Merge branch 'topic/bbannier/coverity'

2025-10-02 06:38:20 +00:00 · 2025-01-14 18:20:04 +01:00 · 2025-01-14 18:20:04 +01:00 · c6f9dfb155
commit c6f9dfb155
parent b2222e97a1 0e12e68fb7
4 changed files with 19 additions and 14 deletions
--- a/6
+++ b/6
@ -1,3 +1,9 @@
+7.2.0-dev.91 | 2025-01-14 18:20:04 +0100
+
+  * Bump auxil/spicy to latest development snapshot (Benjamin Bannier, Corelight)
+
+  * Prevent unneeded copies in QUIC C++ helper code (Benjamin Bannier, Corelight)
+
 7.2.0-dev.88 | 2025-01-14 14:39:14 +0000

  * Raise warnings when for DNS events that are not raised due to dns_skip_all_addl (Johanna Amann, Corelight)
--- a/2
+++ b/2
@ -1 +1 @@
-7.2.0-dev.88
+7.2.0-dev.91
--- a/auxil/spicy
+++ b/auxil/spicy
@ -1 +1 @@
-Subproject commit 651c6b160abaee58f3b379d4737431882af94fe0
+Subproject commit 8c7393744d2aa2e02f73f2b3dff4c2d5a46327d7
--- a/src/analyzer/protocol/quic/decrypt_crypto.cc
+++ b/src/analyzer/protocol/quic/decrypt_crypto.cc
@ -25,7 +25,6 @@ refactors as C++ development is not our main profession.
 #include <cstdint>
 #include <cstdlib>
 #include <memory>
-#include <string>
 #include <vector>

 // OpenSSL imports
@ -366,11 +365,11 @@ public:
                                        0x71, 0x75, 0x69, 0x63, 0x20, 0x68, 0x70, 0x00};

        std::vector<HkdfCtxParam> hkdf_ctx_params = {
-            {&hkdf_ctxs.client_in_ctx, CLIENT_INITIAL_INFO},
-            {&hkdf_ctxs.server_in_ctx, SERVER_INITIAL_INFO},
-            {&hkdf_ctxs.key_info_ctx, KEY_INFO},
-            {&hkdf_ctxs.iv_info_ctx, IV_INFO},
-            {&hkdf_ctxs.hp_info_ctx, HP_INFO},
+            {&hkdf_ctxs.client_in_ctx, std::move(CLIENT_INITIAL_INFO)},
+            {&hkdf_ctxs.server_in_ctx, std::move(SERVER_INITIAL_INFO)},
+            {&hkdf_ctxs.key_info_ctx, std::move(KEY_INFO)},
+            {&hkdf_ctxs.iv_info_ctx, std::move(IV_INFO)},
+            {&hkdf_ctxs.hp_info_ctx, std::move(HP_INFO)},
        };

        QuicPacketProtection::Initialize(hkdf_ctx_params);
@ -419,11 +418,11 @@ public:
                                           0x75, 0x69, 0x63, 0x76, 0x32, 0x20, 0x68, 0x70, 0x00};

        std::vector<HkdfCtxParam> hkdf_ctx_params = {
-            {&hkdf_ctxs.client_in_ctx, CLIENT_INITIAL_INFO_V2},
-            {&hkdf_ctxs.server_in_ctx, SERVER_INITIAL_INFO_V2},
-            {&hkdf_ctxs.key_info_ctx, KEY_INFO_V2},
-            {&hkdf_ctxs.iv_info_ctx, IV_INFO_V2},
-            {&hkdf_ctxs.hp_info_ctx, HP_INFO_V2},
+            {&hkdf_ctxs.client_in_ctx, std::move(CLIENT_INITIAL_INFO_V2)},
+            {&hkdf_ctxs.server_in_ctx, std::move(SERVER_INITIAL_INFO_V2)},
+            {&hkdf_ctxs.key_info_ctx, std::move(KEY_INFO_V2)},
+            {&hkdf_ctxs.iv_info_ctx, std::move(IV_INFO_V2)},
+            {&hkdf_ctxs.hp_info_ctx, std::move(HP_INFO_V2)},
        };

        QuicPacketProtection::Initialize(hkdf_ctx_params);
@ -483,7 +482,7 @@ hilti::rt::Bytes QUIC_decrypt_crypto_payload(const hilti::rt::integer::safe<uint
    DecryptionInformation decryptInfo = remove_header_protection(hp, encrypted_offset, all_data);

    // Calculate the correct nonce for the decryption
-    decryptInfo.nonce = calculate_nonce(iv, decryptInfo.packet_number);
+    decryptInfo.nonce = calculate_nonce(std::move(iv), decryptInfo.packet_number);

    return decrypt(key, all_data, payload_length, decryptInfo);
 }