[Bug 2687] Coverity scan fixes
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Fri Mar 3 20:42:00 AEDT 2023
https://bugzilla.mindrot.org/show_bug.cgi?id=2687
--- Comment #26 from Darren Tucker <dtucker at dtucker.net> ---
Comment on attachment 3287
--> https://bugzilla.mindrot.org/attachment.cgi?id=3287
New coverity issues from 8.0p1 release
Need to take a closer look at ssh_api.c but the rest of these seem
fixed:
>@@ -2228,6 +2228,9 @@ update_krl_from_file(struct passwd *pw, const char *file, int wild_ca,
> cp = cp + strspn(cp, " \t");
> hash_to_blob(cp, &blob, &blen, file, lnum);
> r = ssh_krl_revoke_key_sha256(krl, blob, blen);
>+ freezero(blob, blen);
>+ blob = NULL;
>+ blen = 0;
There's now a call to fatal here, so I think this is fixed albeit in a
different way.
>From 73bf5d1f21852f8e6ea315c64a6960a27f1c2c0d Mon Sep 17 00:00:00 2001
>From: Jakub Jelen <jjelen at redhat.com>
>Date: Mon, 27 May 2019 14:02:12 +0200
>Subject: [PATCH 3/6] Coverity: leaked storage
>
> 43. openssh-8.0p1/auth-options.c:538: leaked_storage: Variable "opt" going out of scope leaks the storage it points to.
This one has been fixed.
>From e6e54a94be55110d7b4bf2a220d8f7c2f5d4062d Mon Sep 17 00:00:00 2001
>From: Jakub Jelen <jjelen at redhat.com>
>Date: Mon, 27 May 2019 14:06:23 +0200
>Subject: [PATCH 4/6] Coverity: Remove unused variable max
>
> 1. openssh-8.0p1/ssh-pkcs11-helper.c:356:3: warning: Value stored to 'max' is never read
This one has been removed.
>From 14eab3a31c68b5aaed307fdf6a3260c3a3035d7f Mon Sep 17 00:00:00 2001
>From: Jakub Jelen <jjelen at redhat.com>
>Date: Mon, 27 May 2019 14:14:58 +0200
>Subject: [PATCH 6/6] Coverity: Unused variable r
>
> 1. openssh-8.0p1/auth2.c:221:2: warning: Value stored to 'r' is never read
This one has been fixed.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list