[linux-next:master 4693/7876] crypto/asymmetric_keys/x509_cert_parser.c:69:9-15: ERROR: allocation function on line 68 returns NULL not ERR_PTR on failure

[linux-next:master 4693/7876] crypto/asymmetric_keys/x509_cert_parser.c:69:9-15: ERROR: allocation function on line 68 returns NULL not ERR_PTR on failure

[kernel test robot]

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master
head:   a59668a9397e7245b26e9be85d23f242ff757ae8
commit: 5c6ca9d936654a135b459c846885e08966e5e5bf [4693/7876] X.509: Introduce scope-based x509_certificate allocation
config: sparc-randconfig-r061-20240423 (https://download.01.org/0day-ci/archive/20240424/202404240904.Qi3nM37B-lkp@intel.com/config)
compiler: sparc64-linux-gcc (GCC) 13.2.0

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202404240904.Qi3nM37B-lkp@intel.com/

cocci warnings: (new ones prefixed by >>)
>> crypto/asymmetric_keys/x509_cert_parser.c:69:9-15: ERROR: allocation function on line 68 returns NULL not ERR_PTR on failure

vim +69 crypto/asymmetric_keys/x509_cert_parser.c

    57	
    58	/*
    59	 * Parse an X.509 certificate
    60	 */
    61	struct x509_certificate *x509_cert_parse(const void *data, size_t datalen)
    62	{
    63		struct x509_certificate *cert __free(x509_free_certificate);
    64		struct x509_parse_context *ctx __free(kfree) = NULL;
    65		struct asymmetric_key_id *kid;
    66		long ret;
    67	
  > 68		cert = kzalloc(sizeof(struct x509_certificate), GFP_KERNEL);
  > 69		assume(!IS_ERR(cert)); /* Avoid gratuitous IS_ERR() check on return */
    70		if (!cert)
    71			return ERR_PTR(-ENOMEM);
    72		cert->pub = kzalloc(sizeof(struct public_key), GFP_KERNEL);
    73		if (!cert->pub)
    74			return ERR_PTR(-ENOMEM);
    75		cert->sig = kzalloc(sizeof(struct public_key_signature), GFP_KERNEL);
    76		if (!cert->sig)
    77			return ERR_PTR(-ENOMEM);
    78		ctx = kzalloc(sizeof(struct x509_parse_context), GFP_KERNEL);
    79		if (!ctx)
    80			return ERR_PTR(-ENOMEM);
    81	
    82		ctx->cert = cert;
    83		ctx->data = (unsigned long)data;
    84	
    85		/* Attempt to decode the certificate */
    86		ret = asn1_ber_decoder(&x509_decoder, ctx, data, datalen);
    87		if (ret < 0)
    88			return ERR_PTR(ret);
    89	
    90		/* Decode the AuthorityKeyIdentifier */
    91		if (ctx->raw_akid) {
    92			pr_devel("AKID: %u %*phN\n",
    93				 ctx->raw_akid_size, ctx->raw_akid_size, ctx->raw_akid);
    94			ret = asn1_ber_decoder(&x509_akid_decoder, ctx,
    95					       ctx->raw_akid, ctx->raw_akid_size);
    96			if (ret < 0) {
    97				pr_warn("Couldn't decode AuthKeyIdentifier\n");
    98				return ERR_PTR(ret);
    99			}
   100		}
   101	
   102		cert->pub->key = kmemdup(ctx->key, ctx->key_size, GFP_KERNEL);
   103		if (!cert->pub->key)
   104			return ERR_PTR(-ENOMEM);
   105	
   106		cert->pub->keylen = ctx->key_size;
   107	
   108		cert->pub->params = kmemdup(ctx->params, ctx->params_size, GFP_KERNEL);
   109		if (!cert->pub->params)
   110			return ERR_PTR(-ENOMEM);
   111	
   112		cert->pub->paramlen = ctx->params_size;
   113		cert->pub->algo = ctx->key_algo;
   114	
   115		/* Grab the signature bits */
   116		ret = x509_get_sig_params(cert);
   117		if (ret < 0)
   118			return ERR_PTR(ret);
   119	
   120		/* Generate cert issuer + serial number key ID */
   121		kid = asymmetric_key_generate_id(cert->raw_serial,
   122						 cert->raw_serial_size,
   123						 cert->raw_issuer,
   124						 cert->raw_issuer_size);
   125		if (IS_ERR(kid))
   126			return ERR_CAST(kid);
   127		cert->id = kid;
   128	
   129		/* Detect self-signed certificates */
   130		ret = x509_check_for_self_signed(cert);
   131		if (ret < 0)
   132			return ERR_PTR(ret);
   133	
   134		return_ptr(cert);
   135	}
   136	EXPORT_SYMBOL_GPL(x509_cert_parse);
   137	

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki