|
|
b58e57 |
diff -up openssh-7.4p1/auth-pam.c.coverity openssh-7.4p1/auth-pam.c
|
|
|
b58e57 |
diff -up openssh-7.4p1/channels.c.coverity openssh-7.4p1/channels.c
|
|
|
b58e57 |
--- openssh-7.4p1/channels.c.coverity 2017-02-09 14:58:32.786064600 +0100
|
|
|
b58e57 |
+++ openssh-7.4p1/channels.c 2017-02-09 15:01:28.869890219 +0100
|
|
|
b58e57 |
@@ -266,11 +266,11 @@ channel_register_fds(Channel *c, int rfd
|
|
|
b58e57 |
channel_max_fd = MAXIMUM(channel_max_fd, wfd);
|
|
|
b58e57 |
channel_max_fd = MAXIMUM(channel_max_fd, efd);
|
|
|
b58e57 |
|
|
|
b58e57 |
- if (rfd != -1)
|
|
|
b58e57 |
+ if (rfd >= 0)
|
|
|
b58e57 |
fcntl(rfd, F_SETFD, FD_CLOEXEC);
|
|
|
b58e57 |
- if (wfd != -1 && wfd != rfd)
|
|
|
b58e57 |
+ if (wfd >= 0 && wfd != rfd)
|
|
|
b58e57 |
fcntl(wfd, F_SETFD, FD_CLOEXEC);
|
|
|
b58e57 |
- if (efd != -1 && efd != rfd && efd != wfd)
|
|
|
b58e57 |
+ if (efd >= 0 && efd != rfd && efd != wfd)
|
|
|
b58e57 |
fcntl(efd, F_SETFD, FD_CLOEXEC);
|
|
|
b58e57 |
|
|
|
b58e57 |
c->rfd = rfd;
|
|
|
b58e57 |
@@ -288,11 +288,11 @@ channel_register_fds(Channel *c, int rfd
|
|
|
b58e57 |
|
|
|
b58e57 |
/* enable nonblocking mode */
|
|
|
b58e57 |
if (nonblock) {
|
|
|
b58e57 |
- if (rfd != -1)
|
|
|
b58e57 |
+ if (rfd >= 0)
|
|
|
b58e57 |
set_nonblock(rfd);
|
|
|
b58e57 |
- if (wfd != -1)
|
|
|
b58e57 |
+ if (wfd >= 0)
|
|
|
b58e57 |
set_nonblock(wfd);
|
|
|
b58e57 |
- if (efd != -1)
|
|
|
b58e57 |
+ if (efd >= 0)
|
|
|
b58e57 |
set_nonblock(efd);
|
|
|
b58e57 |
}
|
|
|
b58e57 |
}
|
|
|
b58e57 |
diff -up openssh-7.4p1/clientloop.c.coverity openssh-7.4p1/clientloop.c
|
|
|
b58e57 |
diff -up openssh-7.4p1/key.c.coverity openssh-7.4p1/key.c
|
|
|
b58e57 |
diff -up openssh-7.4p1/monitor.c.coverity openssh-7.4p1/monitor.c
|
|
|
b58e57 |
--- openssh-7.4p1/monitor.c.coverity 2017-02-09 14:58:32.793064593 +0100
|
|
|
b58e57 |
+++ openssh-7.4p1/monitor.c 2017-02-09 14:58:32.805064581 +0100
|
|
|
b58e57 |
@@ -411,7 +411,7 @@ monitor_child_preauth(Authctxt *_authctx
|
|
|
b58e57 |
mm_get_keystate(pmonitor);
|
|
|
b58e57 |
|
|
|
b58e57 |
/* Drain any buffered messages from the child */
|
|
|
b58e57 |
- while (pmonitor->m_log_recvfd != -1 && monitor_read_log(pmonitor) == 0)
|
|
|
b58e57 |
+ while (pmonitor->m_log_recvfd >= 0 && monitor_read_log(pmonitor) == 0)
|
|
|
b58e57 |
;
|
|
|
b58e57 |
|
|
|
b58e57 |
close(pmonitor->m_sendfd);
|
|
|
b58e57 |
diff -up openssh-7.4p1/monitor_wrap.c.coverity openssh-7.4p1/monitor_wrap.c
|
|
|
b58e57 |
--- openssh-7.4p1/monitor_wrap.c.coverity 2017-02-09 14:58:32.797064589 +0100
|
|
|
b58e57 |
+++ openssh-7.4p1/monitor_wrap.c 2017-02-09 14:58:32.805064581 +0100
|
|
|
b58e57 |
@@ -525,10 +525,10 @@ mm_pty_allocate(int *ptyfd, int *ttyfd,
|
|
|
b58e57 |
if ((tmp1 = dup(pmonitor->m_recvfd)) == -1 ||
|
|
|
b58e57 |
(tmp2 = dup(pmonitor->m_recvfd)) == -1) {
|
|
|
b58e57 |
error("%s: cannot allocate fds for pty", __func__);
|
|
|
b58e57 |
- if (tmp1 > 0)
|
|
|
b58e57 |
+ if (tmp1 >= 0)
|
|
|
b58e57 |
close(tmp1);
|
|
|
b58e57 |
- if (tmp2 > 0)
|
|
|
b58e57 |
- close(tmp2);
|
|
|
b58e57 |
+ /*DEAD CODE if (tmp2 >= 0)
|
|
|
b58e57 |
+ close(tmp2);*/
|
|
|
b58e57 |
return 0;
|
|
|
b58e57 |
}
|
|
|
b58e57 |
close(tmp1);
|
|
|
b58e57 |
diff -up openssh-7.4p1/openbsd-compat/bindresvport.c.coverity openssh-7.4p1/openbsd-compat/bindresvport.c
|
|
|
b58e57 |
--- openssh-7.4p1/openbsd-compat/bindresvport.c.coverity 2016-12-19 05:59:41.000000000 +0100
|
|
|
b58e57 |
+++ openssh-7.4p1/openbsd-compat/bindresvport.c 2017-02-09 14:58:32.805064581 +0100
|
|
|
b58e57 |
@@ -58,7 +58,7 @@ bindresvport_sa(int sd, struct sockaddr
|
|
|
b58e57 |
struct sockaddr_in6 *in6;
|
|
|
b58e57 |
u_int16_t *portp;
|
|
|
b58e57 |
u_int16_t port;
|
|
|
b58e57 |
- socklen_t salen;
|
|
|
b58e57 |
+ socklen_t salen = sizeof(struct sockaddr_storage);
|
|
|
b58e57 |
int i;
|
|
|
b58e57 |
|
|
|
b58e57 |
if (sa == NULL) {
|
|
|
b58e57 |
diff -up openssh-7.4p1/packet.c.coverity openssh-7.4p1/packet.c
|
|
|
b58e57 |
diff -up openssh-7.4p1/progressmeter.c.coverity openssh-7.4p1/progressmeter.c
|
|
|
b58e57 |
diff -up openssh-7.4p1/scp.c.coverity openssh-7.4p1/scp.c
|
|
|
b58e57 |
--- openssh-7.4p1/scp.c.coverity 2017-02-09 14:58:32.761064625 +0100
|
|
|
b58e57 |
+++ openssh-7.4p1/scp.c 2017-02-09 14:58:38.590058852 +0100
|
|
|
b58e57 |
@@ -157,7 +157,7 @@ killchild(int signo)
|
|
|
b58e57 |
{
|
|
|
b58e57 |
if (do_cmd_pid > 1) {
|
|
|
b58e57 |
kill(do_cmd_pid, signo ? signo : SIGTERM);
|
|
|
b58e57 |
- waitpid(do_cmd_pid, NULL, 0);
|
|
|
b58e57 |
+ (void) waitpid(do_cmd_pid, NULL, 0);
|
|
|
b58e57 |
}
|
|
|
b58e57 |
|
|
|
b58e57 |
if (signo)
|
|
|
b58e57 |
diff -up openssh-7.4p1/servconf.c.coverity openssh-7.4p1/servconf.c
|
|
|
b58e57 |
--- openssh-7.4p1/servconf.c.coverity 2017-02-09 14:58:32.801064585 +0100
|
|
|
b58e57 |
+++ openssh-7.4p1/servconf.c 2017-02-09 14:58:38.591058851 +0100
|
|
|
b58e57 |
@@ -1544,7 +1544,7 @@ process_server_config_line(ServerOptions
|
|
|
b58e57 |
fatal("%s line %d: Missing subsystem name.",
|
|
|
b58e57 |
filename, linenum);
|
|
|
b58e57 |
if (!*activep) {
|
|
|
b58e57 |
- arg = strdelim(&cp;;
|
|
|
b58e57 |
+ /*arg =*/ (void) strdelim(&cp;;
|
|
|
b58e57 |
break;
|
|
|
b58e57 |
}
|
|
|
b58e57 |
for (i = 0; i < options->num_subsystems; i++)
|
|
|
b58e57 |
@@ -1635,8 +1635,9 @@ process_server_config_line(ServerOptions
|
|
|
b58e57 |
if (*activep && *charptr == NULL) {
|
|
|
b58e57 |
*charptr = tilde_expand_filename(arg, getuid());
|
|
|
b58e57 |
/* increase optional counter */
|
|
|
b58e57 |
- if (intptr != NULL)
|
|
|
b58e57 |
- *intptr = *intptr + 1;
|
|
|
b58e57 |
+ /* DEAD CODE intptr is still NULL ;)
|
|
|
b58e57 |
+ if (intptr != NULL)
|
|
|
b58e57 |
+ *intptr = *intptr + 1; */
|
|
|
b58e57 |
}
|
|
|
b58e57 |
break;
|
|
|
b58e57 |
|
|
|
b58e57 |
diff -up openssh-7.4p1/serverloop.c.coverity openssh-7.4p1/serverloop.c
|
|
|
b58e57 |
--- openssh-7.4p1/serverloop.c.coverity 2016-12-19 05:59:41.000000000 +0100
|
|
|
b58e57 |
+++ openssh-7.4p1/serverloop.c 2017-02-09 14:58:38.592058850 +0100
|
|
|
b58e57 |
@@ -125,13 +125,13 @@ notify_setup(void)
|
|
|
b58e57 |
static void
|
|
|
b58e57 |
notify_parent(void)
|
|
|
b58e57 |
{
|
|
|
b58e57 |
- if (notify_pipe[1] != -1)
|
|
|
b58e57 |
+ if (notify_pipe[1] >= 0)
|
|
|
b58e57 |
(void)write(notify_pipe[1], "", 1);
|
|
|
b58e57 |
}
|
|
|
b58e57 |
static void
|
|
|
b58e57 |
notify_prepare(fd_set *readset)
|
|
|
b58e57 |
{
|
|
|
b58e57 |
- if (notify_pipe[0] != -1)
|
|
|
b58e57 |
+ if (notify_pipe[0] >= 0)
|
|
|
b58e57 |
FD_SET(notify_pipe[0], readset);
|
|
|
b58e57 |
}
|
|
|
b58e57 |
static void
|
|
|
b58e57 |
@@ -139,8 +139,8 @@ notify_done(fd_set *readset)
|
|
|
b58e57 |
{
|
|
|
b58e57 |
char c;
|
|
|
b58e57 |
|
|
|
b58e57 |
- if (notify_pipe[0] != -1 && FD_ISSET(notify_pipe[0], readset))
|
|
|
b58e57 |
- while (read(notify_pipe[0], &c, 1) != -1)
|
|
|
b58e57 |
+ if (notify_pipe[0] >= 0 && FD_ISSET(notify_pipe[0], readset))
|
|
|
b58e57 |
+ while (read(notify_pipe[0], &c, 1) >= 0)
|
|
|
b58e57 |
debug2("notify_done: reading");
|
|
|
b58e57 |
}
|
|
|
b58e57 |
|
|
|
b58e57 |
@@ -518,7 +518,7 @@ server_request_tun(void)
|
|
|
b58e57 |
}
|
|
|
b58e57 |
|
|
|
b58e57 |
tun = packet_get_int();
|
|
|
b58e57 |
- if (forced_tun_device != -1) {
|
|
|
b58e57 |
+ if (forced_tun_device >= 0) {
|
|
|
b58e57 |
if (tun != SSH_TUNID_ANY && forced_tun_device != tun)
|
|
|
b58e57 |
goto done;
|
|
|
b58e57 |
tun = forced_tun_device;
|
|
|
b58e57 |
diff -up openssh-7.4p1/sftp.c.coverity openssh-7.4p1/sftp.c
|
|
|
b58e57 |
--- openssh-7.4p1/sftp.c.coverity 2016-12-19 05:59:41.000000000 +0100
|
|
|
b58e57 |
+++ openssh-7.4p1/sftp.c 2017-02-09 14:58:38.598058844 +0100
|
|
|
b58e57 |
@@ -224,7 +224,7 @@ killchild(int signo)
|
|
|
b58e57 |
{
|
|
|
b58e57 |
if (sshpid > 1) {
|
|
|
b58e57 |
kill(sshpid, SIGTERM);
|
|
|
b58e57 |
- waitpid(sshpid, NULL, 0);
|
|
|
b58e57 |
+ (void) waitpid(sshpid, NULL, 0);
|
|
|
b58e57 |
}
|
|
|
b58e57 |
|
|
|
b58e57 |
_exit(1);
|
|
|
b58e57 |
diff -up openssh-7.4p1/sftp-client.c.coverity openssh-7.4p1/sftp-client.c
|
|
|
b58e57 |
--- openssh-7.4p1/sftp-client.c.coverity 2017-02-09 14:58:38.596058846 +0100
|
|
|
b58e57 |
+++ openssh-7.4p1/sftp-client.c 2017-02-09 15:20:18.893624636 +0100
|
|
|
b58e57 |
@@ -973,7 +973,7 @@ do_symlink(struct sftp_conn *conn, const
|
|
|
b58e57 |
}
|
|
|
b58e57 |
|
|
|
b58e57 |
int
|
|
|
b58e57 |
-do_fsync(struct sftp_conn *conn, u_char *handle, u_int handle_len)
|
|
|
b58e57 |
+do_fsync(struct sftp_conn *conn, const u_char *handle, u_int handle_len)
|
|
|
b58e57 |
{
|
|
|
b58e57 |
struct sshbuf *msg;
|
|
|
b58e57 |
u_int status, id;
|
|
|
b58e57 |
--- openssh-7.4p1/sftp-client.h.coverity 2017-02-10 09:28:10.951155129 +0100
|
|
|
b58e57 |
+++ openssh-7.4p1/sftp-client.h 2017-02-10 09:27:28.685069870 +0100
|
|
|
b58e57 |
@@ -107,7 +107,7 @@ int do_hardlink(struct sftp_conn *, cons
|
|
|
b58e57 |
int do_symlink(struct sftp_conn *, const char *, const char *);
|
|
|
b58e57 |
|
|
|
b58e57 |
/* Call fsync() on open file 'handle' */
|
|
|
b58e57 |
-int do_fsync(struct sftp_conn *conn, u_char *, u_int);
|
|
|
b58e57 |
+int do_fsync(struct sftp_conn *conn, const u_char *, u_int);
|
|
|
b58e57 |
|
|
|
b58e57 |
/*
|
|
|
b58e57 |
* Download 'remote_path' to 'local_path'. Preserve permissions and times
|
|
|
b58e57 |
diff -up openssh-7.4p1/ssh-agent.c.coverity openssh-7.4p1/ssh-agent.c
|
|
|
b58e57 |
--- openssh-7.4p1/ssh-agent.c.coverity 2017-02-09 14:58:38.599058843 +0100
|
|
|
b58e57 |
+++ openssh-7.4p1/ssh-agent.c 2017-02-09 15:29:21.938917065 +0100
|
|
|
b58e57 |
@@ -1220,8 +1220,8 @@ main(int ac, char **av)
|
|
|
b58e57 |
sanitise_stdfd();
|
|
|
b58e57 |
|
|
|
b58e57 |
/* drop */
|
|
|
b58e57 |
- setegid(getgid());
|
|
|
b58e57 |
- setgid(getgid());
|
|
|
b58e57 |
+ (void) setegid(getgid());
|
|
|
b58e57 |
+ (void) setgid(getgid());
|
|
|
b58e57 |
|
|
|
b58e57 |
platform_disable_tracing(0); /* strict=no */
|
|
|
b58e57 |
|
|
|
b58e57 |
diff -up openssh-7.4p1/sshd.c.coverity openssh-7.4p1/sshd.c
|
|
|
b58e57 |
--- openssh-7.4p1/sshd.c.coverity 2017-02-09 14:58:38.600058842 +0100
|
|
|
b58e57 |
+++ openssh-7.4p1/sshd.c 2017-02-09 15:30:33.403800831 +0100
|
|
|
b58e57 |
@@ -679,8 +679,10 @@ privsep_preauth(Authctxt *authctxt)
|
|
|
b58e57 |
|
|
|
b58e57 |
privsep_preauth_child();
|
|
|
b58e57 |
setproctitle("%s", "[net]");
|
|
|
b58e57 |
- if (box != NULL)
|
|
|
b58e57 |
+ if (box != NULL) {
|
|
|
b58e57 |
ssh_sandbox_child(box);
|
|
|
b58e57 |
+ free(box);
|
|
|
b58e57 |
+ }
|
|
|
b58e57 |
|
|
|
b58e57 |
return 0;
|
|
|
b58e57 |
}
|
|
|
b58e57 |
@@ -1382,6 +1384,9 @@ server_accept_loop(int *sock_in, int *so
|
|
|
b58e57 |
if (num_listen_socks < 0)
|
|
|
b58e57 |
break;
|
|
|
b58e57 |
}
|
|
|
b58e57 |
+
|
|
|
b58e57 |
+ if (fdset != NULL)
|
|
|
b58e57 |
+ free(fdset);
|
|
|
b58e57 |
}
|
|
|
b58e57 |
|
|
|
b58e57 |
/*
|
|
|
b58e57 |
diff --git a/auth-pam.c b/auth-pam.c
|
|
|
b58e57 |
index e554ec4..bd16d80 100644
|
|
|
b58e57 |
--- a/auth-pam.c
|
|
|
b58e57 |
+++ b/auth-pam.c
|
|
|
b58e57 |
@@ -834,6 +834,8 @@ fake_password(const char *wire_password)
|
|
|
b58e57 |
fatal("%s: password length too long: %zu", __func__, l);
|
|
|
b58e57 |
|
|
|
b58e57 |
ret = malloc(l + 1);
|
|
|
b58e57 |
+ if (ret == NULL)
|
|
|
b58e57 |
+ return NULL;
|
|
|
b58e57 |
for (i = 0; i < l; i++)
|
|
|
b58e57 |
ret[i] = junk[i % (sizeof(junk) - 1)];
|
|
|
b58e57 |
ret[i] = '\0';
|
|
|
b58e57 |
diff --git a/clientloop.c b/clientloop.c
|
|
|
b58e57 |
index c6a4138..9b00e12 100644
|
|
|
b58e57 |
--- a/clientloop.c
|
|
|
b58e57 |
+++ b/clientloop.c
|
|
|
b58e57 |
@@ -2290,7 +2290,7 @@ update_known_hosts(struct hostkeys_update_ctx *ctx)
|
|
|
b58e57 |
free(response);
|
|
|
b58e57 |
response = read_passphrase("Accept updated hostkeys? "
|
|
|
b58e57 |
"(yes/no): ", RP_ECHO);
|
|
|
b58e57 |
- if (strcasecmp(response, "yes") == 0)
|
|
|
b58e57 |
+ if (response != NULL && strcasecmp(response, "yes") == 0)
|
|
|
b58e57 |
break;
|
|
|
b58e57 |
else if (quit_pending || response == NULL ||
|
|
|
b58e57 |
strcasecmp(response, "no") == 0) {
|
|
|
b58e57 |
diff --git a/digest-openssl.c b/digest-openssl.c
|
|
|
b58e57 |
index 13b63c2..dfa9b8d 100644
|
|
|
b58e57 |
--- a/digest-openssl.c
|
|
|
b58e57 |
+++ b/digest-openssl.c
|
|
|
b58e57 |
@@ -158,7 +158,7 @@ ssh_digest_final(struct ssh_digest_ctx *ctx, u_char *d, size_t dlen)
|
|
|
b58e57 |
const struct ssh_digest *digest = ssh_digest_by_alg(ctx->alg);
|
|
|
b58e57 |
u_int l = dlen;
|
|
|
b58e57 |
|
|
|
b58e57 |
- if (dlen > UINT_MAX)
|
|
|
b58e57 |
+ if (digest == NULL || dlen > UINT_MAX)
|
|
|
b58e57 |
return SSH_ERR_INVALID_ARGUMENT;
|
|
|
b58e57 |
if (dlen < digest->digest_len) /* No truncation allowed */
|
|
|
b58e57 |
return SSH_ERR_INVALID_ARGUMENT;
|
|
|
b58e57 |
diff --git a/kex.c b/kex.c
|
|
|
b58e57 |
index a30dabe..a8ac91f 100644
|
|
|
b58e57 |
--- a/kex.c
|
|
|
b58e57 |
+++ b/kex.c
|
|
|
b58e57 |
@@ -178,7 +178,7 @@ kex_names_valid(const char *names)
|
|
|
b58e57 |
char *
|
|
|
b58e57 |
kex_names_cat(const char *a, const char *b)
|
|
|
b58e57 |
{
|
|
|
b58e57 |
- char *ret = NULL, *tmp = NULL, *cp, *p;
|
|
|
b58e57 |
+ char *ret = NULL, *tmp = NULL, *cp, *p, *m;
|
|
|
b58e57 |
size_t len;
|
|
|
b58e57 |
|
|
|
b58e57 |
if (a == NULL || *a == '\0')
|
|
|
b58e57 |
@@ -195,8 +195,10 @@ kex_names_cat(const char *a, const char *b)
|
|
|
b58e57 |
}
|
|
|
b58e57 |
strlcpy(ret, a, len);
|
|
|
b58e57 |
for ((p = strsep(&cp, ",")); p && *p != '\0'; (p = strsep(&cp, ","))) {
|
|
|
b58e57 |
- if (match_list(ret, p, NULL) != NULL)
|
|
|
b58e57 |
+ if ((m = match_list(ret, p, NULL)) != NULL) {
|
|
|
b58e57 |
+ free(m);
|
|
|
b58e57 |
continue; /* Algorithm already present */
|
|
|
b58e57 |
+ }
|
|
|
b58e57 |
if (strlcat(ret, ",", len) >= len ||
|
|
|
b58e57 |
strlcat(ret, p, len) >= len) {
|
|
|
b58e57 |
free(tmp);
|
|
|
b58e57 |
@@ -651,8 +653,10 @@ choose_enc(struct sshenc *enc, char *client, char *server)
|
|
|
b58e57 |
#endif
|
|
|
b58e57 |
return SSH_ERR_NO_CIPHER_ALG_MATCH;
|
|
|
b58e57 |
}
|
|
|
b58e57 |
- if ((enc->cipher = cipher_by_name(name)) == NULL)
|
|
|
b58e57 |
+ if ((enc->cipher = cipher_by_name(name)) == NULL) {
|
|
|
b58e57 |
+ free(name);
|
|
|
b58e57 |
return SSH_ERR_INTERNAL_ERROR;
|
|
|
b58e57 |
+ }
|
|
|
b58e57 |
enc->name = name;
|
|
|
b58e57 |
enc->enabled = 0;
|
|
|
b58e57 |
enc->iv = NULL;
|
|
|
b58e57 |
@@ -670,8 +674,10 @@ choose_mac(struct ssh *ssh, struct sshmac *mac, char *client, char *server)
|
|
|
b58e57 |
#endif
|
|
|
b58e57 |
return SSH_ERR_NO_MAC_ALG_MATCH;
|
|
|
b58e57 |
}
|
|
|
b58e57 |
- if (mac_setup(mac, name) < 0)
|
|
|
b58e57 |
+ if (mac_setup(mac, name) < 0) {
|
|
|
b58e57 |
+ free(name);
|
|
|
b58e57 |
return SSH_ERR_INTERNAL_ERROR;
|
|
|
b58e57 |
+ }
|
|
|
b58e57 |
/* truncate the key */
|
|
|
b58e57 |
if (ssh->compat & SSH_BUG_HMAC)
|
|
|
b58e57 |
mac->key_len = 16;
|
|
|
b58e57 |
@@ -695,6 +701,7 @@ choose_comp(struct sshcomp *comp, char *client, char *server)
|
|
|
b58e57 |
} else if (strcmp(name, "none") == 0) {
|
|
|
b58e57 |
comp->type = COMP_NONE;
|
|
|
b58e57 |
} else {
|
|
|
b58e57 |
+ free(name);
|
|
|
b58e57 |
return SSH_ERR_INTERNAL_ERROR;
|
|
|
b58e57 |
}
|
|
|
b58e57 |
comp->name = name;
|
|
|
b58e57 |
diff --git a/readconf.c b/readconf.c
|
|
|
b58e57 |
index 3e7a5d8..acc1391 100644
|
|
|
b58e57 |
--- a/readconf.c
|
|
|
b58e57 |
+++ b/readconf.c
|
|
|
b58e57 |
@@ -1500,6 +1500,7 @@ parse_keytypes:
|
|
|
b58e57 |
if (r == GLOB_NOMATCH) {
|
|
|
b58e57 |
debug("%.200s line %d: include %s matched no "
|
|
|
b58e57 |
"files",filename, linenum, arg2);
|
|
|
b58e57 |
+ free(arg2);
|
|
|
b58e57 |
continue;
|
|
|
b58e57 |
} else if (r != 0 || gl.gl_pathc < 0)
|
|
|
b58e57 |
fatal("%.200s line %d: glob failed for %s.",
|
|
|
b58e57 |
diff --git a/servconf.c b/servconf.c
|
|
|
b58e57 |
index 6ab1cb4..5f2464a 100644
|
|
|
b58e57 |
--- a/servconf.c
|
|
|
b58e57 |
+++ b/servconf.c
|
|
|
b58e57 |
@@ -2284,8 +2284,6 @@ dump_cfg_fmtint(ServerOpCodes code, int val)
|
|
|
b58e57 |
static void
|
|
|
b58e57 |
dump_cfg_string(ServerOpCodes code, const char *val)
|
|
|
b58e57 |
{
|
|
|
b58e57 |
- if (val == NULL)
|
|
|
b58e57 |
- return;
|
|
|
b58e57 |
printf("%s %s\n", lookup_opcode_name(code),
|
|
|
b58e57 |
val == NULL ? "none" : val);
|
|
|
b58e57 |
}
|
|
|
b58e57 |
diff --git a/sshconnect.c b/sshconnect.c
|
|
|
b58e57 |
index 07f80cd..5d4b41b 100644
|
|
|
b58e57 |
--- a/sshconnect.c
|
|
|
b58e57 |
+++ b/sshconnect.c
|
|
|
b58e57 |
@@ -1533,6 +1533,7 @@ maybe_add_key_to_agent(char *authfile, Key *private, char *comment,
|
|
|
b58e57 |
if (options.add_keys_to_agent == 2 &&
|
|
|
b58e57 |
!ask_permission("Add key %s (%s) to agent?", authfile, comment)) {
|
|
|
b58e57 |
debug3("user denied adding this key");
|
|
|
b58e57 |
+ close(auth_sock);
|
|
|
b58e57 |
return;
|
|
|
b58e57 |
}
|
|
|
b58e57 |
|
|
|
b58e57 |
@@ -1541,4 +1542,5 @@ maybe_add_key_to_agent(char *authfile, Key *private, char *comment,
|
|
|
b58e57 |
debug("identity added to agent: %s", authfile);
|
|
|
b58e57 |
else
|
|
|
b58e57 |
debug("could not add identity to agent: %s (%d)", authfile, r);
|
|
|
b58e57 |
+ close(auth_sock);
|
|
|
b58e57 |
}
|
|
|
b58e57 |
diff --git a/sshconnect2.c b/sshconnect2.c
|
|
|
b58e57 |
index f31c24c..aecf765 100644
|
|
|
b58e57 |
--- a/sshconnect2.c
|
|
|
b58e57 |
+++ b/sshconnect2.c
|
|
|
b58e57 |
@@ -1061,6 +1061,7 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
|
|
|
b58e57 |
|
|
|
b58e57 |
if (key_to_blob(id->key, &blob, &bloblen) == 0) {
|
|
|
b58e57 |
/* we cannot handle this key */
|
|
|
b58e57 |
+ free(blob);
|
|
|
b58e57 |
debug3("sign_and_send_pubkey: cannot handle key");
|
|
|
b58e57 |
return 0;
|
|
|
b58e57 |
}
|
|
|
b58e57 |
@@ -1170,6 +1171,7 @@ send_pubkey_test(Authctxt *authctxt, Identity *id)
|
|
|
b58e57 |
|
|
|
b58e57 |
if (key_to_blob(id->key, &blob, &bloblen) == 0) {
|
|
|
b58e57 |
/* we cannot handle this key */
|
|
|
b58e57 |
+ free(blob);
|
|
|
b58e57 |
debug3("send_pubkey_test: cannot handle key");
|
|
|
b58e57 |
return 0;
|
|
|
b58e57 |
}
|
|
|
b58e57 |
diff --git a/sshkey.c b/sshkey.c
|
|
|
b58e57 |
index 85fd1bd..58c1051 100644
|
|
|
b58e57 |
--- a/sshkey.c
|
|
|
b58e57 |
+++ b/sshkey.c
|
|
|
b58e57 |
@@ -1375,8 +1375,6 @@ sshkey_read(struct sshkey *ret, char **cpp)
|
|
|
b58e57 |
retval = 0;
|
|
|
b58e57 |
/*XXXX*/
|
|
|
b58e57 |
sshkey_free(k);
|
|
|
b58e57 |
- if (retval != 0)
|
|
|
b58e57 |
- break;
|
|
|
b58e57 |
break;
|
|
|
b58e57 |
default:
|
|
|
b58e57 |
return SSH_ERR_INVALID_ARGUMENT;
|
|
|
b58e57 |
diff --git a/krl.c b/krl.c
|
|
|
b58e57 |
index e271a19..69bec99 100644
|
|
|
b58e57 |
--- a/krl.c
|
|
|
b58e57 |
+++ b/krl.c
|
|
|
b58e57 |
@@ -1089,7 +1089,7 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp,
|
|
|
b58e57 |
break;
|
|
|
b58e57 |
case KRL_SECTION_SIGNATURE:
|
|
|
b58e57 |
/* Handled above, but still need to stay in synch */
|
|
|
b58e57 |
- sshbuf_reset(sect);
|
|
|
b58e57 |
+ sshbuf_free(sect);
|
|
|
b58e57 |
sect = NULL;
|
|
|
b58e57 |
if ((r = sshbuf_skip_string(copy)) != 0)
|
|
|
b58e57 |
goto out;
|
|
|
b58e57 |
@@ -1288,7 +1288,8 @@ ssh_krl_file_contains_key(const char *path, const struct sshkey *key)
|
|
|
b58e57 |
debug2("%s: checking KRL %s", __func__, path);
|
|
|
b58e57 |
r = ssh_krl_check_key(krl, key);
|
|
|
b58e57 |
out:
|
|
|
b58e57 |
- close(fd);
|
|
|
b58e57 |
+ if (fd != -1)
|
|
|
b58e57 |
+ close(fd);
|
|
|
b58e57 |
sshbuf_free(krlbuf);
|
|
|
b58e57 |
ssh_krl_free(krl);
|
|
|
b58e57 |
if (r != 0)
|
|
|
b58e57 |
diff --git a/readconf.c b/readconf.c
|
|
|
b58e57 |
index acc1391..c4dff15 100644
|
|
|
b58e57 |
--- a/readconf.c
|
|
|
b58e57 |
+++ b/readconf.c
|
|
|
b58e57 |
@@ -1185,7 +1185,7 @@ parse_int:
|
|
|
b58e57 |
value = cipher_number(arg);
|
|
|
b58e57 |
if (value == -1)
|
|
|
b58e57 |
fatal("%.200s line %d: Bad cipher '%s'.",
|
|
|
b58e57 |
- filename, linenum, arg ? arg : "<NONE>");
|
|
|
b58e57 |
+ filename, linenum, arg);
|
|
|
b58e57 |
if (*activep && *intptr == -1)
|
|
|
b58e57 |
*intptr = value;
|
|
|
b58e57 |
break;
|
|
|
b58e57 |
@@ -1196,7 +1196,7 @@ parse_int:
|
|
|
b58e57 |
fatal("%.200s line %d: Missing argument.", filename, linenum);
|
|
|
b58e57 |
if (!ciphers_valid(*arg == '+' ? arg + 1 : arg))
|
|
|
b58e57 |
fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
|
|
|
b58e57 |
- filename, linenum, arg ? arg : "<NONE>");
|
|
|
b58e57 |
+ filename, linenum, arg);
|
|
|
b58e57 |
if (*activep && options->ciphers == NULL)
|
|
|
b58e57 |
options->ciphers = xstrdup(arg);
|
|
|
b58e57 |
break;
|
|
|
b58e57 |
@@ -1207,7 +1207,7 @@ parse_int:
|
|
|
b58e57 |
fatal("%.200s line %d: Missing argument.", filename, linenum);
|
|
|
b58e57 |
if (!mac_valid(*arg == '+' ? arg + 1 : arg))
|
|
|
b58e57 |
fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.",
|
|
|
b58e57 |
- filename, linenum, arg ? arg : "<NONE>");
|
|
|
b58e57 |
+ filename, linenum, arg);
|
|
|
b58e57 |
if (*activep && options->macs == NULL)
|
|
|
b58e57 |
options->macs = xstrdup(arg);
|
|
|
b58e57 |
break;
|
|
|
b58e57 |
@@ -1220,7 +1220,7 @@ parse_int:
|
|
|
b58e57 |
filename, linenum);
|
|
|
b58e57 |
if (!kex_names_valid(*arg == '+' ? arg + 1 : arg))
|
|
|
b58e57 |
fatal("%.200s line %d: Bad SSH2 KexAlgorithms '%s'.",
|
|
|
b58e57 |
- filename, linenum, arg ? arg : "<NONE>");
|
|
|
b58e57 |
+ filename, linenum, arg);
|
|
|
b58e57 |
if (*activep && options->kex_algorithms == NULL)
|
|
|
b58e57 |
options->kex_algorithms = xstrdup(arg);
|
|
|
b58e57 |
break;
|
|
|
b58e57 |
@@ -1235,7 +1235,7 @@ parse_keytypes:
|
|
|
b58e57 |
filename, linenum);
|
|
|
b58e57 |
if (!sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1))
|
|
|
b58e57 |
fatal("%s line %d: Bad key types '%s'.",
|
|
|
b58e57 |
- filename, linenum, arg ? arg : "<NONE>");
|
|
|
b58e57 |
+ filename, linenum, arg);
|
|
|
b58e57 |
if (*activep && *charptr == NULL)
|
|
|
b58e57 |
*charptr = xstrdup(arg);
|
|
|
b58e57 |
break;
|
|
|
b58e57 |
@@ -1248,7 +1248,7 @@ parse_keytypes:
|
|
|
b58e57 |
value = proto_spec(arg);
|
|
|
b58e57 |
if (value == SSH_PROTO_UNKNOWN)
|
|
|
b58e57 |
fatal("%.200s line %d: Bad protocol spec '%s'.",
|
|
|
b58e57 |
- filename, linenum, arg ? arg : "<NONE>");
|
|
|
b58e57 |
+ filename, linenum, arg);
|
|
|
b58e57 |
if (*activep && *intptr == SSH_PROTO_UNKNOWN)
|
|
|
b58e57 |
*intptr = value;
|
|
|
b58e57 |
break;
|
|
|
b58e57 |
diff --git a/servconf.c b/servconf.c
|
|
|
b58e57 |
index 5f2464a..4564494 100644
|
|
|
b58e57 |
--- a/servconf.c
|
|
|
b58e57 |
+++ b/servconf.c
|
|
|
b58e57 |
@@ -1217,7 +1217,7 @@ process_server_config_line_depth(ServerOptions *options, char *line,
|
|
|
b58e57 |
filename, linenum);
|
|
|
b58e57 |
if (!sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1))
|
|
|
b58e57 |
fatal("%s line %d: Bad key types '%s'.",
|
|
|
b58e57 |
- filename, linenum, arg ? arg : "<NONE>");
|
|
|
b58e57 |
+ filename, linenum, arg);
|
|
|
b58e57 |
if (*activep && *charptr == NULL)
|
|
|
b58e57 |
*charptr = xstrdup(arg);
|
|
|
b58e57 |
break;
|
|
|
b58e57 |
@@ -1476,7 +1476,7 @@ process_server_config_line_depth(ServerOptions *options, char *line,
|
|
|
b58e57 |
fatal("%s line %d: Missing argument.", filename, linenum);
|
|
|
b58e57 |
if (!ciphers_valid(*arg == '+' ? arg + 1 : arg))
|
|
|
b58e57 |
fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
|
|
|
b58e57 |
- filename, linenum, arg ? arg : "<NONE>");
|
|
|
b58e57 |
+ filename, linenum, arg);
|
|
|
b58e57 |
if (options->ciphers == NULL)
|
|
|
b58e57 |
options->ciphers = xstrdup(arg);
|
|
|
b58e57 |
break;
|
|
|
b58e57 |
@@ -1487,7 +1487,7 @@ process_server_config_line_depth(ServerOptions *options, char *line,
|
|
|
b58e57 |
fatal("%s line %d: Missing argument.", filename, linenum);
|
|
|
b58e57 |
if (!mac_valid(*arg == '+' ? arg + 1 : arg))
|
|
|
b58e57 |
fatal("%s line %d: Bad SSH2 mac spec '%s'.",
|
|
|
b58e57 |
- filename, linenum, arg ? arg : "<NONE>");
|
|
|
b58e57 |
+ filename, linenum, arg);
|
|
|
b58e57 |
if (options->macs == NULL)
|
|
|
b58e57 |
options->macs = xstrdup(arg);
|
|
|
b58e57 |
break;
|
|
|
b58e57 |
@@ -1500,7 +1500,7 @@ process_server_config_line_depth(ServerOptions *options, char *line,
|
|
|
b58e57 |
filename, linenum);
|
|
|
b58e57 |
if (!kex_names_valid(*arg == '+' ? arg + 1 : arg))
|
|
|
b58e57 |
fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.",
|
|
|
b58e57 |
- filename, linenum, arg ? arg : "<NONE>");
|
|
|
b58e57 |
+ filename, linenum, arg);
|
|
|
b58e57 |
if (options->kex_algorithms == NULL)
|
|
|
b58e57 |
options->kex_algorithms = xstrdup(arg);
|
|
|
b58e57 |
break;
|
|
|
b58e57 |
diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c
|
|
|
b58e57 |
index aaf712d..62a76b3 100644
|
|
|
b58e57 |
--- a/ssh-pkcs11.c
|
|
|
b58e57 |
+++ b/ssh-pkcs11.c
|
|
|
b58e57 |
@@ -536,8 +536,8 @@ pkcs11_fetch_keys_filter(struct pkcs11_provider *p, CK_ULONG slotidx,
|
|
|
b58e57 |
X509_free(x509);
|
|
|
b58e57 |
}
|
|
|
b58e57 |
if (rsa && rsa->n && rsa->e &&
|
|
|
b58e57 |
- pkcs11_rsa_wrap(p, slotidx, &attribs[0], rsa) == 0) {
|
|
|
b58e57 |
- key = sshkey_new(KEY_UNSPEC);
|
|
|
b58e57 |
+ pkcs11_rsa_wrap(p, slotidx, &attribs[0], rsa) == 0 &&
|
|
|
b58e57 |
+ (key = sshkey_new(KEY_UNSPEC)) != NULL) {
|
|
|
b58e57 |
key->rsa = rsa;
|
|
|
b58e57 |
key->type = KEY_RSA;
|
|
|
b58e57 |
key->flags |= SSHKEY_FLAG_EXT;
|
|
|
b58e57 |
diff --git a/sshconnect1.c b/sshconnect1.c
|
|
|
b58e57 |
index a045361..0e1a506 100644
|
|
|
b58e57 |
--- a/sshconnect1.c
|
|
|
b58e57 |
+++ b/sshconnect1.c
|
|
|
b58e57 |
@@ -520,7 +520,8 @@ ssh_kex(char *host, struct sockaddr *hostaddr)
|
|
|
b58e57 |
cookie[i] = packet_get_char();
|
|
|
b58e57 |
|
|
|
b58e57 |
/* Get the public key. */
|
|
|
b58e57 |
- server_key = key_new(KEY_RSA1);
|
|
|
b58e57 |
+ if ((server_key = key_new(KEY_RSA1)) == NULL)
|
|
|
b58e57 |
+ fatal("%s: key_new(KEY_RSA1) failed", __func__);
|
|
|
b58e57 |
bits = packet_get_int();
|
|
|
b58e57 |
packet_get_bignum(server_key->rsa->e);
|
|
|
b58e57 |
packet_get_bignum(server_key->rsa->n);
|
|
|
b58e57 |
@@ -532,7 +533,8 @@ ssh_kex(char *host, struct sockaddr *hostaddr)
|
|
|
b58e57 |
logit("Warning: This may be due to an old implementation of ssh.");
|
|
|
b58e57 |
}
|
|
|
b58e57 |
/* Get the host key. */
|
|
|
b58e57 |
- host_key = key_new(KEY_RSA1);
|
|
|
b58e57 |
+ if ((host_key = key_new(KEY_RSA1)) == NULL)
|
|
|
b58e57 |
+ fatal("%s: key_new(KEY_RSA1) failed", __func__);
|
|
|
b58e57 |
bits = packet_get_int();
|
|
|
b58e57 |
packet_get_bignum(host_key->rsa->e);
|
|
|
b58e57 |
packet_get_bignum(host_key->rsa->n);
|
|
|
b58e57 |
diff --git a/sshkey.c b/sshkey.c
|
|
|
b58e57 |
index 58c1051..6afacb5 100644
|
|
|
b58e57 |
--- a/sshkey.c
|
|
|
b58e57 |
+++ b/sshkey.c
|
|
|
b58e57 |
@@ -1239,6 +1239,9 @@ sshkey_read(struct sshkey *ret, char **cpp)
|
|
|
b58e57 |
u_long bits;
|
|
|
b58e57 |
#endif /* WITH_SSH1 */
|
|
|
b58e57 |
|
|
|
b58e57 |
+ if (ret == NULL)
|
|
|
b58e57 |
+ return SSH_ERR_INVALID_ARGUMENT;
|
|
|
b58e57 |
+
|
|
|
b58e57 |
cp = *cpp;
|
|
|
b58e57 |
|
|
|
b58e57 |
switch (ret->type) {
|