[openssh-commits] [openssh] 01/03: upstream: Plug leaks while parsing Match blocks. Coverity CID

git+noreply at mindrot.org git+noreply at mindrot.org
Thu Nov 20 16:33:52 AEDT 2025 

This is an automated email from the git hooks/post-receive script.

dtucker pushed a commit to branch master
in repository openssh.

commit e3f1fbb427df898d70083b42caab72baaa715400
Author: dtucker at openbsd.org <dtucker at openbsd.org>
AuthorDate: Thu Nov 20 05:10:11 2025 +0000

    upstream: Plug leaks while parsing Match blocks. Coverity CID
    
    515634, ok miod@ djm@
    
    OpenBSD-Commit-ID: c7932eddecd47e5122e945246a40c56ffa42a546
---
 readconf.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/readconf.c b/readconf.c
index d99205944..eca1e7808 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.406 2025/08/29 03:50:38 djm Exp $ */
+/* $OpenBSD: readconf.c,v 1.407 2025/11/20 05:10:11 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -732,12 +732,12 @@ match_cfg_line(Options *options, const char *full_line, int *acp, char ***avp,
 	debug2("checking match for '%s' host %s originally %s",
 	    full_line, host, original_host);
 	while ((attrib = argv_next(acp, avp)) != NULL) {
-		attrib = oattrib = xstrdup(attrib);
 		/* Terminate on comment */
 		if (*attrib == '#') {
 			argv_consume(acp);
 			break;
 		}
+		attrib = oattrib = xstrdup(attrib);
 		arg = criteria = NULL;
 		this_result = 1;
 		if ((negate = (attrib[0] == '!')))
@@ -777,7 +777,7 @@ match_cfg_line(Options *options, const char *full_line, int *acp, char ***avp,
 			debug3("%.200s line %d: %smatched '%s'",
 			    filename, linenum,
 			    this_result ? "" : "not ", oattrib);
-			continue;
+			goto next;
 		}
 
 		/* Keep this list in sync with below */
@@ -888,7 +888,7 @@ match_cfg_line(Options *options, const char *full_line, int *acp, char ***avp,
 				debug3("%.200s line %d: skipped exec "
 				    "\"%.100s\"", filename, linenum, cmd);
 				free(cmd);
-				continue;
+				goto next;
 			}
 			r = execute_in_shell(cmd);
 			if (r == -1) {
@@ -912,6 +912,7 @@ match_cfg_line(Options *options, const char *full_line, int *acp, char ***avp,
 		    criteria == NULL ? "" : " \"",
 		    criteria == NULL ? "" : criteria,
 		    criteria == NULL ? "" : "\"");
+ next:
 		free(criteria);
 		free(oattrib);
 		oattrib = attrib = NULL;

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list