[Bug 2687] Coverity scan fixes
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Fri Mar 3 20:58:05 AEDT 2023
https://bugzilla.mindrot.org/show_bug.cgi?id=2687
--- Comment #28 from Darren Tucker <dtucker at dtucker.net> ---
Comment on attachment 2953
--> https://bugzilla.mindrot.org/attachment.cgi?id=2953
proposed coverity patch
>diff --git a/auth-pam.c b/auth-pam.c
>index e554ec4..bd16d80 100644
>--- a/auth-pam.c
>+++ b/auth-pam.c
>@@ -834,6 +834,8 @@ fake_password(const char *wire_password)
> fatal("%s: password length too long: %zu", __func__, l);
>
> ret = malloc(l + 1);
>+ if (ret == NULL)
>+ return NULL;
This already is done.
>+++ b/clientloop.c
>@@ -2290,7 +2290,7 @@ update_known_hosts(struct hostkeys_update_ctx *ctx)
> free(response);
> response = read_passphrase("Accept updated hostkeys? "
> "(yes/no): ", RP_ECHO);
>- if (strcasecmp(response, "yes") == 0)
>+ if (response != NULL && strcasecmp(response, "yes") == 0)
applied, thanks.
>+ if (digest == NULL || dlen > UINT_MAX)
This is already done.
>diff --git a/kex.c b/kex.c
>index a30dabe..7e4a7ab 100644
>--- a/kex.c
>+++ b/kex.c
>@@ -178,7 +178,7 @@ kex_names_valid(const char *names)
I think these have all been fixed.
>diff --git a/readconf.c b/readconf.c
>index 3e7a5d8..acc1391 100644
>--- a/readconf.c
>+++ b/readconf.c
>@@ -1500,6 +1500,7 @@ parse_keytypes:
> if (r == GLOB_NOMATCH) {
> debug("%.200s line %d: include %s matched no "
> "files",filename, linenum, arg2);
>+ free(arg2);
This is now fixed.
>diff --git a/servconf.c b/servconf.c
>index 6ab1cb4..5f2464a 100644
>--- a/servconf.c
>+++ b/servconf.c
>@@ -2284,8 +2284,6 @@ dump_cfg_fmtint(ServerOpCodes code, int val)
> static void
> dump_cfg_string(ServerOpCodes code, const char *val)
> {
>- if (val == NULL)
>- return;
> printf("%s %s\n", lookup_opcode_name(code),
> val == NULL ? "none" : val);
> }
This is now fixed.
>diff --git a/sshconnect.c b/sshconnect.c
>index 07f80cd..7361898 100644
>--- a/sshconnect.c
>+++ b/sshconnect.c
>@@ -1533,6 +1533,7 @@ maybe_add_key_to_agent(char *authfile, Key *private, char *comment,
These are now fixed.
>diff --git a/sshconnect2.c b/sshconnect2.c
>index f31c24c..aecf765 100644
>--- a/sshconnect2.c
>+++ b/sshconnect2.c
[...]
>+ free(blob);
This is now freed on the "out:" path.
>diff --git a/sshkey.c b/sshkey.c
>index 85fd1bd..58c1051 100644
>--- a/sshkey.c
>+++ b/sshkey.c
>@@ -1375,8 +1375,6 @@ sshkey_read(struct sshkey *ret, char **cpp)
I think this function has changed and this diff is no longer relevant.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list