[Bug 2687] Coverity scan fixes
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Fri Mar 3 21:27:17 AEDT 2023
https://bugzilla.mindrot.org/show_bug.cgi?id=2687
--- Comment #30 from Darren Tucker <dtucker at dtucker.net> ---
Comment on attachment 3176
--> https://bugzilla.mindrot.org/attachment.cgi?id=3176
New patch set (openssh-7.8)
>@@ -186,11 +186,16 @@ proto_spec(const char *spec)
> char *
> compat_cipher_proposal(char *cipher_prop)
This has been fixed (after some headaches).
> if (!(datafellows & SSH_BUG_BIGENDIANAES))
> return cipher_prop;
> debug2("%s: original cipher proposal: %s", __func__, cipher_prop);
>- if ((cipher_prop = match_filter_blacklist(cipher_prop, "aes*")) == NULL)
>+ np = match_filter_blacklist(cipher_prop, "aes*");
>+ if (np == NULL)
> fatal("match_filter_blacklist failed");
>+ free(cipher_prop);
>+ cipher_prop = np;
> debug2("%s: compat cipher proposal: %s", __func__, cipher_prop);
> if (*cipher_prop == '\0')
> fatal("No supported ciphers found");
>@@ -200,11 +205,16 @@ compat_cipher_proposal(char *cipher_prop)
> char *
> compat_pkalg_proposal(char *pkalg_prop)
This function has been reduced to more or less a no-op. We removed
support for these ancient (~20yo) buggy implementations, and when we
removed the bug bits we were able to delete almost all of this
function.
>@@ -779,6 +779,7 @@ deserialise_array(struct sshbuf *m, char ***ap, size_t *np)
> n = tmp;
> if (n > 0 && (a = calloc(n, sizeof(*a))) == NULL) {
> r = SSH_ERR_ALLOC_FAIL;
>+ n = 0;
> goto out;
> }
I think this one is now unnecessary, although there's not quite enough
context to see, but I think this was fixed later with a NULL test in
the out: path.
out:
if (a != NULL) {
for (i = 0; i < n; i++)
free(a[i]);
free(a);
}
>diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c
[...]
>+#include <stdlib.h>
This has already been fixed.
>diff --git a/openbsd-compat/setproctitle.c b/openbsd-compat/setproctitle.c
[...]
>+ size_t len = 0;
This has already been fixed.
> ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
[...]
>+ int len, r, ms_remain = 0;
Applied, thanks.
still need to go through the rest starting from do_setup_env
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list