Fix some coverity scan issues.

The read in kernel crypto backend is part of user crypto API encryption call, we have to trust it here. JSON fix is just one place where return code was not checked for this particular function.
mbroz · Nov 28, 2023 · 451527a · 451527a
1 parent 8649885
commit 451527a
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 2 deletions.
diff --git a/lib/crypto_backend/crypto_cipher_kernel.c b/lib/crypto_backend/crypto_cipher_kernel.c
@@ -109,6 +109,7 @@ int crypt_cipher_init_kernel(struct crypt_cipher_kernel *ctx, const char *name,
 }
 
 /* The in/out should be aligned to page boundary */
+/* coverity[ -taint_source : arg-3 ] */
 static int _crypt_cipher_crypt(struct crypt_cipher_kernel *ctx,
 			       const char *in, size_t in_length,
 			       char *out, size_t out_length,

diff --git a/lib/luks2/luks2_digest_pbkdf2.c b/lib/luks2/luks2_digest_pbkdf2.c
@@ -172,8 +172,13 @@ static int PBKDF2_digest_store(struct crypt_device *cd,
 	json_object_object_add(jobj_digest, "digest", json_object_new_string(base64_str));
 	free(base64_str);
 
-	if (jobj_digests)
-		json_object_object_add_by_uint(jobj_digests, digest, jobj_digest);
+	if (jobj_digests) {
+		r = json_object_object_add_by_uint(jobj_digests, digest, jobj_digest);
+		if (r < 0) {
+			json_object_put(jobj_digest);
+			return r;
+		}
+	}
 
 	JSON_DBG(cd, jobj_digest, "Digest JSON:");
 	return 0;