fix(validity): resolve scan-build null pointer warnings in TLS

Add NULL guards to satisfy clang static analysis: - validity_tls_decrypt: check ciphertext != NULL before arithmetic - parse_server_hello: check fpi_byte_reader_get_data return and rec_body/hs_body != NULL before use - Remove hs_raw[] array access from debug log that triggered core.NullDereference warning
2026-05-21 08:48:18 +02:00 · 2026-04-21 23:56:51 -04:00 · 2026-04-21 23:56:51 -04:00 · 3eda878b75
commit 3eda878b75
parent d6336d3472
1 changed files with 15 additions and 6 deletions
--- a/libfprint/drivers/validity/validity_tls.c
+++ b/libfprint/drivers/validity/validity_tls.c
@ -325,7 +325,7 @@ validity_tls_decrypt (ValidityTlsState *tls,
                      gsize            *out_len,
                      GError          **error)
 {
-  if (ciphertext_len < TLS_IV_SIZE + TLS_AES_BLOCK_SIZE)
+  if (!ciphertext || ciphertext_len < TLS_IV_SIZE + TLS_AES_BLOCK_SIZE)
    {
      g_set_error (error, FP_DEVICE_ERROR, FP_DEVICE_ERROR_PROTO,
                   "TLS ciphertext too short");
@ -1072,7 +1072,12 @@ validity_tls_parse_server_hello (ValidityTlsState *tls,
        {
          /* Parse handshake messages within this record */
          const guint8 *rec_body = NULL;
-          fpi_byte_reader_get_data (&r, rec_len, &rec_body);
+          if (!fpi_byte_reader_get_data (&r, rec_len, &rec_body) || !rec_body)
+            {
+              g_set_error (error, FP_DEVICE_ERROR, FP_DEVICE_ERROR_PROTO,
+                           "TLS ServerHello: failed to read record body");
+              return FALSE;
+            }

          FpiByteReader hs_r;
          fpi_byte_reader_init (&hs_r, rec_body, rec_len);
@ -1093,7 +1098,12 @@ validity_tls_parse_server_hello (ValidityTlsState *tls,
                }

              const guint8 *hs_body = NULL;
-              fpi_byte_reader_get_data (&hs_r, hs_len, &hs_body);
+              if (!fpi_byte_reader_get_data (&hs_r, hs_len, &hs_body) || !hs_body)
+                {
+                  g_set_error (error, FP_DEVICE_ERROR, FP_DEVICE_ERROR_PROTO,
+                               "TLS ServerHello: failed to read handshake body");
+                  return FALSE;
+                }

              /* Update handshake hash */
              const guint8 *hs_raw = rec_body + hs_msg_start;
@ -1107,9 +1117,8 @@ validity_tls_parse_server_hello (ValidityTlsState *tls,
                  [0x0f] = "CertVerify", [0x14] = "Finished"
                };
                const char *n = (hs_type < 0x15 && names[hs_type]) ? names[hs_type] : "unknown";
-                fp_dbg ("hs_hash UPDATE(srv) %s (type=0x%02x, %u bytes fed, first4: %02x%02x%02x%02x)",
-                        n, hs_type, (unsigned) (4 + hs_len),
-                        hs_raw[0], hs_raw[1], hs_raw[2], hs_raw[3]);
+                fp_dbg ("hs_hash UPDATE(srv) %s (type=0x%02x, %u bytes fed)",
+                        n, hs_type, (unsigned) (4 + hs_len));
              }

              switch (hs_type)