[Bug 2687] Coverity scan fixes

Fri, 03 Mar 2023 01:58:33 -0800 

https://bugzilla.mindrot.org/show_bug.cgi?id=2687

--- Comment #28 from Darren Tucker <[email protected]> ---
Comment on attachment 2953
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2953
proposed coverity patch

>diff --git a/auth-pam.c b/auth-pam.c
>index e554ec4..bd16d80 100644
>--- a/auth-pam.c
>+++ b/auth-pam.c
>@@ -834,6 +834,8 @@ fake_password(const char *wire_password)
>               fatal("%s: password length too long: %zu", __func__, l);
> 
>       ret = malloc(l + 1);
>+      if (ret == NULL)
>+              return NULL;

This already is done.


>+++ b/clientloop.c
>@@ -2290,7 +2290,7 @@ update_known_hosts(struct hostkeys_update_ctx *ctx)
>                       free(response);
>                       response = read_passphrase("Accept updated hostkeys? "
>                           "(yes/no): ", RP_ECHO);
>-                      if (strcasecmp(response, "yes") == 0)
>+                      if (response != NULL && strcasecmp(response, "yes") == 
>0)

applied, thanks.

>+      if (digest == NULL || dlen > UINT_MAX)

This is already done.

>diff --git a/kex.c b/kex.c
>index a30dabe..7e4a7ab 100644
>--- a/kex.c
>+++ b/kex.c
>@@ -178,7 +178,7 @@ kex_names_valid(const char *names)

I think these have all been fixed.

>diff --git a/readconf.c b/readconf.c
>index 3e7a5d8..acc1391 100644
>--- a/readconf.c
>+++ b/readconf.c
>@@ -1500,6 +1500,7 @@ parse_keytypes:
>                       if (r == GLOB_NOMATCH) {
>                               debug("%.200s line %d: include %s matched no "
>                                   "files",filename, linenum, arg2);
>+                              free(arg2);

This is now fixed.

>diff --git a/servconf.c b/servconf.c
>index 6ab1cb4..5f2464a 100644
>--- a/servconf.c
>+++ b/servconf.c
>@@ -2284,8 +2284,6 @@ dump_cfg_fmtint(ServerOpCodes code, int val)
> static void
> dump_cfg_string(ServerOpCodes code, const char *val)
> {
>-      if (val == NULL)
>-              return;
>       printf("%s %s\n", lookup_opcode_name(code),
>           val == NULL ? "none" : val);
> }

This is now fixed.

>diff --git a/sshconnect.c b/sshconnect.c
>index 07f80cd..7361898 100644
>--- a/sshconnect.c
>+++ b/sshconnect.c
>@@ -1533,6 +1533,7 @@ maybe_add_key_to_agent(char *authfile, Key *private, 
>char *comment,

These are now fixed.

>diff --git a/sshconnect2.c b/sshconnect2.c
>index f31c24c..aecf765 100644
>--- a/sshconnect2.c
>+++ b/sshconnect2.c
[...]
>+              free(blob);

This is now freed on the "out:" path.

>diff --git a/sshkey.c b/sshkey.c
>index 85fd1bd..58c1051 100644
>--- a/sshkey.c
>+++ b/sshkey.c
>@@ -1375,8 +1375,6 @@ sshkey_read(struct sshkey *ret, char **cpp)

I think this function has changed and this diff is no longer relevant.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
[email protected]
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

Reply via email to