Tree - rpms/openssh - CentOS Git server

rcolebaugh / rpms / openssh

Forked from rpms/openssh 2 years ago

Source
Stats

Blame SOURCES/openssh-7.4p1-coverity.patch

Blob History Raw

		1d31ef	`diff -up openssh-7.4p1/auth-pam.c.coverity openssh-7.4p1/auth-pam.c`
		1d31ef	`diff -up openssh-7.4p1/channels.c.coverity openssh-7.4p1/channels.c`
		1d31ef	`--- openssh-7.4p1/channels.c.coverity 2017-02-09 14:58:32.786064600 +0100`
		1d31ef	`+++ openssh-7.4p1/channels.c 2017-02-09 15:01:28.869890219 +0100`
		1d31ef	`@@ -266,11 +266,11 @@ channel_register_fds(Channel *c, int rfd`
		1d31ef	`channel_max_fd = MAXIMUM(channel_max_fd, wfd);`
		1d31ef	`channel_max_fd = MAXIMUM(channel_max_fd, efd);`
		1d31ef
		1d31ef	`- if (rfd != -1)`
		1d31ef	`+ if (rfd >= 0)`
		1d31ef	`fcntl(rfd, F_SETFD, FD_CLOEXEC);`
		1d31ef	`- if (wfd != -1 && wfd != rfd)`
		1d31ef	`+ if (wfd >= 0 && wfd != rfd)`
		1d31ef	`fcntl(wfd, F_SETFD, FD_CLOEXEC);`
		1d31ef	`- if (efd != -1 && efd != rfd && efd != wfd)`
		1d31ef	`+ if (efd >= 0 && efd != rfd && efd != wfd)`
		1d31ef	`fcntl(efd, F_SETFD, FD_CLOEXEC);`
		1d31ef
		1d31ef	`c->rfd = rfd;`
		1d31ef	`@@ -288,11 +288,11 @@ channel_register_fds(Channel *c, int rfd`
		1d31ef
		1d31ef	`/* enable nonblocking mode */`
		1d31ef	`if (nonblock) {`
		1d31ef	`- if (rfd != -1)`
		1d31ef	`+ if (rfd >= 0)`
		1d31ef	`set_nonblock(rfd);`
		1d31ef	`- if (wfd != -1)`
		1d31ef	`+ if (wfd >= 0)`
		1d31ef	`set_nonblock(wfd);`
		1d31ef	`- if (efd != -1)`
		1d31ef	`+ if (efd >= 0)`
		1d31ef	`set_nonblock(efd);`
		1d31ef	`}`
		1d31ef	`}`
		1d31ef	`diff -up openssh-7.4p1/clientloop.c.coverity openssh-7.4p1/clientloop.c`
		1d31ef	`diff -up openssh-7.4p1/key.c.coverity openssh-7.4p1/key.c`
		1d31ef	`diff -up openssh-7.4p1/monitor.c.coverity openssh-7.4p1/monitor.c`
		1d31ef	`--- openssh-7.4p1/monitor.c.coverity 2017-02-09 14:58:32.793064593 +0100`
		1d31ef	`+++ openssh-7.4p1/monitor.c 2017-02-09 14:58:32.805064581 +0100`
		1d31ef	`@@ -411,7 +411,7 @@ monitor_child_preauth(Authctxt *_authctx`
		1d31ef	`mm_get_keystate(pmonitor);`
		1d31ef
		1d31ef	`/* Drain any buffered messages from the child */`
		1d31ef	`- while (pmonitor->m_log_recvfd != -1 && monitor_read_log(pmonitor) == 0)`
		1d31ef	`+ while (pmonitor->m_log_recvfd >= 0 && monitor_read_log(pmonitor) == 0)`
		1d31ef	`;`
		1d31ef
		1d31ef	`close(pmonitor->m_sendfd);`
		1d31ef	`diff -up openssh-7.4p1/monitor_wrap.c.coverity openssh-7.4p1/monitor_wrap.c`
		1d31ef	`--- openssh-7.4p1/monitor_wrap.c.coverity 2017-02-09 14:58:32.797064589 +0100`
		1d31ef	`+++ openssh-7.4p1/monitor_wrap.c 2017-02-09 14:58:32.805064581 +0100`
		1d31ef	`@@ -525,10 +525,10 @@ mm_pty_allocate(int ptyfd, int ttyfd,`
		1d31ef	`if ((tmp1 = dup(pmonitor->m_recvfd)) == -1 \|\|`
		1d31ef	`(tmp2 = dup(pmonitor->m_recvfd)) == -1) {`
		1d31ef	`error("%s: cannot allocate fds for pty", __func__);`
		1d31ef	`- if (tmp1 > 0)`
		1d31ef	`+ if (tmp1 >= 0)`
		1d31ef	`close(tmp1);`
		1d31ef	`- if (tmp2 > 0)`
		1d31ef	`- close(tmp2);`
		1d31ef	`+ /*DEAD CODE if (tmp2 >= 0)`
		1d31ef	`+ close(tmp2);*/`
		1d31ef	`return 0;`
		1d31ef	`}`
		1d31ef	`close(tmp1);`
		1d31ef	`diff -up openssh-7.4p1/openbsd-compat/bindresvport.c.coverity openssh-7.4p1/openbsd-compat/bindresvport.c`
		1d31ef	`--- openssh-7.4p1/openbsd-compat/bindresvport.c.coverity 2016-12-19 05:59:41.000000000 +0100`
		1d31ef	`+++ openssh-7.4p1/openbsd-compat/bindresvport.c 2017-02-09 14:58:32.805064581 +0100`
		1d31ef	`@@ -58,7 +58,7 @@ bindresvport_sa(int sd, struct sockaddr`
		1d31ef	`struct sockaddr_in6 *in6;`
		1d31ef	`u_int16_t *portp;`
		1d31ef	`u_int16_t port;`
		1d31ef	`- socklen_t salen;`
		1d31ef	`+ socklen_t salen = sizeof(struct sockaddr_storage);`
		1d31ef	`int i;`
		1d31ef
		1d31ef	`if (sa == NULL) {`
		1d31ef	`diff -up openssh-7.4p1/packet.c.coverity openssh-7.4p1/packet.c`
		1d31ef	`diff -up openssh-7.4p1/progressmeter.c.coverity openssh-7.4p1/progressmeter.c`
		1d31ef	`diff -up openssh-7.4p1/scp.c.coverity openssh-7.4p1/scp.c`
		1d31ef	`--- openssh-7.4p1/scp.c.coverity 2017-02-09 14:58:32.761064625 +0100`
		1d31ef	`+++ openssh-7.4p1/scp.c 2017-02-09 14:58:38.590058852 +0100`
		1d31ef	`@@ -157,7 +157,7 @@ killchild(int signo)`
		1d31ef	`{`
		1d31ef	`if (do_cmd_pid > 1) {`
		1d31ef	`kill(do_cmd_pid, signo ? signo : SIGTERM);`
		1d31ef	`- waitpid(do_cmd_pid, NULL, 0);`
		1d31ef	`+ (void) waitpid(do_cmd_pid, NULL, 0);`
		1d31ef	`}`
		1d31ef
		1d31ef	`if (signo)`
		1d31ef	`diff -up openssh-7.4p1/servconf.c.coverity openssh-7.4p1/servconf.c`
		1d31ef	`--- openssh-7.4p1/servconf.c.coverity 2017-02-09 14:58:32.801064585 +0100`
		1d31ef	`+++ openssh-7.4p1/servconf.c 2017-02-09 14:58:38.591058851 +0100`
		1d31ef	`@@ -1544,7 +1544,7 @@ process_server_config_line(ServerOptions`
		1d31ef	`fatal("%s line %d: Missing subsystem name.",`
		1d31ef	`filename, linenum);`
		1d31ef	`if (!*activep) {`
		1d31ef	`- arg = strdelim(&cp;;`
		1d31ef	`+ /arg =/ (void) strdelim(&cp;;`
		1d31ef	`break;`
		1d31ef	`}`
		1d31ef	`for (i = 0; i < options->num_subsystems; i++)`
		1d31ef	`@@ -1635,8 +1635,9 @@ process_server_config_line(ServerOptions`
		1d31ef	`if (activep && charptr == NULL) {`
		1d31ef	`*charptr = tilde_expand_filename(arg, getuid());`
		1d31ef	`/* increase optional counter */`
		1d31ef	`- if (intptr != NULL)`
		1d31ef	`- intptr = intptr + 1;`
		1d31ef	`+ /* DEAD CODE intptr is still NULL ;)`
		1d31ef	`+ if (intptr != NULL)`
		1d31ef	`+ intptr = intptr + 1; */`
		1d31ef	`}`
		1d31ef	`break;`
		1d31ef
		1d31ef	`diff -up openssh-7.4p1/serverloop.c.coverity openssh-7.4p1/serverloop.c`
		1d31ef	`--- openssh-7.4p1/serverloop.c.coverity 2016-12-19 05:59:41.000000000 +0100`
		1d31ef	`+++ openssh-7.4p1/serverloop.c 2017-02-09 14:58:38.592058850 +0100`
		1d31ef	`@@ -125,13 +125,13 @@ notify_setup(void)`
		1d31ef	`static void`
		1d31ef	`notify_parent(void)`
		1d31ef	`{`
		1d31ef	`- if (notify_pipe[1] != -1)`
		1d31ef	`+ if (notify_pipe[1] >= 0)`
		1d31ef	`(void)write(notify_pipe[1], "", 1);`
		1d31ef	`}`
		1d31ef	`static void`
		1d31ef	`notify_prepare(fd_set *readset)`
		1d31ef	`{`
		1d31ef	`- if (notify_pipe[0] != -1)`
		1d31ef	`+ if (notify_pipe[0] >= 0)`
		1d31ef	`FD_SET(notify_pipe[0], readset);`
		1d31ef	`}`
		1d31ef	`static void`
		1d31ef	`@@ -139,8 +139,8 @@ notify_done(fd_set *readset)`
		1d31ef	`{`
		1d31ef	`char c;`
		1d31ef
		1d31ef	`- if (notify_pipe[0] != -1 && FD_ISSET(notify_pipe[0], readset))`
		1d31ef	`- while (read(notify_pipe[0], &c, 1) != -1)`
		1d31ef	`+ if (notify_pipe[0] >= 0 && FD_ISSET(notify_pipe[0], readset))`
		1d31ef	`+ while (read(notify_pipe[0], &c, 1) >= 0)`
		1d31ef	`debug2("notify_done: reading");`
		1d31ef	`}`
		1d31ef
		1d31ef	`@@ -518,7 +518,7 @@ server_request_tun(void)`
		1d31ef	`}`
		1d31ef
		1d31ef	`tun = packet_get_int();`
		1d31ef	`- if (forced_tun_device != -1) {`
		1d31ef	`+ if (forced_tun_device >= 0) {`
		1d31ef	`if (tun != SSH_TUNID_ANY && forced_tun_device != tun)`
		1d31ef	`goto done;`
		1d31ef	`tun = forced_tun_device;`
		1d31ef	`diff -up openssh-7.4p1/sftp.c.coverity openssh-7.4p1/sftp.c`
		1d31ef	`--- openssh-7.4p1/sftp.c.coverity 2016-12-19 05:59:41.000000000 +0100`
		1d31ef	`+++ openssh-7.4p1/sftp.c 2017-02-09 14:58:38.598058844 +0100`
		1d31ef	`@@ -224,7 +224,7 @@ killchild(int signo)`
		1d31ef	`{`
		1d31ef	`if (sshpid > 1) {`
		1d31ef	`kill(sshpid, SIGTERM);`
		1d31ef	`- waitpid(sshpid, NULL, 0);`
		1d31ef	`+ (void) waitpid(sshpid, NULL, 0);`
		1d31ef	`}`
		1d31ef
		1d31ef	`_exit(1);`
		1d31ef	`diff -up openssh-7.4p1/sftp-client.c.coverity openssh-7.4p1/sftp-client.c`
		1d31ef	`--- openssh-7.4p1/sftp-client.c.coverity 2017-02-09 14:58:38.596058846 +0100`
		1d31ef	`+++ openssh-7.4p1/sftp-client.c 2017-02-09 15:20:18.893624636 +0100`
		1d31ef	`@@ -973,7 +973,7 @@ do_symlink(struct sftp_conn *conn, const`
		1d31ef	`}`
		1d31ef
		1d31ef	`int`
		1d31ef	`-do_fsync(struct sftp_conn conn, u_char handle, u_int handle_len)`
		1d31ef	`+do_fsync(struct sftp_conn conn, const u_char handle, u_int handle_len)`
		1d31ef	`{`
		1d31ef	`struct sshbuf *msg;`
		1d31ef	`u_int status, id;`
		1d31ef	`--- openssh-7.4p1/sftp-client.h.coverity 2017-02-10 09:28:10.951155129 +0100`
		1d31ef	`+++ openssh-7.4p1/sftp-client.h 2017-02-10 09:27:28.685069870 +0100`
		1d31ef	`@@ -107,7 +107,7 @@ int do_hardlink(struct sftp_conn *, cons`
		1d31ef	`int do_symlink(struct sftp_conn , const char , const char *);`
		1d31ef
		1d31ef	`/* Call fsync() on open file 'handle' */`
		1d31ef	`-int do_fsync(struct sftp_conn conn, u_char , u_int);`
		1d31ef	`+int do_fsync(struct sftp_conn conn, const u_char , u_int);`
		1d31ef
		1d31ef	`/*`
		1d31ef	`* Download 'remote_path' to 'local_path'. Preserve permissions and times`
		1d31ef	`diff -up openssh-7.4p1/ssh-agent.c.coverity openssh-7.4p1/ssh-agent.c`
		1d31ef	`--- openssh-7.4p1/ssh-agent.c.coverity 2017-02-09 14:58:38.599058843 +0100`
		1d31ef	`+++ openssh-7.4p1/ssh-agent.c 2017-02-09 15:29:21.938917065 +0100`
		1d31ef	`@@ -1220,8 +1220,8 @@ main(int ac, char **av)`
		1d31ef	`sanitise_stdfd();`
		1d31ef
		1d31ef	`/* drop */`
		1d31ef	`- setegid(getgid());`
		1d31ef	`- setgid(getgid());`
		1d31ef	`+ (void) setegid(getgid());`
		1d31ef	`+ (void) setgid(getgid());`
		1d31ef
		1d31ef	`platform_disable_tracing(0); /* strict=no */`
		1d31ef
		1d31ef	`diff -up openssh-7.4p1/sshd.c.coverity openssh-7.4p1/sshd.c`
		1d31ef	`--- openssh-7.4p1/sshd.c.coverity 2017-02-09 14:58:38.600058842 +0100`
		1d31ef	`+++ openssh-7.4p1/sshd.c 2017-02-09 15:30:33.403800831 +0100`
		1d31ef	`@@ -679,8 +679,10 @@ privsep_preauth(Authctxt *authctxt)`
		1d31ef
		1d31ef	`privsep_preauth_child();`
		1d31ef	`setproctitle("%s", "[net]");`
		1d31ef	`- if (box != NULL)`
		1d31ef	`+ if (box != NULL) {`
		1d31ef	`ssh_sandbox_child(box);`
		1d31ef	`+ free(box);`
		1d31ef	`+ }`
		1d31ef
		1d31ef	`return 0;`
		1d31ef	`}`
		1d31ef	`@@ -1382,6 +1384,9 @@ server_accept_loop(int sock_in, int so`
		1d31ef	`if (num_listen_socks < 0)`
		1d31ef	`break;`
		1d31ef	`}`
		1d31ef	`+`
		1d31ef	`+ if (fdset != NULL)`
		1d31ef	`+ free(fdset);`
		1d31ef	`}`
		1d31ef
		1d31ef	`/*`
		1d31ef	`diff --git a/auth-pam.c b/auth-pam.c`
		1d31ef	`index e554ec4..bd16d80 100644`
		1d31ef	`--- a/auth-pam.c`
		1d31ef	`+++ b/auth-pam.c`
		1d31ef	`@@ -834,6 +834,8 @@ fake_password(const char *wire_password)`
		1d31ef	`fatal("%s: password length too long: %zu", __func__, l);`
		1d31ef
		1d31ef	`ret = malloc(l + 1);`
		1d31ef	`+ if (ret == NULL)`
		1d31ef	`+ return NULL;`
		1d31ef	`for (i = 0; i < l; i++)`
		1d31ef	`ret[i] = junk[i % (sizeof(junk) - 1)];`
		1d31ef	`ret[i] = '\0';`
		1d31ef	`diff --git a/clientloop.c b/clientloop.c`
		1d31ef	`index c6a4138..9b00e12 100644`
		1d31ef	`--- a/clientloop.c`
		1d31ef	`+++ b/clientloop.c`
		1d31ef	`@@ -2290,7 +2290,7 @@ update_known_hosts(struct hostkeys_update_ctx *ctx)`
		1d31ef	`free(response);`
		1d31ef	`response = read_passphrase("Accept updated hostkeys? "`
		1d31ef	`"(yes/no): ", RP_ECHO);`
		1d31ef	`- if (strcasecmp(response, "yes") == 0)`
		1d31ef	`+ if (response != NULL && strcasecmp(response, "yes") == 0)`
		1d31ef	`break;`
		1d31ef	`else if (quit_pending \|\| response == NULL \|\|`
		1d31ef	`strcasecmp(response, "no") == 0) {`
		1d31ef	`diff --git a/digest-openssl.c b/digest-openssl.c`
		1d31ef	`index 13b63c2..dfa9b8d 100644`
		1d31ef	`--- a/digest-openssl.c`
		1d31ef	`+++ b/digest-openssl.c`
		1d31ef	`@@ -158,7 +158,7 @@ ssh_digest_final(struct ssh_digest_ctx ctx, u_char d, size_t dlen)`
		1d31ef	`const struct ssh_digest *digest = ssh_digest_by_alg(ctx->alg);`
		1d31ef	`u_int l = dlen;`
		1d31ef
		1d31ef	`- if (dlen > UINT_MAX)`
		1d31ef	`+ if (digest == NULL \|\| dlen > UINT_MAX)`
		1d31ef	`return SSH_ERR_INVALID_ARGUMENT;`
		1d31ef	`if (dlen < digest->digest_len) /* No truncation allowed */`
		1d31ef	`return SSH_ERR_INVALID_ARGUMENT;`
		1d31ef	`diff --git a/kex.c b/kex.c`
		1d31ef	`index a30dabe..a8ac91f 100644`
		1d31ef	`--- a/kex.c`
		1d31ef	`+++ b/kex.c`
		1d31ef	`@@ -178,7 +178,7 @@ kex_names_valid(const char *names)`
		1d31ef	`char *`
		1d31ef	`kex_names_cat(const char a, const char b)`
		1d31ef	`{`
		1d31ef	`- char ret = NULL, tmp = NULL, cp, p;`
		1d31ef	`+ char ret = NULL, tmp = NULL, cp, p, *m;`
		1d31ef	`size_t len;`
		1d31ef
		1d31ef	`if (a == NULL \|\| *a == '\0')`
		1d31ef	`@@ -195,8 +195,10 @@ kex_names_cat(const char a, const char b)`
		1d31ef	`}`
		1d31ef	`strlcpy(ret, a, len);`
		1d31ef	`for ((p = strsep(&cp, ",")); p && *p != '\0'; (p = strsep(&cp, ","))) {`
		1d31ef	`- if (match_list(ret, p, NULL) != NULL)`
		1d31ef	`+ if ((m = match_list(ret, p, NULL)) != NULL) {`
		1d31ef	`+ free(m);`
		1d31ef	`continue; /* Algorithm already present */`
		1d31ef	`+ }`
		1d31ef	`if (strlcat(ret, ",", len) >= len \|\|`
		1d31ef	`strlcat(ret, p, len) >= len) {`
		1d31ef	`free(tmp);`
		1d31ef	`@@ -651,8 +653,10 @@ choose_enc(struct sshenc enc, char client, char *server)`
		1d31ef	`#endif`
		1d31ef	`return SSH_ERR_NO_CIPHER_ALG_MATCH;`
		1d31ef	`}`
		1d31ef	`- if ((enc->cipher = cipher_by_name(name)) == NULL)`
		1d31ef	`+ if ((enc->cipher = cipher_by_name(name)) == NULL) {`
		1d31ef	`+ free(name);`
		1d31ef	`return SSH_ERR_INTERNAL_ERROR;`
		1d31ef	`+ }`
		1d31ef	`enc->name = name;`
		1d31ef	`enc->enabled = 0;`
		1d31ef	`enc->iv = NULL;`
		1d31ef	`@@ -670,8 +674,10 @@ choose_mac(struct ssh ssh, struct sshmac mac, char client, char server)`
		1d31ef	`#endif`
		1d31ef	`return SSH_ERR_NO_MAC_ALG_MATCH;`
		1d31ef	`}`
		1d31ef	`- if (mac_setup(mac, name) < 0)`
		1d31ef	`+ if (mac_setup(mac, name) < 0) {`
		1d31ef	`+ free(name);`
		1d31ef	`return SSH_ERR_INTERNAL_ERROR;`
		1d31ef	`+ }`
		1d31ef	`/* truncate the key */`
		1d31ef	`if (ssh->compat & SSH_BUG_HMAC)`
		1d31ef	`mac->key_len = 16;`
		1d31ef	`@@ -695,6 +701,7 @@ choose_comp(struct sshcomp comp, char client, char *server)`
		1d31ef	`} else if (strcmp(name, "none") == 0) {`
		1d31ef	`comp->type = COMP_NONE;`
		1d31ef	`} else {`
		1d31ef	`+ free(name);`
		1d31ef	`return SSH_ERR_INTERNAL_ERROR;`
		1d31ef	`}`
		1d31ef	`comp->name = name;`
		1d31ef	`diff --git a/readconf.c b/readconf.c`
		1d31ef	`index 3e7a5d8..acc1391 100644`
		1d31ef	`--- a/readconf.c`
		1d31ef	`+++ b/readconf.c`
		1d31ef	`@@ -1500,6 +1500,7 @@ parse_keytypes:`
		1d31ef	`if (r == GLOB_NOMATCH) {`
		1d31ef	`debug("%.200s line %d: include %s matched no "`
		1d31ef	`"files",filename, linenum, arg2);`
		1d31ef	`+ free(arg2);`
		1d31ef	`continue;`
		1d31ef	`} else if (r != 0 \|\| gl.gl_pathc < 0)`
		1d31ef	`fatal("%.200s line %d: glob failed for %s.",`
		1d31ef	`diff --git a/servconf.c b/servconf.c`
		1d31ef	`index 6ab1cb4..5f2464a 100644`
		1d31ef	`--- a/servconf.c`
		1d31ef	`+++ b/servconf.c`
		1d31ef	`@@ -2284,8 +2284,6 @@ dump_cfg_fmtint(ServerOpCodes code, int val)`
		1d31ef	`static void`
		1d31ef	`dump_cfg_string(ServerOpCodes code, const char *val)`
		1d31ef	`{`
		1d31ef	`- if (val == NULL)`
		1d31ef	`- return;`
		1d31ef	`printf("%s %s\n", lookup_opcode_name(code),`
		1d31ef	`val == NULL ? "none" : val);`
		1d31ef	`}`
		1d31ef	`diff --git a/sshconnect.c b/sshconnect.c`
		1d31ef	`index 07f80cd..5d4b41b 100644`
		1d31ef	`--- a/sshconnect.c`
		1d31ef	`+++ b/sshconnect.c`
		1d31ef	`@@ -1533,6 +1533,7 @@ maybe_add_key_to_agent(char authfile, Key private, char *comment,`
		1d31ef	`if (options.add_keys_to_agent == 2 &&`
		1d31ef	`!ask_permission("Add key %s (%s) to agent?", authfile, comment)) {`
		1d31ef	`debug3("user denied adding this key");`
		1d31ef	`+ close(auth_sock);`
		1d31ef	`return;`
		1d31ef	`}`
		1d31ef
		1d31ef	`@@ -1541,4 +1542,5 @@ maybe_add_key_to_agent(char authfile, Key private, char *comment,`
		1d31ef	`debug("identity added to agent: %s", authfile);`
		1d31ef	`else`
		1d31ef	`debug("could not add identity to agent: %s (%d)", authfile, r);`
		1d31ef	`+ close(auth_sock);`
		1d31ef	`}`
		1d31ef	`diff --git a/sshconnect2.c b/sshconnect2.c`
		1d31ef	`index f31c24c..aecf765 100644`
		1d31ef	`--- a/sshconnect2.c`
		1d31ef	`+++ b/sshconnect2.c`
		1d31ef	`@@ -1061,6 +1061,7 @@ sign_and_send_pubkey(Authctxt authctxt, Identity id)`
		1d31ef
		1d31ef	`if (key_to_blob(id->key, &blob, &bloblen) == 0) {`
		1d31ef	`/* we cannot handle this key */`
		1d31ef	`+ free(blob);`
		1d31ef	`debug3("sign_and_send_pubkey: cannot handle key");`
		1d31ef	`return 0;`
		1d31ef	`}`
		1d31ef	`@@ -1170,6 +1171,7 @@ send_pubkey_test(Authctxt authctxt, Identity id)`
		1d31ef
		1d31ef	`if (key_to_blob(id->key, &blob, &bloblen) == 0) {`
		1d31ef	`/* we cannot handle this key */`
		1d31ef	`+ free(blob);`
		1d31ef	`debug3("send_pubkey_test: cannot handle key");`
		1d31ef	`return 0;`
		1d31ef	`}`
		1d31ef	`diff --git a/sshkey.c b/sshkey.c`
		1d31ef	`index 85fd1bd..58c1051 100644`
		1d31ef	`--- a/sshkey.c`
		1d31ef	`+++ b/sshkey.c`
		1d31ef	`@@ -1375,8 +1375,6 @@ sshkey_read(struct sshkey ret, char *cpp)`
		1d31ef	`retval = 0;`
		1d31ef	`/XXXX/`
		1d31ef	`sshkey_free(k);`
		1d31ef	`- if (retval != 0)`
		1d31ef	`- break;`
		1d31ef	`break;`
		1d31ef	`default:`
		1d31ef	`return SSH_ERR_INVALID_ARGUMENT;`
		1d31ef	`diff --git a/krl.c b/krl.c`
		1d31ef	`index e271a19..69bec99 100644`
		1d31ef	`--- a/krl.c`
		1d31ef	`+++ b/krl.c`
		1d31ef	`@@ -1089,7 +1089,7 @@ ssh_krl_from_blob(struct sshbuf buf, struct ssh_krl *krlp,`
		1d31ef	`break;`
		1d31ef	`case KRL_SECTION_SIGNATURE:`
		1d31ef	`/* Handled above, but still need to stay in synch */`
		1d31ef	`- sshbuf_reset(sect);`
		1d31ef	`+ sshbuf_free(sect);`
		1d31ef	`sect = NULL;`
		1d31ef	`if ((r = sshbuf_skip_string(copy)) != 0)`
		1d31ef	`goto out;`
		1d31ef	`@@ -1288,7 +1288,8 @@ ssh_krl_file_contains_key(const char path, const struct sshkey key)`
		1d31ef	`debug2("%s: checking KRL %s", __func__, path);`
		1d31ef	`r = ssh_krl_check_key(krl, key);`
		1d31ef	`out:`
		1d31ef	`- close(fd);`
		1d31ef	`+ if (fd != -1)`
		1d31ef	`+ close(fd);`
		1d31ef	`sshbuf_free(krlbuf);`
		1d31ef	`ssh_krl_free(krl);`
		1d31ef	`if (r != 0)`
		1d31ef	`diff --git a/readconf.c b/readconf.c`
		1d31ef	`index acc1391..c4dff15 100644`
		1d31ef	`--- a/readconf.c`
		1d31ef	`+++ b/readconf.c`
		1d31ef	`@@ -1185,7 +1185,7 @@ parse_int:`
		1d31ef	`value = cipher_number(arg);`
		1d31ef	`if (value == -1)`
		1d31ef	`fatal("%.200s line %d: Bad cipher '%s'.",`
		1d31ef	`- filename, linenum, arg ? arg : "<NONE>");`
		1d31ef	`+ filename, linenum, arg);`
		1d31ef	`if (activep && intptr == -1)`
		1d31ef	`*intptr = value;`
		1d31ef	`break;`
		1d31ef	`@@ -1196,7 +1196,7 @@ parse_int:`
		1d31ef	`fatal("%.200s line %d: Missing argument.", filename, linenum);`
		1d31ef	`if (!ciphers_valid(*arg == '+' ? arg + 1 : arg))`
		1d31ef	`fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",`
		1d31ef	`- filename, linenum, arg ? arg : "<NONE>");`
		1d31ef	`+ filename, linenum, arg);`
		1d31ef	`if (*activep && options->ciphers == NULL)`
		1d31ef	`options->ciphers = xstrdup(arg);`
		1d31ef	`break;`
		1d31ef	`@@ -1207,7 +1207,7 @@ parse_int:`
		1d31ef	`fatal("%.200s line %d: Missing argument.", filename, linenum);`
		1d31ef	`if (!mac_valid(*arg == '+' ? arg + 1 : arg))`
		1d31ef	`fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.",`
		1d31ef	`- filename, linenum, arg ? arg : "<NONE>");`
		1d31ef	`+ filename, linenum, arg);`
		1d31ef	`if (*activep && options->macs == NULL)`
		1d31ef	`options->macs = xstrdup(arg);`
		1d31ef	`break;`
		1d31ef	`@@ -1220,7 +1220,7 @@ parse_int:`
		1d31ef	`filename, linenum);`
		1d31ef	`if (!kex_names_valid(*arg == '+' ? arg + 1 : arg))`
		1d31ef	`fatal("%.200s line %d: Bad SSH2 KexAlgorithms '%s'.",`
		1d31ef	`- filename, linenum, arg ? arg : "<NONE>");`
		1d31ef	`+ filename, linenum, arg);`
		1d31ef	`if (*activep && options->kex_algorithms == NULL)`
		1d31ef	`options->kex_algorithms = xstrdup(arg);`
		1d31ef	`break;`
		1d31ef	`@@ -1235,7 +1235,7 @@ parse_keytypes:`
		1d31ef	`filename, linenum);`
		1d31ef	`if (!sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1))`
		1d31ef	`fatal("%s line %d: Bad key types '%s'.",`
		1d31ef	`- filename, linenum, arg ? arg : "<NONE>");`
		1d31ef	`+ filename, linenum, arg);`
		1d31ef	`if (activep && charptr == NULL)`
		1d31ef	`*charptr = xstrdup(arg);`
		1d31ef	`break;`
		1d31ef	`@@ -1248,7 +1248,7 @@ parse_keytypes:`
		1d31ef	`value = proto_spec(arg);`
		1d31ef	`if (value == SSH_PROTO_UNKNOWN)`
		1d31ef	`fatal("%.200s line %d: Bad protocol spec '%s'.",`
		1d31ef	`- filename, linenum, arg ? arg : "<NONE>");`
		1d31ef	`+ filename, linenum, arg);`
		1d31ef	`if (activep && intptr == SSH_PROTO_UNKNOWN)`
		1d31ef	`*intptr = value;`
		1d31ef	`break;`
		1d31ef	`diff --git a/servconf.c b/servconf.c`
		1d31ef	`index 5f2464a..4564494 100644`
		1d31ef	`--- a/servconf.c`
		1d31ef	`+++ b/servconf.c`
		1d31ef	`@@ -1217,7 +1217,7 @@ process_server_config_line_depth(ServerOptions options, char line,`
		1d31ef	`filename, linenum);`
		1d31ef	`if (!sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1))`
		1d31ef	`fatal("%s line %d: Bad key types '%s'.",`
		1d31ef	`- filename, linenum, arg ? arg : "<NONE>");`
		1d31ef	`+ filename, linenum, arg);`
		1d31ef	`if (activep && charptr == NULL)`
		1d31ef	`*charptr = xstrdup(arg);`
		1d31ef	`break;`
		1d31ef	`@@ -1476,7 +1476,7 @@ process_server_config_line_depth(ServerOptions options, char line,`
		1d31ef	`fatal("%s line %d: Missing argument.", filename, linenum);`
		1d31ef	`if (!ciphers_valid(*arg == '+' ? arg + 1 : arg))`
		1d31ef	`fatal("%s line %d: Bad SSH2 cipher spec '%s'.",`
		1d31ef	`- filename, linenum, arg ? arg : "<NONE>");`
		1d31ef	`+ filename, linenum, arg);`
		1d31ef	`if (options->ciphers == NULL)`
		1d31ef	`options->ciphers = xstrdup(arg);`
		1d31ef	`break;`
		1d31ef	`@@ -1487,7 +1487,7 @@ process_server_config_line_depth(ServerOptions options, char line,`
		1d31ef	`fatal("%s line %d: Missing argument.", filename, linenum);`
		1d31ef	`if (!mac_valid(*arg == '+' ? arg + 1 : arg))`
		1d31ef	`fatal("%s line %d: Bad SSH2 mac spec '%s'.",`
		1d31ef	`- filename, linenum, arg ? arg : "<NONE>");`
		1d31ef	`+ filename, linenum, arg);`
		1d31ef	`if (options->macs == NULL)`
		1d31ef	`options->macs = xstrdup(arg);`
		1d31ef	`break;`
		1d31ef	`@@ -1500,7 +1500,7 @@ process_server_config_line_depth(ServerOptions options, char line,`
		1d31ef	`filename, linenum);`
		1d31ef	`if (!kex_names_valid(*arg == '+' ? arg + 1 : arg))`
		1d31ef	`fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.",`
		1d31ef	`- filename, linenum, arg ? arg : "<NONE>");`
		1d31ef	`+ filename, linenum, arg);`
		1d31ef	`if (options->kex_algorithms == NULL)`
		1d31ef	`options->kex_algorithms = xstrdup(arg);`
		1d31ef	`break;`
		1d31ef	`diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c`
		1d31ef	`index aaf712d..62a76b3 100644`
		1d31ef	`--- a/ssh-pkcs11.c`
		1d31ef	`+++ b/ssh-pkcs11.c`
		1d31ef	`@@ -536,8 +536,8 @@ pkcs11_fetch_keys_filter(struct pkcs11_provider *p, CK_ULONG slotidx,`
		1d31ef	`X509_free(x509);`
		1d31ef	`}`
		1d31ef	`if (rsa && rsa->n && rsa->e &&`
		1d31ef	`- pkcs11_rsa_wrap(p, slotidx, &attribs[0], rsa) == 0) {`
		1d31ef	`- key = sshkey_new(KEY_UNSPEC);`
		1d31ef	`+ pkcs11_rsa_wrap(p, slotidx, &attribs[0], rsa) == 0 &&`
		1d31ef	`+ (key = sshkey_new(KEY_UNSPEC)) != NULL) {`
		1d31ef	`key->rsa = rsa;`
		1d31ef	`key->type = KEY_RSA;`
		1d31ef	`key->flags \|= SSHKEY_FLAG_EXT;`
		1d31ef	`diff --git a/sshconnect1.c b/sshconnect1.c`
		1d31ef	`index a045361..0e1a506 100644`
		1d31ef	`--- a/sshconnect1.c`
		1d31ef	`+++ b/sshconnect1.c`
		1d31ef	`@@ -520,7 +520,8 @@ ssh_kex(char host, struct sockaddr hostaddr)`
		1d31ef	`cookie[i] = packet_get_char();`
		1d31ef
		1d31ef	`/* Get the public key. */`
		1d31ef	`- server_key = key_new(KEY_RSA1);`
		1d31ef	`+ if ((server_key = key_new(KEY_RSA1)) == NULL)`
		1d31ef	`+ fatal("%s: key_new(KEY_RSA1) failed", __func__);`
		1d31ef	`bits = packet_get_int();`
		1d31ef	`packet_get_bignum(server_key->rsa->e);`
		1d31ef	`packet_get_bignum(server_key->rsa->n);`
		1d31ef	`@@ -532,7 +533,8 @@ ssh_kex(char host, struct sockaddr hostaddr)`
		1d31ef	`logit("Warning: This may be due to an old implementation of ssh.");`
		1d31ef	`}`
		1d31ef	`/* Get the host key. */`
		1d31ef	`- host_key = key_new(KEY_RSA1);`
		1d31ef	`+ if ((host_key = key_new(KEY_RSA1)) == NULL)`
		1d31ef	`+ fatal("%s: key_new(KEY_RSA1) failed", __func__);`
		1d31ef	`bits = packet_get_int();`
		1d31ef	`packet_get_bignum(host_key->rsa->e);`
		1d31ef	`packet_get_bignum(host_key->rsa->n);`
		1d31ef	`diff --git a/sshkey.c b/sshkey.c`
		1d31ef	`index 58c1051..6afacb5 100644`
		1d31ef	`--- a/sshkey.c`
		1d31ef	`+++ b/sshkey.c`
		1d31ef	`@@ -1239,6 +1239,9 @@ sshkey_read(struct sshkey ret, char *cpp)`
		1d31ef	`u_long bits;`
		1d31ef	`#endif /* WITH_SSH1 */`
		1d31ef
		1d31ef	`+ if (ret == NULL)`
		1d31ef	`+ return SSH_ERR_INVALID_ARGUMENT;`
		1d31ef	`+`
		1d31ef	`cp = *cpp;`
		1d31ef
		1d31ef	`switch (ret->type) {`

rcolebaugh / rpms / openssh

Source Code

Blame SOURCES/openssh-7.4p1-coverity.patch