[Bug 2581] New: Coverity patches from Fedora

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri Jun 3 20:48:02 AEST 2016


            Bug ID: 2581
           Summary: Coverity patches from Fedora
           Product: Portable OpenSSH
           Version: 7.2p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Keywords: patch
          Severity: enhancement
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: jjelen at redhat.com

Created attachment 2822
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2822&action=edit
Proposed patch for points 1 - 5

I dug up some old patches that are hanging around fedora openssh
package, that could be useful also for upstream. They were reported
probably long time ago by Coverity and for some reason didn't make it
to upstream yet.

1. "debug3: mm_answer_keyallowed: key %p is allowed" is always NULL,
because it is freed before calling the log function.

  There is a flaw in logic of this debug log, when the key pointer is
always null (it is ensured that it is freed before) the call.

2. mm_pty_allocate contains Dead code (if the second dup fails, it
can't be different than -1) and comparison of the return dup() return
value should be >=0 instead of >0 -- 0 is also valid FD.

3. process_server_config_line: sAuthorizedPrincipalsFile option handles
intptr, without any possible label (therefore always null), which is
dead code (probably copy-paste error from sHostKeyFile)

4. box variable for sandbox context is not freed in the child process
after calling ssh_sandbox_child(), which makes it memory leak.

5. server_accept_loop() allocates fdset variable, but does not free it
in the end.

These are the most obvious problems and it would be nice to have them
addressed in the next release.

You are receiving this mail because:
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list