Merge pull request #7026 from aditya-deshpande-arm/backport-fix-example-programs-usage
[Backport 2.28] Fix incorrect dispatch to USAGE in example programs, which causes uninitialized memory to be used
diff --git a/ChangeLog.d/fix-example-programs-no-args.txt b/ChangeLog.d/fix-example-programs-no-args.txt
new file mode 100644
index 0000000..57fe37a
--- /dev/null
+++ b/ChangeLog.d/fix-example-programs-no-args.txt
@@ -0,0 +1,4 @@
+Bugfix
+ * Fix behavior of certain sample programs which could, when run with no
+ arguments, access uninitialized memory in some cases. Fixes #6700 (which
+ was found by TrustInSoft Analyzer during REDOCS'22) and #1120.
diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c
index edb40b6..66eaee0 100644
--- a/programs/hash/generic_sum.c
+++ b/programs/hash/generic_sum.c
@@ -173,7 +173,7 @@
mbedtls_md_init(&md_ctx);
- if (argc == 1) {
+ if (argc < 2) {
const int *list;
mbedtls_printf("print mode: generic_sum <mbedtls_md> <file> <file> ...\n");
diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c
index b09ef42..9037ce3 100644
--- a/programs/pkey/dh_genprime.c
+++ b/programs/pkey/dh_genprime.c
@@ -75,7 +75,7 @@
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_entropy_init(&entropy);
- if (argc == 0) {
+ if (argc < 2) {
usage:
mbedtls_printf(USAGE);
goto exit;
diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c
index ac6ed94..1a6463d 100644
--- a/programs/pkey/gen_key.c
+++ b/programs/pkey/gen_key.c
@@ -204,7 +204,7 @@
mbedtls_ctr_drbg_init(&ctr_drbg);
memset(buf, 0, sizeof(buf));
- if (argc == 0) {
+ if (argc < 2) {
usage:
mbedtls_printf(USAGE);
#if defined(MBEDTLS_ECP_C)
diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c
index 4d60299..a757cb3 100644
--- a/programs/pkey/key_app.c
+++ b/programs/pkey/key_app.c
@@ -95,7 +95,7 @@
mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
- if (argc == 0) {
+ if (argc < 2) {
usage:
mbedtls_printf(USAGE);
goto cleanup;
diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c
index ba926e3..0009d91 100644
--- a/programs/pkey/key_app_writer.c
+++ b/programs/pkey/key_app_writer.c
@@ -209,7 +209,7 @@
mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
- if (argc == 0) {
+ if (argc < 2) {
usage:
mbedtls_printf(USAGE);
goto exit;
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index d42a38e..ca74c00 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -767,7 +767,7 @@
mbedtls_test_enable_insecure_external_rng();
#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
- if (argc == 0) {
+ if (argc < 2) {
usage:
if (ret == 0) {
ret = 1;
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index 643d3c2..6f1dc1c 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -367,7 +367,7 @@
mbedtls_pk_init(&pkey);
mbedtls_ctr_drbg_init(&ctr_drbg);
- if (argc == 0) {
+ if (argc < 2) {
usage:
mbedtls_printf(USAGE);
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index dd78c0b..fb66b4c 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -1449,7 +1449,7 @@
signal(SIGINT, term_handler);
#endif
- if (argc == 0) {
+ if (argc < 2) {
usage:
if (ret == 0) {
ret = 1;
diff --git a/programs/test/query_compile_time_config.c b/programs/test/query_compile_time_config.c
index d846031..ff470b2 100644
--- a/programs/test/query_compile_time_config.c
+++ b/programs/test/query_compile_time_config.c
@@ -38,7 +38,7 @@
int main(int argc, char *argv[])
{
- if (argc != 2) {
+ if (argc < 2 || strcmp(argv[1], "-h") == 0) {
mbedtls_printf(USAGE, argv[0]);
return MBEDTLS_EXIT_FAILURE;
}
diff --git a/programs/util/pem2der.c b/programs/util/pem2der.c
index b66226d..d25b057 100644
--- a/programs/util/pem2der.c
+++ b/programs/util/pem2der.c
@@ -193,7 +193,7 @@
memset(buf, 0, sizeof(buf));
memset(der_buffer, 0, sizeof(der_buffer));
- if (argc == 0) {
+ if (argc < 2) {
usage:
mbedtls_printf(USAGE);
goto exit;
diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c
index a45802c..b14b084 100644
--- a/programs/x509/cert_app.c
+++ b/programs/x509/cert_app.c
@@ -165,7 +165,7 @@
memset(&cacrl, 0, sizeof(mbedtls_x509_crl));
#endif
- if (argc == 0) {
+ if (argc < 2) {
usage:
mbedtls_printf(USAGE);
goto exit;
diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c
index 9b854a1..d7818d7 100644
--- a/programs/x509/cert_req.c
+++ b/programs/x509/cert_req.c
@@ -163,7 +163,7 @@
mbedtls_ctr_drbg_init(&ctr_drbg);
memset(buf, 0, sizeof(buf));
- if (argc == 0) {
+ if (argc < 2) {
usage:
mbedtls_printf(USAGE);
goto exit;
diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index ad3dacd..ea20144 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -241,7 +241,7 @@
mbedtls_x509_crt_init(&issuer_crt);
memset(buf, 0, 1024);
- if (argc == 0) {
+ if (argc < 2) {
usage:
mbedtls_printf(USAGE);
goto exit;
diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c
index 4b98757..b00f9f3 100644
--- a/programs/x509/crl_app.c
+++ b/programs/x509/crl_app.c
@@ -72,7 +72,7 @@
*/
mbedtls_x509_crl_init(&crl);
- if (argc == 0) {
+ if (argc < 2) {
usage:
mbedtls_printf(USAGE);
goto exit;
diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c
index bc9f67f..dd7fac7 100644
--- a/programs/x509/req_app.c
+++ b/programs/x509/req_app.c
@@ -72,7 +72,7 @@
*/
mbedtls_x509_csr_init(&csr);
- if (argc == 0) {
+ if (argc < 2) {
usage:
mbedtls_printf(USAGE);
goto exit;