From 6a81eb610699688cc093ec51f24ac7e39bd81233 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Mon, 15 Jun 2020 16:21:33 +0100 Subject: [PATCH] Remove Dangerous Parameter Passing Another coverity bug - #350039 When this test discovers a key of the wrong type, it still throws it through the export function in order to check that it too will detect this as a not permitted action. For the buffer and buffer length arguments it passes in a local pointer (which will most likely be NULL), and the sizeof that pointer, as it knows that they will never be used. Coverity rightly (imho) flagged this as suspicious - if we are going to pass in incorrect parameters, at least make them obviously incorrect, and ones that will not potentially cause errors if the code later changes. There is, for example safety checks for zero length buffer, but less protection for an insufficiently sized one. Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto_slot_management.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index a9c7f0459..3a14b1211 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -270,7 +270,7 @@ void persistent_slot_lifecycle( int lifetime_arg, int id_arg, else { TEST_EQUAL( psa_export_key( handle, - reexported, sizeof( reexported ), + NULL, 0, &reexported_length ), PSA_ERROR_NOT_PERMITTED ); }