Skip to content

Fenrir Fixes: Error Handling#584

Open
stenslae wants to merge 2 commits into
wolfSSL:masterfrom
stenslae:pr-error-handling
Open

Fenrir Fixes: Error Handling#584
stenslae wants to merge 2 commits into
wolfSSL:masterfrom
stenslae:pr-error-handling

Conversation

@stenslae

@stenslae stenslae commented Jul 1, 2026

Copy link
Copy Markdown
Member

Fixes error handling across wolfSSL example files, split into two commits by area:

Crypto/signature examples, 19 findings: F-1298 F-1302 F-1307 F-1712 F-1713 F-1719 F-1720 F-1721 F-1722 F-2093 F-3466 F-3472 F-3477 F-4131 F-4132 F-4600 F-5612 F-6286 F-6289 F-6536

TLS/DTLS/protocol examples, 14 findings: F-1296 F-1301 F-1706 F-2112 F-2893 F-2900 F-3223 F-3899 F-4121 F-4123 F-4127 F-4128 F-4603 F-4604

Fixed: unchecked wc_InitRng/key-init return values, NULL derefs from wolfSSL_get_error() on a NULL ssl, error paths that fall through instead of goto cleanup/return, fd/resource leaks on error, and writing unauthenticated plaintext to disk before AEAD tag verification in both AES-GCM and Ascon file-encrypt examples.

@stenslae stenslae self-assigned this Jul 1, 2026

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fenrir Automated Review — PR #584

Scan targets checked: wolfssl-examples-bugs, wolfssl-examples-src

No new issues found in the changed files. ✅

… F-3466 F-3472 F-3477 F-4131 F-4132 F-4600 F-5612 F-6286 F-6289 F-6536: Fix error handling in crypto and signature examples

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fenrir Automated Review — PR #584

Scan targets checked: wolfssl-examples-bugs, wolfssl-examples-src

No new issues found in the changed files. ✅

@stenslae stenslae removed their assignment Jul 7, 2026
@stenslae stenslae force-pushed the pr-error-handling branch from e4a68e6 to ac65945 Compare July 9, 2026 22:02

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fenrir Automated Review — PR #584

Scan targets checked: wolfssl-examples-bugs, wolfssl-examples-src

Findings: 1
1 finding(s) posted as inline comments (see file-level comments below)

This review was generated automatically by Fenrir. Findings are non-blocking.

Comment thread crypto/aes/aesgcm-file-encrypt.c
… F-4127 F-4128 F-4603 F-4604: Fix error handling in TLS, DTLS, and protocol examples
Comment thread crypto/aes/aesgcm-file-encrypt.c

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fenrir Automated Review — PR #584

Scan targets checked: wolfssl-examples-bugs, wolfssl-examples-src

Findings: 1
1 finding(s) posted as inline comments (see file-level comments below)

This review was generated automatically by Fenrir. Findings are non-blocking.

* remove the partially written output file. */
fprintf(stderr,
"Authentication failed, removing unverified output file\n");
unlink(out_file);

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔵 [Low] Redundant double unlink on authentication failure in decrypt_file_AesGCM · Logic errors

When wc_AesGcmDecryptFinal fails, unlink(out_file) is called at line 454 and again at line 464 in the exit: block's if (ret != 0) guard. Execution falls through from the auth-failure handler directly to exit: with no intervening goto, so the second unlink always fires redundantly after the first.

Fix: Remove the unlink at line 454; the exit: block's if (ret != 0) { unlink(out_file); } already covers the auth-failure path.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants