• Home
  • Features
  • Pricing
  • Docs
  • Announcements
  • Sign In

universal-ctags / target-openssl
68%
target-openssl: 68%

Build:
Build:
LAST BUILD BRANCH: master
DEFAULT BRANCH: target-openssl
Repo Added 14 May 2023 05:19AM UTC
Token iTsUOapCDtWhD1XMMEafxDP5WjC2GqwI8 regen
Build 53 Last
Files 1355
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst

LAST BUILD ON BRANCH master
branch: SELECT
CHANGE BRANCH
x
Sync Branches
  • No branch selected
  • master

19 May 2023 10:42AM UTC coverage: 68.062% (+0.007%) from 68.055%
5605997699

push

github

t8m
Update hkdf.c to avoid potentially vulnerable code pattern

The expression "if (a+b>c) a=c-b" is incorrect if "a+b" overflows.
It should be replaced by "if (a>c-b) a=c-b", which avoids the
potential overflow and is much easier to understand.

This pattern is the root cause of CVE-2022-37454, a buffer overflow
vulnerability in the "official" SHA-3 implementation.

It has been confirmed that the addition in
https://github.com/openssl/openssl/blob/master/providers/implementations/kdfs/hkdf.c#L534
cannot overflow. So this is only a minor change proposal to avoid
a potentially vulnerable code pattern and to improve readability.
More information: https://github.com/github/codeql/pull/12036#issuecomment-1466056959

CLA: trivial

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20990)

1 of 1 new or added line in 1 file covered. (100.0%)

172867 of 253986 relevant lines covered (68.06%)

2334263.54 hits per line

Relevant lines Covered
Build:
Build:
253986 RELEVANT LINES 172867 COVERED LINES
2334263.54 HITS PER LINE
Source Files on master
  • Tree
  • List 1355
  • Changed 260
  • Source Changed 0
  • Coverage Changed 260
Coverage ∆ File Lines Relevant Covered Missed Hits/Line

Recent builds

Builds Branch Commit Type Ran Committer Via Coverage
5605997699 master Update hkdf.c to avoid potentially vulnerable code pattern The expression "if (a+b>c) a=c-b" is incorrect if "a+b" overflows. It should be replaced by "if (a>c-b) a=c-b", which avoids the potential overflow and is much easier to understand. This... push 20 Jul 2023 02:25AM UTC t8m github
68.06
5582604495 master Update hkdf.c to avoid potentially vulnerable code pattern The expression "if (a+b>c) a=c-b" is incorrect if "a+b" overflows. It should be replaced by "if (a>c-b) a=c-b", which avoids the potential overflow and is much easier to understand. This... push 18 Jul 2023 02:57AM UTC t8m github
68.06
5565345765 master Update hkdf.c to avoid potentially vulnerable code pattern The expression "if (a+b>c) a=c-b" is incorrect if "a+b" overflows. It should be replaced by "if (a>c-b) a=c-b", which avoids the potential overflow and is much easier to understand. This... push 16 Jul 2023 03:04AM UTC t8m github
68.06
5559905512 master Update hkdf.c to avoid potentially vulnerable code pattern The expression "if (a+b>c) a=c-b" is incorrect if "a+b" overflows. It should be replaced by "if (a>c-b) a=c-b", which avoids the potential overflow and is much easier to understand. This... push 15 Jul 2023 02:56AM UTC t8m github
68.06
5526830221 master Update hkdf.c to avoid potentially vulnerable code pattern push 12 Jul 2023 02:48AM UTC Tomas Mraz github
68.06
5515009935 master Update hkdf.c to avoid potentially vulnerable code pattern The expression "if (a+b>c) a=c-b" is incorrect if "a+b" overflows. It should be replaced by "if (a>c-b) a=c-b", which avoids the potential overflow and is much easier to understand. This... push 11 Jul 2023 02:42AM UTC t8m github
68.06
5497547544 master Update hkdf.c to avoid potentially vulnerable code pattern The expression "if (a+b>c) a=c-b" is incorrect if "a+b" overflows. It should be replaced by "if (a>c-b) a=c-b", which avoids the potential overflow and is much easier to understand. This... push 09 Jul 2023 03:02AM UTC t8m github
68.06
5482038014 master Update hkdf.c to avoid potentially vulnerable code pattern The expression "if (a+b>c) a=c-b" is incorrect if "a+b" overflows. It should be replaced by "if (a>c-b) a=c-b", which avoids the potential overflow and is much easier to understand. This... push 07 Jul 2023 02:50AM UTC t8m github
68.06
5470854447 master Update hkdf.c to avoid potentially vulnerable code pattern The expression "if (a+b>c) a=c-b" is incorrect if "a+b" overflows. It should be replaced by "if (a>c-b) a=c-b", which avoids the potential overflow and is much easier to understand. This... push 06 Jul 2023 02:54AM UTC t8m github
68.06
5450140443 master Update hkdf.c to avoid potentially vulnerable code pattern The expression "if (a+b>c) a=c-b" is incorrect if "a+b" overflows. It should be replaced by "if (a>c-b) a=c-b", which avoids the potential overflow and is much easier to understand. This... push 04 Jul 2023 02:52AM UTC t8m github
68.06
See All Builds (53)

Badge your Repo: target-openssl

We detected this repo isn’t badged! Grab the embed code to the right, add it to your repo to show off your code coverage, and when the badge is live hit the refresh button to remove this message.

Could not find badge in README.

Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst

Refresh
  • Settings
  • Repo on GitHub
STATUS · Troubleshooting · Open an Issue · Sales · Support · CAREERS · ENTERPRISE · START FREE · SCHEDULE DEMO
ANNOUNCEMENTS · TWITTER · TOS & SLA · Supported CI Services · What's a CI service? · Automated Testing

© 2025 Coveralls, Inc