From 644a5c0b2bceec2352f625193bbb3c8b6a188475 Mon Sep 17 00:00:00 2001
From: Aditya Deshpande <aditya.deshpande@arm.com>
Date: Mon, 30 Jan 2023 15:58:50 +0000
Subject: [PATCH 1/4] Fix bugs in example programs: change argc == 0 to argc <
 2

Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
---
 programs/pkey/dh_genprime.c    | 2 +-
 programs/pkey/gen_key.c        | 2 +-
 programs/pkey/key_app.c        | 2 +-
 programs/pkey/key_app_writer.c | 2 +-
 programs/ssl/ssl_client2.c     | 2 +-
 programs/ssl/ssl_mail_client.c | 2 +-
 programs/ssl/ssl_server2.c     | 2 +-
 programs/util/pem2der.c        | 2 +-
 programs/x509/cert_app.c       | 2 +-
 programs/x509/cert_req.c       | 2 +-
 programs/x509/cert_write.c     | 2 +-
 programs/x509/crl_app.c        | 2 +-
 programs/x509/req_app.c        | 2 +-
 13 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c
index 25371ba9e..1f4cd59ee 100644
--- a/programs/pkey/dh_genprime.c
+++ b/programs/pkey/dh_genprime.c
@@ -71,7 +71,7 @@ int main(int argc, char **argv)
     mbedtls_ctr_drbg_init(&ctr_drbg);
     mbedtls_entropy_init(&entropy);
 
-    if (argc == 0) {
+    if (argc < 2) {
 usage:
         mbedtls_printf(USAGE);
         goto exit;
diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c
index 85ee4358a..029558d81 100644
--- a/programs/pkey/gen_key.c
+++ b/programs/pkey/gen_key.c
@@ -200,7 +200,7 @@ int main(int argc, char *argv[])
     mbedtls_ctr_drbg_init(&ctr_drbg);
     memset(buf, 0, sizeof(buf));
 
-    if (argc == 0) {
+    if (argc < 2) {
 usage:
         mbedtls_printf(USAGE);
 #if defined(MBEDTLS_ECP_C)
diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c
index 8ed88dafb..c80dcd0a1 100644
--- a/programs/pkey/key_app.c
+++ b/programs/pkey/key_app.c
@@ -103,7 +103,7 @@ int main(int argc, char *argv[])
     mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
     mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
 
-    if (argc == 0) {
+    if (argc < 2) {
 usage:
         mbedtls_printf(USAGE);
         goto cleanup;
diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c
index 2dbb79efe..862c93f4c 100644
--- a/programs/pkey/key_app_writer.c
+++ b/programs/pkey/key_app_writer.c
@@ -220,7 +220,7 @@ int main(int argc, char *argv[])
     mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
     mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
 
-    if (argc == 0) {
+    if (argc < 2) {
 usage:
         mbedtls_printf(USAGE);
         goto exit;
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index b12406595..03034d117 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -867,7 +867,7 @@ int main(int argc, char *argv[])
     mbedtls_test_enable_insecure_external_rng();
 #endif  /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
 
-    if (argc == 0) {
+    if (argc < 2) {
 usage:
         if (ret == 0) {
             ret = 1;
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index 4e54be885..3b040aaab 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -370,7 +370,7 @@ int main(int argc, char *argv[])
     mbedtls_pk_init(&pkey);
     mbedtls_ctr_drbg_init(&ctr_drbg);
 
-    if (argc == 0) {
+    if (argc < 2) {
 usage:
         mbedtls_printf(USAGE);
 
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index b3d9f5a5c..d4f9664bc 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -1633,7 +1633,7 @@ int main(int argc, char *argv[])
     signal(SIGINT, term_handler);
 #endif
 
-    if (argc == 0) {
+    if (argc < 2) {
 usage:
         if (ret == 0) {
             ret = 1;
diff --git a/programs/util/pem2der.c b/programs/util/pem2der.c
index 4a25f21b7..5dd367a0c 100644
--- a/programs/util/pem2der.c
+++ b/programs/util/pem2der.c
@@ -189,7 +189,7 @@ int main(int argc, char *argv[])
     memset(buf, 0, sizeof(buf));
     memset(der_buffer, 0, sizeof(der_buffer));
 
-    if (argc == 0) {
+    if (argc < 2) {
 usage:
         mbedtls_printf(USAGE);
         goto exit;
diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c
index 61352387e..a9656c6c1 100644
--- a/programs/x509/cert_app.c
+++ b/programs/x509/cert_app.c
@@ -161,7 +161,7 @@ int main(int argc, char *argv[])
     memset(&cacrl, 0, sizeof(mbedtls_x509_crl));
 #endif
 
-    if (argc == 0) {
+    if (argc < 2) {
 usage:
         mbedtls_printf(USAGE);
         goto exit;
diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c
index 1126e60ae..8ef59325e 100644
--- a/programs/x509/cert_req.c
+++ b/programs/x509/cert_req.c
@@ -159,7 +159,7 @@ int main(int argc, char *argv[])
     mbedtls_ctr_drbg_init(&ctr_drbg);
     memset(buf, 0, sizeof(buf));
 
-    if (argc == 0) {
+    if (argc < 2) {
 usage:
         mbedtls_printf(USAGE);
         goto exit;
diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index 3e134dd6a..8a652fe57 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -273,7 +273,7 @@ int main(int argc, char *argv[])
     mbedtls_x509_crt_init(&issuer_crt);
     memset(buf, 0, sizeof(buf));
 
-    if (argc == 0) {
+    if (argc < 2) {
 usage:
         mbedtls_printf(USAGE);
         goto exit;
diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c
index f06987c1f..d74a4887e 100644
--- a/programs/x509/crl_app.c
+++ b/programs/x509/crl_app.c
@@ -70,7 +70,7 @@ int main(int argc, char *argv[])
      */
     mbedtls_x509_crl_init(&crl);
 
-    if (argc == 0) {
+    if (argc < 2) {
 usage:
         mbedtls_printf(USAGE);
         goto exit;
diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c
index 8cfe4a441..83e2546ed 100644
--- a/programs/x509/req_app.c
+++ b/programs/x509/req_app.c
@@ -70,7 +70,7 @@ int main(int argc, char *argv[])
      */
     mbedtls_x509_csr_init(&csr);
 
-    if (argc == 0) {
+    if (argc < 2) {
 usage:
         mbedtls_printf(USAGE);
         goto exit;

From d05aa0fc604b3d35f5b4f6ff38d4e6d160bf616c Mon Sep 17 00:00:00 2001
From: Aditya Deshpande <aditya.deshpande@arm.com>
Date: Mon, 30 Jan 2023 17:22:07 +0000
Subject: [PATCH 2/4] Add changelog entry

Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
---
 ChangeLog.d/fix-example-programs-no-args.txt | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 ChangeLog.d/fix-example-programs-no-args.txt

diff --git a/ChangeLog.d/fix-example-programs-no-args.txt b/ChangeLog.d/fix-example-programs-no-args.txt
new file mode 100644
index 000000000..bfdf66725
--- /dev/null
+++ b/ChangeLog.d/fix-example-programs-no-args.txt
@@ -0,0 +1,7 @@
+Bugfix
+   * Fix a bug present in multiple example programs where running the program
+     from the shell without any command line argument results argv[1] being
+     accessed. The above was fixed for the following: pem2der.c, cert_req.c, 
+     cert_app.c, cert_write.c, req_app.c, crl_app.c, dh_genprime.c, key_app.c,
+     gen_key.c, key_app_writer.c, ssl_client2.c, ssl_server2.c, 
+     ssl_mail_client.c.
\ No newline at end of file

From 3b18a29c13da779d7bb898feced00f7b150f69e5 Mon Sep 17 00:00:00 2001
From: Aditya Deshpande <aditya.deshpande@arm.com>
Date: Tue, 31 Jan 2023 16:22:57 +0000
Subject: [PATCH 3/4] Amend changelog entry

Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
---
 ChangeLog.d/fix-example-programs-no-args.txt | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/ChangeLog.d/fix-example-programs-no-args.txt b/ChangeLog.d/fix-example-programs-no-args.txt
index bfdf66725..57fe37a8e 100644
--- a/ChangeLog.d/fix-example-programs-no-args.txt
+++ b/ChangeLog.d/fix-example-programs-no-args.txt
@@ -1,7 +1,4 @@
 Bugfix
-   * Fix a bug present in multiple example programs where running the program
-     from the shell without any command line argument results argv[1] being
-     accessed. The above was fixed for the following: pem2der.c, cert_req.c, 
-     cert_app.c, cert_write.c, req_app.c, crl_app.c, dh_genprime.c, key_app.c,
-     gen_key.c, key_app_writer.c, ssl_client2.c, ssl_server2.c, 
-     ssl_mail_client.c.
\ No newline at end of file
+   * Fix behavior of certain sample programs which could, when run with no
+     arguments, access uninitialized memory in some cases. Fixes #6700 (which
+     was found by TrustInSoft Analyzer during REDOCS'22) and #1120.

From 9b45f6bb68f23d95841a90a226e9e36cb635def2 Mon Sep 17 00:00:00 2001
From: Aditya Deshpande <aditya.deshpande@arm.com>
Date: Fri, 3 Feb 2023 16:15:30 +0000
Subject: [PATCH 4/4] Fix more argc checks

Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
---
 programs/hash/generic_sum.c               | 2 +-
 programs/test/query_compile_time_config.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c
index e2e49e343..995694af0 100644
--- a/programs/hash/generic_sum.c
+++ b/programs/hash/generic_sum.c
@@ -169,7 +169,7 @@ int main(int argc, char *argv[])
 
     mbedtls_md_init(&md_ctx);
 
-    if (argc == 1) {
+    if (argc < 2) {
         const int *list;
 
         mbedtls_printf("print mode:  generic_sum <mbedtls_md> <file> <file> ...\n");
diff --git a/programs/test/query_compile_time_config.c b/programs/test/query_compile_time_config.c
index 8f763facd..df0fe4a70 100644
--- a/programs/test/query_compile_time_config.c
+++ b/programs/test/query_compile_time_config.c
@@ -40,7 +40,7 @@ int main(int argc, char *argv[])
 {
     int i;
 
-    if (argc == 1 || strcmp(argv[1], "-h") == 0) {
+    if (argc < 2 || strcmp(argv[1], "-h") == 0) {
         mbedtls_printf(USAGE, argv[0]);
         return MBEDTLS_EXIT_FAILURE;
     }