Attachment 2954 Details for Bug 2687 – 2nd part with lower priority

[patch] 2nd part with lower priority

file_2687.txt (text/plain), 6.31 KB, created by Jakub Jelen on 2017-03-04 00:23:55 AEDT

(hide)

Description:

Filename:

MIME Type:

Creator: Jakub Jelen

Created: 2017-03-04 00:23:55 AEDT

Size: 6.31 KB

patch

obsolete

>diff --git a/krl.c b/krl.c
>index e271a19..69bec99 100644
>--- a/krl.c
>+++ b/krl.c
>@@ -1089,7 +1089,7 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp,
> 			break;
> 		case KRL_SECTION_SIGNATURE:
> 			/* Handled above, but still need to stay in synch */
>-			sshbuf_reset(sect);
>+			sshbuf_free(sect);
> 			sect = NULL;
> 			if ((r = sshbuf_skip_string(copy)) != 0)
> 				goto out;
>@@ -1288,7 +1288,8 @@ ssh_krl_file_contains_key(const char *path, const struct sshkey *key)
> 	debug2("%s: checking KRL %s", __func__, path);
> 	r = ssh_krl_check_key(krl, key);
>  out:
>-	close(fd);
>+	if (fd != -1)
>+		close(fd);
> 	sshbuf_free(krlbuf);
> 	ssh_krl_free(krl);
> 	if (r != 0)
>diff --git a/readconf.c b/readconf.c
>index acc1391..c4dff15 100644
>--- a/readconf.c
>+++ b/readconf.c
>@@ -1185,7 +1185,7 @@ parse_int:
> 		value = cipher_number(arg);
> 		if (value == -1)
> 			fatal("%.200s line %d: Bad cipher '%s'.",
>-			    filename, linenum, arg ? arg : "<NONE>");
>+			    filename, linenum, arg);
> 		if (*activep && *intptr == -1)
> 			*intptr = value;
> 		break;
>@@ -1196,7 +1196,7 @@ parse_int:
> 			fatal("%.200s line %d: Missing argument.", filename, linenum);
> 		if (*arg != '-' && !ciphers_valid(*arg == '+' ? arg + 1 : arg))
> 			fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
>-			    filename, linenum, arg ? arg : "<NONE>");
>+			    filename, linenum, arg);
> 		if (*activep && options->ciphers == NULL)
> 			options->ciphers = xstrdup(arg);
> 		break;
>@@ -1207,7 +1207,7 @@ parse_int:
> 			fatal("%.200s line %d: Missing argument.", filename, linenum);
> 		if (*arg != '-' && !mac_valid(*arg == '+' ? arg + 1 : arg))
> 			fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.",
>-			    filename, linenum, arg ? arg : "<NONE>");
>+			    filename, linenum, arg);
> 		if (*activep && options->macs == NULL)
> 			options->macs = xstrdup(arg);
> 		break;
>@@ -1220,7 +1220,7 @@ parse_int:
> 		if (*arg != '-' &&
> 		    !kex_names_valid(*arg == '+' ? arg + 1 : arg))
> 			fatal("%.200s line %d: Bad SSH2 KexAlgorithms '%s'.",
>-			    filename, linenum, arg ? arg : "<NONE>");
>+			    filename, linenum, arg);
> 		if (*activep && options->kex_algorithms == NULL)
> 			options->kex_algorithms = xstrdup(arg);
> 		break;
>@@ -1235,7 +1235,7 @@ parse_keytypes:
> 		if (*arg != '-' &&
> 		    !sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1))
> 			fatal("%s line %d: Bad key types '%s'.",
>-				filename, linenum, arg ? arg : "<NONE>");
>+				filename, linenum, arg);
> 		if (*activep && *charptr == NULL)
> 			*charptr = xstrdup(arg);
> 		break;
>@@ -1248,7 +1248,7 @@ parse_keytypes:
> 		value = proto_spec(arg);
> 		if (value == SSH_PROTO_UNKNOWN)
> 			fatal("%.200s line %d: Bad protocol spec '%s'.",
>-			    filename, linenum, arg ? arg : "<NONE>");
>+			    filename, linenum, arg);
> 		if (*activep && *intptr == SSH_PROTO_UNKNOWN)
> 			*intptr = value;
> 		break;
>diff --git a/servconf.c b/servconf.c
>index 5f2464a..4564494 100644
>--- a/servconf.c
>+++ b/servconf.c
>@@ -1217,7 +1217,7 @@ process_server_config_line_depth(ServerOptions *options, char *line,
> 		if (*arg != '-' &&
> 		    !sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1))
> 			fatal("%s line %d: Bad key types '%s'.",
>-			    filename, linenum, arg ? arg : "<NONE>");
>+			    filename, linenum, arg);
> 		if (*activep && *charptr == NULL)
> 			*charptr = xstrdup(arg);
> 		break;
>@@ -1476,7 +1476,7 @@ process_server_config_line_depth(ServerOptions *options, char *line,
> 			fatal("%s line %d: Missing argument.", filename, linenum);
> 		if (*arg != '-' && !ciphers_valid(*arg == '+' ? arg + 1 : arg))
> 			fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
>-			    filename, linenum, arg ? arg : "<NONE>");
>+			    filename, linenum, arg);
> 		if (options->ciphers == NULL)
> 			options->ciphers = xstrdup(arg);
> 		break;
>@@ -1487,7 +1487,7 @@ process_server_config_line_depth(ServerOptions *options, char *line,
> 			fatal("%s line %d: Missing argument.", filename, linenum);
> 		if (*arg != '-' && !mac_valid(*arg == '+' ? arg + 1 : arg))
> 			fatal("%s line %d: Bad SSH2 mac spec '%s'.",
>-			    filename, linenum, arg ? arg : "<NONE>");
>+			    filename, linenum, arg);
> 		if (options->macs == NULL)
> 			options->macs = xstrdup(arg);
> 		break;
>@@ -1500,7 +1500,7 @@ process_server_config_line_depth(ServerOptions *options, char *line,
> 		if (*arg != '-' &&
> 		    !kex_names_valid(*arg == '+' ? arg + 1 : arg))
> 			fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.",
>-			    filename, linenum, arg ? arg : "<NONE>");
>+			    filename, linenum, arg);
> 		if (options->kex_algorithms == NULL)
> 			options->kex_algorithms = xstrdup(arg);
> 		break;
>diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c
>index aaf712d..62a76b3 100644
>--- a/ssh-pkcs11.c
>+++ b/ssh-pkcs11.c
>@@ -536,8 +536,8 @@ pkcs11_fetch_keys_filter(struct pkcs11_provider *p, CK_ULONG slotidx,
> 				X509_free(x509);
> 		}
> 		if (rsa && rsa->n && rsa->e &&
>-		    pkcs11_rsa_wrap(p, slotidx, &attribs[0], rsa) == 0) {
>-			key = sshkey_new(KEY_UNSPEC);
>+		    pkcs11_rsa_wrap(p, slotidx, &attribs[0], rsa) == 0 &&
>+		    (key = sshkey_new(KEY_UNSPEC)) == NULL) {
> 			key->rsa = rsa;
> 			key->type = KEY_RSA;
> 			key->flags |= SSHKEY_FLAG_EXT;
>diff --git a/sshconnect1.c b/sshconnect1.c
>index a045361..0e1a506 100644
>--- a/sshconnect1.c
>+++ b/sshconnect1.c
>@@ -520,7 +520,8 @@ ssh_kex(char *host, struct sockaddr *hostaddr)
> 		cookie[i] = packet_get_char();
> 
> 	/* Get the public key. */
>-	server_key = key_new(KEY_RSA1);
>+	if ((server_key = key_new(KEY_RSA1)) == NULL)
>+		fatal("%s: key_new(KEY_RSA1) failed", __func__);
> 	bits = packet_get_int();
> 	packet_get_bignum(server_key->rsa->e);
> 	packet_get_bignum(server_key->rsa->n);
>@@ -532,7 +533,8 @@ ssh_kex(char *host, struct sockaddr *hostaddr)
> 		logit("Warning: This may be due to an old implementation of ssh.");
> 	}
> 	/* Get the host key. */
>-	host_key = key_new(KEY_RSA1);
>+	if ((host_key = key_new(KEY_RSA1)) == NULL)
>+		fatal("%s: key_new(KEY_RSA1) failed", __func__);
> 	bits = packet_get_int();
> 	packet_get_bignum(host_key->rsa->e);
> 	packet_get_bignum(host_key->rsa->n);
>diff --git a/sshkey.c b/sshkey.c
>index 58c1051..6afacb5 100644
>--- a/sshkey.c
>+++ b/sshkey.c
>@@ -1239,6 +1239,9 @@ sshkey_read(struct sshkey *ret, char **cpp)
> 	u_long bits;
> #endif /* WITH_SSH1 */
> 
>+	if (ret == NULL)
>+		return SSH_ERR_INVALID_ARGUMENT;
>+
> 	cp = *cpp;
> 
> 	switch (ret->type) {

Actions: View | Diff

Attachments on bug 2687: 2953 | 2954 | 3176 | 3287