Attachment #3287 for bug #2687

Lines 320-326 _ssh_read_banner(struct ssh ssh, struct sshbuf banner) Link Here

(-)a/ssh_api.c (-12 / +21 lines)
320	const char *mismatch = "Protocol mismatch.\r\n";	320	const char *mismatch = "Protocol mismatch.\r\n";
321	const u_char *s = sshbuf_ptr(input);	321	const u_char *s = sshbuf_ptr(input);
322	u_char c;	322	u_char c;
323	char cp, remote_version;	323	char cp = NULL, remote_version = NULL;
324	int r, remote_major, remote_minor, expect_nl;	324	int r, remote_major, remote_minor, expect_nl;
325	size_t n, j;	325	size_t n, j;
326		326
Lines 363-381 _ssh_read_banner(struct ssh ssh, struct sshbuf banner) Link Here
363	if ((r = sshbuf_consume(input, j)) != 0)	363	if ((r = sshbuf_consume(input, j)) != 0)
364	return r;	364	return r;
365		365
366	if ((cp = sshbuf_dup_string(banner)) == NULL)	366	if ((cp = sshbuf_dup_string(banner)) == NULL) {
367	return SSH_ERR_ALLOC_FAIL;	367	r = SSH_ERR_ALLOC_FAIL;
		368	goto out;
		369	}
368	/* XXX remote version must be the same size as banner for sscanf */	370	/* XXX remote version must be the same size as banner for sscanf */
369	if ((remote_version = calloc(1, sshbuf_len(banner))) == NULL)	371	if ((remote_version = calloc(1, sshbuf_len(banner))) == NULL) {
370	return SSH_ERR_ALLOC_FAIL;	372	r = SSH_ERR_ALLOC_FAIL;
		373	goto out;
		374	}
371		375
372	/*	376	/*
373	* Check that the versions match. In future this might accept	377	* Check that the versions match. In future this might accept
374	* several versions and set appropriate flags to handle them.	378	* several versions and set appropriate flags to handle them.
375	*/	379	*/
376	if (sscanf(cp, "SSH-%d.%d-%[^\n]\n",	380	if (sscanf(cp, "SSH-%d.%d-%[^\n]\n",
377	&remote_major, &remote_minor, remote_version) != 3)	381	&remote_major, &remote_minor, remote_version) != 3) {
378	return SSH_ERR_INVALID_FORMAT;	382	r = SSH_ERR_INVALID_FORMAT;
		383	goto out;
		384	}
379	debug("Remote protocol version %d.%d, remote software version %.100s",	385	debug("Remote protocol version %d.%d, remote software version %.100s",
380	remote_major, remote_minor, remote_version);	386	remote_major, remote_minor, remote_version);
381		387
Lines 384-394 _ssh_read_banner(struct ssh ssh, struct sshbuf banner) Link Here
384	remote_major = 2;	390	remote_major = 2;
385	remote_minor = 0;	391	remote_minor = 0;
386	}	392	}
387	if (remote_major != 2)	393	if (remote_major != 2) {
388	return SSH_ERR_PROTOCOL_MISMATCH;	394	r = SSH_ERR_PROTOCOL_MISMATCH;
		395	goto out;
		396	}
389	debug("Remote version string %.100s", cp);	397	debug("Remote version string %.100s", cp);
		398
		399	out:
		400	free(remote_version);
390	free(cp);	401	free(cp);
391	return 0;	402	return r;
392	}	403	}
393		404
394	/* Send our own protocol version identification. */	405	/* Send our own protocol version identification. */
395	-
396	64. openssh-8.0p1/ssh-keygen.c:2291: leaked_storage: Variable "blob" going out of scope leaks the storage it points to.	406	64. openssh-8.0p1/ssh-keygen.c:2291: leaked_storage: Variable "blob" going out of scope leaks the storage it points to.
397	--
398	ssh-keygen.c \| 3 +++	407	ssh-keygen.c \| 3 +++
399	1 file changed, 3 insertions(+)	408	1 file changed, 3 insertions(+)

Lines 2228-2233 update_krl_from_file(struct passwd pw, const char file, int wild_ca, Link Here

(-)a/ssh-keygen.c (-2 / +3 lines)
2228	cp = cp + strspn(cp, " \t");	2228	cp = cp + strspn(cp, " \t");
2229	hash_to_blob(cp, &blob, &blen, file, lnum);	2229	hash_to_blob(cp, &blob, &blen, file, lnum);
2230	r = ssh_krl_revoke_key_sha256(krl, blob, blen);	2230	r = ssh_krl_revoke_key_sha256(krl, blob, blen);
		2231	freezero(blob, blen);
		2232	blob = NULL;
		2233	blen = 0;
2231	} else {	2234	} else {
2232	if (strncasecmp(cp, "key:", 4) == 0) {	2235	if (strncasecmp(cp, "key:", 4) == 0) {
2233	cp += 4;	2236	cp += 4;
2234	-
2235	43. openssh-8.0p1/auth-options.c:538: leaked_storage: Variable "opt" going out of scope leaks the storage it points to.	2237	43. openssh-8.0p1/auth-options.c:538: leaked_storage: Variable "opt" going out of scope leaks the storage it points to.
2236	--
2237	auth-options.c \| 4 +++-	2238	auth-options.c \| 4 +++-
2238	1 file changed, 3 insertions(+), 1 deletion(-)	2239	1 file changed, 3 insertions(+), 1 deletion(-)




				errstr = "invalid environment string";
				goto fail;
			}
			if ((cp = strdup(opt)) == NULL) {
				free(opt);
				goto alloc_fail;
			}
			cp[tmp - opt] = '\0'; /* truncate at '=' */
			if (!valid_env_name(cp)) {
				free(cp);
- 
1. openssh-8.0p1/ssh-pkcs11-helper.c:356:3: warning: Value stored to 'max' is never read
--
ssh-pkcs11-helper.c | 8 +-------
1 file changed, 1 insertion(+), 7 deletions(-)




int
main(int argc, char **argv)
{
	int r, ch, in, out, log_stderr = 0;
	ssize_t len;
	SyslogFacility log_facility = SYSLOG_FACILITY_AUTH;
	LogLevel log_level = SYSLOG_LEVEL_ERROR;

	in = STDIN_FILENO;
	out = STDOUT_FILENO;

	max = 0;
	if (in > max)
		max = in;
	if (out > max)
		max = out;

	if ((iqueue = sshbuf_new()) == NULL)
		fatal("%s: sshbuf_new failed", __func__);
	if ((oqueue = sshbuf_new()) == NULL)
- 
1. openssh-8.0p1/ssh-keygen.c:2236:4: warning: Value stored to 'r' is never read
--
ssh-keygen.c | 3 +++
1 file changed, 3 insertions(+)

Lines 2231-2236 update_krl_from_file(struct passwd pw, const char file, int wild_ca, Link Here

(-)a/ssh-keygen.c (-2 / +3 lines)
2231	freezero(blob, blen);	2231	freezero(blob, blen);
2232	blob = NULL;	2232	blob = NULL;
2233	blen = 0;	2233	blen = 0;
		2234	if (r != 0)
		2235	fatal("%s: revoke key failed: %s",
		2236	__func__, ssh_err(r));
2234	} else {	2237	} else {
2235	if (strncasecmp(cp, "key:", 4) == 0) {	2238	if (strncasecmp(cp, "key:", 4) == 0) {
2236	cp += 4;	2239	cp += 4;
2237	-
2238	1. openssh-8.0p1/auth2.c:221:2: warning: Value stored to 'r' is never read	2240	1. openssh-8.0p1/auth2.c:221:2: warning: Value stored to 'r' is never read
2239	--
2240	auth2.c \| 2 +-	2241	auth2.c \| 2 +-
2241	1 file changed, 1 insertion(+), 1 deletion(-)	2242	1 file changed, 1 insertion(+), 1 deletion(-)

Lines 219-225 input_service_request(int type, u_int32_t seq, struct ssh *ssh) Link Here

(-)a/auth2.c (-2 / +1 lines)
219	r = 0;	219	r = 0;
220	out:	220	out:
221	free(service);	221	free(service);
222	return 0;	222	return r;
223	}	223	}
224		224
225	#define MIN_FAIL_DELAY_SECONDS 0.005	225	#define MIN_FAIL_DELAY_SECONDS 0.005
226	-

Return to bug 2687

Lines 469-476 sshauthopt_parse(const char opts, const char *errstrp) Link Here

(-)a/auth-options.c (-3 / +3 lines)
469	errstr = "invalid environment string";	469	errstr = "invalid environment string";
470	goto fail;	470	goto fail;
471	}	471	}
472	if ((cp = strdup(opt)) == NULL)	472	if ((cp = strdup(opt)) == NULL) {
		473	free(opt);
473	goto alloc_fail;	474	goto alloc_fail;
		475	}
474	cp[tmp - opt] = '\0'; /* truncate at '=' */	476	cp[tmp - opt] = '\0'; /* truncate at '=' */
475	if (!valid_env_name(cp)) {	477	if (!valid_env_name(cp)) {
476	free(cp);	478	free(cp);
477	-
478	1. openssh-8.0p1/ssh-pkcs11-helper.c:356:3: warning: Value stored to 'max' is never read	479	1. openssh-8.0p1/ssh-pkcs11-helper.c:356:3: warning: Value stored to 'max' is never read
479	--
480	ssh-pkcs11-helper.c \| 8 +-------	480	ssh-pkcs11-helper.c \| 8 +-------
481	1 file changed, 1 insertion(+), 7 deletions(-)	481	1 file changed, 1 insertion(+), 7 deletions(-)

Lines 312-318 cleanup_exit(int i) Link Here

(-)a/ssh-pkcs11-helper.c (-9 / +1 lines)
312	int	312	int
313	main(int argc, char **argv)	313	main(int argc, char **argv)
314	{	314	{
315	int r, ch, in, out, max, log_stderr = 0;	315	int r, ch, in, out, log_stderr = 0;
316	ssize_t len;	316	ssize_t len;
317	SyslogFacility log_facility = SYSLOG_FACILITY_AUTH;	317	SyslogFacility log_facility = SYSLOG_FACILITY_AUTH;
318	LogLevel log_level = SYSLOG_LEVEL_ERROR;	318	LogLevel log_level = SYSLOG_LEVEL_ERROR;
Lines 349-360 main(int argc, char **argv) Link Here
349	in = STDIN_FILENO;	349	in = STDIN_FILENO;
350	out = STDOUT_FILENO;	350	out = STDOUT_FILENO;
351		351
352	max = 0;
353	if (in > max)
354	max = in;
355	if (out > max)
356	max = out;
357
358	if ((iqueue = sshbuf_new()) == NULL)	352	if ((iqueue = sshbuf_new()) == NULL)
359	fatal("%s: sshbuf_new failed", __func__);	353	fatal("%s: sshbuf_new failed", __func__);
360	if ((oqueue = sshbuf_new()) == NULL)	354	if ((oqueue = sshbuf_new()) == NULL)
361	-
362	1. openssh-8.0p1/ssh-keygen.c:2236:4: warning: Value stored to 'r' is never read	355	1. openssh-8.0p1/ssh-keygen.c:2236:4: warning: Value stored to 'r' is never read
363	--
364	ssh-keygen.c \| 3 +++	356	ssh-keygen.c \| 3 +++
365	1 file changed, 3 insertions(+)	357	1 file changed, 3 insertions(+)