From 0504ac2387c2d08e395201249961e2555f66a257 Mon Sep 17 00:00:00 2001
From: Aditya Deshpande <aditya.deshpande@arm.com>
Date: Mon, 30 Jan 2023 15:58:50 +0000
Subject: [PATCH 1/4] Fix bugs in example programs: change argc == 0 to argc <
 2

Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
---
 programs/pkey/dh_genprime.c    | 2 +-
 programs/pkey/gen_key.c        | 2 +-
 programs/pkey/key_app.c        | 2 +-
 programs/pkey/key_app_writer.c | 2 +-
 programs/ssl/ssl_client2.c     | 2 +-
 programs/ssl/ssl_mail_client.c | 2 +-
 programs/ssl/ssl_server2.c     | 2 +-
 programs/util/pem2der.c        | 2 +-
 programs/x509/cert_app.c       | 2 +-
 programs/x509/cert_req.c       | 2 +-
 programs/x509/cert_write.c     | 2 +-
 programs/x509/crl_app.c        | 2 +-
 programs/x509/req_app.c        | 2 +-
 13 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c
index b09ef4218..9037ce3c1 100644
--- a/programs/pkey/dh_genprime.c
+++ b/programs/pkey/dh_genprime.c
@@ -75,7 +75,7 @@ int main(int argc, char **argv)
     mbedtls_ctr_drbg_init(&ctr_drbg);
     mbedtls_entropy_init(&entropy);
 
-    if (argc == 0) {
+    if (argc < 2) {
 usage:
         mbedtls_printf(USAGE);
         goto exit;
diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c
index ac6ed9457..1a6463d8a 100644
--- a/programs/pkey/gen_key.c
+++ b/programs/pkey/gen_key.c
@@ -204,7 +204,7 @@ int main(int argc, char *argv[])
     mbedtls_ctr_drbg_init(&ctr_drbg);
     memset(buf, 0, sizeof(buf));
 
-    if (argc == 0) {
+    if (argc < 2) {
 usage:
         mbedtls_printf(USAGE);
 #if defined(MBEDTLS_ECP_C)
diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c
index 4d60299a7..a757cb3e7 100644
--- a/programs/pkey/key_app.c
+++ b/programs/pkey/key_app.c
@@ -95,7 +95,7 @@ int main(int argc, char *argv[])
     mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
     mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
 
-    if (argc == 0) {
+    if (argc < 2) {
 usage:
         mbedtls_printf(USAGE);
         goto cleanup;
diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c
index ba926e31b..0009d9159 100644
--- a/programs/pkey/key_app_writer.c
+++ b/programs/pkey/key_app_writer.c
@@ -209,7 +209,7 @@ int main(int argc, char *argv[])
     mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
     mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
 
-    if (argc == 0) {
+    if (argc < 2) {
 usage:
         mbedtls_printf(USAGE);
         goto exit;
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index d42a38e5f..ca74c002c 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -767,7 +767,7 @@ int main(int argc, char *argv[])
     mbedtls_test_enable_insecure_external_rng();
 #endif  /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
 
-    if (argc == 0) {
+    if (argc < 2) {
 usage:
         if (ret == 0) {
             ret = 1;
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index 643d3c211..6f1dc1cd8 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -367,7 +367,7 @@ int main(int argc, char *argv[])
     mbedtls_pk_init(&pkey);
     mbedtls_ctr_drbg_init(&ctr_drbg);
 
-    if (argc == 0) {
+    if (argc < 2) {
 usage:
         mbedtls_printf(USAGE);
 
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index dd78c0bd3..fb66b4c41 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -1449,7 +1449,7 @@ int main(int argc, char *argv[])
     signal(SIGINT, term_handler);
 #endif
 
-    if (argc == 0) {
+    if (argc < 2) {
 usage:
         if (ret == 0) {
             ret = 1;
diff --git a/programs/util/pem2der.c b/programs/util/pem2der.c
index b66226d56..d25b05747 100644
--- a/programs/util/pem2der.c
+++ b/programs/util/pem2der.c
@@ -193,7 +193,7 @@ int main(int argc, char *argv[])
     memset(buf, 0, sizeof(buf));
     memset(der_buffer, 0, sizeof(der_buffer));
 
-    if (argc == 0) {
+    if (argc < 2) {
 usage:
         mbedtls_printf(USAGE);
         goto exit;
diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c
index a45802cee..b14b084b9 100644
--- a/programs/x509/cert_app.c
+++ b/programs/x509/cert_app.c
@@ -165,7 +165,7 @@ int main(int argc, char *argv[])
     memset(&cacrl, 0, sizeof(mbedtls_x509_crl));
 #endif
 
-    if (argc == 0) {
+    if (argc < 2) {
 usage:
         mbedtls_printf(USAGE);
         goto exit;
diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c
index 9b854a12b..d7818d751 100644
--- a/programs/x509/cert_req.c
+++ b/programs/x509/cert_req.c
@@ -163,7 +163,7 @@ int main(int argc, char *argv[])
     mbedtls_ctr_drbg_init(&ctr_drbg);
     memset(buf, 0, sizeof(buf));
 
-    if (argc == 0) {
+    if (argc < 2) {
 usage:
         mbedtls_printf(USAGE);
         goto exit;
diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index ad3dacdc1..ea20144e9 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -241,7 +241,7 @@ int main(int argc, char *argv[])
     mbedtls_x509_crt_init(&issuer_crt);
     memset(buf, 0, 1024);
 
-    if (argc == 0) {
+    if (argc < 2) {
 usage:
         mbedtls_printf(USAGE);
         goto exit;
diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c
index 4b9875710..b00f9f3b7 100644
--- a/programs/x509/crl_app.c
+++ b/programs/x509/crl_app.c
@@ -72,7 +72,7 @@ int main(int argc, char *argv[])
      */
     mbedtls_x509_crl_init(&crl);
 
-    if (argc == 0) {
+    if (argc < 2) {
 usage:
         mbedtls_printf(USAGE);
         goto exit;
diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c
index bc9f67fbb..dd7fac74d 100644
--- a/programs/x509/req_app.c
+++ b/programs/x509/req_app.c
@@ -72,7 +72,7 @@ int main(int argc, char *argv[])
      */
     mbedtls_x509_csr_init(&csr);
 
-    if (argc == 0) {
+    if (argc < 2) {
 usage:
         mbedtls_printf(USAGE);
         goto exit;

From a7d879185ea28519848e5f8cb6468f7ef576a6ca Mon Sep 17 00:00:00 2001
From: Aditya Deshpande <aditya.deshpande@arm.com>
Date: Mon, 30 Jan 2023 17:22:07 +0000
Subject: [PATCH 2/4] Add changelog entry

Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
---
 ChangeLog.d/fix-example-programs-no-args.txt | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 ChangeLog.d/fix-example-programs-no-args.txt

diff --git a/ChangeLog.d/fix-example-programs-no-args.txt b/ChangeLog.d/fix-example-programs-no-args.txt
new file mode 100644
index 000000000..bfdf66725
--- /dev/null
+++ b/ChangeLog.d/fix-example-programs-no-args.txt
@@ -0,0 +1,7 @@
+Bugfix
+   * Fix a bug present in multiple example programs where running the program
+     from the shell without any command line argument results argv[1] being
+     accessed. The above was fixed for the following: pem2der.c, cert_req.c, 
+     cert_app.c, cert_write.c, req_app.c, crl_app.c, dh_genprime.c, key_app.c,
+     gen_key.c, key_app_writer.c, ssl_client2.c, ssl_server2.c, 
+     ssl_mail_client.c.
\ No newline at end of file

From e87ed421be0997b046d8eb754fffc35057f6b00f Mon Sep 17 00:00:00 2001
From: Aditya Deshpande <aditya.deshpande@arm.com>
Date: Tue, 31 Jan 2023 16:22:57 +0000
Subject: [PATCH 3/4] Amend changelog entry

Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
---
 ChangeLog.d/fix-example-programs-no-args.txt | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/ChangeLog.d/fix-example-programs-no-args.txt b/ChangeLog.d/fix-example-programs-no-args.txt
index bfdf66725..57fe37a8e 100644
--- a/ChangeLog.d/fix-example-programs-no-args.txt
+++ b/ChangeLog.d/fix-example-programs-no-args.txt
@@ -1,7 +1,4 @@
 Bugfix
-   * Fix a bug present in multiple example programs where running the program
-     from the shell without any command line argument results argv[1] being
-     accessed. The above was fixed for the following: pem2der.c, cert_req.c, 
-     cert_app.c, cert_write.c, req_app.c, crl_app.c, dh_genprime.c, key_app.c,
-     gen_key.c, key_app_writer.c, ssl_client2.c, ssl_server2.c, 
-     ssl_mail_client.c.
\ No newline at end of file
+   * Fix behavior of certain sample programs which could, when run with no
+     arguments, access uninitialized memory in some cases. Fixes #6700 (which
+     was found by TrustInSoft Analyzer during REDOCS'22) and #1120.

From 56d90038fdbb655e5d65238b1a628d1b9ad1ef99 Mon Sep 17 00:00:00 2001
From: Aditya Deshpande <aditya.deshpande@arm.com>
Date: Fri, 3 Feb 2023 16:15:30 +0000
Subject: [PATCH 4/4] Fix more argc checks

Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
---
 programs/hash/generic_sum.c               | 2 +-
 programs/test/query_compile_time_config.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c
index edb40b695..66eaee08c 100644
--- a/programs/hash/generic_sum.c
+++ b/programs/hash/generic_sum.c
@@ -173,7 +173,7 @@ int main(int argc, char *argv[])
 
     mbedtls_md_init(&md_ctx);
 
-    if (argc == 1) {
+    if (argc < 2) {
         const int *list;
 
         mbedtls_printf("print mode:  generic_sum <mbedtls_md> <file> <file> ...\n");
diff --git a/programs/test/query_compile_time_config.c b/programs/test/query_compile_time_config.c
index d84603142..ff470b273 100644
--- a/programs/test/query_compile_time_config.c
+++ b/programs/test/query_compile_time_config.c
@@ -38,7 +38,7 @@
 
 int main(int argc, char *argv[])
 {
-    if (argc != 2) {
+    if (argc < 2 || strcmp(argv[1], "-h") == 0) {
         mbedtls_printf(USAGE, argv[0]);
         return MBEDTLS_EXIT_FAILURE;
     }