Fix Coverity 1503322, 1503324, 1503328 memory accesses These are all false positives result from Coverity not understanding our up_ref and free pairing. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/18014)
diff --git a/crypto/evp/exchange.c b/crypto/evp/exchange.c index 8eb13ad..4d5f8ad 100644 --- a/crypto/evp/exchange.c +++ b/crypto/evp/exchange.c
@@ -332,7 +332,11 @@ /* No more legacy from here down to legacy: */ + /* A Coverity false positive with up_ref/down_ref and free */ + /* coverity[use_after_free] */ ctx->op.kex.exchange = exchange; + /* A Coverity false positive with up_ref/down_ref and free */ + /* coverity[deref_arg] */ ctx->op.kex.algctx = exchange->newctx(ossl_provider_ctx(exchange->prov)); if (ctx->op.kex.algctx == NULL) { /* The provider key can stay in the cache */ @@ -420,6 +424,8 @@ EVP_KEYMGMT_get0_name(ctx->keymgmt), ctx->propquery); if (tmp_keymgmt != NULL) + /* A Coverity issue with up_ref/down_ref and free */ + /* coverity[pass_freed_arg] */ provkey = evp_pkey_export_to_provider(peer, ctx->libctx, &tmp_keymgmt, ctx->propquery); EVP_KEYMGMT_free(tmp_keymgmt_tofree);