CKA_NSS_VALIDATION_VERSION((0x80000000UL \| 0x4E534350) + 37), NULL((void*)0), 0 },
149	{ CKA_NSS_VALIDATION_LEVEL((0x80000000UL \| 0x4E534350) + 38), NULL((void*)0), 0 },
150	{ CKA_NSS_VALIDATION_MODULE_ID((0x80000000UL \| 0x4E534350) + 39), NULL((void*)0), 0 }
151	};
152	attributeTag validation_tags[] = {
153	{ "Validation Type", tagULong },
154	{ "Validation Version", tagVersion },
155	{ "Validation Level", tagULong },
156	{ "Validation Module ID", tagUtf8 },
157	};
158
159	#ifdef _CRTDBG_MAP_ALLOC
160	_CrtSetDbgFlag(_CRTDBG_ALLOC_MEM_DF \| _CRTDBG_LEAK_CHECK_DF);
161	#endif
162
163	validation.numCommands = 0;
164	validation.commands = 0;
165	validation.numOptions = PR_ARRAY_SIZE(validation_options)(sizeof(validation_options)/sizeof((validation_options)[0]));
166	validation.options = validation_options;
167
168	progName = strrchr(argv[0], '/');
169	progName = progName ? progName + 1 : argv[0];
170
171	rv = SECU_ParseCommandLine(argc, argv, progName, &validation);
172
173	if (rv != SECSuccess)
174	Usage();
175
176	debug = validation.options[opt_Debug].activated;
177
178	slotname = SECU_GetOptionArg(&validation, opt_TokenName);
179
180	if (validation.options[opt_SlotPWFile].activated) {
181	slotPw.source = PW_FROMFILE;
182	slotPw.data = PORT_StrdupPORT_Strdup_Util(validation.options[opt_SlotPWFile].arg);
183	}
184
185	if (validation.options[opt_SlotPW].activated) {
186	slotPw.source = PW_PLAINTEXT;
187	slotPw.data = PORT_StrdupPORT_Strdup_Util(validation.options[opt_SlotPW].arg);
188	}
189
190	if (validation.options[opt_CertDir].activated) {
191	nssdir = validation.options[opt_CertDir].arg;
192	}
193	if (validation.options[opt_DBPrefix].activated) {
194	dbprefix = validation.options[opt_DBPrefix].arg;
195	}
196
197	PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
198	if (nssdir == NULL((void*)0) && NSS_NoDB_Init("") == SECSuccess) {
199	rv = SECSuccess;
200	/* if the system isn't already in FIPS mode, we need
201	* to switch to FIPS mode */
202	if (!PK11_IsFIPS()) {
203	/* flip to FIPS mode */
204	SECMODModule *module = SECMOD_GetInternalModule();
205	rv = SECMOD_DeleteInternalModule(module->commonName);
206	}
207	} else if (nssdir != NULL((void*)0)) {
208	rv = NSS_Initialize(nssdir, dbprefix, dbprefix, "secmod.db", 0);
209	}
210	if (rv != SECSuccess) {
211	SECU_PrintPRandOSError(progName);
212	local_errno = -1;
213	goto done;
214	}
215
216	if (!slotname \|\| PL_strcmp(slotname, "internal") == 0)
217	slot = PK11_GetInternalKeySlot();
218	else
219	slot = PK11_FindSlotByName(slotname);
220
221	if (!slot) {
222	SECU_PrintError(progName, "Invalid slot \"%s\"",
223	slotname ? "internal" : slotname);
224	local_errno = ERR_PK11GETSLOT13;
225	goto done;
226	}
227
228	rv = dump_validations(CKO_NSS_VALIDATION((0x80000000UL \| 0x4E534350) + 7),
	Value stored to 'rv' is never read
229	validation_template,
230	PR_ARRAY_SIZE(validation_template)(sizeof(validation_template)/sizeof((validation_template)[0]) ),
231	validation_tags,
232	slot);
233
234	done:
235	if (slotPw.data != NULL((void*)0))
236	PORT_ZFreePORT_ZFree_Util(slotPw.data, PL_strlen(slotPw.data));
237	if (p12FilePw.data != NULL((void*)0))
238	PORT_ZFreePORT_ZFree_Util(p12FilePw.data, PL_strlen(p12FilePw.data));
239	if (slotname) {
240	PORT_FreePORT_Free_Util(slotname);
241	}
242	if (slot)
243	PK11_FreeSlot(slot);
244	if (NSS_Shutdown() != SECSuccess) {
245	local_errno = 1;
246	}
247	PL_ArenaFinish();
248	PR_Cleanup();
249	return local_errno;
250	}