https://bugzilla.mindrot.org/show_bug.cgi?id=2687
--- Comment #26 from Darren Tucker <dtuc...@dtucker.net> --- Comment on attachment 3287 --> https://bugzilla.mindrot.org/attachment.cgi?id=3287 New coverity issues from 8.0p1 release Need to take a closer look at ssh_api.c but the rest of these seem fixed: >@@ -2228,6 +2228,9 @@ update_krl_from_file(struct passwd *pw, const char >*file, int wild_ca, > cp = cp + strspn(cp, " \t"); > hash_to_blob(cp, &blob, &blen, file, lnum); > r = ssh_krl_revoke_key_sha256(krl, blob, blen); >+ freezero(blob, blen); >+ blob = NULL; >+ blen = 0; There's now a call to fatal here, so I think this is fixed albeit in a different way. >From 73bf5d1f21852f8e6ea315c64a6960a27f1c2c0d Mon Sep 17 00:00:00 2001 >From: Jakub Jelen <jje...@redhat.com> >Date: Mon, 27 May 2019 14:02:12 +0200 >Subject: [PATCH 3/6] Coverity: leaked storage > > 43. openssh-8.0p1/auth-options.c:538: leaked_storage: Variable "opt" going > out of scope leaks the storage it points to. This one has been fixed. >From e6e54a94be55110d7b4bf2a220d8f7c2f5d4062d Mon Sep 17 00:00:00 2001 >From: Jakub Jelen <jje...@redhat.com> >Date: Mon, 27 May 2019 14:06:23 +0200 >Subject: [PATCH 4/6] Coverity: Remove unused variable max > > 1. openssh-8.0p1/ssh-pkcs11-helper.c:356:3: warning: Value stored to 'max' is > never read This one has been removed. >From 14eab3a31c68b5aaed307fdf6a3260c3a3035d7f Mon Sep 17 00:00:00 2001 >From: Jakub Jelen <jje...@redhat.com> >Date: Mon, 27 May 2019 14:14:58 +0200 >Subject: [PATCH 6/6] Coverity: Unused variable r > > 1. openssh-8.0p1/auth2.c:221:2: warning: Value stored to 'r' is never read This one has been fixed. --- Comment #27 from Darren Tucker <dtuc...@dtucker.net> --- Comment on attachment 3287 --> https://bugzilla.mindrot.org/attachment.cgi?id=3287 New coverity issues from 8.0p1 release Need to take a closer look at ssh_api.c but the rest of these seem fixed: >@@ -2228,6 +2228,9 @@ update_krl_from_file(struct passwd *pw, const char >*file, int wild_ca, > cp = cp + strspn(cp, " \t"); > hash_to_blob(cp, &blob, &blen, file, lnum); > r = ssh_krl_revoke_key_sha256(krl, blob, blen); >+ freezero(blob, blen); >+ blob = NULL; >+ blen = 0; There's now a call to fatal here, so I think this is fixed albeit in a different way. >From 73bf5d1f21852f8e6ea315c64a6960a27f1c2c0d Mon Sep 17 00:00:00 2001 >From: Jakub Jelen <jje...@redhat.com> >Date: Mon, 27 May 2019 14:02:12 +0200 >Subject: [PATCH 3/6] Coverity: leaked storage > > 43. openssh-8.0p1/auth-options.c:538: leaked_storage: Variable "opt" going > out of scope leaks the storage it points to. This one has been fixed. >From e6e54a94be55110d7b4bf2a220d8f7c2f5d4062d Mon Sep 17 00:00:00 2001 >From: Jakub Jelen <jje...@redhat.com> >Date: Mon, 27 May 2019 14:06:23 +0200 >Subject: [PATCH 4/6] Coverity: Remove unused variable max > > 1. openssh-8.0p1/ssh-pkcs11-helper.c:356:3: warning: Value stored to 'max' is > never read This one has been removed. >From 14eab3a31c68b5aaed307fdf6a3260c3a3035d7f Mon Sep 17 00:00:00 2001 >From: Jakub Jelen <jje...@redhat.com> >Date: Mon, 27 May 2019 14:14:58 +0200 >Subject: [PATCH 6/6] Coverity: Unused variable r > > 1. openssh-8.0p1/auth2.c:221:2: warning: Value stored to 'r' is never read This one has been fixed. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs