[Bug 2687] Coverity scan fixes

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Fri Mar 3 21:27:17 AEDT 2023


https://bugzilla.mindrot.org/show_bug.cgi?id=2687

--- Comment #30 from Darren Tucker <dtucker at dtucker.net> ---
Comment on attachment 3176
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3176
New patch set (openssh-7.8)



>@@ -186,11 +186,16 @@ proto_spec(const char *spec)
> char *
> compat_cipher_proposal(char *cipher_prop)

This has been fixed (after some headaches).

> 	if (!(datafellows & SSH_BUG_BIGENDIANAES))
> 		return cipher_prop;
> 	debug2("%s: original cipher proposal: %s", __func__, cipher_prop);
>-	if ((cipher_prop = match_filter_blacklist(cipher_prop, "aes*")) == NULL)
>+	np = match_filter_blacklist(cipher_prop, "aes*");
>+	if (np == NULL)
> 		fatal("match_filter_blacklist failed");
>+	free(cipher_prop);
>+	cipher_prop = np;
> 	debug2("%s: compat cipher proposal: %s", __func__, cipher_prop);
> 	if (*cipher_prop == '\0')
> 		fatal("No supported ciphers found");
>@@ -200,11 +205,16 @@ compat_cipher_proposal(char *cipher_prop)
> char *
> compat_pkalg_proposal(char *pkalg_prop)


This function has been reduced to more or less a no-op.  We removed
support for these ancient (~20yo) buggy implementations, and when we
removed the bug bits we were able to delete almost all of this
function.


>@@ -779,6 +779,7 @@ deserialise_array(struct sshbuf *m, char ***ap, size_t *np)
> 	n = tmp;
> 	if (n > 0 && (a = calloc(n, sizeof(*a))) == NULL) {
> 		r = SSH_ERR_ALLOC_FAIL;
>+		n = 0;
> 		goto out;
> 	}

I think this one is now unnecessary, although there's not quite enough
context to see, but I think this was fixed later with a NULL test in
the out: path.

 out:
        if (a != NULL) {
                for (i = 0; i < n; i++)
                        free(a[i]);
                free(a);
        }

>diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c
[...]
>+#include <stdlib.h>

This has already been fixed.

>diff --git a/openbsd-compat/setproctitle.c b/openbsd-compat/setproctitle.c
[...]
>+	size_t len = 0;

This has already been fixed.

> ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
[...]
>+	int len, r, ms_remain = 0;

Applied, thanks.

still need to go through the rest starting from do_setup_env

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list