[Bug 2687] Coverity scan fixes
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Fri Mar 10 14:09:07 AEDT 2017
https://bugzilla.mindrot.org/show_bug.cgi?id=2687
--- Comment #4 from Darren Tucker <dtucker at zip.com.au> ---
Comment on attachment 2953
--> https://bugzilla.mindrot.org/attachment.cgi?id=2953
proposed coverity patch
>+ if (ret == NULL)
>+ return NULL;
applied.
> response = read_passphrase("Accept updated hostkeys? "
> "(yes/no): ", RP_ECHO);
>- if (strcasecmp(response, "yes") == 0)
>+ if (response != NULL && strcasecmp(response, "yes") == 0)
I think this is a false positive.
read_passphrase() can only return NULL if given the RP_ALLOW_EOF flag,
otherwise the return values all come from xstrdup which will provide a
valid pointer or die trying.
>- if (dlen > UINT_MAX)
>+ if (digest == NULL || dlen > UINT_MAX)
looks reasonable, applied.
[several memory and fd leak fixes]
seem reasonable, looking at them now.
> dump_cfg_string(ServerOpCodes code, const char *val)
> {
>- if (val == NULL)
>- return;
> printf("%s %s\n", lookup_opcode_name(code),
> val == NULL ? "none" : val);
not sure what the intent of this was, will need to investigate.
>diff --git a/sshkey.c b/sshkey.c
>index 85fd1bd..58c1051 100644
>--- a/sshkey.c
>+++ b/sshkey.c
>@@ -1375,8 +1375,6 @@ sshkey_read(struct sshkey *ret, char **cpp)
> retval = 0;
> /*XXXX*/
> sshkey_free(k);
>- if (retval != 0)
>- break;
> break;
Dunno what that was supposed to be. Damien?
1.1 (djm 24-Jun-14): /*XXXX*/
1.1 (djm 24-Jun-14): sshkey_free(k);
1.1 (djm 24-Jun-14): if (retval != 0)
1.1 (djm 24-Jun-14): break;
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list