[Bug 2687] Coverity scan fixes
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Fri Mar 3 21:08:17 AEDT 2023
https://bugzilla.mindrot.org/show_bug.cgi?id=2687
--- Comment #29 from Darren Tucker <dtucker at dtucker.net> ---
Comment on attachment 2954
--> https://bugzilla.mindrot.org/attachment.cgi?id=2954
2nd part with lower priority
>diff --git a/krl.c b/krl.c
> /* Handled above, but still need to stay in synch */
>- sshbuf_reset(sect);
>+ sshbuf_free(sect);
This one is done.
>@@ -1288,7 +1288,8 @@ ssh_krl_file_contains_key(const char *path, const struct sshkey *key)
> debug2("%s: checking KRL %s", __func__, path);
> r = ssh_krl_check_key(krl, key);
> out:
>- close(fd);
>+ if (fd != -1)
>+ close(fd);
This function doesn't do any descriptor handling any more.
>diff --git a/readconf.c b/readconf.c
>index acc1391..c4dff15 100644
>--- a/readconf.c
>+++ b/readconf.c
>@@ -1185,7 +1185,7 @@ parse_int:
> value = cipher_number(arg);
> if (value == -1)
> fatal("%.200s line %d: Bad cipher '%s'.",
>- filename, linenum, arg ? arg : "<NONE>");
>+ filename, linenum, arg);
This code is gone (I think it was part of SSH1 handling).
> if (*activep && *intptr == -1)
> *intptr = value;
> break;
>@@ -1196,7 +1196,7 @@ parse_int:
> fatal("%.200s line %d: Missing argument.", filename, linenum);
> if (*arg != '-' && !ciphers_valid(*arg == '+' ? arg + 1 : arg))
> fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
>- filename, linenum, arg ? arg : "<NONE>");
>+ filename, linenum, arg);
I think this one is wrong: it'll potentially cause a NULL pointer deref
platforms whose string libs don't guard against it (eg Solaris). Same
for the following instances of the same thing.
>diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c
>index aaf712d..62a76b3 100644
>--- a/ssh-pkcs11.c
>+++ b/ssh-pkcs11.c
>@@ -536,8 +536,8 @@ pkcs11_fetch_keys_filter(struct pkcs11_provider *p, CK_ULONG slotidx,
This function has been removed.
>diff --git a/sshconnect1.c b/sshconnect1.c
SSH1 support has been removed.
>diff --git a/sshkey.c b/sshkey.c
>index 58c1051..6afacb5 100644
>--- a/sshkey.c
>+++ b/sshkey.c
>@@ -1239,6 +1239,9 @@ sshkey_read(struct sshkey *ret, char **cpp)
> u_long bits;
> #endif /* WITH_SSH1 */
>
>+ if (ret == NULL)
>+ return SSH_ERR_INVALID_ARGUMENT;
This has already been fixed.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list