https://bugzilla.mindrot.org/show_bug.cgi?id=2581
--- Comment #1 from Jakub Jelen <[email protected]> --- Created attachment 2823 --> https://bugzilla.mindrot.org/attachment.cgi?id=2823&action=edit Proposed patch for points 6 - 10 Furthermore there are few more checks that are probably very low priority, but it is up to the upstream consideration if they will get applied: 6. Compare >= 0 instead of direct comparison with -1: "!= -1" when working with file descriptors. This solution sanitizes also the negative integers, if it would happen they would get into the arguments somehow. This is used in many places in the codebase. 7. PAM authentication in pthread_join is using naively waitpid expecting it can not fail. Defensive solution would be call the waitpid until we get valid result, fail on error and retry on EINTR. Similar case is in scp and sftp, where the return value is also ignored. Casting to (void) might silent complains a bit. 8. servconf reading the non active subsystems into arg variable, which is unused. Casting to void might silent warnings. 9. Most of the paths and arguments in sftp-server are already converted to (const char *), but there are few left in sftp, which would deserve being const too. 10. ssh-agent is not checking return value of setegid() and setgid() functions. Ugly solution is again typing to the (void), better would be real check for the return value. -- You are receiving this mail because: You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
