Calysto v1.5 reports on ssh v4.6p1
Domagoj Babic
babic.domagoj at gmail.com
Sun Aug 12 18:30:42 EST 2007
On 8/11/07, Darren Tucker <dtucker at zip.com.au> wrote:
> Domagoj Babic wrote:
> > New version of Calysto reports a warning that looks like a bug to me:
> >
> > ------------------------------------------
> > Possible NULL-ptr deref (vc27053):
> > @/work/projects/llvm/tools/Calysto/IfaceSpecs/clib.c:1823
> > Bug: ??
> > Explanation:
> >
> > choose_dh (dh.c:111) calls fopen twice (@120). If the first call to
> > fopen fails (returns NULL), but the second one succeeds, fgets (@129) is
> > called with f==NULL.
>
> I don't follow. If the second call to fopen succeeds, f is a valid FILE
> pointer returned by the second fopen call, not NULL. If both fail, the
> function logs a warning,returns DH group 14 and never reaches the fgets.
You're right. That's a false positive.
Thx,
--
Domagoj Babic
http://www.domagoj.info/
http://www.calysto.org/
More information about the openssh-unix-dev
mailing list