kentpeacock / rpms / openssh

Forked from rpms/openssh 2 years ago
Clone
f5835d
diff -up openssh-7.4p1/channels.c.coverity openssh-7.4p1/channels.c
f5835d
--- openssh-7.4p1/channels.c.coverity	2016-12-23 16:40:26.881788686 +0100
f5835d
+++ openssh-7.4p1/channels.c	2016-12-23 16:42:36.244818763 +0100
f5835d
@@ -288,11 +288,11 @@ channel_register_fds(Channel *c, int rfd
f5835d
 
f5835d
 	/* enable nonblocking mode */
f5835d
 	if (nonblock) {
f5835d
-		if (rfd != -1)
f5835d
+		if (rfd >= 0)
f5835d
 			set_nonblock(rfd);
f5835d
-		if (wfd != -1)
f5835d
+		if (wfd >= 0)
f5835d
 			set_nonblock(wfd);
f5835d
-		if (efd != -1)
f5835d
+		if (efd >= 0)
f5835d
 			set_nonblock(efd);
f5835d
 	}
f5835d
 }
f5835d
diff -up openssh-7.4p1/monitor.c.coverity openssh-7.4p1/monitor.c
f5835d
--- openssh-7.4p1/monitor.c.coverity	2016-12-23 16:40:26.888788688 +0100
f5835d
+++ openssh-7.4p1/monitor.c	2016-12-23 16:40:26.900788691 +0100
f5835d
@@ -411,7 +411,7 @@ monitor_child_preauth(Authctxt *_authctx
4369a3
 	mm_get_keystate(ssh, pmonitor);
f5835d
 
f5835d
 	/* Drain any buffered messages from the child */
f5835d
-	while (pmonitor->m_log_recvfd != -1 && monitor_read_log(pmonitor) == 0)
f5835d
+	while (pmonitor->m_log_recvfd >= 0 && monitor_read_log(pmonitor) == 0)
f5835d
 		;
f5835d
 
f5835d
 	if (pmonitor->m_recvfd >= 0)
f5835d
diff -up openssh-7.4p1/monitor_wrap.c.coverity openssh-7.4p1/monitor_wrap.c
f5835d
--- openssh-7.4p1/monitor_wrap.c.coverity	2016-12-23 16:40:26.892788689 +0100
f5835d
+++ openssh-7.4p1/monitor_wrap.c	2016-12-23 16:40:26.900788691 +0100
f5835d
@@ -525,10 +525,10 @@ mm_pty_allocate(int *ptyfd, int *ttyfd,
f5835d
 	if ((tmp1 = dup(pmonitor->m_recvfd)) == -1 ||
f5835d
 	    (tmp2 = dup(pmonitor->m_recvfd)) == -1) {
f5835d
 		error("%s: cannot allocate fds for pty", __func__);
f5835d
-		if (tmp1 > 0)
f5835d
+		if (tmp1 >= 0)
f5835d
 			close(tmp1);
f5835d
-		if (tmp2 > 0)
f5835d
-			close(tmp2);
f5835d
+		/*DEAD CODE if (tmp2 >= 0)
f5835d
+			close(tmp2);*/
f5835d
 		return 0;
f5835d
 	}
f5835d
 	close(tmp1);
f5835d
diff -up openssh-7.4p1/openbsd-compat/bindresvport.c.coverity openssh-7.4p1/openbsd-compat/bindresvport.c
f5835d
--- openssh-7.4p1/openbsd-compat/bindresvport.c.coverity	2016-12-19 05:59:41.000000000 +0100
f5835d
+++ openssh-7.4p1/openbsd-compat/bindresvport.c	2016-12-23 16:40:26.901788691 +0100
f5835d
@@ -58,7 +58,7 @@ bindresvport_sa(int sd, struct sockaddr
f5835d
 	struct sockaddr_in6 *in6;
f5835d
 	u_int16_t *portp;
f5835d
 	u_int16_t port;
f5835d
-	socklen_t salen;
f5835d
+	socklen_t salen = sizeof(struct sockaddr_storage);
f5835d
 	int i;
f5835d
 
f5835d
 	if (sa == NULL) {
f5835d
diff -up openssh-7.4p1/scp.c.coverity openssh-7.4p1/scp.c
f5835d
--- openssh-7.4p1/scp.c.coverity	2016-12-23 16:40:26.856788681 +0100
f5835d
+++ openssh-7.4p1/scp.c	2016-12-23 16:40:26.901788691 +0100
f5835d
@@ -157,7 +157,7 @@ killchild(int signo)
f5835d
 {
f5835d
 	if (do_cmd_pid > 1) {
f5835d
 		kill(do_cmd_pid, signo ? signo : SIGTERM);
f5835d
-		waitpid(do_cmd_pid, NULL, 0);
f5835d
+		(void) waitpid(do_cmd_pid, NULL, 0);
f5835d
 	}
f5835d
 
f5835d
 	if (signo)
f5835d
diff -up openssh-7.4p1/servconf.c.coverity openssh-7.4p1/servconf.c
f5835d
--- openssh-7.4p1/servconf.c.coverity	2016-12-23 16:40:26.896788690 +0100
f5835d
+++ openssh-7.4p1/servconf.c	2016-12-23 16:40:26.901788691 +0100
f5835d
@@ -1547,7 +1547,7 @@ process_server_config_line(ServerOptions
f5835d
 			fatal("%s line %d: Missing subsystem name.",
f5835d
 			    filename, linenum);
f5835d
 		if (!*activep) {
f5835d
-			arg = strdelim(&cp;;
f5835d
+			/*arg =*/ (void) strdelim(&cp;;
f5835d
 			break;
f5835d
 		}
f5835d
 		for (i = 0; i < options->num_subsystems; i++)
f5835d
@@ -1638,8 +1638,9 @@ process_server_config_line(ServerOptions
f5835d
 		if (*activep && *charptr == NULL) {
f5835d
 			*charptr = tilde_expand_filename(arg, getuid());
f5835d
 			/* increase optional counter */
f5835d
-			if (intptr != NULL)
f5835d
-				*intptr = *intptr + 1;
f5835d
+			/* DEAD CODE intptr is still NULL ;)
f5835d
+  			 if (intptr != NULL)
f5835d
+				*intptr = *intptr + 1; */
f5835d
 		}
f5835d
 		break;
f5835d
 
f5835d
diff -up openssh-7.4p1/serverloop.c.coverity openssh-7.4p1/serverloop.c
f5835d
--- openssh-7.4p1/serverloop.c.coverity	2016-12-19 05:59:41.000000000 +0100
f5835d
+++ openssh-7.4p1/serverloop.c	2016-12-23 16:40:26.902788691 +0100
f5835d
@@ -125,13 +125,13 @@ notify_setup(void)
f5835d
 static void
f5835d
 notify_parent(void)
f5835d
 {
f5835d
-	if (notify_pipe[1] != -1)
f5835d
+	if (notify_pipe[1] >= 0)
f5835d
 		(void)write(notify_pipe[1], "", 1);
f5835d
 }
f5835d
 static void
f5835d
 notify_prepare(fd_set *readset)
f5835d
 {
f5835d
-	if (notify_pipe[0] != -1)
f5835d
+	if (notify_pipe[0] >= 0)
f5835d
 		FD_SET(notify_pipe[0], readset);
f5835d
 }
f5835d
 static void
f5835d
@@ -139,8 +139,8 @@ notify_done(fd_set *readset)
f5835d
 {
f5835d
 	char c;
f5835d
 
f5835d
-	if (notify_pipe[0] != -1 && FD_ISSET(notify_pipe[0], readset))
f5835d
-		while (read(notify_pipe[0], &c, 1) != -1)
f5835d
+	if (notify_pipe[0] >= 0 && FD_ISSET(notify_pipe[0], readset))
f5835d
+		while (read(notify_pipe[0], &c, 1) >= 0)
f5835d
 			debug2("%s: reading", __func__);
f5835d
 }
f5835d
 
f5835d
@@ -518,7 +518,7 @@ server_request_tun(void)
4369a3
 		debug("%s: invalid tun", __func__);
4369a3
 		goto done;
f5835d
 	}
f5835d
-	if (auth_opts->force_tun_device != -1) {
f5835d
+	if (auth_opts->force_tun_device >= 0) {
4369a3
 		if (tun != SSH_TUNID_ANY &&
4369a3
 		    auth_opts->force_tun_device != (int)tun)
f5835d
 			goto done;
f5835d
diff -up openssh-7.4p1/sftp.c.coverity openssh-7.4p1/sftp.c
f5835d
--- openssh-7.4p1/sftp.c.coverity	2016-12-19 05:59:41.000000000 +0100
f5835d
+++ openssh-7.4p1/sftp.c	2016-12-23 16:40:26.903788691 +0100
f5835d
@@ -224,7 +224,7 @@ killchild(int signo)
f5835d
 {
f5835d
 	if (sshpid > 1) {
f5835d
 		kill(sshpid, SIGTERM);
f5835d
-		waitpid(sshpid, NULL, 0);
f5835d
+		(void) waitpid(sshpid, NULL, 0);
f5835d
 	}
f5835d
 
f5835d
 	_exit(1);
f5835d
diff -up openssh-7.4p1/ssh-agent.c.coverity openssh-7.4p1/ssh-agent.c
f5835d
--- openssh-7.4p1/ssh-agent.c.coverity	2016-12-19 05:59:41.000000000 +0100
f5835d
+++ openssh-7.4p1/ssh-agent.c	2016-12-23 16:40:26.903788691 +0100
f5835d
@@ -1220,8 +1220,8 @@ main(int ac, char **av)
f5835d
 	sanitise_stdfd();
f5835d
 
f5835d
 	/* drop */
f5835d
-	setegid(getgid());
f5835d
-	setgid(getgid());
f5835d
+	(void) setegid(getgid());
f5835d
+	(void) setgid(getgid());
f5835d
 
f5835d
 	platform_disable_tracing(0);	/* strict=no */
f5835d
 
f5835d
diff -up openssh-7.4p1/sshd.c.coverity openssh-7.4p1/sshd.c
f5835d
--- openssh-7.4p1/sshd.c.coverity	2016-12-23 16:40:26.897788690 +0100
f5835d
+++ openssh-7.4p1/sshd.c	2016-12-23 16:40:26.904788692 +0100
f5835d
@@ -691,8 +691,10 @@ privsep_preauth(Authctxt *authctxt)
f5835d
 
4369a3
 		privsep_preauth_child(ssh);
f5835d
 		setproctitle("%s", "[net]");
f5835d
-		if (box != NULL)
f5835d
+		if (box != NULL) {
f5835d
 			ssh_sandbox_child(box);
f5835d
+			free(box);
f5835d
+		}
f5835d
 
f5835d
 		return 0;
f5835d
 	}
f5835d
@@ -1386,6 +1388,9 @@ server_accept_loop(int *sock_in, int *so
4369a3
 			explicit_bzero(rnd, sizeof(rnd));
4369a3
 		}
f5835d
 	}
f5835d
+
f5835d
+	if (fdset != NULL)
f5835d
+		free(fdset);
f5835d
 }
f5835d
 
f5835d
 /*