Attachment 2953 Details for Bug 2687 – proposed coverity patch

[patch] proposed coverity patch

file_2687.txt (text/plain), 5.37 KB, created by Jakub Jelen on 2017-03-03 04:01:12 AEDT

(hide)

Description:

Filename:

MIME Type:

Creator: Jakub Jelen

Created: 2017-03-03 04:01:12 AEDT

Size: 5.37 KB

patch

obsolete

>diff --git a/auth-pam.c b/auth-pam.c
>index e554ec4..bd16d80 100644
>--- a/auth-pam.c
>+++ b/auth-pam.c
>@@ -834,6 +834,8 @@ fake_password(const char *wire_password)
> 		fatal("%s: password length too long: %zu", __func__, l);
> 
> 	ret = malloc(l + 1);
>+	if (ret == NULL)
>+		return NULL;
> 	for (i = 0; i < l; i++)
> 		ret[i] = junk[i % (sizeof(junk) - 1)];
> 	ret[i] = '\0';
>diff --git a/clientloop.c b/clientloop.c
>index c6a4138..9b00e12 100644
>--- a/clientloop.c
>+++ b/clientloop.c
>@@ -2290,7 +2290,7 @@ update_known_hosts(struct hostkeys_update_ctx *ctx)
> 			free(response);
> 			response = read_passphrase("Accept updated hostkeys? "
> 			    "(yes/no): ", RP_ECHO);
>-			if (strcasecmp(response, "yes") == 0)
>+			if (response != NULL && strcasecmp(response, "yes") == 0)
> 				break;
> 			else if (quit_pending || response == NULL ||
> 			    strcasecmp(response, "no") == 0) {
>diff --git a/digest-openssl.c b/digest-openssl.c
>index 13b63c2..dfa9b8d 100644
>--- a/digest-openssl.c
>+++ b/digest-openssl.c
>@@ -158,7 +158,7 @@ ssh_digest_final(struct ssh_digest_ctx *ctx, u_char *d, size_t dlen)
> 	const struct ssh_digest *digest = ssh_digest_by_alg(ctx->alg);
> 	u_int l = dlen;
> 
>-	if (dlen > UINT_MAX)
>+	if (digest == NULL || dlen > UINT_MAX)
> 		return SSH_ERR_INVALID_ARGUMENT;
> 	if (dlen < digest->digest_len) /* No truncation allowed */
> 		return SSH_ERR_INVALID_ARGUMENT;
>diff --git a/kex.c b/kex.c
>index a30dabe..7e4a7ab 100644
>--- a/kex.c
>+++ b/kex.c
>@@ -178,7 +178,7 @@ kex_names_valid(const char *names)
> char *
> kex_names_cat(const char *a, const char *b)
> {
>-	char *ret = NULL, *tmp = NULL, *cp, *p;
>+	char *ret = NULL, *tmp = NULL, *cp, *p, *m;
> 	size_t len;
> 
> 	if (a == NULL || *a == '\0')
>@@ -195,8 +195,10 @@ kex_names_cat(const char *a, const char *b)
> 	}
> 	strlcpy(ret, a, len);
> 	for ((p = strsep(&cp, ",")); p && *p != '\0'; (p = strsep(&cp, ","))) {
>-		if (match_list(ret, p, NULL) != NULL)
>+		if ((m = match_list(ret, p, NULL)) != NULL) {
>+			free(m);
> 			continue; /* Algorithm already present */
>+		}
> 		if (strlcat(ret, ",", len) >= len ||
> 		    strlcat(ret, p, len) >= len) {
> 			free(tmp);
>@@ -651,8 +653,10 @@ choose_enc(struct sshenc *enc, char *client, char *server)
> 
> 	if (name == NULL)
> 		return SSH_ERR_NO_CIPHER_ALG_MATCH;
>-	if ((enc->cipher = cipher_by_name(name)) == NULL)
>+	if ((enc->cipher = cipher_by_name(name)) == NULL) {
>+		free(name);
> 		return SSH_ERR_INTERNAL_ERROR;
>+	}
> 	enc->name = name;
> 	enc->enabled = 0;
> 	enc->iv = NULL;
>@@ -670,8 +674,10 @@ choose_mac(struct ssh *ssh, struct sshmac *mac, char *client, char *server)
> 
> 	if (name == NULL)
> 		return SSH_ERR_NO_MAC_ALG_MATCH;
>-	if (mac_setup(mac, name) < 0)
>+	if (mac_setup(mac, name) < 0) {
>+		free(name);
> 		return SSH_ERR_INTERNAL_ERROR;
>+	}
> 	/* truncate the key */
> 	if (ssh->compat & SSH_BUG_HMAC)
> 		mac->key_len = 16;
>@@ -695,6 +701,7 @@ choose_comp(struct sshcomp *comp, char *client, char *server)
> 	} else if (strcmp(name, "none") == 0) {
> 		comp->type = COMP_NONE;
> 	} else {
>+		free(name);
> 		return SSH_ERR_INTERNAL_ERROR;
> 	}
> 	comp->name = name;
>diff --git a/readconf.c b/readconf.c
>index 3e7a5d8..acc1391 100644
>--- a/readconf.c
>+++ b/readconf.c
>@@ -1500,6 +1500,7 @@ parse_keytypes:
> 			if (r == GLOB_NOMATCH) {
> 				debug("%.200s line %d: include %s matched no "
> 				    "files",filename, linenum, arg2);
>+				free(arg2);
> 				continue;
> 			} else if (r != 0 || gl.gl_pathc < 0)
> 				fatal("%.200s line %d: glob failed for %s.",
>diff --git a/servconf.c b/servconf.c
>index 6ab1cb4..5f2464a 100644
>--- a/servconf.c
>+++ b/servconf.c
>@@ -2284,8 +2284,6 @@ dump_cfg_fmtint(ServerOpCodes code, int val)
> static void
> dump_cfg_string(ServerOpCodes code, const char *val)
> {
>-	if (val == NULL)
>-		return;
> 	printf("%s %s\n", lookup_opcode_name(code),
> 	    val == NULL ? "none" : val);
> }
>diff --git a/sshconnect.c b/sshconnect.c
>index 07f80cd..7361898 100644
>--- a/sshconnect.c
>+++ b/sshconnect.c
>@@ -1533,6 +1533,7 @@ maybe_add_key_to_agent(char *authfile, Key *private, char *comment,
> 	if (options.add_keys_to_agent == 2 &&
> 	    !ask_permission("Add key %s (%s) to agent?", authfile, comment)) {
> 		debug3("user denied adding this key");
>+		close(auth_sock);
> 		return;
> 	}
> 
>@@ -1541,4 +1542,5 @@ maybe_add_key_to_agent(char *authfile, Key *private, char *comment,
> 		debug("identity added to agent: %s", authfile);
> 	else
> 		debug("could not add identity to agent: %s (%d)", authfile, r);
>+	close(auth_sock);
> }
>diff --git a/sshconnect2.c b/sshconnect2.c
>index f31c24c..aecf765 100644
>--- a/sshconnect2.c
>+++ b/sshconnect2.c
>@@ -1061,6 +1061,7 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
> 
> 	if (key_to_blob(id->key, &blob, &bloblen) == 0) {
> 		/* we cannot handle this key */
>+		free(blob);
> 		debug3("sign_and_send_pubkey: cannot handle key");
> 		return 0;
> 	}
>@@ -1170,6 +1171,7 @@ send_pubkey_test(Authctxt *authctxt, Identity *id)
> 
> 	if (key_to_blob(id->key, &blob, &bloblen) == 0) {
> 		/* we cannot handle this key */
>+		free(blob);
> 		debug3("send_pubkey_test: cannot handle key");
> 		return 0;
> 	}
>diff --git a/sshkey.c b/sshkey.c
>index 85fd1bd..58c1051 100644
>--- a/sshkey.c
>+++ b/sshkey.c
>@@ -1375,8 +1375,6 @@ sshkey_read(struct sshkey *ret, char **cpp)
> 		retval = 0;
> /*XXXX*/
> 		sshkey_free(k);
>-		if (retval != 0)
>-			break;
> 		break;
> 	default:
> 		return SSH_ERR_INVALID_ARGUMENT;

Actions: View | Diff

Attachments on bug 2687: 2953 | 2954 | 3176 | 3287