Fenrir Fixes: Error Handling#584
Conversation
wolfSSL-Fenrir-bot
left a comment
There was a problem hiding this comment.
Fenrir Automated Review — PR #584
Scan targets checked: wolfssl-examples-bugs, wolfssl-examples-src
No new issues found in the changed files. ✅
… F-3466 F-3472 F-3477 F-4131 F-4132 F-4600 F-5612 F-6286 F-6289 F-6536: Fix error handling in crypto and signature examples
d6b5700 to
e4a68e6
Compare
wolfSSL-Fenrir-bot
left a comment
There was a problem hiding this comment.
Fenrir Automated Review — PR #584
Scan targets checked: wolfssl-examples-bugs, wolfssl-examples-src
No new issues found in the changed files. ✅
e4a68e6 to
ac65945
Compare
wolfSSL-Fenrir-bot
left a comment
There was a problem hiding this comment.
Fenrir Automated Review — PR #584
Scan targets checked: wolfssl-examples-bugs, wolfssl-examples-src
Findings: 1
1 finding(s) posted as inline comments (see file-level comments below)
This review was generated automatically by Fenrir. Findings are non-blocking.
… F-4127 F-4128 F-4603 F-4604: Fix error handling in TLS, DTLS, and protocol examples
ac65945 to
95a55ff
Compare
wolfSSL-Fenrir-bot
left a comment
There was a problem hiding this comment.
Fenrir Automated Review — PR #584
Scan targets checked: wolfssl-examples-bugs, wolfssl-examples-src
Findings: 1
1 finding(s) posted as inline comments (see file-level comments below)
This review was generated automatically by Fenrir. Findings are non-blocking.
| * remove the partially written output file. */ | ||
| fprintf(stderr, | ||
| "Authentication failed, removing unverified output file\n"); | ||
| unlink(out_file); |
There was a problem hiding this comment.
🔵 [Low] Redundant double unlink on authentication failure in decrypt_file_AesGCM · Logic errors
When wc_AesGcmDecryptFinal fails, unlink(out_file) is called at line 454 and again at line 464 in the exit: block's if (ret != 0) guard. Execution falls through from the auth-failure handler directly to exit: with no intervening goto, so the second unlink always fires redundantly after the first.
Fix: Remove the unlink at line 454; the exit: block's if (ret != 0) { unlink(out_file); } already covers the auth-failure path.
Fixes error handling across wolfSSL example files, split into two commits by area:
Crypto/signature examples, 19 findings: F-1298 F-1302 F-1307 F-1712 F-1713 F-1719 F-1720 F-1721 F-1722 F-2093 F-3466 F-3472 F-3477 F-4131 F-4132 F-4600 F-5612 F-6286 F-6289 F-6536
TLS/DTLS/protocol examples, 14 findings: F-1296 F-1301 F-1706 F-2112 F-2893 F-2900 F-3223 F-3899 F-4121 F-4123 F-4127 F-4128 F-4603 F-4604
Fixed: unchecked wc_InitRng/key-init return values, NULL derefs from wolfSSL_get_error() on a NULL ssl, error paths that fall through instead of goto cleanup/return, fd/resource leaks on error, and writing unauthenticated plaintext to disk before AEAD tag verification in both AES-GCM and Ascon file-encrypt examples.