diff --git a/kms-message/src/hexlify.c b/kms-message/src/hexlify.c index be9ee030b..320ebcc99 100644 --- a/kms-message/src/hexlify.c +++ b/kms-message/src/hexlify.c @@ -24,6 +24,8 @@ char * hexlify (const uint8_t *buf, size_t len) { char *hex_chars = malloc (len * 2 + 1); + KMS_ASSERT (hex_chars); + char *p = hex_chars; size_t i; @@ -44,6 +46,8 @@ unhexlify (const char *hex_chars, size_t *len) *len = strlen (hex_chars) / 2; buf = malloc (*len); + KMS_ASSERT (buf); + pos = buf; while (*hex_chars) { diff --git a/kms-message/src/kms_decrypt_request.c b/kms-message/src/kms_decrypt_request.c index 06faa4311..f1ca28276 100644 --- a/kms-message/src/kms_decrypt_request.c +++ b/kms-message/src/kms_decrypt_request.c @@ -48,7 +48,7 @@ kms_decrypt_request_new (const uint8_t *ciphertext_blob, if (!(b64 = malloc (b64_len))) { KMS_ERROR (request, "Could not allocate %d bytes for base64-encoding payload", - b64_len); + (int) b64_len); goto done; } diff --git a/kms-message/src/kms_encrypt_request.c b/kms-message/src/kms_encrypt_request.c index b5f4d6436..24b064d95 100644 --- a/kms-message/src/kms_encrypt_request.c +++ b/kms-message/src/kms_encrypt_request.c @@ -47,7 +47,7 @@ kms_encrypt_request_new (const uint8_t *plaintext, if (!(b64 = malloc (b64_len))) { KMS_ERROR (request, "Could not allocate %d bytes for base64-encoding payload", - b64_len); + (int) b64_len); goto done; } diff --git a/kms-message/src/kms_kv_list.c b/kms-message/src/kms_kv_list.c index 2d6845a1a..2ca8cc04b 100644 --- a/kms-message/src/kms_kv_list.c +++ b/kms-message/src/kms_kv_list.c @@ -17,6 +17,7 @@ #include "kms_kv_list.h" #include "kms_message/kms_message.h" +#include "kms_message_private.h" #include "kms_request_str.h" #include "kms_port.h" #include "sort.h" @@ -39,9 +40,12 @@ kms_kv_list_t * kms_kv_list_new (void) { kms_kv_list_t *lst = malloc (sizeof (kms_kv_list_t)); + KMS_ASSERT (lst); lst->size = 16; lst->kvs = malloc (lst->size * sizeof (kms_kv_t)); + KMS_ASSERT (lst->kvs); + lst->len = 0; return lst; @@ -119,8 +123,12 @@ kms_kv_list_dup (const kms_kv_list_t *lst) } dup = malloc (sizeof (kms_kv_list_t)); + KMS_ASSERT (dup); + dup->size = dup->len = lst->len; dup->kvs = malloc (lst->len * sizeof (kms_kv_t)); + KMS_ASSERT (dup->kvs); + for (i = 0; i < lst->len; i++) { kv_init (&dup->kvs[i], lst->kvs[i].key, lst->kvs[i].value); diff --git a/kms-message/src/kms_request.c b/kms-message/src/kms_request.c index fa2d48712..921484923 100644 --- a/kms-message/src/kms_request.c +++ b/kms-message/src/kms_request.c @@ -92,10 +92,14 @@ kms_request_new (const char *method, request->header_fields = kms_kv_list_new (); request->auto_content_length = true; - kms_request_set_date (request, NULL); + if (!kms_request_set_date (request, NULL)) { + return request; + } if (opt && opt->connection_close) { - kms_request_add_header_field (request, "Connection", "close"); + if (!kms_request_add_header_field (request, "Connection", "close")) { + return request; + } } if (opt && opt->crypto.sha256) { @@ -164,7 +168,9 @@ kms_request_set_date (kms_request_t *request, const struct tm *tm) kms_request_str_set_chars (request->date, buf, sizeof "YYYYmmDD" - 1); kms_request_str_set_chars (request->datetime, buf, sizeof AMZ_DT_FORMAT - 1); kms_kv_list_del (request->header_fields, "X-Amz-Date"); - kms_request_add_header_field (request, "X-Amz-Date", buf); + if (!kms_request_add_header_field (request, "X-Amz-Date", buf)) { + return false; + } return true; } @@ -447,6 +453,7 @@ kms_request_get_canonical (kms_request_t *request) kms_request_str_append_newline (canonical); normalized = kms_request_str_path_normalized (request->path); kms_request_str_append_escaped (canonical, normalized, false); + kms_request_str_destroy (normalized); kms_request_str_append_newline (canonical); append_canonical_query (request, canonical); kms_request_str_append_newline (canonical); @@ -454,12 +461,14 @@ kms_request_get_canonical (kms_request_t *request) append_canonical_headers (lst, canonical); kms_request_str_append_newline (canonical); append_signed_headers (lst, canonical); - kms_request_str_append_newline (canonical); - kms_request_str_append_hashed ( - &request->crypto, canonical, request->payload); - - kms_request_str_destroy (normalized); kms_kv_list_destroy (lst); + kms_request_str_append_newline (canonical); + if (!kms_request_str_append_hashed ( + &request->crypto, canonical, request->payload)) { + KMS_ERROR (request, "could not generate hash"); + kms_request_str_destroy (canonical); + return NULL; + } return kms_request_str_detach (canonical); } diff --git a/kms-message/src/kms_request_str.c b/kms-message/src/kms_request_str.c index 0f7c19c97..c94b3f58d 100644 --- a/kms-message/src/kms_request_str.c +++ b/kms-message/src/kms_request_str.c @@ -51,10 +51,13 @@ kms_request_str_t * kms_request_str_new (void) { kms_request_str_t *s = malloc (sizeof (kms_request_str_t)); + KMS_ASSERT (s); s->len = 0; s->size = 16; s->str = malloc (s->size); + KMS_ASSERT (s->str); + s->str[0] = '\0'; return s; @@ -64,11 +67,15 @@ kms_request_str_t * kms_request_str_new_from_chars (const char *chars, ssize_t len) { kms_request_str_t *s = malloc (sizeof (kms_request_str_t)); + KMS_ASSERT (s); + size_t actual_len; actual_len = len < 0 ? strlen (chars) : (size_t) len; s->size = actual_len + 1; s->str = malloc (s->size); + KMS_ASSERT (s->str); + memcpy (s->str, chars, actual_len); s->str[actual_len] = '\0'; s->len = actual_len; @@ -86,6 +93,8 @@ kms_request_str_wrap (char *chars, ssize_t len) } s = malloc (sizeof (kms_request_str_t)); + KMS_ASSERT (s); + s->str = chars; s->len = len < 0 ? strlen (chars) : (size_t) len; @@ -148,6 +157,8 @@ kms_request_str_t * kms_request_str_dup (kms_request_str_t *str) { kms_request_str_t *dup = malloc (sizeof (kms_request_str_t)); + KMS_ASSERT (dup); + dup->str = strndup (str->str, str->len); dup->len = str->len; diff --git a/kms-message/src/kms_response_parser.c b/kms-message/src/kms_response_parser.c index 31e4868a6..2392fb860 100644 --- a/kms-message/src/kms_response_parser.c +++ b/kms-message/src/kms_response_parser.c @@ -34,6 +34,8 @@ kms_response_parser_t * kms_response_parser_new (void) { kms_response_parser_t *parser = malloc (sizeof (kms_response_parser_t)); + KMS_ASSERT (parser); + _parser_init (parser); return parser; } @@ -72,6 +74,8 @@ static bool _parse_int_from_view (const char *str, int start, int end, int *result) { char *num_str = malloc (end - start + 1); + KMS_ASSERT (num_str); + bool ret; strncpy (num_str, str + start, end - start); diff --git a/kms-message/test/test_kms_request.c b/kms-message/test/test_kms_request.c index a1b4d5da6..f54ba9846 100644 --- a/kms-message/test/test_kms_request.c +++ b/kms-message/test/test_kms_request.c @@ -129,6 +129,8 @@ realloc_buffer (char **buffer, size_t *n, size_t len) { if (*buffer == NULL) { *buffer = malloc (len); + KMS_ASSERT (*buffer); + } else { *buffer = realloc (*buffer, len); } @@ -203,6 +205,8 @@ read_test (const char *path, const char *suffix) f_size = (size_t) file_stat.st_size; str = malloc (f_size + 1); + KMS_ASSERT (str); + memset (str, 0, f_size + 1); // Windows will convert crlf to lf diff --git a/src/crypto/cng.c b/src/crypto/cng.c index f75f21d4b..e9249c77b 100644 --- a/src/crypto/cng.c +++ b/src/crypto/cng.c @@ -109,15 +109,21 @@ _crypto_state_init (const _mongocrypt_buffer_t *key, keyBlob = NULL; state = bson_malloc0 (sizeof (*state)); + BSON_ASSERT (state); + state->key_handle = INVALID_HANDLE_VALUE; /* Initialize key storage buffer */ state->key_object = bson_malloc0 (_aes256_key_blob_length); + BSON_ASSERT (state->key_object); + state->key_object_length = _aes256_key_blob_length; /* Allocate temporary buffer for key import */ keyBlobLength = sizeof (BCRYPT_KEY_DATA_BLOB_HEADER) + key->len; keyBlob = bson_malloc0 (keyBlobLength); + BSON_ASSERT (keyBlob); + blobHeader.dwMagic = BCRYPT_KEY_DATA_BLOB_MAGIC; blobHeader.dwVersion = BCRYPT_KEY_DATA_BLOB_VERSION1; @@ -144,6 +150,8 @@ _crypto_state_init (const _mongocrypt_buffer_t *key, bson_free (keyBlob); state->iv = bson_malloc0 (iv->len); + BSON_ASSERT (state->iv); + state->iv_len = iv->len; memcpy (state->iv, iv->data, iv->len); diff --git a/src/crypto/commoncrypto.c b/src/crypto/commoncrypto.c index 1415afb88..6cef11ef8 100644 --- a/src/crypto/commoncrypto.c +++ b/src/crypto/commoncrypto.c @@ -155,6 +155,8 @@ _native_crypto_hmac_sha_512 (const _mongocrypt_buffer_t *key, } ctx = bson_malloc0 (sizeof (*ctx)); + BSON_ASSERT (ctx); + CCHmacInit (ctx, kCCHmacAlgSHA512, key->data, key->len); CCHmacUpdate (ctx, in->data, in->len); diff --git a/src/mongocrypt-buffer.c b/src/mongocrypt-buffer.c index 1900a501a..c04e079d4 100644 --- a/src/mongocrypt-buffer.c +++ b/src/mongocrypt-buffer.c @@ -35,6 +35,8 @@ _make_owned (_mongocrypt_buffer_t *buf) } tmp = buf->data; buf->data = bson_malloc (buf->len); + BSON_ASSERT (buf->data); + memcpy (buf->data, tmp, buf->len); buf->owned = true; } @@ -57,12 +59,14 @@ _mongocrypt_buffer_resize (_mongocrypt_buffer_t *buf, uint32_t len) but a fancier implementation could copy over up to 'len' bytes from the old buffer to the new one. */ if (buf->owned) { - bson_realloc (buf->data, len); + buf->data = bson_realloc (buf->data, len); buf->len = len; return; } buf->data = bson_malloc (len); + BSON_ASSERT (buf->data); + buf->len = len; buf->owned = true; } @@ -221,7 +225,13 @@ _mongocrypt_buffer_copy_to (const _mongocrypt_buffer_t *src, BSON_ASSERT (dst); _mongocrypt_buffer_cleanup (dst); + if (src->len == 0) { + return; + } + dst->data = bson_malloc ((size_t) src->len); + BSON_ASSERT (dst->data); + memcpy (dst->data, src->data, src->len); dst->len = src->len; dst->subtype = src->subtype; @@ -294,6 +304,8 @@ _mongocrypt_buffer_to_bson_value (_mongocrypt_buffer_t *plaintext, le_data_len = BSON_UINT32_TO_LE (data_len); data = bson_malloc0 (data_len); + BSON_ASSERT (data); + memcpy (data + data_prefix, plaintext->data, plaintext->len); memcpy (data, &le_data_len, INT32_LEN); memcpy (data + INT32_LEN, &type, TYPE_LEN); @@ -303,11 +315,13 @@ _mongocrypt_buffer_to_bson_value (_mongocrypt_buffer_t *plaintext, goto fail; } - if (!bson_validate (&wrapper, 0, NULL)) { + if (!bson_validate (&wrapper, BSON_VALIDATE_NONE, NULL)) { goto fail; } - bson_iter_init_find (&iter, &wrapper, ""); + if (!bson_iter_init_find (&iter, &wrapper, "")) { + goto fail; + } bson_value_copy (bson_iter_value (&iter), out); /* Due to an open libbson bug (CDRIVER-3340), give an empty @@ -345,6 +359,8 @@ _mongocrypt_buffer_from_iter (_mongocrypt_buffer_t *plaintext, plaintext->len = wrapper.len - offset - NULL_BYTE_LEN; /* the final null byte */ plaintext->data = bson_malloc (plaintext->len); + BSON_ASSERT (plaintext->data); + plaintext->owned = true; memcpy (plaintext->data, wrapper_data + offset, plaintext->len); @@ -402,6 +418,8 @@ _mongocrypt_buffer_copy_from_hex (_mongocrypt_buffer_t *buf, const char *hex) buf->len = (uint32_t) strlen (hex) / 2; buf->data = bson_malloc (buf->len); + BSON_ASSERT (buf->data); + buf->owned = true; for (i = 0; i < buf->len; i++) { int tmp; @@ -426,6 +444,8 @@ char * _mongocrypt_buffer_to_hex (_mongocrypt_buffer_t *buf) { char *hex = bson_malloc0 (buf->len * 2 + 1); + BSON_ASSERT (hex); + char *out = hex; for (uint32_t i = 0; i < buf->len; i++, out += 2) { diff --git a/src/mongocrypt-cache-key.c b/src/mongocrypt-cache-key.c index b8fd41568..5e829fa4a 100644 --- a/src/mongocrypt-cache-key.c +++ b/src/mongocrypt-cache-key.c @@ -104,6 +104,8 @@ _mongocrypt_cache_key_value_new (_mongocrypt_key_doc_t *key_doc, BSON_ASSERT (decrypted_key_material); key_value = bson_malloc0 (sizeof (*key_value)); + BSON_ASSERT (key_value); + _mongocrypt_buffer_copy_to (decrypted_key_material, &key_value->decrypted_key_material); @@ -155,6 +157,8 @@ _mongocrypt_cache_key_attr_new (_mongocrypt_buffer_t *id, } attr = bson_malloc0 (sizeof (*attr)); + BSON_ASSERT (attr); + if (id) { _mongocrypt_buffer_copy_to (id, &attr->id); } diff --git a/src/mongocrypt-cache.c b/src/mongocrypt-cache.c index 2f2dbcfe8..e96adc282 100644 --- a/src/mongocrypt-cache.c +++ b/src/mongocrypt-cache.c @@ -142,6 +142,8 @@ _pair_new (_mongocrypt_cache_t *cache, void *attr) _mongocrypt_cache_pair_t *pair; pair = bson_malloc0 (sizeof (_mongocrypt_cache_pair_t)); + BSON_ASSERT (pair); + pair->attr = cache->copy_attr (attr); /* add rest of values. */ pair->next = cache->pair; diff --git a/src/mongocrypt-ciphertext.c b/src/mongocrypt-ciphertext.c index 574f03762..a26cd1b07 100644 --- a/src/mongocrypt-ciphertext.c +++ b/src/mongocrypt-ciphertext.c @@ -129,6 +129,8 @@ _mongocrypt_serialize_ciphertext (_mongocrypt_ciphertext_t *ciphertext, offset = 0; out->len = 1 + ciphertext->key_id.len + 1 + ciphertext->data.len; out->data = bson_malloc0 (out->len); + BSON_ASSERT (out->data); + out->owned = true; out->data[offset] = ciphertext->blob_subtype; @@ -179,6 +181,8 @@ _mongocrypt_ciphertext_serialize_associated_data ( out->len = 1 + ciphertext->key_id.len + 1; out->data = bson_malloc (out->len); + BSON_ASSERT (out->data); + out->owned = true; memcpy (out->data, &ciphertext->blob_subtype, 1); bytes_written = 1; diff --git a/src/mongocrypt-crypto.c b/src/mongocrypt-crypto.c index cbb40b3a4..b1a66e740 100644 --- a/src/mongocrypt-crypto.c +++ b/src/mongocrypt-crypto.c @@ -425,7 +425,7 @@ _hmac_step (_mongocrypt_crypto_t *crypto, intermediates[1].data = ciphertext->data; intermediates[1].len = ciphertext->len; /* Add associated data length in bits. */ - associated_data_len_be = 8 * associated_data->len; + associated_data_len_be = 8 * (uint64_t) associated_data->len; associated_data_len_be = BSON_UINT64_TO_BE (associated_data_len_be); intermediates[2].data = (uint8_t *) &associated_data_len_be; intermediates[2].len = sizeof (uint64_t); @@ -878,7 +878,7 @@ _mongocrypt_calculate_deterministic_iv ( intermediates[0].data = associated_data->data; intermediates[0].len = associated_data->len; /* Add associated data length in bits. */ - associated_data_len_be = 8 * associated_data->len; + associated_data_len_be = 8 * (uint64_t) associated_data->len; associated_data_len_be = BSON_UINT64_TO_BE (associated_data_len_be); intermediates[1].data = (uint8_t *) &associated_data_len_be; intermediates[1].len = sizeof (uint64_t); diff --git a/src/mongocrypt-ctx-datakey.c b/src/mongocrypt-ctx-datakey.c index 93d432e90..77398663c 100644 --- a/src/mongocrypt-ctx-datakey.c +++ b/src/mongocrypt-ctx-datakey.c @@ -86,6 +86,8 @@ _append_id (mongocrypt_t *crypt, bson_t *bson, mongocrypt_status_t *status) _mongocrypt_buffer_init (&uuid); uuid.data = bson_malloc (UUID_LEN); + BSON_ASSERT (uuid.data); + uuid.len = UUID_LEN; uuid.subtype = BSON_SUBTYPE_UUID; uuid.owned = true; @@ -195,10 +197,11 @@ mongocrypt_ctx_datakey_init (mongocrypt_ctx_t *ctx) { _mongocrypt_ctx_datakey_t *dkctx; _mongocrypt_buffer_t plaintext_key_material; - _mongocrypt_ctx_opts_spec_t opts_spec = {0}; + _mongocrypt_ctx_opts_spec_t opts_spec; bool ret; ret = false; + memset (&opts_spec, 0, sizeof (opts_spec)); opts_spec.masterkey = OPT_REQUIRED; opts_spec.key_alt_names = OPT_OPTIONAL; opts_spec.endpoint = OPT_OPTIONAL; @@ -219,6 +222,8 @@ mongocrypt_ctx_datakey_init (mongocrypt_ctx_t *ctx) _mongocrypt_buffer_init (&plaintext_key_material); plaintext_key_material.data = bson_malloc (MONGOCRYPT_KEY_LEN); + BSON_ASSERT (plaintext_key_material.data); + plaintext_key_material.len = MONGOCRYPT_KEY_LEN; plaintext_key_material.owned = true; if (!_mongocrypt_random (ctx->crypt->crypto, @@ -252,6 +257,8 @@ mongocrypt_ctx_datakey_init (mongocrypt_ctx_t *ctx) /* use a random IV. */ _mongocrypt_buffer_init (&iv); iv.data = bson_malloc0 (MONGOCRYPT_IV_LEN); + BSON_ASSERT (iv.data); + iv.len = MONGOCRYPT_IV_LEN; iv.owned = true; if (!_mongocrypt_random ( diff --git a/src/mongocrypt-ctx-decrypt.c b/src/mongocrypt-ctx-decrypt.c index 4567ac485..c3e0a7288 100644 --- a/src/mongocrypt-ctx-decrypt.c +++ b/src/mongocrypt-ctx-decrypt.c @@ -55,6 +55,8 @@ _replace_ciphertext_with_plaintext (void *ctx, plaintext.len = _mongocrypt_calculate_plaintext_len (ciphertext.data.len); plaintext.data = bson_malloc0 (plaintext.len); + BSON_ASSERT (plaintext.data); + plaintext.owned = true; if (!_mongocrypt_ciphertext_serialize_associated_data (&ciphertext, @@ -197,7 +199,9 @@ mongocrypt_ctx_explicit_decrypt_init (mongocrypt_ctx_t *ctx, bson_iter_t iter; bson_t as_bson; - _mongocrypt_ctx_opts_spec_t opts_spec = {0}; + _mongocrypt_ctx_opts_spec_t opts_spec; + + memset (&opts_spec, 0, sizeof (opts_spec)); if (!_mongocrypt_ctx_init (ctx, &opts_spec)) { return false; } @@ -248,7 +252,7 @@ mongocrypt_ctx_explicit_decrypt_init (mongocrypt_ctx_t *ctx, return _mongocrypt_ctx_fail (ctx); } - _mongocrypt_key_broker_requests_done (&ctx->kb); + (void) _mongocrypt_key_broker_requests_done (&ctx->kb); return _mongocrypt_ctx_state_from_key_broker (ctx); } @@ -300,6 +304,6 @@ mongocrypt_ctx_decrypt_init (mongocrypt_ctx_t *ctx, mongocrypt_binary_t *doc) return _mongocrypt_ctx_fail (ctx); } - _mongocrypt_key_broker_requests_done (&ctx->kb); + (void) _mongocrypt_key_broker_requests_done (&ctx->kb); return _mongocrypt_ctx_state_from_key_broker (ctx); } diff --git a/src/mongocrypt-ctx-encrypt.c b/src/mongocrypt-ctx-encrypt.c index c6556566a..78c9b72f4 100644 --- a/src/mongocrypt-ctx-encrypt.c +++ b/src/mongocrypt-ctx-encrypt.c @@ -242,7 +242,10 @@ _mongo_feed_markings (mongocrypt_ctx_t *ctx, mongocrypt_binary_t *in) ctx, "malformed marking, 'result' must be a document"); } - bson_iter_recurse (&iter, &iter); + if (!bson_iter_recurse (&iter, &iter)) { + return _mongocrypt_ctx_fail_w_msg ( + ctx, "malformed marking, could not recurse into 'result'"); + } if (!_mongocrypt_traverse_binary_in_bson (_collect_key_from_marking, (void *) &ctx->kb, TRAVERSE_MATCH_MARKING, @@ -258,7 +261,7 @@ _mongo_feed_markings (mongocrypt_ctx_t *ctx, mongocrypt_binary_t *in) static bool _mongo_done_markings (mongocrypt_ctx_t *ctx) { - _mongocrypt_key_broker_requests_done (&ctx->kb); + (void) _mongocrypt_key_broker_requests_done (&ctx->kb); return _mongocrypt_ctx_state_from_key_broker (ctx); } @@ -291,7 +294,7 @@ _marking_to_bson_value (void *ctx, out->value_type = BSON_TYPE_BINARY; out->value.v_binary.data = serialized_ciphertext.data; out->value.v_binary.data_len = serialized_ciphertext.len; - out->value.v_binary.subtype = 6; + out->value.v_binary.subtype = (bson_subtype_t) 6; ret = true; @@ -307,11 +310,13 @@ _replace_marking_with_ciphertext (void *ctx, bson_value_t *out, mongocrypt_status_t *status) { - _mongocrypt_marking_t marking = {0}; + _mongocrypt_marking_t marking; bool ret; BSON_ASSERT (in); + memset (&marking, 0, sizeof (marking)); + if (!_mongocrypt_marking_parse_unowned (in, &marking, status)) { _mongocrypt_marking_cleanup (&marking); return false; @@ -328,7 +333,7 @@ _finalize (mongocrypt_ctx_t *ctx, mongocrypt_binary_t *out) bson_t as_bson, converted; bson_iter_t iter; _mongocrypt_ctx_encrypt_t *ectx; - bool res = true; + bool res; ectx = (_mongocrypt_ctx_encrypt_t *) ctx; @@ -356,7 +361,9 @@ _finalize (mongocrypt_ctx_t *ctx, mongocrypt_binary_t *out) } else { /* For explicit encryption, we have no marking, but we can fake one */ _mongocrypt_marking_t marking; - bson_value_t value = {0}; + bson_value_t value; + + memset (&value, 0, sizeof (value)); _mongocrypt_marking_init (&marking); @@ -492,8 +499,9 @@ mongocrypt_ctx_explicit_encrypt_init (mongocrypt_ctx_t *ctx, bson_t as_bson; bson_iter_t iter; - _mongocrypt_ctx_opts_spec_t opts_spec = {0}; + _mongocrypt_ctx_opts_spec_t opts_spec; + memset (&opts_spec, 0, sizeof (opts_spec)); opts_spec.key_descriptor = OPT_REQUIRED; opts_spec.algorithm = OPT_REQUIRED; @@ -576,7 +584,7 @@ mongocrypt_ctx_explicit_encrypt_init (mongocrypt_ctx_t *ctx, } } - _mongocrypt_key_broker_requests_done (&ctx->kb); + (void) _mongocrypt_key_broker_requests_done (&ctx->kb); return _mongocrypt_ctx_state_from_key_broker (ctx); } diff --git a/src/mongocrypt-ctx.c b/src/mongocrypt-ctx.c index 4ba822727..8ba67d9cc 100644 --- a/src/mongocrypt-ctx.c +++ b/src/mongocrypt-ctx.c @@ -250,6 +250,8 @@ mongocrypt_ctx_new (mongocrypt_t *crypt) ctx_size = sizeof (_mongocrypt_ctx_datakey_t); } ctx = bson_malloc0 (ctx_size); + BSON_ASSERT (ctx); + ctx->crypt = crypt; ctx->status = mongocrypt_status_new (); ctx->opts.algorithm = MONGOCRYPT_ENCRYPTION_ALGORITHM_NONE; @@ -295,7 +297,7 @@ _mongo_feed_keys (mongocrypt_ctx_t *ctx, mongocrypt_binary_t *in) static bool _mongo_done_keys (mongocrypt_ctx_t *ctx) { - _mongocrypt_key_broker_docs_done (&ctx->kb); + (void) _mongocrypt_key_broker_docs_done (&ctx->kb); return _mongocrypt_ctx_state_from_key_broker (ctx); } @@ -418,10 +420,11 @@ mongocrypt_ctx_state_t mongocrypt_ctx_state (mongocrypt_ctx_t *ctx) { if (!ctx) { - return false; + return MONGOCRYPT_CTX_ERROR; } if (!ctx->initialized) { - return _mongocrypt_ctx_fail_w_msg (ctx, "ctx NULL or uninitialized"); + _mongocrypt_ctx_fail_w_msg (ctx, "ctx NULL or uninitialized"); + return MONGOCRYPT_CTX_ERROR; } return ctx->state; diff --git a/src/mongocrypt-key-broker.c b/src/mongocrypt-key-broker.c index 5f6a3b757..19e3c147e 100644 --- a/src/mongocrypt-key-broker.c +++ b/src/mongocrypt-key-broker.c @@ -42,6 +42,8 @@ _key_returned_prepend (_mongocrypt_key_broker_t *kb, BSON_ASSERT (key_doc); key_returned = bson_malloc0 (sizeof (*key_returned)); + BSON_ASSERT (key_returned); + key_returned->doc = _mongocrypt_key_new (); _mongocrypt_key_doc_copy_to (key_doc, key_returned->doc); @@ -241,6 +243,8 @@ _mongocrypt_key_broker_request_id (_mongocrypt_key_broker_t *kb, } req = bson_malloc0 (sizeof *req); + BSON_ASSERT (req); + _mongocrypt_buffer_copy_to (key_id, &req->id); req->next = kb->key_requests; kb->key_requests = req; @@ -272,6 +276,8 @@ _mongocrypt_key_broker_request_name (_mongocrypt_key_broker_t *kb, } req = bson_malloc0 (sizeof *req); + BSON_ASSERT (req); + req->alt_name = key_alt_name /* takes ownership */; req->next = kb->key_requests; kb->key_requests = req; @@ -414,6 +420,8 @@ _decrypt_with_local_kms (_mongocrypt_key_broker_t *kb, decrypted_key_material->len = _mongocrypt_calculate_plaintext_len (key_material->len); decrypted_key_material->data = bson_malloc (decrypted_key_material->len); + BSON_ASSERT (decrypted_key_material->data); + decrypted_key_material->owned = true; crypt_ret = _mongocrypt_do_decryption (kb->crypt->crypto, diff --git a/src/mongocrypt-key.c b/src/mongocrypt-key.c index 81d6e7479..356a90691 100644 --- a/src/mongocrypt-key.c +++ b/src/mongocrypt-key.c @@ -412,6 +412,8 @@ _mongocrypt_key_alt_name_copy_all (_mongocrypt_key_alt_name_t *ptr) while (ptr) { _mongocrypt_key_alt_name_t *copied; copied = bson_malloc0 (sizeof (*copied)); + BSON_ASSERT (copied); + bson_value_copy (&ptr->value, &copied->value); if (!ptr_copy) { @@ -469,6 +471,8 @@ _mongocrypt_key_alt_name_create (const char *name, ...) _mongocrypt_key_alt_name_t *curr; curr = bson_malloc0 (sizeof (*curr)); + BSON_ASSERT (curr); + curr->value.value_type = BSON_TYPE_UTF8; curr->value.value.v_utf8.str = bson_strdup (arg_ptr); curr->value.value.v_utf8.len = (uint32_t) strlen (arg_ptr); @@ -490,6 +494,8 @@ _mongocrypt_key_alt_name_t * _mongocrypt_key_alt_name_new (const bson_value_t *value) { _mongocrypt_key_alt_name_t *name = bson_malloc0 (sizeof (*name)); + BSON_ASSERT (name); + bson_value_copy (value, &name->value); return name; } diff --git a/src/mongocrypt-kms-ctx.c b/src/mongocrypt-kms-ctx.c index 76c02dd9c..e53ba5b4c 100644 --- a/src/mongocrypt-kms-ctx.c +++ b/src/mongocrypt-kms-ctx.c @@ -159,9 +159,20 @@ _mongocrypt_kms_ctx_init_aws_decrypt (mongocrypt_kms_ctx_t *kms, kms_request_opt_destroy (opt); kms_request_set_service (kms->req, "kms"); + + if (kms_request_get_error (kms->req)) { + CLIENT_ERR ("error constructing KMS message: %s", + kms_request_get_error (kms->req)); + return false; + } + /* If an endpoint was set, override the default Host header. */ if (key->endpoint) { - kms_request_add_header_field (kms->req, "Host", key->endpoint); + if (!kms_request_add_header_field (kms->req, "Host", key->endpoint)) { + CLIENT_ERR ("error constructing KMS message: %s", + kms_request_get_error (kms->req)); + return false; + } } if (!kms_request_set_region (kms->req, key->masterkey_region)) { @@ -263,10 +274,20 @@ _mongocrypt_kms_ctx_init_aws_encrypt ( kms_request_opt_destroy (opt); kms_request_set_service (kms->req, "kms"); + + if (kms_request_get_error (kms->req)) { + CLIENT_ERR ("error constructing KMS message: %s", + kms_request_get_error (kms->req)); + return false; + } + /* If an endpoint was set, override the default Host header. */ if (ctx_opts->masterkey_aws_endpoint) { - kms_request_add_header_field ( - kms->req, "Host", ctx_opts->masterkey_aws_endpoint); + if (!kms_request_add_header_field ( + kms->req, "Host", ctx_opts->masterkey_aws_endpoint)) { + CLIENT_ERR ("error constructing KMS message: %s", + kms_request_get_error (kms->req)); + } } if (!kms_request_set_region (kms->req, ctx_opts->masterkey_aws_region)) { @@ -370,10 +391,11 @@ mongocrypt_kms_ctx_feed (mongocrypt_kms_ctx_t *kms, mongocrypt_binary_t *bytes) body = kms_response_get_body (response, &body_len); if (http_status != 200) { - /* 1xx, 2xx, and 3xx HTTP status codes are not errors, but we only support - * handling 200 response. */ + /* 1xx, 2xx, and 3xx HTTP status codes are not errors, but we only + * support handling 200 response. */ if (http_status < 400) { - CLIENT_ERR ("Unsupported HTTP code in KMS response. HTTP status=%d", http_status); + CLIENT_ERR ("Unsupported HTTP code in KMS response. HTTP status=%d", + http_status); goto fail; } @@ -396,12 +418,14 @@ mongocrypt_kms_ctx_feed (mongocrypt_kms_ctx_t *kms, mongocrypt_binary_t *bytes) } /* If we couldn't parse JSON, return the body unchanged as an error. */ - CLIENT_ERR ( - "Error parsing JSON in KMS response '%s'. HTTP status=%d", body, http_status); + CLIENT_ERR ("Error parsing JSON in KMS response '%s'. HTTP status=%d", + body, + http_status); goto fail; } - /* If HTTP response succeeded (status 200) then body should contain JSON. */ + /* If HTTP response succeeded (status 200) then body should contain JSON. + */ bson_destroy (&body_bson); if (!bson_init_from_json (&body_bson, body, body_len, &bson_error)) { CLIENT_ERR ("Error parsing JSON in KMS response '%s'. " @@ -425,6 +449,8 @@ mongocrypt_kms_ctx_feed (mongocrypt_kms_ctx_t *kms, mongocrypt_binary_t *bytes) b64_str = (char *) bson_iter_utf8 (&iter, &b64_strlen); kms->result.data = bson_malloc (b64_strlen + 1); + BSON_ASSERT (kms->result.data); + kms->result.len = kms_message_b64_pton (b64_str, kms->result.data, b64_strlen); kms->result.owned = true; diff --git a/src/mongocrypt-marking.c b/src/mongocrypt-marking.c index 52a199e52..9d9e985d1 100644 --- a/src/mongocrypt-marking.c +++ b/src/mongocrypt-marking.c @@ -212,6 +212,8 @@ _mongocrypt_marking_to_ciphertext (void *ctx, _mongocrypt_buffer_from_iter (&plaintext, &marking->v_iter); ciphertext->data.len = _mongocrypt_calculate_ciphertext_len (plaintext.len); ciphertext->data.data = bson_malloc (ciphertext->data.len); + BSON_ASSERT (ciphertext->data.data); + ciphertext->data.owned = true; switch (marking->algorithm) { diff --git a/src/mongocrypt-status.c b/src/mongocrypt-status.c index 7b95574e0..a11e9f586 100644 --- a/src/mongocrypt-status.c +++ b/src/mongocrypt-status.c @@ -50,6 +50,7 @@ mongocrypt_status_set (mongocrypt_status_t *status, bson_free (status->message); status->message = bson_malloc (message_len); + BSON_ASSERT (status->message); status->message[message_len - 1] = '\0'; memcpy (status->message, message, message_len - 1); status->len = message_len - 1; diff --git a/src/mongocrypt-traverse-util.c b/src/mongocrypt-traverse-util.c index a46f06304..8aba52588 100644 --- a/src/mongocrypt-traverse-util.c +++ b/src/mongocrypt-traverse-util.c @@ -139,7 +139,10 @@ _recurse (_recurse_state_t *state) ret = _recurse (&child_state); if (state->copy) { - bson_append_document_end (state->copy, &state->child); + if (!bson_append_document_end (state->copy, &state->child)) { + CLIENT_ERR ("error appending document"); + return false; + } } if (!ret) { diff --git a/src/mongocrypt.c b/src/mongocrypt.c index b211a0029..bf37c21ab 100644 --- a/src/mongocrypt.c +++ b/src/mongocrypt.c @@ -55,8 +55,12 @@ _mongocrypt_set_error (mongocrypt_status_t *status, if (status) { va_start (args, format); prepared_message = bson_strdupv_printf (format, args); - mongocrypt_status_set (status, type, code, prepared_message, -1); - bson_free (prepared_message); + if (!prepared_message) { + mongocrypt_status_set (status, type, code, "Out of memory", -1); + } else { + mongocrypt_status_set (status, type, code, prepared_message, -1); + bson_free (prepared_message); + } va_end (args); } } @@ -99,7 +103,7 @@ tmp_buf (const _mongocrypt_buffer_t *buf) void _mongocrypt_do_init (void) { - kms_message_init (); + (void) kms_message_init (); _native_crypto_init (); } @@ -110,6 +114,8 @@ mongocrypt_new (void) mongocrypt_t *crypt; crypt = bson_malloc0 (sizeof (mongocrypt_t)); + BSON_ASSERT (crypt); + _mongocrypt_mutex_init (&crypt->mutex); _mongocrypt_cache_collinfo_init (&crypt->cache_collinfo); _mongocrypt_cache_key_init (&crypt->cache_key); @@ -201,6 +207,8 @@ _mongocrypt_new_string_from_bytes (const void *in, int len) out_size += len > max_bytes ? sizeof ("...") : 1 /* for null */; out = bson_malloc0 (out_size); + BSON_ASSERT (out); + ret = out; for (int i = 0; i < len && i < max_bytes; i++, out += chars_per_byte) { @@ -218,7 +226,7 @@ _mongocrypt_new_json_string_from_binary (mongocrypt_binary_t *binary) uint32_t len; if (!_mongocrypt_binary_to_bson (binary, &bson) || - !bson_validate (&bson, 0, NULL)) { + !bson_validate (&bson, BSON_VALIDATE_NONE, NULL)) { char *hex; char *full_str; @@ -351,6 +359,8 @@ mongocrypt_init (mongocrypt_t *crypt) #else /* set default hooks. */ crypt->crypto = bson_malloc0 (sizeof (*crypt->crypto)); + BSON_ASSERT (crypt->crypto); + #endif } return true; @@ -434,6 +444,8 @@ mongocrypt_setopt_crypto_hooks (mongocrypt_t *crypt, } crypt->crypto = bson_malloc0 (sizeof (*crypt->crypto)); + BSON_ASSERT (crypt->crypto); + crypt->crypto->hooks_enabled = true; crypt->crypto->ctx = ctx; diff --git a/test/example-state-machine.c b/test/example-state-machine.c index 48824feb6..957245f50 100644 --- a/test/example-state-machine.c +++ b/test/example-state-machine.c @@ -81,6 +81,8 @@ _read_http (const char *path, uint8_t **data) /* Copy and fix newlines: \n becomes \r\n. */ *data = bson_malloc0 (filesize * 2); + BSON_ASSERT (*data); + for (i = 0; i < filesize; i++) { if (contents[i] == '\n' && contents[i - 1] != '\r') { (*data)[len++] = '\r'; diff --git a/test/test-mongocrypt-crypto.c b/test/test-mongocrypt-crypto.c index 5e331ddd3..f042f80b7 100644 --- a/test/test-mongocrypt-crypto.c +++ b/test/test-mongocrypt-crypto.c @@ -35,10 +35,14 @@ _test_roundtrip (_mongocrypt_tester_t *tester) ciphertext.len = _mongocrypt_calculate_ciphertext_len (5); ciphertext.data = bson_malloc (ciphertext.len); + BSON_ASSERT (ciphertext.data); + ciphertext.owned = true; decrypted.len = _mongocrypt_calculate_plaintext_len (ciphertext.len); decrypted.data = bson_malloc (decrypted.len); + BSON_ASSERT (decrypted.data); + decrypted.owned = true; key.data = (uint8_t *) _mongocrypt_repeat_char ('k', MONGOCRYPT_KEY_LEN); @@ -82,6 +86,8 @@ _test_roundtrip (_mongocrypt_tester_t *tester) _mongocrypt_buffer_cleanup (&decrypted); decrypted.len = _mongocrypt_calculate_plaintext_len (ciphertext.len); decrypted.data = bson_malloc (decrypted.len); + BSON_ASSERT (decrypted.data); + decrypted.owned = true; ret = _mongocrypt_do_decryption (crypt->crypto, @@ -188,6 +194,8 @@ _test_mcgrew (_mongocrypt_tester_t *tester) ciphertext_actual.len = _mongocrypt_calculate_ciphertext_len (plaintext.len); ciphertext_actual.data = bson_malloc (ciphertext_actual.len); + BSON_ASSERT (ciphertext_actual.data); + ciphertext_actual.owned = true; /* Force the crypto stack to initialize with mongocrypt_new */ diff --git a/test/test-mongocrypt-datakey.c b/test/test-mongocrypt-datakey.c index f6854b4ed..4ddc2775d 100644 --- a/test/test-mongocrypt-datakey.c +++ b/test/test-mongocrypt-datakey.c @@ -25,6 +25,8 @@ _init_buffer_with_count (_mongocrypt_buffer_t *out, uint32_t count) { out->len = count; out->data = bson_malloc0 (out->len); + BSON_ASSERT (out->data); + out->owned = true; } diff --git a/test/test-mongocrypt-marking.c b/test/test-mongocrypt-marking.c index a821a1954..20152fec3 100644 --- a/test/test-mongocrypt-marking.c +++ b/test/test-mongocrypt-marking.c @@ -23,9 +23,12 @@ /* Create a basis marking buffer with valid values for the given fields. */ static void -_make_marking (bson_t* bson, _mongocrypt_buffer_t *buf) { +_make_marking (bson_t *bson, _mongocrypt_buffer_t *buf) +{ buf->len = bson->len + 1; buf->data = bson_malloc (buf->len); + BSON_ASSERT (buf->data); + buf->data[0] = 0; buf->owned = true; memcpy (buf->data + 1, bson_get_data (bson), bson->len); @@ -33,26 +36,32 @@ _make_marking (bson_t* bson, _mongocrypt_buffer_t *buf) { static void -_parse_ok (_mongocrypt_buffer_t* marking_buf, _mongocrypt_marking_t *out) +_parse_ok (_mongocrypt_buffer_t *marking_buf, _mongocrypt_marking_t *out) { mongocrypt_status_t *status; status = mongocrypt_status_new (); memset (out, 0, sizeof (*out)); - ASSERT_OK_STATUS (_mongocrypt_marking_parse_unowned (marking_buf, out, status), status); + ASSERT_OK_STATUS ( + _mongocrypt_marking_parse_unowned (marking_buf, out, status), status); mongocrypt_status_destroy (status); } static void -_parse_fails (_mongocrypt_buffer_t* marking_buf, const char* msg, _mongocrypt_marking_t *out) +_parse_fails (_mongocrypt_buffer_t *marking_buf, + const char *msg, + _mongocrypt_marking_t *out) { mongocrypt_status_t *status; status = mongocrypt_status_new (); memset (out, 0, sizeof (*out)); - ASSERT_FAILS_STATUS (_mongocrypt_marking_parse_unowned (marking_buf, out, status), status, msg); + ASSERT_FAILS_STATUS ( + _mongocrypt_marking_parse_unowned (marking_buf, out, status), + status, + msg); mongocrypt_status_destroy (status); } @@ -74,7 +83,7 @@ test_mongocrypt_marking_parse (_mongocrypt_tester_t *tester) _mongocrypt_marking_cleanup (&marking); /* buffer < 5 bytes */ - marking_buf.data = (uint8_t*)"abc"; + marking_buf.data = (uint8_t *) "abc"; marking_buf.len = 3; marking_buf.owned = false; _parse_fails (&marking_buf, "invalid marking, length < 5", &marking); @@ -114,7 +123,8 @@ test_mongocrypt_marking_parse (_mongocrypt_tester_t *tester) /* a: wrong type */ marking_bson = TMP_BSON ("{'a': 'abc', 'v': 'abc', 'ka': 'alt'}"); _make_marking (marking_bson, &marking_buf); - _parse_fails (&marking_buf, "invalid marking, 'a' must be an int32", &marking); + _parse_fails ( + &marking_buf, "invalid marking, 'a' must be an int32", &marking); _mongocrypt_buffer_cleanup (&marking_buf); _mongocrypt_marking_cleanup (&marking); /* a: wrong integer */ @@ -123,7 +133,7 @@ test_mongocrypt_marking_parse (_mongocrypt_tester_t *tester) _parse_fails (&marking_buf, "invalid algorithm value: -1", &marking); _mongocrypt_buffer_cleanup (&marking_buf); _mongocrypt_marking_cleanup (&marking); - + /* v: missing */ marking_bson = TMP_BSON ("{'a': 2, 'ka': 'alt'}"); _make_marking (marking_bson, &marking_buf); @@ -132,7 +142,7 @@ test_mongocrypt_marking_parse (_mongocrypt_tester_t *tester) _mongocrypt_marking_cleanup (&marking); /* Not testing IV per CDRIVER-3127. TODO: remove this comment. */ - + /* ki+ka: missing */ marking_bson = TMP_BSON ("{'a': 2, 'v': 'abc'}"); _make_marking (marking_bson, &marking_buf); @@ -141,7 +151,8 @@ test_mongocrypt_marking_parse (_mongocrypt_tester_t *tester) _mongocrypt_marking_cleanup (&marking); /* ki+ka: both present */ marking_bson = TMP_BSON ("{'a': 2, 'v': 'abc', 'ka': 'alt' }"); - BSON_APPEND_BINARY (marking_bson, "ki", BSON_SUBTYPE_UUID, (TEST_BIN(16))->data, 16); + BSON_APPEND_BINARY ( + marking_bson, "ki", BSON_SUBTYPE_UUID, (TEST_BIN (16))->data, 16); _make_marking (marking_bson, &marking_buf); _parse_fails (&marking_buf, "both 'ki' and 'ka' specified", &marking); _mongocrypt_buffer_cleanup (&marking_buf); @@ -156,7 +167,8 @@ test_mongocrypt_marking_parse (_mongocrypt_tester_t *tester) /* ki: wrong subtype */ marking_bson = TMP_BSON ("{'a': 2, 'v': 'abc' }"); - BSON_APPEND_BINARY (marking_bson, "ki", BSON_SUBTYPE_BINARY, (TEST_BIN(16))->data, 16); + BSON_APPEND_BINARY ( + marking_bson, "ki", BSON_SUBTYPE_BINARY, (TEST_BIN (16))->data, 16); _make_marking (marking_bson, &marking_buf); _parse_fails (&marking_buf, "key id must be a UUID", &marking); _mongocrypt_buffer_cleanup (&marking_buf); @@ -168,7 +180,6 @@ test_mongocrypt_marking_parse (_mongocrypt_tester_t *tester) _parse_fails (&marking_buf, "key alt name must be a UTF8", &marking); _mongocrypt_buffer_cleanup (&marking_buf); _mongocrypt_marking_cleanup (&marking); - } diff --git a/test/test-mongocrypt-status.c b/test/test-mongocrypt-status.c index 545c8e561..aab9065b3 100644 --- a/test/test-mongocrypt-status.c +++ b/test/test-mongocrypt-status.c @@ -51,6 +51,8 @@ _test_status_len (_mongocrypt_tester_t *tester) /* Test setting a large string. */ largestring = bson_malloc (4096); + BSON_ASSERT (largestring); + memset (largestring, 'a', 4096); mongocrypt_status_set ( status, MONGOCRYPT_STATUS_ERROR_CLIENT, errcode, largestring, 4097); diff --git a/test/test-mongocrypt-traverse-util.c b/test/test-mongocrypt-traverse-util.c index 3a17a2839..842d709d0 100644 --- a/test/test-mongocrypt-traverse-util.c +++ b/test/test-mongocrypt-traverse-util.c @@ -32,6 +32,8 @@ _append_marking (bson_t *bson, const char *key, int key_len) BCON_UTF8 ("Nancy")); data = bson_malloc0 (marking_bson->len + 1); + BSON_ASSERT (data); + data[0] = 0; memcpy (data + 1, marking_bson, marking_bson->len); @@ -58,6 +60,8 @@ _append_ciphertext_with_subtype (bson_t *bson, data_len = (int) (1 + key_id_len + 1 + strlen (utf8)); data = bson_malloc0 (data_len); + BSON_ASSERT (data); + data[0] = first_byte; memcpy (data + 1, (TEST_BIN (16))->data, key_id_len); data[1 + key_id_len] = 0x02; /* BSON type UTF8 */ @@ -387,6 +391,8 @@ test_transform_cb (void *ctx, out->value_type = BSON_TYPE_BINARY; out->value.v_binary.subtype = 6; out->value.v_binary.data = bson_malloc0 (14); + BSON_ASSERT (out->value.v_binary.data); + out->value.v_binary.data[0] = in->data[0]; memcpy (out->value.v_binary.data + 1, "secretmessage", 13); out->value.v_binary.data_len = 14; diff --git a/test/test-mongocrypt.c b/test/test-mongocrypt.c index 1b0de2b71..1bb745e2c 100644 --- a/test/test-mongocrypt.c +++ b/test/test-mongocrypt.c @@ -34,6 +34,8 @@ _mongocrypt_repeat_char (char c, uint32_t times) uint32_t i; result = bson_malloc (times); + BSON_ASSERT (result); + for (i = 0; i < times; i++) { result[i] = c; } @@ -108,6 +110,8 @@ _load_http (_mongocrypt_tester_t *tester, const char *path) _mongocrypt_buffer_init (buf); /* allocate twice the size since \n may become \r\n */ buf->data = bson_malloc0 (filesize * 2); + BSON_ASSERT (buf->data); + buf->len = 0; buf->owned = true; for (i = 0; i < filesize; i++) { @@ -256,7 +260,12 @@ _mongocrypt_tester_bin (_mongocrypt_tester_t *tester, int size) uint8_t *blob; int i; + if (size == 0) { + return NULL; + } blob = bson_malloc (size); + BSON_ASSERT (blob); + for (i = 0; i < size; i++) { blob[i] = (i % 3) + 1; /* 1, 2, 3, 1, 2, 3, ... */ } @@ -420,6 +429,8 @@ _mongocrypt_tester_fill_buffer (_mongocrypt_buffer_t *buf, int n) memset (buf, 0, sizeof (*buf)); buf->data = bson_malloc (n); + BSON_ASSERT (buf->data); + for (i = 0; i < n; i++) { buf->data[i] = i; }