[Bug 2687] Coverity scan fixes

Sat Mar 4 19:36:30 AEDT 2023

https://bugzilla.mindrot.org/show_bug.cgi?id=2687

--- Comment #31 from Darren Tucker <dtucker at dtucker.net> ---
Comment on attachment 3176
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3176
New patch set (openssh-7.8)

>--- a/session.c
>+++ b/session.c
>@@ -1183,6 +1183,7 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell)
> 		}
> 		*value++ = '\0';
> 		child_set_env(&env, &envsize, cp, value);
>+		free(cp);

I think you're right, I've sent it upstream.

> sftp.c | 2 ++
> 1 file changed, 2 insertions(+)
>
>diff --git a/sftp.c b/sftp.c
[...]
>+		/* FALLTHROUGH */

These are already done.

>diff --git a/sshd.c b/sshd.c
[...]
>+	algs = list_hostkey_types();
>+	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(algs);
>+	free(algs);

This one also needs to be done.  Sent upstream.

>diff --git a/channels.c b/channels.c
[...]
>-			host_to_connect = xstrdup(fwd->connect_path);
>+			host_to_connect = fwd->connect_path;
> 			port_to_connect = PORT_STREAMLOCAL;

These have already been done.

>From a3c6626b39bf049ab9ea7e9dc1fa8caea18df4ad Mon Sep 17 00:00:00 2001
>From: Jakub Jelen <jjelen at redhat.com>
>Date: Tue, 28 Aug 2018 15:12:01 +0200
>Subject: [PATCH 10/11] auth-pam: Avoid memory leak of buffer
>
>---
> auth-pam.c | 22 +++++++++++++---------

This was fixed slightly differently in commit
ec0e6243660bf2df30c620a6a0d83eded376c9c6.

That said, now that we don't have to support SSH1 any more, we don't
actually need to accumulate the messages into a single buffer, so we
could just pass them through to keyboard-interactive and probably
simplify this quite a bit).

>diff --git a/auth-options.c b/auth-options.c
>index 32e9bda1..bb4410e7 100644
[...]
>+			free(opt);

This has already been done.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.