Fix multiple issues reported by Coverity Scan

2024-09-19 22:59:00 +00:00 · 2018-07-26 18:45:18 +01:00 · 2018-07-26 18:45:18 +01:00 · 7836609839
parent fd88bd1d2c
commit 7836609839
10 changed files with 30 additions and 14 deletions
--- a/exosphere/src/smc_user.c
+++ b/exosphere/src/smc_user.c
@ -163,11 +163,15 @@ uint32_t user_generate_aes_kek(smc_args_t *args) {

    /* Masks 0, 3 are allowed all the time. */

-    const uint8_t kek_seeds[4][0x10] = {
+    const uint8_t kek_seeds[7][0x10] = {
        {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
        {0xA2, 0xAB, 0xBF, 0x9C, 0x92, 0x2F, 0xBB, 0xE3, 0x78, 0x79, 0x9B, 0xC0, 0xCC, 0xEA, 0xA5, 0x74},
        {0x57, 0xE2, 0xD9, 0x45, 0xE4, 0x92, 0xF4, 0xFD, 0xC3, 0xF9, 0x86, 0x38, 0x89, 0x78, 0x9F, 0x3C},
-        {0xE5, 0x4D, 0x9A, 0x02, 0xF0, 0x4F, 0x5F, 0xA8, 0xAD, 0x76, 0x0A, 0xF6, 0x32, 0x95, 0x59, 0xBB}
+        {0xE5, 0x4D, 0x9A, 0x02, 0xF0, 0x4F, 0x5F, 0xA8, 0xAD, 0x76, 0x0A, 0xF6, 0x32, 0x95, 0x59, 0xBB},
+        /* 5.0.0+ KEK seeds. */
+        {0x59, 0xD9, 0x31, 0xF4, 0xA7, 0x97, 0xB8, 0x14, 0x40, 0xD6, 0xA2, 0x60, 0x2B, 0xED, 0x15, 0x31},
+        {0xFD, 0x6A, 0x25, 0xE5, 0xD8, 0x38, 0x7F, 0x91, 0x49, 0xDA, 0xF8, 0x59, 0xA8, 0x28, 0xE6, 0x75},
+        {0x89, 0x96, 0x43, 0x9A, 0x7C, 0xD5, 0x59, 0x55, 0x24, 0xD5, 0x24, 0x18, 0xAB, 0x6C, 0x04, 0x61}
    };
    const uint8_t kek_masks[4][0x10] = {
        {0x4D, 0x87, 0x09, 0x86, 0xC4, 0x5D, 0x20, 0x72, 0x2F, 0xBA, 0x10, 0x53, 0xDA, 0x92, 0xE8, 0xA9},
--- a/fusee/fusee-primary/src/sdmmc/sdmmc.c
+++ b/fusee/fusee-primary/src/sdmmc/sdmmc.c
@ -643,7 +643,7 @@ static int sdmmc_sd_switch(sdmmc_device_t *device, uint32_t mode, uint32_t group
 static int sdmmc_sd_set_current_limit(sdmmc_device_t *device, uint8_t *status)
 {
    /* Start with the highest possible limit. */
-    uint32_t current_limit = SD_SET_CURRENT_LIMIT_800;
+    int32_t current_limit = SD_SET_CURRENT_LIMIT_800;
    
    /* Try each limit. */
    while (current_limit > SD_SET_CURRENT_NO_CHANGE)
--- a/fusee/fusee-primary/src/stage2.c
+++ b/fusee/fusee-primary/src/stage2.c
@ -110,5 +110,6 @@ void load_stage2(const char *bct0) {
    g_chainloader_entries[0].num          = 0;
    g_chainloader_entrypoint              = config.entrypoint;

-    strncpy(g_stage2_path, config.path, sizeof(g_stage2_path));
+    strncpy(g_stage2_path, config.path, sizeof(g_stage2_path) - 1);
+    g_stage2_path[sizeof(g_stage2_path) - 1]  = '\0';
 }
--- a/fusee/fusee-secondary/src/fs_dev.c
+++ b/fusee/fusee-secondary/src/fs_dev.c
@ -359,6 +359,8 @@ static void fsdev_filinfo_to_st(struct stat *st, const FILINFO *info) {
    date.tm_sec  = (info->ftime << 1) & 63;
    date.tm_min  = (info->ftime >> 5) & 63;
    date.tm_hour = (info->ftime >> 11) & 31;
+    
+    date.tm_isdst = 0;

    st->st_atime = st->st_mtime = st->st_ctime = mktime(&date);
    st->st_size = (off_t)info->fsize;
@ -459,7 +461,7 @@ static off_t fsdev_seek(struct _reent *r, void *fd, off_t pos, int whence) {
            return -1;
    }

-    if(pos < 0 && pos + off < 0) {
+    if ((FSIZE_t)pos < 0 && (FSIZE_t)pos + off < 0) {
        /* don't allow seek to before the beginning of the file */
        r->_errno = EINVAL;
        return -1;
--- a/fusee/fusee-secondary/src/gpt.c
+++ b/fusee/fusee-secondary/src/gpt.c
@ -79,7 +79,7 @@ int gpt_iterate_through_entries(FILE *disk, size_t sector_size, gpt_entry_iterat

    /* Iterate through the entries. */
    for (uint32_t i = 0; i < hdr.entry_count; i++) {
-        if (fread(&entry, sizeof(efi_entry_t), 1, disk) == 0) {
+        if (!fread(&entry, sizeof(efi_entry_t), 1, disk)) {
            return -1;
        }

--- a/fusee/fusee-secondary/src/key_derivation.c
+++ b/fusee/fusee-secondary/src/key_derivation.c
@ -45,7 +45,7 @@ static int get_tsec_key(void *dst, const void *tsec_fw, size_t tsec_fw_size, uin
 static int get_keyblob(nx_keyblob_t *dst, uint32_t revision, const nx_keyblob_t *keyblobs, uint32_t available_revision) {
    if (revision >= 0x20) {
        return -1;
-        generic_panic();
+        /* TODO: what should we do? */
    }

    if (keyblobs != NULL) {
@ -80,7 +80,7 @@ static int decrypt_keyblob(const nx_keyblob_t *keyblobs, uint32_t revision, uint
    decrypt_data_into_keyslot(0xB, keyslot, keyblob_mac_seed, 0x10);
    
    /* Validate keyblob. */
-    se_compute_aes_128_cmac(0xB, work_buffer, 0x10, keyblob.mac + sizeof(keyblob.mac), sizeof(keyblob) - sizeof(keyblob.mac));
+    se_compute_aes_128_cmac(0xB, work_buffer, 0x10, &keyblob + sizeof(keyblob.mac), sizeof(keyblob) - sizeof(keyblob.mac));
    if (safe_memcmp(keyblob.mac, work_buffer, 0x10)) {
        return -1;
    }
--- a/fusee/fusee-secondary/src/nxfs.c
+++ b/fusee/fusee-secondary/src/nxfs.c
@ -157,7 +157,7 @@ static int nxfs_mount_partition_gpt_callback(const efi_entry_t *entry, void *par
    (void)disk;
    device_partition_t *parent = (device_partition_t *)param;
    device_partition_t devpart = *parent;
-    char name_buffer[64];
+    char name_buffer[128];
    const uint16_t *utf16name = entry->name;
    uint32_t name_len;
    int rc;
@ -307,6 +307,11 @@ int nxfs_mount_all(void) {
    }
    
    rawnand = fopen("rawnand:/", "rb");
+    
+    if (rawnand == NULL) {
+        return -1;
+    }
+    
    rc = gpt_iterate_through_entries(rawnand, model.sector_size, nxfs_mount_partition_gpt_callback, &model);
    fclose(rawnand);
    
--- a/fusee/fusee-secondary/src/package1.c
+++ b/fusee/fusee-secondary/src/package1.c
@ -65,7 +65,7 @@ int package1_read_and_parse_boot0(void **package1loader, size_t *package1loader_

    /* Read the full keyblob area.*/
    for (size_t i = 0; i < 32; i++) {
-        if (fread(d.sector, 0x200, 1, boot0) == 0) {
+        if (!fread(d.sector, 0x200, 1, boot0)) {
            return -1;
        }
        keyblobs[i] = d.keyblob;
--- a/fusee/fusee-secondary/src/sdmmc/sdmmc.c
+++ b/fusee/fusee-secondary/src/sdmmc/sdmmc.c
@ -643,7 +643,7 @@ static int sdmmc_sd_switch(sdmmc_device_t *device, uint32_t mode, uint32_t group
 static int sdmmc_sd_set_current_limit(sdmmc_device_t *device, uint8_t *status)
 {
    /* Start with the highest possible limit. */
-    uint32_t current_limit = SD_SET_CURRENT_LIMIT_800;
+    int32_t current_limit = SD_SET_CURRENT_LIMIT_800;
    
    /* Try each limit. */
    while (current_limit > SD_SET_CURRENT_NO_CHANGE)
--- a/stratosphere/loader/source/ldr_npdm.cpp
+++ b/stratosphere/loader/source/ldr_npdm.cpp
@ -42,17 +42,21 @@ Result NpdmUtils::LoadNpdm(u64 tid, NpdmInfo *out) {
    g_npdm_cache.info = (const NpdmUtils::NpdmInfo){0};
    
    FILE *f_npdm = OpenNpdm(tid);
+    
+    rc = 0x202;
    if (f_npdm == NULL) {
        /* For generic "Couldn't open the file" error, just say the file doesn't exist. */
-        return 0x202;
+        return rc;
    }
    
    fseek(f_npdm, 0, SEEK_END);
    size_t npdm_size = ftell(f_npdm);
    fseek(f_npdm, 0, SEEK_SET);
    
-    if (npdm_size > sizeof(g_npdm_cache.buffer) || fread(g_npdm_cache.buffer, 1, npdm_size, f_npdm) != npdm_size) {
-        return 0x609;
+    rc = 0x609;
+    if ((npdm_size > sizeof(g_npdm_cache.buffer)) || (fread(g_npdm_cache.buffer, 1, npdm_size, f_npdm) != npdm_size)) {
+        fclose(f_npdm);
+        return rc;
    }
    
    fclose(f_npdm);