From 3b545be5d7d969f9b75fc89d9170b519a2630ce4 Mon Sep 17 00:00:00 2001 From: Jan F. Chadima Date: Sep 08 2011 22:54:28 +0000 Subject: Coverity first pass --- diff --git a/openssh-5.9p1-coverity.patch b/openssh-5.9p1-coverity.patch new file mode 100644 index 0000000..5b1a4d3 --- /dev/null +++ b/openssh-5.9p1-coverity.patch @@ -0,0 +1,698 @@ +diff -up openssh-5.9p1/auth-pam.c.coverity openssh-5.9p1/auth-pam.c +--- openssh-5.9p1/auth-pam.c.coverity 2009-07-12 14:07:21.000000000 +0200 ++++ openssh-5.9p1/auth-pam.c 2011-09-08 14:13:59.596485750 +0200 +@@ -216,7 +216,7 @@ pthread_join(sp_pthread_t thread, void * + if (sshpam_thread_status != -1) + return (sshpam_thread_status); + signal(SIGCHLD, sshpam_oldsig); +- waitpid(thread, &status, 0); ++ (void) waitpid(thread, &status, 0); + return (status); + } + #endif +diff -up openssh-5.9p1/channels.c.coverity openssh-5.9p1/channels.c +--- openssh-5.9p1/channels.c.coverity 2011-06-23 00:31:57.000000000 +0200 ++++ openssh-5.9p1/channels.c 2011-09-08 14:13:59.724564062 +0200 +@@ -229,11 +229,11 @@ channel_register_fds(Channel *c, int rfd + channel_max_fd = MAX(channel_max_fd, wfd); + channel_max_fd = MAX(channel_max_fd, efd); + +- if (rfd != -1) ++ if (rfd >= 0) + fcntl(rfd, F_SETFD, FD_CLOEXEC); +- if (wfd != -1 && wfd != rfd) ++ if (wfd >= 0 && wfd != rfd) + fcntl(wfd, F_SETFD, FD_CLOEXEC); +- if (efd != -1 && efd != rfd && efd != wfd) ++ if (efd >= 0 && efd != rfd && efd != wfd) + fcntl(efd, F_SETFD, FD_CLOEXEC); + + c->rfd = rfd; +@@ -248,11 +248,11 @@ channel_register_fds(Channel *c, int rfd + + /* enable nonblocking mode */ + if (nonblock) { +- if (rfd != -1) ++ if (rfd >= 0) + set_nonblock(rfd); +- if (wfd != -1) ++ if (wfd >= 0) + set_nonblock(wfd); +- if (efd != -1) ++ if (efd >= 0) + set_nonblock(efd); + } + } +diff -up openssh-5.9p1/clientloop.c.coverity openssh-5.9p1/clientloop.c +--- openssh-5.9p1/clientloop.c.coverity 2011-06-23 00:31:58.000000000 +0200 ++++ openssh-5.9p1/clientloop.c 2011-09-08 14:13:59.829450205 +0200 +@@ -1970,6 +1970,7 @@ client_input_global_request(int type, u_ + char *rtype; + int want_reply; + int success = 0; ++/* success is still 0 the packet is allways SSH2_MSG_REQUEST_FAILURE, isn't it? */ + + rtype = packet_get_string(NULL); + want_reply = packet_get_char(); +diff -up openssh-5.9p1/key.c.coverity openssh-5.9p1/key.c +--- openssh-5.9p1/key.c.coverity 2011-05-20 11:03:08.000000000 +0200 ++++ openssh-5.9p1/key.c 2011-09-08 14:13:59.959563856 +0200 +@@ -803,8 +803,10 @@ key_read(Key *ret, char **cpp) + success = 1; + /*XXXX*/ + key_free(k); ++/*XXXX + if (success != 1) + break; ++XXXX*/ + /* advance cp: skip whitespace and data */ + while (*cp == ' ' || *cp == '\t') + cp++; +diff -up openssh-5.9p1/packet.c.coverity openssh-5.9p1/packet.c +--- openssh-5.9p1/packet.c.coverity 2011-05-15 00:58:15.000000000 +0200 ++++ openssh-5.9p1/packet.c 2011-09-08 14:14:00.075501777 +0200 +@@ -1177,6 +1177,7 @@ packet_read_poll1(void) + case DEATTACK_DETECTED: + packet_disconnect("crc32 compensation attack: " + "network attack detected"); ++ break; + case DEATTACK_DOS_DETECTED: + packet_disconnect("deattack denial of " + "service detected"); +@@ -1684,7 +1685,7 @@ void + packet_write_wait(void) + { + fd_set *setp; +- int ret, ms_remain; ++ int ret, ms_remain = 0; + struct timeval start, timeout, *timeoutp = NULL; + + setp = (fd_set *)xcalloc(howmany(active_state->connection_out + 1, +diff -up openssh-5.9p1/progressmeter.c.coverity openssh-5.9p1/progressmeter.c +--- openssh-5.9p1/progressmeter.c.coverity 2006-08-05 04:39:40.000000000 +0200 ++++ openssh-5.9p1/progressmeter.c 2011-09-08 14:14:00.186620217 +0200 +@@ -65,7 +65,7 @@ static void update_progress_meter(int); + + static time_t start; /* start progress */ + static time_t last_update; /* last progress update */ +-static char *file; /* name of the file being transferred */ ++static const char *file; /* name of the file being transferred */ + static off_t end_pos; /* ending position of transfer */ + static off_t cur_pos; /* transfer position as of last refresh */ + static volatile off_t *counter; /* progress counter */ +@@ -247,7 +247,7 @@ update_progress_meter(int ignore) + } + + void +-start_progress_meter(char *f, off_t filesize, off_t *ctr) ++start_progress_meter(const char *f, off_t filesize, off_t *ctr) + { + start = last_update = time(NULL); + file = f; +diff -up openssh-5.9p1/progressmeter.h.coverity openssh-5.9p1/progressmeter.h +--- openssh-5.9p1/progressmeter.h.coverity 2006-03-26 05:30:02.000000000 +0200 ++++ openssh-5.9p1/progressmeter.h 2011-09-08 14:14:00.299626834 +0200 +@@ -23,5 +23,5 @@ + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +-void start_progress_meter(char *, off_t, off_t *); ++void start_progress_meter(const char *, off_t, off_t *); + void stop_progress_meter(void); +diff -up openssh-5.9p1/scp.c.coverity openssh-5.9p1/scp.c +--- openssh-5.9p1/scp.c.coverity 2011-01-06 12:41:21.000000000 +0100 ++++ openssh-5.9p1/scp.c 2011-09-08 14:14:00.404502349 +0200 +@@ -155,7 +155,7 @@ killchild(int signo) + { + if (do_cmd_pid > 1) { + kill(do_cmd_pid, signo ? signo : SIGTERM); +- waitpid(do_cmd_pid, NULL, 0); ++ (void) waitpid(do_cmd_pid, NULL, 0); + } + + if (signo) +diff -up openssh-5.9p1/serverloop.c.coverity openssh-5.9p1/serverloop.c +--- openssh-5.9p1/serverloop.c.coverity 2011-05-20 11:02:50.000000000 +0200 ++++ openssh-5.9p1/serverloop.c 2011-09-08 14:14:00.516501505 +0200 +@@ -147,13 +147,13 @@ notify_setup(void) + static void + notify_parent(void) + { +- if (notify_pipe[1] != -1) ++ if (notify_pipe[1] >= 0) + write(notify_pipe[1], "", 1); + } + static void + notify_prepare(fd_set *readset) + { +- if (notify_pipe[0] != -1) ++ if (notify_pipe[0] >= 0) + FD_SET(notify_pipe[0], readset); + } + static void +@@ -161,8 +161,8 @@ notify_done(fd_set *readset) + { + char c; + +- if (notify_pipe[0] != -1 && FD_ISSET(notify_pipe[0], readset)) +- while (read(notify_pipe[0], &c, 1) != -1) ++ if (notify_pipe[0] >= 0 && FD_ISSET(notify_pipe[0], readset)) ++ while (read(notify_pipe[0], &c, 1) >= 0) + debug2("notify_done: reading"); + } + +@@ -330,7 +330,7 @@ wait_until_can_do_something(fd_set **rea + * If we have buffered data, try to write some of that data + * to the program. + */ +- if (fdin != -1 && buffer_len(&stdin_buffer) > 0) ++ if (fdin >= 0 && buffer_len(&stdin_buffer) > 0) + FD_SET(fdin, *writesetp); + } + notify_prepare(*readsetp); +@@ -470,7 +470,7 @@ process_output(fd_set *writeset) + int len; + + /* Write buffered data to program stdin. */ +- if (!compat20 && fdin != -1 && FD_ISSET(fdin, writeset)) { ++ if (!compat20 && fdin >= 0 && FD_ISSET(fdin, writeset)) { + data = buffer_ptr(&stdin_buffer); + dlen = buffer_len(&stdin_buffer); + len = write(fdin, data, dlen); +@@ -583,7 +583,7 @@ server_loop(pid_t pid, int fdin_arg, int + set_nonblock(fdin); + set_nonblock(fdout); + /* we don't have stderr for interactive terminal sessions, see below */ +- if (fderr != -1) ++ if (fderr >= 0) + set_nonblock(fderr); + + if (!(datafellows & SSH_BUG_IGNOREMSG) && isatty(fdin)) +@@ -607,7 +607,7 @@ server_loop(pid_t pid, int fdin_arg, int + max_fd = MAX(connection_in, connection_out); + max_fd = MAX(max_fd, fdin); + max_fd = MAX(max_fd, fdout); +- if (fderr != -1) ++ if (fderr >= 0) + max_fd = MAX(max_fd, fderr); + #endif + +@@ -637,7 +637,7 @@ server_loop(pid_t pid, int fdin_arg, int + * If we have received eof, and there is no more pending + * input data, cause a real eof by closing fdin. + */ +- if (stdin_eof && fdin != -1 && buffer_len(&stdin_buffer) == 0) { ++ if (stdin_eof && fdin >= 0 && buffer_len(&stdin_buffer) == 0) { + if (fdin != fdout) + close(fdin); + else +@@ -735,15 +735,15 @@ server_loop(pid_t pid, int fdin_arg, int + buffer_free(&stderr_buffer); + + /* Close the file descriptors. */ +- if (fdout != -1) ++ if (fdout >= 0) + close(fdout); + fdout = -1; + fdout_eof = 1; +- if (fderr != -1) ++ if (fderr >= 0) + close(fderr); + fderr = -1; + fderr_eof = 1; +- if (fdin != -1) ++ if (fdin >= 0) + close(fdin); + fdin = -1; + +@@ -937,7 +937,7 @@ server_input_window_size(int type, u_int + + debug("Window change received."); + packet_check_eom(); +- if (fdin != -1) ++ if (fdin >= 0) + pty_change_window_size(fdin, row, col, xpixel, ypixel); + } + +@@ -990,7 +990,7 @@ server_request_tun(void) + } + + tun = packet_get_int(); +- if (forced_tun_device != -1) { ++ if (forced_tun_device >= 0) { + if (tun != SSH_TUNID_ANY && forced_tun_device != tun) + goto done; + tun = forced_tun_device; +diff -up openssh-5.9p1/sftp-client.c.coverity openssh-5.9p1/sftp-client.c +--- openssh-5.9p1/sftp-client.c.coverity 2010-12-04 23:02:48.000000000 +0100 ++++ openssh-5.9p1/sftp-client.c 2011-09-08 14:14:00.640502358 +0200 +@@ -149,7 +149,7 @@ get_msg(struct sftp_conn *conn, Buffer * + } + + static void +-send_string_request(struct sftp_conn *conn, u_int id, u_int code, char *s, ++send_string_request(struct sftp_conn *conn, u_int id, u_int code, const char *s, + u_int len) + { + Buffer msg; +@@ -165,7 +165,7 @@ send_string_request(struct sftp_conn *co + + static void + send_string_attrs_request(struct sftp_conn *conn, u_int id, u_int code, +- char *s, u_int len, Attrib *a) ++ const char *s, u_int len, Attrib *a) + { + Buffer msg; + +@@ -422,7 +422,7 @@ sftp_proto_version(struct sftp_conn *con + } + + int +-do_close(struct sftp_conn *conn, char *handle, u_int handle_len) ++do_close(struct sftp_conn *conn, const char *handle, u_int handle_len) + { + u_int id, status; + Buffer msg; +@@ -447,7 +447,7 @@ do_close(struct sftp_conn *conn, char *h + + + static int +-do_lsreaddir(struct sftp_conn *conn, char *path, int printflag, ++do_lsreaddir(struct sftp_conn *conn, const char *path, int printflag, + SFTP_DIRENT ***dir) + { + Buffer msg; +@@ -571,7 +571,7 @@ do_lsreaddir(struct sftp_conn *conn, cha + } + + int +-do_readdir(struct sftp_conn *conn, char *path, SFTP_DIRENT ***dir) ++do_readdir(struct sftp_conn *conn, const char *path, SFTP_DIRENT ***dir) + { + return(do_lsreaddir(conn, path, 0, dir)); + } +@@ -589,7 +589,7 @@ void free_sftp_dirents(SFTP_DIRENT **s) + } + + int +-do_rm(struct sftp_conn *conn, char *path) ++do_rm(struct sftp_conn *conn, const char *path) + { + u_int status, id; + +@@ -604,7 +604,7 @@ do_rm(struct sftp_conn *conn, char *path + } + + int +-do_mkdir(struct sftp_conn *conn, char *path, Attrib *a, int printflag) ++do_mkdir(struct sftp_conn *conn, const char *path, Attrib *a, int printflag) + { + u_int status, id; + +@@ -620,7 +620,7 @@ do_mkdir(struct sftp_conn *conn, char *p + } + + int +-do_rmdir(struct sftp_conn *conn, char *path) ++do_rmdir(struct sftp_conn *conn, const char *path) + { + u_int status, id; + +@@ -636,7 +636,7 @@ do_rmdir(struct sftp_conn *conn, char *p + } + + Attrib * +-do_stat(struct sftp_conn *conn, char *path, int quiet) ++do_stat(struct sftp_conn *conn, const char *path, int quiet) + { + u_int id; + +@@ -650,7 +650,7 @@ do_stat(struct sftp_conn *conn, char *pa + } + + Attrib * +-do_lstat(struct sftp_conn *conn, char *path, int quiet) ++do_lstat(struct sftp_conn *conn, const char *path, int quiet) + { + u_int id; + +@@ -684,7 +684,7 @@ do_fstat(struct sftp_conn *conn, char *h + #endif + + int +-do_setstat(struct sftp_conn *conn, char *path, Attrib *a) ++do_setstat(struct sftp_conn *conn, const char *path, Attrib *a) + { + u_int status, id; + +@@ -701,7 +701,7 @@ do_setstat(struct sftp_conn *conn, char + } + + int +-do_fsetstat(struct sftp_conn *conn, char *handle, u_int handle_len, ++do_fsetstat(struct sftp_conn *conn, const char *handle, u_int handle_len, + Attrib *a) + { + u_int status, id; +@@ -718,12 +718,12 @@ do_fsetstat(struct sftp_conn *conn, char + } + + char * +-do_realpath(struct sftp_conn *conn, char *path) ++do_realpath(struct sftp_conn *conn, const char *path) + { + Buffer msg; + u_int type, expected_id, count, id; + char *filename, *longname; +- Attrib *a; ++/*UNUSED Attrib *a; */ + + expected_id = id = conn->msg_id++; + send_string_request(conn, id, SSH2_FXP_REALPATH, path, +@@ -754,7 +754,7 @@ do_realpath(struct sftp_conn *conn, char + + filename = buffer_get_string(&msg, NULL); + longname = buffer_get_string(&msg, NULL); +- a = decode_attrib(&msg); ++ /*a =*/ (void) decode_attrib(&msg); + + debug3("SSH_FXP_REALPATH %s -> %s", path, filename); + +@@ -766,7 +766,7 @@ do_realpath(struct sftp_conn *conn, char + } + + int +-do_rename(struct sftp_conn *conn, char *oldpath, char *newpath) ++do_rename(struct sftp_conn *conn, const char *oldpath, const char *newpath) + { + Buffer msg; + u_int status, id; +@@ -800,7 +800,7 @@ do_rename(struct sftp_conn *conn, char * + } + + int +-do_hardlink(struct sftp_conn *conn, char *oldpath, char *newpath) ++do_hardlink(struct sftp_conn *conn, const char *oldpath, const char *newpath) + { + Buffer msg; + u_int status, id; +@@ -833,7 +833,7 @@ do_hardlink(struct sftp_conn *conn, char + } + + int +-do_symlink(struct sftp_conn *conn, char *oldpath, char *newpath) ++do_symlink(struct sftp_conn *conn, const char *oldpath, const char *newpath) + { + Buffer msg; + u_int status, id; +@@ -984,7 +984,7 @@ send_read_request(struct sftp_conn *conn + } + + int +-do_download(struct sftp_conn *conn, char *remote_path, char *local_path, ++do_download(struct sftp_conn *conn, const char *remote_path, const char *local_path, + Attrib *a, int pflag) + { + Attrib junk; +@@ -1223,7 +1223,7 @@ do_download(struct sftp_conn *conn, char + } + + static int +-download_dir_internal(struct sftp_conn *conn, char *src, char *dst, ++download_dir_internal(struct sftp_conn *conn, const char *src, const char *dst, + Attrib *dirattrib, int pflag, int printflag, int depth) + { + int i, ret = 0; +@@ -1313,7 +1313,7 @@ download_dir_internal(struct sftp_conn * + } + + int +-download_dir(struct sftp_conn *conn, char *src, char *dst, ++download_dir(struct sftp_conn *conn, const char *src, const char *dst, + Attrib *dirattrib, int pflag, int printflag) + { + char *src_canon; +@@ -1331,7 +1331,7 @@ download_dir(struct sftp_conn *conn, cha + } + + int +-do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, ++do_upload(struct sftp_conn *conn, const char *local_path, const char *remote_path, + int pflag) + { + int local_fd; +@@ -1514,7 +1514,7 @@ do_upload(struct sftp_conn *conn, char * + } + + static int +-upload_dir_internal(struct sftp_conn *conn, char *src, char *dst, ++upload_dir_internal(struct sftp_conn *conn, const char *src, const char *dst, + int pflag, int printflag, int depth) + { + int ret = 0, status; +@@ -1605,7 +1605,7 @@ upload_dir_internal(struct sftp_conn *co + } + + int +-upload_dir(struct sftp_conn *conn, char *src, char *dst, int printflag, ++upload_dir(struct sftp_conn *conn, const char *src, const char *dst, int printflag, + int pflag) + { + char *dst_canon; +@@ -1622,7 +1622,7 @@ upload_dir(struct sftp_conn *conn, char + } + + char * +-path_append(char *p1, char *p2) ++path_append(const char *p1, const char *p2) + { + char *ret; + size_t len = strlen(p1) + strlen(p2) + 2; +diff -up openssh-5.9p1/sftp-client.h.coverity openssh-5.9p1/sftp-client.h +--- openssh-5.9p1/sftp-client.h.coverity 2010-12-04 23:02:48.000000000 +0100 ++++ openssh-5.9p1/sftp-client.h 2011-09-08 14:14:00.750502818 +0200 +@@ -56,49 +56,49 @@ struct sftp_conn *do_init(int, int, u_in + u_int sftp_proto_version(struct sftp_conn *); + + /* Close file referred to by 'handle' */ +-int do_close(struct sftp_conn *, char *, u_int); ++int do_close(struct sftp_conn *, const char *, u_int); + + /* Read contents of 'path' to NULL-terminated array 'dir' */ +-int do_readdir(struct sftp_conn *, char *, SFTP_DIRENT ***); ++int do_readdir(struct sftp_conn *, const char *, SFTP_DIRENT ***); + + /* Frees a NULL-terminated array of SFTP_DIRENTs (eg. from do_readdir) */ + void free_sftp_dirents(SFTP_DIRENT **); + + /* Delete file 'path' */ +-int do_rm(struct sftp_conn *, char *); ++int do_rm(struct sftp_conn *, const char *); + + /* Create directory 'path' */ +-int do_mkdir(struct sftp_conn *, char *, Attrib *, int); ++int do_mkdir(struct sftp_conn *, const char *, Attrib *, int); + + /* Remove directory 'path' */ +-int do_rmdir(struct sftp_conn *, char *); ++int do_rmdir(struct sftp_conn *, const char *); + + /* Get file attributes of 'path' (follows symlinks) */ +-Attrib *do_stat(struct sftp_conn *, char *, int); ++Attrib *do_stat(struct sftp_conn *, const char *, int); + + /* Get file attributes of 'path' (does not follow symlinks) */ +-Attrib *do_lstat(struct sftp_conn *, char *, int); ++Attrib *do_lstat(struct sftp_conn *, const char *, int); + + /* Set file attributes of 'path' */ +-int do_setstat(struct sftp_conn *, char *, Attrib *); ++int do_setstat(struct sftp_conn *, const char *, Attrib *); + + /* Set file attributes of open file 'handle' */ +-int do_fsetstat(struct sftp_conn *, char *, u_int, Attrib *); ++int do_fsetstat(struct sftp_conn *, const char *, u_int, Attrib *); + + /* Canonicalise 'path' - caller must free result */ +-char *do_realpath(struct sftp_conn *, char *); ++char *do_realpath(struct sftp_conn *, const char *); + + /* Get statistics for filesystem hosting file at "path" */ + int do_statvfs(struct sftp_conn *, const char *, struct sftp_statvfs *, int); + + /* Rename 'oldpath' to 'newpath' */ +-int do_rename(struct sftp_conn *, char *, char *); ++int do_rename(struct sftp_conn *, const char *, const char *); + + /* Link 'oldpath' to 'newpath' */ +-int do_hardlink(struct sftp_conn *, char *, char *); ++int do_hardlink(struct sftp_conn *, const char *, const char *); + +-/* Rename 'oldpath' to 'newpath' */ +-int do_symlink(struct sftp_conn *, char *, char *); ++/* Symlink 'oldpath' to 'newpath' */ ++int do_symlink(struct sftp_conn *, const char *, const char *); + + /* XXX: add callbacks to do_download/do_upload so we can do progress meter */ + +@@ -106,27 +106,27 @@ int do_symlink(struct sftp_conn *, char + * Download 'remote_path' to 'local_path'. Preserve permissions and times + * if 'pflag' is set + */ +-int do_download(struct sftp_conn *, char *, char *, Attrib *, int); ++int do_download(struct sftp_conn *, const char *, const char *, Attrib *, int); + + /* + * Recursively download 'remote_directory' to 'local_directory'. Preserve + * times if 'pflag' is set + */ +-int download_dir(struct sftp_conn *, char *, char *, Attrib *, int, int); ++int download_dir(struct sftp_conn *, const char *, const char *, Attrib *, int, int); + + /* + * Upload 'local_path' to 'remote_path'. Preserve permissions and times + * if 'pflag' is set + */ +-int do_upload(struct sftp_conn *, char *, char *, int); ++int do_upload(struct sftp_conn *, const char *, const char *, int); + + /* + * Recursively upload 'local_directory' to 'remote_directory'. Preserve + * times if 'pflag' is set + */ +-int upload_dir(struct sftp_conn *, char *, char *, int, int); ++int upload_dir(struct sftp_conn *, const char *, const char *, int, int); + + /* Concatenate paths, taking care of slashes. Caller must free result. */ +-char *path_append(char *, char *); ++char *path_append(const char *, const char *); + + #endif +diff -up openssh-5.9p1/sftp.c.coverity openssh-5.9p1/sftp.c +--- openssh-5.9p1/sftp.c.coverity 2010-12-04 23:02:48.000000000 +0100 ++++ openssh-5.9p1/sftp.c 2011-09-08 14:25:08.647440423 +0200 +@@ -316,7 +316,7 @@ local_do_ls(const char *args) + + /* Strip one path (usually the pwd) from the start of another */ + static char * +-path_strip(char *path, char *strip) ++path_strip(const char *path, const char *strip) + { + size_t len; + +@@ -334,7 +334,7 @@ path_strip(char *path, char *strip) + } + + static char * +-make_absolute(char *p, char *pwd) ++make_absolute(char *p, const char *pwd) + { + char *abs_str; + +@@ -482,7 +482,7 @@ parse_df_flags(const char *cmd, char **a + } + + static int +-is_dir(char *path) ++is_dir(const char *path) + { + struct stat sb; + +@@ -494,7 +494,7 @@ is_dir(char *path) + } + + static int +-remote_is_dir(struct sftp_conn *conn, char *path) ++remote_is_dir(struct sftp_conn *conn, const char *path) + { + Attrib *a; + +@@ -508,7 +508,7 @@ remote_is_dir(struct sftp_conn *conn, ch + + /* Check whether path returned from glob(..., GLOB_MARK, ...) is a directory */ + static int +-pathname_is_dir(char *pathname) ++pathname_is_dir(const char *pathname) + { + size_t l = strlen(pathname); + +@@ -516,7 +516,7 @@ pathname_is_dir(char *pathname) + } + + static int +-process_get(struct sftp_conn *conn, char *src, char *dst, char *pwd, ++process_get(struct sftp_conn *conn, const char *src, const char *dst, const char *pwd, + int pflag, int rflag) + { + char *abs_src = NULL; +@@ -590,7 +590,7 @@ out: + } + + static int +-process_put(struct sftp_conn *conn, char *src, char *dst, char *pwd, ++process_put(struct sftp_conn *conn, const char *src, const char *dst, const char *pwd, + int pflag, int rflag) + { + char *tmp_dst = NULL; +@@ -695,7 +695,7 @@ sdirent_comp(const void *aa, const void + + /* sftp ls.1 replacement for directories */ + static int +-do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag) ++do_ls_dir(struct sftp_conn *conn, const char *path, const char *strip_path, int lflag) + { + int n; + u_int c = 1, colspace = 0, columns = 1; +@@ -780,10 +780,10 @@ do_ls_dir(struct sftp_conn *conn, char * + + /* sftp ls.1 replacement which handles path globs */ + static int +-do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, ++do_globbed_ls(struct sftp_conn *conn, const char *path, const char *strip_path, + int lflag) + { +- Attrib *a = NULL; ++/*UNUSED Attrib *a = NULL;*/ + char *fname, *lname; + glob_t g; + int err; +@@ -828,7 +828,7 @@ do_globbed_ls(struct sftp_conn *conn, ch + colspace = width / columns; + } + +- for (i = 0; g.gl_pathv[i] && !interrupted; i++, a = NULL) { ++ for (i = 0; g.gl_pathv[i] && !interrupted; i++/*, a = NULL*/) { + fname = path_strip(g.gl_pathv[i], strip_path); + if (lflag & LS_LONG_VIEW) { + if (g.gl_statv[i] == NULL) { +@@ -861,7 +861,7 @@ do_globbed_ls(struct sftp_conn *conn, ch + } + + static int +-do_df(struct sftp_conn *conn, char *path, int hflag, int iflag) ++do_df(struct sftp_conn *conn, const char *path, int hflag, int iflag) + { + struct sftp_statvfs st; + char s_used[FMT_SCALED_STRSIZE]; +diff -up openssh-5.9p1/sshd.c.coverity openssh-5.9p1/sshd.c +--- openssh-5.9p1/sshd.c.coverity 2011-06-23 11:45:51.000000000 +0200 ++++ openssh-5.9p1/sshd.c 2011-09-08 14:14:01.018565321 +0200 +@@ -1302,6 +1302,9 @@ server_accept_loop(int *sock_in, int *so + if (num_listen_socks < 0) + break; + } ++ ++ if (fdset != NULL) ++ xfree(fdset); + } + + +@@ -1774,7 +1777,7 @@ main(int ac, char **av) + + /* Chdir to the root directory so that the current disk can be + unmounted if desired. */ +- chdir("/"); ++ (void) chdir("/"); + + /* ignore SIGPIPE */ + signal(SIGPIPE, SIG_IGN); diff --git a/openssh-5.9p1-fips.patch b/openssh-5.9p1-fips.patch index 3c069d2..c783f6a 100644 --- a/openssh-5.9p1-fips.patch +++ b/openssh-5.9p1-fips.patch @@ -1,6 +1,6 @@ -diff -up openssh-5.9p0/Makefile.in.fips openssh-5.9p0/Makefile.in ---- openssh-5.9p0/Makefile.in.fips 2011-08-31 13:16:25.548087929 +0200 -+++ openssh-5.9p0/Makefile.in 2011-08-31 13:17:42.820212398 +0200 +diff -up openssh-5.9p1/Makefile.in.fips openssh-5.9p1/Makefile.in +--- openssh-5.9p1/Makefile.in.fips 2011-09-08 14:51:55.788515769 +0200 ++++ openssh-5.9p1/Makefile.in 2011-09-08 14:51:58.390439672 +0200 @@ -142,25 +142,25 @@ libssh.a: $(LIBSSH_OBJS) $(RANLIB) $@ @@ -42,9 +42,9 @@ diff -up openssh-5.9p0/Makefile.in.fips openssh-5.9p0/Makefile.in sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o $(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) -diff -up openssh-5.9p0/authfile.c.fips openssh-5.9p0/authfile.c ---- openssh-5.9p0/authfile.c.fips 2011-08-31 13:16:26.896087056 +0200 -+++ openssh-5.9p0/authfile.c 2011-08-31 13:16:28.586211616 +0200 +diff -up openssh-5.9p1/authfile.c.fips openssh-5.9p1/authfile.c +--- openssh-5.9p1/authfile.c.fips 2011-09-08 14:51:57.076455523 +0200 ++++ openssh-5.9p1/authfile.c 2011-09-08 14:51:58.485565698 +0200 @@ -148,8 +148,14 @@ key_private_rsa1_to_blob(Key *key, Buffe /* Allocate space for the private part of the key in the buffer. */ cp = buffer_append_space(&encrypted, buffer_len(&buffer)); @@ -78,9 +78,9 @@ diff -up openssh-5.9p0/authfile.c.fips openssh-5.9p0/authfile.c cipher_crypt(&ciphercontext, cp, buffer_ptr(©), buffer_len(©)); cipher_cleanup(&ciphercontext); -diff -up openssh-5.9p0/cipher-ctr.c.fips openssh-5.9p0/cipher-ctr.c ---- openssh-5.9p0/cipher-ctr.c.fips 2010-10-07 13:06:42.000000000 +0200 -+++ openssh-5.9p0/cipher-ctr.c 2011-08-31 13:16:28.690026009 +0200 +diff -up openssh-5.9p1/cipher-ctr.c.fips openssh-5.9p1/cipher-ctr.c +--- openssh-5.9p1/cipher-ctr.c.fips 2010-10-07 13:06:42.000000000 +0200 ++++ openssh-5.9p1/cipher-ctr.c 2011-09-08 14:51:58.593563819 +0200 @@ -140,7 +140,8 @@ evp_aes_128_ctr(void) aes_ctr.do_cipher = ssh_aes_ctr; #ifndef SSH_OLD_EVP @@ -91,9 +91,9 @@ diff -up openssh-5.9p0/cipher-ctr.c.fips openssh-5.9p0/cipher-ctr.c #endif return (&aes_ctr); } -diff -up openssh-5.9p0/cipher.c.fips openssh-5.9p0/cipher.c ---- openssh-5.9p0/cipher.c.fips 2011-08-31 13:16:14.685087304 +0200 -+++ openssh-5.9p0/cipher.c 2011-08-31 13:16:28.815092896 +0200 +diff -up openssh-5.9p1/cipher.c.fips openssh-5.9p1/cipher.c +--- openssh-5.9p1/cipher.c.fips 2011-09-08 14:51:44.592501867 +0200 ++++ openssh-5.9p1/cipher.c 2011-09-08 14:51:58.700440064 +0200 @@ -40,6 +40,7 @@ #include @@ -178,9 +178,9 @@ diff -up openssh-5.9p0/cipher.c.fips openssh-5.9p0/cipher.c } /* -diff -up openssh-5.9p0/cipher.h.fips openssh-5.9p0/cipher.h ---- openssh-5.9p0/cipher.h.fips 2011-08-31 13:16:14.816212495 +0200 -+++ openssh-5.9p0/cipher.h 2011-08-31 13:16:28.939073884 +0200 +diff -up openssh-5.9p1/cipher.h.fips openssh-5.9p1/cipher.h +--- openssh-5.9p1/cipher.h.fips 2011-09-08 14:51:44.697501719 +0200 ++++ openssh-5.9p1/cipher.h 2011-09-08 14:51:58.800502283 +0200 @@ -87,7 +87,7 @@ void cipher_init(CipherContext *, Ciphe const u_char *, u_int, int); void cipher_crypt(CipherContext *, u_char *, const u_char *, u_int); @@ -190,9 +190,9 @@ diff -up openssh-5.9p0/cipher.h.fips openssh-5.9p0/cipher.h u_int cipher_blocksize(const Cipher *); u_int cipher_keylen(const Cipher *); u_int cipher_is_cbc(const Cipher *); -diff -up openssh-5.9p0/key.c.fips openssh-5.9p0/key.c ---- openssh-5.9p0/key.c.fips 2011-08-31 13:16:18.179212858 +0200 -+++ openssh-5.9p0/key.c 2011-08-31 13:16:29.069031653 +0200 +diff -up openssh-5.9p1/key.c.fips openssh-5.9p1/key.c +--- openssh-5.9p1/key.c.fips 2011-09-08 14:51:49.002451595 +0200 ++++ openssh-5.9p1/key.c 2011-09-08 14:51:58.908501542 +0200 @@ -40,6 +40,7 @@ #include @@ -218,9 +218,9 @@ diff -up openssh-5.9p0/key.c.fips openssh-5.9p0/key.c rv_defined = 1; } return rv; -diff -up openssh-5.9p0/mac.c.fips openssh-5.9p0/mac.c ---- openssh-5.9p0/mac.c.fips 2011-08-31 13:16:16.521087343 +0200 -+++ openssh-5.9p0/mac.c 2011-08-31 13:16:29.171039694 +0200 +diff -up openssh-5.9p1/mac.c.fips openssh-5.9p1/mac.c +--- openssh-5.9p1/mac.c.fips 2011-09-08 14:51:46.755466816 +0200 ++++ openssh-5.9p1/mac.c 2011-09-08 14:51:59.029600712 +0200 @@ -28,6 +28,7 @@ #include @@ -270,9 +270,9 @@ diff -up openssh-5.9p0/mac.c.fips openssh-5.9p0/mac.c for (i = 0; macs[i].name; i++) { if (strcmp(name, macs[i].name) == 0) { -diff -up openssh-5.9p0/myproposal.h.fips openssh-5.9p0/myproposal.h ---- openssh-5.9p0/myproposal.h.fips 2011-08-17 02:29:03.000000000 +0200 -+++ openssh-5.9p0/myproposal.h 2011-08-31 13:16:29.301087416 +0200 +diff -up openssh-5.9p1/myproposal.h.fips openssh-5.9p1/myproposal.h +--- openssh-5.9p1/myproposal.h.fips 2011-08-17 02:29:03.000000000 +0200 ++++ openssh-5.9p1/myproposal.h 2011-09-08 14:51:59.150503573 +0200 @@ -97,6 +97,12 @@ #define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib" #define KEX_DEFAULT_LANG "" @@ -286,9 +286,9 @@ diff -up openssh-5.9p0/myproposal.h.fips openssh-5.9p0/myproposal.h static char *myproposal[PROPOSAL_MAX] = { KEX_DEFAULT_KEX, -diff -up openssh-5.9p0/openbsd-compat/bsd-arc4random.c.fips openssh-5.9p0/openbsd-compat/bsd-arc4random.c ---- openssh-5.9p0/openbsd-compat/bsd-arc4random.c.fips 2010-03-25 22:52:02.000000000 +0100 -+++ openssh-5.9p0/openbsd-compat/bsd-arc4random.c 2011-08-31 13:16:29.741086847 +0200 +diff -up openssh-5.9p1/openbsd-compat/bsd-arc4random.c.fips openssh-5.9p1/openbsd-compat/bsd-arc4random.c +--- openssh-5.9p1/openbsd-compat/bsd-arc4random.c.fips 2010-03-25 22:52:02.000000000 +0100 ++++ openssh-5.9p1/openbsd-compat/bsd-arc4random.c 2011-09-08 14:51:59.262439903 +0200 @@ -37,25 +37,18 @@ #define REKEY_BYTES (1 << 24) @@ -344,9 +344,9 @@ diff -up openssh-5.9p0/openbsd-compat/bsd-arc4random.c.fips openssh-5.9p0/openbs } #endif /* !HAVE_ARC4RANDOM */ -diff -up openssh-5.9p0/ssh.c.fips openssh-5.9p0/ssh.c ---- openssh-5.9p0/ssh.c.fips 2011-08-05 22:18:16.000000000 +0200 -+++ openssh-5.9p0/ssh.c 2011-08-31 13:16:29.852212356 +0200 +diff -up openssh-5.9p1/ssh.c.fips openssh-5.9p1/ssh.c +--- openssh-5.9p1/ssh.c.fips 2011-08-05 22:18:16.000000000 +0200 ++++ openssh-5.9p1/ssh.c 2011-09-08 14:51:59.369485419 +0200 @@ -73,6 +73,8 @@ #include @@ -409,9 +409,9 @@ diff -up openssh-5.9p0/ssh.c.fips openssh-5.9p0/ssh.c /* Open a connection to the remote host. */ if (ssh_connect(host, &hostaddr, options.port, options.address_family, options.connection_attempts, &timeout_ms, -diff -up openssh-5.9p0/sshconnect2.c.fips openssh-5.9p0/sshconnect2.c ---- openssh-5.9p0/sshconnect2.c.fips 2011-08-31 13:16:09.532024846 +0200 -+++ openssh-5.9p0/sshconnect2.c 2011-08-31 13:16:29.959087217 +0200 +diff -up openssh-5.9p1/sshconnect2.c.fips openssh-5.9p1/sshconnect2.c +--- openssh-5.9p1/sshconnect2.c.fips 2011-09-08 14:51:38.333470704 +0200 ++++ openssh-5.9p1/sshconnect2.c 2011-09-08 14:51:59.474500288 +0200 @@ -44,6 +44,8 @@ #include #endif @@ -444,9 +444,9 @@ diff -up openssh-5.9p0/sshconnect2.c.fips openssh-5.9p0/sshconnect2.c if (options.hostkeyalgorithms != NULL) myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = options.hostkeyalgorithms; -diff -up openssh-5.9p0/sshd.c.fips openssh-5.9p0/sshd.c ---- openssh-5.9p0/sshd.c.fips 2011-08-31 13:16:22.525057137 +0200 -+++ openssh-5.9p0/sshd.c 2011-08-31 13:16:30.078212687 +0200 +diff -up openssh-5.9p1/sshd.c.fips openssh-5.9p1/sshd.c +--- openssh-5.9p1/sshd.c.fips 2011-09-08 14:51:52.866451334 +0200 ++++ openssh-5.9p1/sshd.c 2011-09-08 14:57:01.982447369 +0200 @@ -76,6 +76,8 @@ #include #include @@ -456,7 +456,7 @@ diff -up openssh-5.9p0/sshd.c.fips openssh-5.9p0/sshd.c #include "openbsd-compat/openssl-compat.h" #ifdef HAVE_SECUREWARE -@@ -1388,6 +1390,11 @@ main(int ac, char **av) +@@ -1391,6 +1393,11 @@ main(int ac, char **av) #endif __progname = ssh_get_progname(av[0]); @@ -468,7 +468,7 @@ diff -up openssh-5.9p0/sshd.c.fips openssh-5.9p0/sshd.c /* Save argv. Duplicate so setproctitle emulation doesn't clobber it */ saved_argc = ac; rexec_argc = ac; -@@ -1547,8 +1554,6 @@ main(int ac, char **av) +@@ -1550,8 +1557,6 @@ main(int ac, char **av) else closefrom(REEXEC_DEVCRYPTO_RESERVED_FD); @@ -477,7 +477,7 @@ diff -up openssh-5.9p0/sshd.c.fips openssh-5.9p0/sshd.c /* * Force logging to stderr until we have loaded the private host * key (unless started from inetd) -@@ -1666,6 +1671,10 @@ main(int ac, char **av) +@@ -1669,6 +1674,10 @@ main(int ac, char **av) debug("private host key: #%d type %d %s", i, key->type, key_type(key)); } @@ -488,7 +488,7 @@ diff -up openssh-5.9p0/sshd.c.fips openssh-5.9p0/sshd.c if ((options.protocol & SSH_PROTO_1) && !sensitive_data.have_ssh1_key) { logit("Disabling protocol version 1. Could not load host key"); options.protocol &= ~SSH_PROTO_1; -@@ -1830,6 +1839,10 @@ main(int ac, char **av) +@@ -1833,6 +1842,10 @@ main(int ac, char **av) /* Initialize the random number generator. */ arc4random_stir(); @@ -498,8 +498,8 @@ diff -up openssh-5.9p0/sshd.c.fips openssh-5.9p0/sshd.c + /* Chdir to the root directory so that the current disk can be unmounted if desired. */ - chdir("/"); -@@ -2372,6 +2385,9 @@ do_ssh2_kex(void) + (void) chdir("/"); +@@ -2375,6 +2388,9 @@ do_ssh2_kex(void) if (options.ciphers != NULL) { myproposal[PROPOSAL_ENC_ALGS_CTOS] = myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers; @@ -509,7 +509,7 @@ diff -up openssh-5.9p0/sshd.c.fips openssh-5.9p0/sshd.c } myproposal[PROPOSAL_ENC_ALGS_CTOS] = compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]); -@@ -2381,6 +2397,9 @@ do_ssh2_kex(void) +@@ -2384,6 +2400,9 @@ do_ssh2_kex(void) if (options.macs != NULL) { myproposal[PROPOSAL_MAC_ALGS_CTOS] = myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; diff --git a/openssh-5.9p1-gsskex.patch b/openssh-5.9p1-gsskex.patch index 1cf6bb7..c7ac7e2 100644 --- a/openssh-5.9p1-gsskex.patch +++ b/openssh-5.9p1-gsskex.patch @@ -1454,7 +1454,7 @@ diff -up openssh-5.9p0/kexgssc.c.gsskex openssh-5.9p0/kexgssc.c + klen = DH_size(dh); + kbuf = xmalloc(klen); + kout = DH_compute_key(kbuf, dh_server_pub, dh); -+ if (kout < 0) ++ if ((int)kout < 0) + fatal("DH_compute_key: failed"); + + shared_secret = BN_new(); @@ -1738,7 +1738,7 @@ diff -up openssh-5.9p0/kexgsss.c.gsskex openssh-5.9p0/kexgsss.c + klen = DH_size(dh); + kbuf = xmalloc(klen); + kout = DH_compute_key(kbuf, dh_client_pub, dh); -+ if (kout < 0) ++ if ((int)kout < 0) + fatal("DH_compute_key: failed"); + + shared_secret = BN_new(); diff --git a/openssh-5.9p1-ldap.patch b/openssh-5.9p1-ldap.patch index e6bc256..10f303e 100644 --- a/openssh-5.9p1-ldap.patch +++ b/openssh-5.9p1-ldap.patch @@ -473,7 +473,7 @@ diff -up openssh-5.9p0/ldap-helper.c.ldap openssh-5.9p0/ldap-helper.c +} + +/* Ugly hack */ -+void *buffer_get_string(Buffer *b, u_int *l) {} ++void *buffer_get_string(Buffer *b, u_int *l) { return NULL; } +void buffer_put_string(Buffer *b, const void *f, u_int l) {} + diff -up openssh-5.9p0/ldap-helper.h.ldap openssh-5.9p0/ldap-helper.h @@ -776,7 +776,7 @@ diff -up openssh-5.9p0/ldapbody.c.ldap openssh-5.9p0/ldapbody.c + ber_set_option (NULL, LBER_OPT_DEBUG_LEVEL, &options.debug); +#endif /* LBER_OPT_DEBUG_LEVEL */ +#ifdef LDAP_OPT_DEBUG_LEVEL -+ ldap_set_option (NULL, LDAP_OPT_DEBUG_LEVEL, &options.debug); ++ (void) ldap_set_option (NULL, LDAP_OPT_DEBUG_LEVEL, &options.debug); +#endif /* LDAP_OPT_DEBUG_LEVEL */ + debug3 ("Set LDAP debug to %d", options.debug); + } diff --git a/openssh.spec b/openssh.spec index acb22a8..98d9e82 100644 --- a/openssh.spec +++ b/openssh.spec @@ -79,7 +79,7 @@ # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1 %define openssh_ver 5.9p1 -%define openssh_rel 1 +%define openssh_rel 2 %define pam_ssh_agent_ver 0.9.2 %define pam_ssh_agent_rel 32 @@ -111,14 +111,16 @@ Source13: sshd-keygen # Internal debug Patch0: openssh-5.8p1-wIm.patch +#? +Patch100: openssh-5.9p1-coverity.patch #https://bugzilla.mindrot.org/show_bug.cgi?id=1872 -Patch100: openssh-5.8p1-fingerprint.patch +Patch101: openssh-5.8p1-fingerprint.patch #https://bugzilla.mindrot.org/show_bug.cgi?id=1894 -Patch101: openssh-5.8p1-getaddrinfo.patch +Patch102: openssh-5.8p1-getaddrinfo.patch #https://bugzilla.mindrot.org/show_bug.cgi?id=1889 -Patch102: openssh-5.8p1-packet.patch -#? -Patch103: openssh-5.9p1-2auth.patch +Patch103: openssh-5.8p1-packet.patch +#https://bugzilla.mindrot.org/show_bug.cgi?id=983 +Patch104: openssh-5.9p1-2auth.patch #https://bugzilla.mindrot.org/show_bug.cgi?id=1402 Patch200: openssh-5.8p1-audit0.patch @@ -384,10 +386,11 @@ The module is most useful for su and sudo service stacks. #Do not enable by default ###%patch0 -p1 -b .wIm -%patch100 -p1 -b .fingerprint -%patch101 -p1 -b .getaddrinfo -%patch102 -p1 -b .packet -%patch103 -p1 -b .2auth +%patch100 -p1 -b .coverity +%patch101 -p1 -b .fingerprint +%patch102 -p1 -b .getaddrinfo +%patch103 -p1 -b .packet +%patch104 -p1 -b .2auth %patch200 -p1 -b .audit0 %patch201 -p1 -b .audit1 @@ -415,6 +418,7 @@ popd %if %{ldap} %patch501 -p1 -b .ldap %endif + %patch502 -p1 -b .keycat %patch600 -p1 -b .keygen @@ -781,6 +785,9 @@ fi %endif %changelog +* Thu Sep 8 2011 Jan F. Chadima - 5.9p1-2 + 0.9.2-32 +- Coverity first pass + * Wed Sep 7 2011 Jan F. Chadima - 5.9p1-1 + 0.9.2-32 - Rebase to 5.9p1 - Add chroot sftp patch