[Bug 3382] Software vulnerabilities detected using ESBMC-WR tool
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Thu Jan 20 15:01:03 AEDT 2022
https://bugzilla.mindrot.org/show_bug.cgi?id=3382
Darren Tucker <dtucker at dtucker.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker at dtucker.net
--- Comment #1 from Darren Tucker <dtucker at dtucker.net> ---
I think these are both false positives.
(In reply to janislley from comment #0)
[...]
> State 2 file syserr.c
There is no file with that name in OpenSSH. There is (potentially, if
depending on autoconf) a strerror, however a) it's in bsd-misc.c and b)
Linuxes usually have a native strerror.
> line 4 function strerror thread 0
Line 4 in bsd-misc.c is in the middle of a comment block.
[...]
> State 3 file syserr.c line 108 function strerror thread 0
Line 108 in bsd-misc.c is a blank line after the strerror function.
In addition, the strerror replacement explicitly checks for errno<0:
const char *strerror(int e)
{
extern int sys_nerr;
extern char *sys_errlist[];
if ((e >= 0) && (e < sys_nerr))
return (sys_errlist[e]);
return ("unlisted error");
}
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list