From d0c74591cd33edcc74bf608b51dcee4843711778 Mon Sep 17 00:00:00 2001
From: Junyeon LEE <junyeon2.lee@samsung.com>
Date: Thu, 15 Jun 2017 00:33:08 +0900
Subject: [PATCH] net/tls: add NULL pointer check after alloc buffer

This commit addes NULL pointer check after allocating buffer and
fixes two minor issues.
  . sizeof(SEE_MAX_ENCRYPTED_KEY_SIZE) can be possible to initialize
    un-expected size.
  . Redundant comparison at "if (der_buf)" is always true.
  . Logit operator precedence in assignment can produce an unexpected
    result in pk_wrap.c : 620.

Change-Id: I27d37b220bc844345da15cc135cedad0d55841e4
Signed-off-by: Junyeon LEE <junyeon2.lee@samsung.com>
---
 os/net/tls/dhm.c     | 12 ++++++++++--
 os/net/tls/pk_wrap.c |  6 ++----
 2 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/os/net/tls/dhm.c b/os/net/tls/dhm.c
index 3821b05..6aaad5e 100644
--- a/os/net/tls/dhm.c
+++ b/os/net/tls/dhm.c
@@ -454,7 +454,7 @@ void mbedtls_dhm_free(mbedtls_dhm_context *ctx)
 
 #if defined(CONFIG_HW_DH_PARAM)
 	if (ctx->key_buf) {
-		memset(ctx->key_buf, 0, sizeof(SEE_MAX_ENCRYPTED_KEY_SIZE));
+		memset(ctx->key_buf, 0, SEE_MAX_ENCRYPTED_KEY_SIZE);
 		free(ctx->key_buf);
 		ctx->key_buf = NULL;
 	}
@@ -850,18 +850,26 @@ int hw_calculate_dhm_secret(mbedtls_dhm_context *ctx, unsigned char *output, siz
 	/*
 	 *  1. Initialize G, P, GX context.
 	 */
-
 	n1 = mbedtls_mpi_size(&ctx->P);
 	n2 = mbedtls_mpi_size(&ctx->G);
 	n3 = mbedtls_mpi_size(&ctx->GY);
 
 	d_param.modules_p = malloc(n1);
+	if (d_param.modules_p == NULL) {
+		goto cleanup;
+	}
 	d_param.modules_p_byte_len = n1;
 
 	d_param.generator_g = malloc(n2);
+	if (d_param.generator_g == NULL) {
+		goto cleanup;
+	}
 	d_param.generator_g_byte_len = n2;
 
 	d_param.publickey = malloc(n3);
+	if (d_param.publickey == NULL) {
+		goto cleanup;
+	}
 	d_param.publickey_byte_len = n3;
 
 	MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&ctx->P, d_param.modules_p,
diff --git a/os/net/tls/pk_wrap.c b/os/net/tls/pk_wrap.c
index 208b52e..1d5e48b 100644
--- a/os/net/tls/pk_wrap.c
+++ b/os/net/tls/pk_wrap.c
@@ -617,7 +617,7 @@ int hw_ecdsa_verify_wrap(void *ctx, mbedtls_md_type_t md_alg, const unsigned cha
 		goto cleanup;
 	}
 
-	if ((ret = see_setup_key_internal(der_buf + der_buflen - len, len, SECURE_STORAGE_TYPE_KEY_ECC, key_buf) != 0)) {
+	if ((ret = see_setup_key_internal(der_buf + der_buflen - len, len, SECURE_STORAGE_TYPE_KEY_ECC, key_buf)) != 0) {
 		ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
 		goto cleanup;
 	}
@@ -726,9 +726,7 @@ int hw_ecdsa_verify_wrap(void *ctx, mbedtls_md_type_t md_alg, const unsigned cha
 	ret = see_verify_ecdsa_signature_internal(&ecc_sign, t_hash, hash_len, key_buf);
 
 cleanup:
-	if (der_buf) {
-		free(der_buf);
-	}
+	free(der_buf);
 
 	if (key_buf) {
 		free(key_buf);
-- 
2.7.4