@@ -1346,8 +1346,11 @@ DHPointer DHPointer::New(BignumPointer&& p, BignumPointer&& g) {
1346
1346
if (DH_set0_pqg (dh.get (), p.get (), nullptr , g.get ()) != 1 ) return {};
1347
1347
1348
1348
// If the call above is successful, the DH object takes ownership of the
1349
- // BIGNUMs, so we must release them here.
1349
+ // BIGNUMs, so we must release them here. Unfortunately coverity does not
1350
+ // know that so we need to tell it not to complain.
1351
+ // coverity[resource_leak]
1350
1352
p.release ();
1353
+ // coverity[resource_leak]
1351
1354
g.release ();
1352
1355
1353
1356
return dh;
@@ -1430,7 +1433,10 @@ DataPointer DHPointer::generateKeys() const {
1430
1433
1431
1434
size_t DHPointer::size () const {
1432
1435
if (!dh_) return 0 ;
1433
- return DH_size (dh_.get ());
1436
+ int ret = DH_size (dh_.get ());
1437
+ // DH_size can return a -1 on error but we just want to return a 0
1438
+ // in that case so we don't wrap around when returning the size_t.
1439
+ return ret >= 0 ? static_cast <size_t >(ret) : 0 ;
1434
1440
}
1435
1441
1436
1442
DataPointer DHPointer::computeSecret (const BignumPointer& peer) const {
@@ -1459,6 +1465,10 @@ DataPointer DHPointer::computeSecret(const BignumPointer& peer) const {
1459
1465
bool DHPointer::setPublicKey (BignumPointer&& key) {
1460
1466
if (!dh_) return false ;
1461
1467
if (DH_set0_key (dh_.get (), key.get (), nullptr ) == 1 ) {
1468
+ // If DH_set0_key returns successfully, then dh_ takes ownership of the
1469
+ // BIGNUM, so we must release it here. Unfortunately coverity does not
1470
+ // know that so we need to tell it not to complain.
1471
+ // coverity[resource_leak]
1462
1472
key.release ();
1463
1473
return true ;
1464
1474
}
@@ -1468,6 +1478,10 @@ bool DHPointer::setPublicKey(BignumPointer&& key) {
1468
1478
bool DHPointer::setPrivateKey (BignumPointer&& key) {
1469
1479
if (!dh_) return false ;
1470
1480
if (DH_set0_key (dh_.get (), nullptr , key.get ()) == 1 ) {
1481
+ // If DH_set0_key returns successfully, then dh_ takes ownership of the
1482
+ // BIGNUM, so we must release it here. Unfortunately coverity does not
1483
+ // know that so we need to tell it not to complain.
1484
+ // coverity[resource_leak]
1471
1485
key.release ();
1472
1486
return true ;
1473
1487
}
0 commit comments