[Bug 2687] Coverity scan fixes

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Fri Mar 3 20:58:05 AEDT 2023 

https://bugzilla.mindrot.org/show_bug.cgi?id=2687

--- Comment #28 from Darren Tucker <dtucker at dtucker.net> ---
Comment on attachment 2953
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2953
proposed coverity patch

>diff --git a/auth-pam.c b/auth-pam.c
>index e554ec4..bd16d80 100644
>--- a/auth-pam.c
>+++ b/auth-pam.c
>@@ -834,6 +834,8 @@ fake_password(const char *wire_password)
> 		fatal("%s: password length too long: %zu", __func__, l);
> 
> 	ret = malloc(l + 1);
>+	if (ret == NULL)
>+		return NULL;

This already is done.


>+++ b/clientloop.c
>@@ -2290,7 +2290,7 @@ update_known_hosts(struct hostkeys_update_ctx *ctx)
> 			free(response);
> 			response = read_passphrase("Accept updated hostkeys? "
> 			    "(yes/no): ", RP_ECHO);
>-			if (strcasecmp(response, "yes") == 0)
>+			if (response != NULL && strcasecmp(response, "yes") == 0)

applied, thanks.

>+	if (digest == NULL || dlen > UINT_MAX)

This is already done.

>diff --git a/kex.c b/kex.c
>index a30dabe..7e4a7ab 100644
>--- a/kex.c
>+++ b/kex.c
>@@ -178,7 +178,7 @@ kex_names_valid(const char *names)

I think these have all been fixed.

>diff --git a/readconf.c b/readconf.c
>index 3e7a5d8..acc1391 100644
>--- a/readconf.c
>+++ b/readconf.c
>@@ -1500,6 +1500,7 @@ parse_keytypes:
> 			if (r == GLOB_NOMATCH) {
> 				debug("%.200s line %d: include %s matched no "
> 				    "files",filename, linenum, arg2);
>+				free(arg2);

This is now fixed.

>diff --git a/servconf.c b/servconf.c
>index 6ab1cb4..5f2464a 100644
>--- a/servconf.c
>+++ b/servconf.c
>@@ -2284,8 +2284,6 @@ dump_cfg_fmtint(ServerOpCodes code, int val)
> static void
> dump_cfg_string(ServerOpCodes code, const char *val)
> {
>-	if (val == NULL)
>-		return;
> 	printf("%s %s\n", lookup_opcode_name(code),
> 	    val == NULL ? "none" : val);
> }

This is now fixed.

>diff --git a/sshconnect.c b/sshconnect.c
>index 07f80cd..7361898 100644
>--- a/sshconnect.c
>+++ b/sshconnect.c
>@@ -1533,6 +1533,7 @@ maybe_add_key_to_agent(char *authfile, Key *private, char *comment,

These are now fixed.

>diff --git a/sshconnect2.c b/sshconnect2.c
>index f31c24c..aecf765 100644
>--- a/sshconnect2.c
>+++ b/sshconnect2.c
[...]
>+		free(blob);

This is now freed on the "out:" path.

>diff --git a/sshkey.c b/sshkey.c
>index 85fd1bd..58c1051 100644
>--- a/sshkey.c
>+++ b/sshkey.c
>@@ -1375,8 +1375,6 @@ sshkey_read(struct sshkey *ret, char **cpp)

I think this function has changed and this diff is no longer relevant.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list