diff -up gnupg-2.2.20/common/server-help.c.coverity gnupg-2.2.20/common/server-help.c --- gnupg-2.2.20/common/server-help.c.coverity 2019-02-11 10:59:34.000000000 +0100 +++ gnupg-2.2.20/common/server-help.c 2020-05-04 12:00:01.085945639 +0200 @@ -156,7 +156,7 @@ get_option_value (char *line, const char *pend = 0; *r_value = xtrystrdup (p); *pend = c; - if (!p) + if (!*r_value) return my_error_from_syserror (); return 0; } diff -up gnupg-2.2.20/dirmngr/dns.c.coverity gnupg-2.2.20/dirmngr/dns.c --- gnupg-2.2.20/dirmngr/dns.c.coverity 2019-07-09 11:08:45.000000000 +0200 +++ gnupg-2.2.20/dirmngr/dns.c 2020-05-04 18:04:12.285521661 +0200 @@ -10106,9 +10106,8 @@ static const struct { { "AR", DNS_S_ADDITIONAL }, }; -const char *(dns_strsection)(enum dns_section section) { - char _dst[DNS_STRMAXLEN + 1] = { 0 }; - struct dns_buf dst = DNS_B_INTO(_dst, sizeof _dst); +const char *(dns_strsection)(enum dns_section section, void *_dst, size_t lim) { + struct dns_buf dst = DNS_B_INTO(_dst, lim); unsigned i; for (i = 0; i < lengthof(dns_sections); i++) { @@ -10156,9 +10155,8 @@ static const struct { { "IN", DNS_C_IN }, }; -const char *(dns_strclass)(enum dns_class type) { - char _dst[DNS_STRMAXLEN + 1] = { 0 }; - struct dns_buf dst = DNS_B_INTO(_dst, sizeof _dst); +const char *(dns_strclass)(enum dns_class type, void *_dst, size_t lim) { + struct dns_buf dst = DNS_B_INTO(_dst, lim); unsigned i; for (i = 0; i < lengthof(dns_classes); i++) { @@ -10193,9 +10191,8 @@ enum dns_class dns_iclass(const char *na } /* dns_iclass() */ -const char *(dns_strtype)(enum dns_type type) { - char _dst[DNS_STRMAXLEN + 1] = { 0 }; - struct dns_buf dst = DNS_B_INTO(_dst, sizeof _dst); +const char *(dns_strtype)(enum dns_type type, void *_dst, size_t lim) { + struct dns_buf dst = DNS_B_INTO(_dst, lim); unsigned i; for (i = 0; i < lengthof(dns_rrtypes); i++) { diff -up gnupg-2.2.20/dirmngr/dns.h.coverity gnupg-2.2.20/dirmngr/dns.h --- gnupg-2.2.20/dirmngr/dns.h.coverity 2019-03-07 13:03:26.000000000 +0100 +++ gnupg-2.2.20/dirmngr/dns.h 2020-05-04 18:04:12.287521625 +0200 @@ -272,15 +272,25 @@ enum dns_rcode { */ #define DNS_STRMAXLEN 47 /* "QUESTION|ANSWER|AUTHORITY|ADDITIONAL" */ -DNS_PUBLIC const char *dns_strsection(enum dns_section); +DNS_PUBLIC const char *dns_strsection(enum dns_section, void *, size_t); +#define dns_strsection3(a, b, c) \ + dns_strsection((a), (b), (c)) +#define dns_strsection1(a) dns_strsection((a), (char [DNS_STRMAXLEN + 1]){ 0 }, DNS_STRMAXLEN + 1) +#define dns_strsection(...) DNS_PP_CALL(DNS_PP_XPASTE(dns_strsection, DNS_PP_NARG(__VA_ARGS__)), __VA_ARGS__) DNS_PUBLIC enum dns_section dns_isection(const char *); -DNS_PUBLIC const char *dns_strclass(enum dns_class); +DNS_PUBLIC const char *dns_strclass(enum dns_class, void *, size_t); +#define dns_strclass3(a, b, c) dns_strclass((a), (b), (c)) +#define dns_strclass1(a) dns_strclass((a), (char [DNS_STRMAXLEN + 1]){ 0 }, DNS_STRMAXLEN + 1) +#define dns_strclass(...) DNS_PP_CALL(DNS_PP_XPASTE(dns_strclass, DNS_PP_NARG(__VA_ARGS__)), __VA_ARGS__) DNS_PUBLIC enum dns_class dns_iclass(const char *); -DNS_PUBLIC const char *dns_strtype(enum dns_type); +DNS_PUBLIC const char *dns_strtype(enum dns_type, void *, size_t); +#define dns_strtype3(a, b, c) dns_strtype((a), (b), (c)) +#define dns_strtype1(a) dns_strtype((a), (char [DNS_STRMAXLEN + 1]){ 0 }, DNS_STRMAXLEN + 1) +#define dns_strtype(...) DNS_PP_CALL(DNS_PP_XPASTE(dns_strtype, DNS_PP_NARG(__VA_ARGS__)), __VA_ARGS__) DNS_PUBLIC enum dns_type dns_itype(const char *); diff -up gnupg-2.2.20/dirmngr/domaininfo.c.coverity gnupg-2.2.20/dirmngr/domaininfo.c --- gnupg-2.2.20/dirmngr/domaininfo.c.coverity 2019-07-09 11:08:45.000000000 +0200 +++ gnupg-2.2.20/dirmngr/domaininfo.c 2020-05-04 17:54:30.800899152 +0200 @@ -193,6 +193,7 @@ insert_or_update (const char *domain, log_error ("domaininfo: error allocating helper array: %s\n", gpg_strerror (gpg_err_code_from_syserror ())); drop_extra = bucket; + xfree (di_new); goto leave; } narray = 0; @@ -258,6 +259,8 @@ insert_or_update (const char *domain, * sensible strategy. */ drop_extra = domainbuckets[hash]; domainbuckets[hash] = keep; + + xfree (array); } /* Insert */ diff -up gnupg-2.2.20/dirmngr/http.c.coverity gnupg-2.2.20/dirmngr/http.c --- gnupg-2.2.20/dirmngr/http.c.coverity 2019-11-18 18:44:33.000000000 +0100 +++ gnupg-2.2.20/dirmngr/http.c 2020-05-04 17:00:47.826878715 +0200 @@ -3656,7 +3656,6 @@ http_prepare_redirect (http_redir_info_t if (!newurl) { err = gpg_error_from_syserror (); - http_release_parsed_uri (locuri); return err; } } @@ -3675,7 +3674,6 @@ http_prepare_redirect (http_redir_info_t if (!newurl) { err = gpg_error_from_syserror (); - http_release_parsed_uri (locuri); return err; } } diff -up gnupg-2.2.20/dirmngr/ks-engine-hkp.c.coverity gnupg-2.2.20/dirmngr/ks-engine-hkp.c --- gnupg-2.2.20/dirmngr/ks-engine-hkp.c.coverity 2019-11-18 18:44:33.000000000 +0100 +++ gnupg-2.2.20/dirmngr/ks-engine-hkp.c 2020-05-04 12:39:49.970920664 +0200 @@ -1426,7 +1426,7 @@ ks_hkp_search (ctrl_t ctrl, parsed_uri_t int reselect; unsigned int httpflags; char *httphost = NULL; - unsigned int http_status; + unsigned int http_status = 0; unsigned int tries = SEND_REQUEST_RETRIES; unsigned int extra_tries = SEND_REQUEST_EXTRA_RETRIES; diff -up gnupg-2.2.20/g10/card-util.c.coverity gnupg-2.2.20/g10/card-util.c --- gnupg-2.2.20/g10/card-util.c.coverity 2020-03-03 13:33:22.000000000 +0100 +++ gnupg-2.2.20/g10/card-util.c 2020-05-04 16:56:47.788157786 +0200 @@ -704,7 +704,7 @@ card_status (ctrl_t ctrl, estream_t fp, { int err; strlist_t card_list, sl; - char *serialno0, *serialno1; + char *serialno0, *serialno1 = NULL; int all_cards = 0; int any_card = 0; @@ -749,6 +749,7 @@ card_status (ctrl_t ctrl, estream_t fp, current_card_status (ctrl, fp, NULL, 0); xfree (serialno1); + serialno1 = NULL; if (!all_cards) goto leave; diff -up gnupg-2.2.20/g10/import.c.coverity gnupg-2.2.20/g10/import.c --- gnupg-2.2.20/g10/import.c.coverity 2020-05-04 12:34:39.820379830 +0200 +++ gnupg-2.2.20/g10/import.c 2020-05-04 12:34:55.366106195 +0200 @@ -1888,7 +1888,7 @@ import_one_real (ctrl_t ctrl, if (opt.interactive && !silent) { - if (is_status_enabled()) + if (uidnode && is_status_enabled()) print_import_check (pk, uidnode->pkt->pkt.user_id); merge_keys_and_selfsig (ctrl, keyblock); tty_printf ("\n"); diff -up gnupg-2.2.20/g10/keygen.c.coverity gnupg-2.2.20/g10/keygen.c --- gnupg-2.2.20/g10/keygen.c.coverity 2020-05-04 12:23:04.852613017 +0200 +++ gnupg-2.2.20/g10/keygen.c 2020-05-04 17:33:18.923891110 +0200 @@ -3075,7 +3075,7 @@ parse_key_parameter_part (ctrl_t ctrl, char *endp; const char *curve = NULL; int ecdh_or_ecdsa = 0; - unsigned int size; + unsigned int size = 0; int keyuse; int i; const char *s; @@ -5719,12 +5719,20 @@ gen_card_key (int keyno, int algo, int i the self-signatures. */ err = agent_readkey (NULL, 1, keyid, &public); if (err) - return err; + { + xfree (pkt); + xfree (pk); + return err; + } err = gcry_sexp_sscan (&s_key, NULL, public, gcry_sexp_canon_len (public, 0, NULL, NULL)); xfree (public); if (err) - return err; + { + xfree (pkt); + xfree (pk); + return err; + } if (algo == PUBKEY_ALGO_RSA) err = key_from_sexp (pk->pkey, s_key, "public-key", "ne"); @@ -5739,6 +5747,7 @@ gen_card_key (int keyno, int algo, int i if (err) { log_error ("key_from_sexp failed: %s\n", gpg_strerror (err) ); + xfree (pkt); free_public_key (pk); return err; } diff -up gnupg-2.2.20/g10/sig-check.c.coverity gnupg-2.2.20/g10/sig-check.c --- gnupg-2.2.20/g10/sig-check.c.coverity 2020-05-04 12:18:18.515653963 +0200 +++ gnupg-2.2.20/g10/sig-check.c 2020-05-04 12:18:33.599388425 +0200 @@ -902,6 +902,7 @@ check_signature_over_key_or_uid (ctrl_t { /* Issued by a subkey. */ signer = subk; + *is_selfsig = 1; break; } } diff -up gnupg-2.2.20/g10/sign.c.coverity gnupg-2.2.20/g10/sign.c --- gnupg-2.2.20/g10/sign.c.coverity 2020-04-30 11:56:43.909360043 +0200 +++ gnupg-2.2.20/g10/sign.c 2020-05-04 12:08:56.651544958 +0200 @@ -823,7 +823,7 @@ write_signature_packets (ctrl_t ctrl, PKT_public_key *pk; PKT_signature *sig; gcry_md_hd_t md; - gpg_error_t err; + gpg_error_t err = 0; pk = sk_rover->pk; diff -up gnupg-2.2.20/kbx/keybox-dump.c.coverity gnupg-2.2.20/kbx/keybox-dump.c --- gnupg-2.2.20/kbx/keybox-dump.c.coverity 2019-08-23 15:59:06.000000000 +0200 +++ gnupg-2.2.20/kbx/keybox-dump.c 2020-05-04 17:25:53.365946213 +0200 @@ -786,11 +786,15 @@ _keybox_dump_cut_records (const char *fi while ( !(rc = _keybox_read_blob (&blob, fp, NULL)) ) { if (recno > to) - break; /* Ready. */ + { + _keybox_release_blob (blob); + break; /* Ready. */ + } if (recno >= from) { if ((rc = _keybox_write_blob (blob, outfp))) { + _keybox_release_blob (blob); fprintf (stderr, "error writing output: %s\n", gpg_strerror (rc)); goto leave; diff -up gnupg-2.2.20/tools/gpg-wks-server.c.coverity gnupg-2.2.20/tools/gpg-wks-server.c --- gnupg-2.2.20/tools/gpg-wks-server.c.coverity 2020-02-10 16:12:13.000000000 +0100 +++ gnupg-2.2.20/tools/gpg-wks-server.c 2020-05-04 11:52:42.547643198 +0200 @@ -890,15 +890,18 @@ store_key_as_pending (const char *dir, e } leave: - if (err) + if (fname) { - es_fclose (outfp); - gnupg_remove (fname); - } - else if (es_fclose (outfp)) - { - err = gpg_error_from_syserror (); - log_error ("error closing '%s': %s\n", fname, gpg_strerror (err)); + if (err) + { + es_fclose (outfp); + gnupg_remove (fname); + } + else if (es_fclose (outfp)) + { + err = gpg_error_from_syserror (); + log_error ("error closing '%s': %s\n", fname, gpg_strerror (err)); + } } if (!err) diff -up gnupg-2.2.20/tools/wks-util.c.coverity gnupg-2.2.20/tools/wks-util.c --- gnupg-2.2.20/tools/wks-util.c.coverity 2020-05-04 12:02:21.839475031 +0200 +++ gnupg-2.2.20/tools/wks-util.c 2020-05-04 17:23:19.552726949 +0200 @@ -948,7 +948,7 @@ ensure_policy_file (const char *addrspec static gpg_error_t install_key_from_spec_file (const char *fname) { - gpg_error_t err; + gpg_error_t err = 0; estream_t fp; char *line = NULL; size_t linelen = 0; @@ -1195,10 +1195,8 @@ wks_cmd_print_wkd_hash (const char *user char *addrspec, *fname; err = wks_fname_from_userid (userid, 1, &fname, &addrspec); - if (err) - return err; - - es_printf ("%s %s\n", fname, addrspec); + if (!err) + es_printf ("%s %s\n", fname, addrspec); xfree (fname); xfree (addrspec); @@ -1216,7 +1214,10 @@ wks_cmd_print_wkd_url (const char *useri err = wks_fname_from_userid (userid, 1, &fname, &addrspec); if (err) - return err; + { + xfree (addrspec); + return err; + } domain = strchr (addrspec, '@'); if (domain)