[Bug 2687] Coverity scan fixes

bugzilla-daemon Fri, 03 Mar 2023 02:14:58 -0800

https://bugzilla.mindrot.org/show_bug.cgi?id=2687


--- Comment #29 from Darren Tucker <dtuc...@dtucker.net> ---
Comment on attachment 2954
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2954
2nd part with lower priority

>diff --git a/krl.c b/krl.c
>                       /* Handled above, but still need to stay in synch */
>-                      sshbuf_reset(sect);
>+                      sshbuf_free(sect);

This one is done.

>@@ -1288,7 +1288,8 @@ ssh_krl_file_contains_key(const char *path, const struct 
>sshkey *key)
>       debug2("%s: checking KRL %s", __func__, path);
>       r = ssh_krl_check_key(krl, key);
>  out:
>-      close(fd);
>+      if (fd != -1)
>+              close(fd);

This function doesn't do any descriptor handling any more.

>diff --git a/readconf.c b/readconf.c
>index acc1391..c4dff15 100644
>--- a/readconf.c
>+++ b/readconf.c
>@@ -1185,7 +1185,7 @@ parse_int:
>               value = cipher_number(arg);
>               if (value == -1)
>                       fatal("%.200s line %d: Bad cipher '%s'.",
>-                          filename, linenum, arg ? arg : "<NONE>");
>+                          filename, linenum, arg);

This code is gone (I think it was part of SSH1 handling).

>               if (*activep && *intptr == -1)
>                       *intptr = value;
>               break;
>@@ -1196,7 +1196,7 @@ parse_int:
>                       fatal("%.200s line %d: Missing argument.", filename, 
> linenum);
>               if (*arg != '-' && !ciphers_valid(*arg == '+' ? arg + 1 : arg))
>                       fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
>-                          filename, linenum, arg ? arg : "<NONE>");
>+                          filename, linenum, arg);

I think this one is wrong: it'll potentially cause a NULL pointer deref
platforms whose string libs don't guard against it (eg Solaris).  Same
for the following instances of the same thing.

>diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c
>index aaf712d..62a76b3 100644
>--- a/ssh-pkcs11.c
>+++ b/ssh-pkcs11.c
>@@ -536,8 +536,8 @@ pkcs11_fetch_keys_filter(struct pkcs11_provider *p, 
>CK_ULONG slotidx,

This function has been removed.

>diff --git a/sshconnect1.c b/sshconnect1.c

SSH1 support has been removed.

>diff --git a/sshkey.c b/sshkey.c
>index 58c1051..6afacb5 100644
>--- a/sshkey.c
>+++ b/sshkey.c
>@@ -1239,6 +1239,9 @@ sshkey_read(struct sshkey *ret, char **cpp)
>       u_long bits;
> #endif /* WITH_SSH1 */
> 
>+      if (ret == NULL)
>+              return SSH_ERR_INVALID_ARGUMENT;

This has already been fixed.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2687] Coverity scan fixes

Reply via email to