forked from rpms/openssh
Address issues reported by coverity
This commit is contained in:
parent
4c36c2a9ee
commit
c60b555ac2
@ -50,10 +50,10 @@ index 8f32464..18a2ca4 100644
|
||||
+
|
||||
+ cp = line;
|
||||
+ arg = strdelim(&cp);
|
||||
+ if (*arg == '\0')
|
||||
+ if (arg && *arg == '\0')
|
||||
+ arg = strdelim(&cp);
|
||||
+
|
||||
+ if (strcmp(arg, "privsep_preauth") == 0) {
|
||||
+ if (arg && strcmp(arg, "privsep_preauth") == 0) {
|
||||
+ arg = strdelim(&cp);
|
||||
+ if (!arg || *arg == '\0') {
|
||||
+ debug("%s: privsep_preauth is empty", __func__);
|
||||
|
@ -39,7 +39,7 @@ diff -up openssh-6.8p1/Makefile.in.ctr-cavs openssh-6.8p1/Makefile.in
|
||||
diff -up openssh-6.8p1/ctr-cavstest.c.ctr-cavs openssh-6.8p1/ctr-cavstest.c
|
||||
--- openssh-6.8p1/ctr-cavstest.c.ctr-cavs 2015-03-18 11:22:05.521288952 +0100
|
||||
+++ openssh-6.8p1/ctr-cavstest.c 2015-03-18 11:22:05.521288952 +0100
|
||||
@@ -0,0 +1,208 @@
|
||||
@@ -0,0 +1,215 @@
|
||||
+/*
|
||||
+ *
|
||||
+ * invocation (all of the following are equal):
|
||||
@ -60,6 +60,7 @@ diff -up openssh-6.8p1/ctr-cavstest.c.ctr-cavs openssh-6.8p1/ctr-cavstest.c
|
||||
+
|
||||
+#include "xmalloc.h"
|
||||
+#include "log.h"
|
||||
+#include "ssherr.h"
|
||||
+#include "cipher.h"
|
||||
+
|
||||
+/* compatibility with old or broken OpenSSL versions */
|
||||
@ -148,7 +149,7 @@ diff -up openssh-6.8p1/ctr-cavstest.c.ctr-cavs openssh-6.8p1/ctr-cavstest.c
|
||||
+ char *hexiv = "00000000000000000000000000000000";
|
||||
+ char *hexdata = NULL;
|
||||
+ char *p;
|
||||
+ int i;
|
||||
+ int i, r;
|
||||
+ int encrypt = 1;
|
||||
+ void *key;
|
||||
+ size_t keylen;
|
||||
@ -221,10 +222,13 @@ diff -up openssh-6.8p1/ctr-cavstest.c.ctr-cavs openssh-6.8p1/ctr-cavstest.c
|
||||
+ return 2;
|
||||
+ }
|
||||
+
|
||||
+ cipher_init(&cc, c, key, keylen, iv, ivlen, encrypt);
|
||||
+ if ((r = cipher_init(&cc, c, key, keylen, iv, ivlen, encrypt)) != 0) {
|
||||
+ fprintf(stderr, "Error: cipher_init failed: %s\n", ssh_err(r));
|
||||
+ return 2;
|
||||
+ }
|
||||
+
|
||||
+ free(key);
|
||||
+ free(iv);
|
||||
+ free(key);
|
||||
+ free(iv);
|
||||
+
|
||||
+ outdata = malloc(datalen);
|
||||
+ if(outdata == NULL) {
|
||||
@ -232,9 +236,12 @@ diff -up openssh-6.8p1/ctr-cavstest.c.ctr-cavs openssh-6.8p1/ctr-cavstest.c
|
||||
+ return 2;
|
||||
+ }
|
||||
+
|
||||
+ cipher_crypt(cc, 0, outdata, data, datalen, 0, 0);
|
||||
+ if ((r = cipher_crypt(cc, 0, outdata, data, datalen, 0, 0)) != 0) {
|
||||
+ fprintf(stderr, "Error: cipher_crypt failed: %s\n", ssh_err(r));
|
||||
+ return 2;
|
||||
+ }
|
||||
+
|
||||
+ free(data);
|
||||
+ free(data);
|
||||
+
|
||||
+ cipher_free(cc);
|
||||
+
|
||||
|
@ -103,7 +103,7 @@ index 413b845..54dd383 100644
|
||||
+ struct passwd *pw = the_authctxt->pw;
|
||||
+ int found_principal = 0;
|
||||
+ int ncommands = 0, allcommands = 0;
|
||||
+ u_long linenum;
|
||||
+ u_long linenum = 0;
|
||||
+ size_t linesize = 0;
|
||||
+
|
||||
+ snprintf(file, sizeof(file), "%s/.k5users", pw->pw_dir);
|
||||
|
@ -646,7 +646,7 @@ diff -up openssh-6.8p1/ldap.conf.ldap openssh-6.8p1/ldap.conf
|
||||
diff -up openssh-6.8p1/ldapbody.c.ldap openssh-6.8p1/ldapbody.c
|
||||
--- openssh-6.8p1/ldapbody.c.ldap 2015-03-18 11:11:29.031801462 +0100
|
||||
+++ openssh-6.8p1/ldapbody.c 2015-03-18 11:11:29.031801462 +0100
|
||||
@@ -0,0 +1,493 @@
|
||||
@@ -0,0 +1,494 @@
|
||||
+/* $OpenBSD: ldapbody.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
|
||||
+/*
|
||||
+ * Copyright (c) 2009 Jan F. Chadima. All rights reserved.
|
||||
@ -801,7 +801,8 @@ diff -up openssh-6.8p1/ldapbody.c.ldap openssh-6.8p1/ldapbody.c
|
||||
+ char *logfilename;
|
||||
+ int logfilenamelen;
|
||||
+
|
||||
+ logfilenamelen = strlen (LDAP_LOGFILE) + strlen ("000000") + strlen (options.logdir);
|
||||
+ logfilenamelen = strlen(LDAP_LOGFILE)
|
||||
+ + strlen("000000") + strlen (options.logdir);
|
||||
+ logfilename = xmalloc (logfilenamelen);
|
||||
+ snprintf (logfilename, logfilenamelen, LDAP_LOGFILE, options.logdir, (int) getpid ());
|
||||
+ logfilename[logfilenamelen - 1] = 0;
|
||||
|
@ -371,7 +371,7 @@ index ed23f06d..bdb3109a 100644
|
||||
/* If we're already complete - protocol error */
|
||||
if (maj_status == GSS_S_COMPLETE)
|
||||
packet_disconnect("Protocol error: received token when complete");
|
||||
@@ -344,4 +345,381 @@ kexgss_client(struct ssh *ssh) {
|
||||
@@ -344,4 +345,382 @@ kexgss_client(struct ssh *ssh) {
|
||||
return kex_send_newkeys(ssh);
|
||||
}
|
||||
|
||||
@ -385,7 +385,7 @@ index ed23f06d..bdb3109a 100644
|
||||
+ u_char *server_pub = NULL;
|
||||
+ u_int server_pub_len = 0;
|
||||
+ BIGNUM *shared_secret = NULL;
|
||||
+ u_char *kbuf;
|
||||
+ u_char *kbuf = NULL;
|
||||
+ u_char *serverhostkey = NULL;
|
||||
+ u_char *empty = "";
|
||||
+ char *msg;
|
||||
@ -446,8 +446,9 @@ index ed23f06d..bdb3109a 100644
|
||||
+ sizeof(kex->c25519_client_key));
|
||||
+#endif
|
||||
+
|
||||
+ sshbuf_put_string(Q_C, kex->c25519_client_pubkey,
|
||||
+ sizeof(kex->c25519_client_pubkey));
|
||||
+ if ((r = sshbuf_put_string(Q_C, kex->c25519_client_pubkey,
|
||||
+ sizeof(kex->c25519_client_pubkey))) != 0)
|
||||
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
+ break;
|
||||
+ default:
|
||||
+ fatal("%s: Unexpected KEX type %d", __func__, kex->kex_type);
|
||||
@ -765,7 +766,7 @@ index b7da8823..a7c42803 100644
|
||||
|
||||
extern ServerOptions options;
|
||||
|
||||
@@ -303,4 +304,336 @@ kexgss_server(struct ssh *ssh)
|
||||
@@ -303,4 +304,338 @@ kexgss_server(struct ssh *ssh)
|
||||
ssh_gssapi_rekey_creds();
|
||||
return 0;
|
||||
}
|
||||
@ -787,7 +788,7 @@ index b7da8823..a7c42803 100644
|
||||
+ gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
|
||||
+ Gssctxt *ctxt = NULL;
|
||||
+ u_int slen, klen = 0;
|
||||
+ u_char *kbuf;
|
||||
+ u_char *kbuf = NULL;
|
||||
+ BIGNUM *shared_secret = NULL;
|
||||
+ int type = 0;
|
||||
+ gss_OID oid;
|
||||
@ -854,8 +855,9 @@ index b7da8823..a7c42803 100644
|
||||
+ dump_digest("server private key:", c25519_server_key,
|
||||
+ sizeof(c25519_server_key));
|
||||
+#endif
|
||||
+ sshbuf_put_string(Q_S, c25519_server_pubkey,
|
||||
+ sizeof(c25519_server_pubkey));
|
||||
+ if ((r = sshbuf_put_string(Q_S, c25519_server_pubkey,
|
||||
+ sizeof(c25519_server_pubkey))) != 0)
|
||||
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
+ break;
|
||||
+ default:
|
||||
+ fatal("%s: Unexpected KEX type %d", __func__, kex->kex_type);
|
||||
@ -1036,7 +1038,8 @@ index b7da8823..a7c42803 100644
|
||||
+ {
|
||||
+ const u_char *ptr;
|
||||
+ size_t len;
|
||||
+ sshbuf_get_string_direct(Q_S, &ptr, &len);
|
||||
+ if ((r = sshbuf_get_string_direct(Q_S, &ptr, &len)) != 0)
|
||||
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
+ packet_put_string(ptr, len);
|
||||
+ }
|
||||
+ packet_put_string(msg_tok.value, msg_tok.length);
|
||||
|
@ -29,7 +29,7 @@ diff -up openssh-7.6p1/ssh-pkcs11-client.c.pkcs11-ecdsa openssh-7.6p1/ssh-pkcs11
|
||||
{
|
||||
static RSA_METHOD helper_rsa;
|
||||
|
||||
@@ -152,6 +160,85 @@ wrap_key(RSA *rsa)
|
||||
@@ -152,6 +160,88 @@ wrap_key(RSA *rsa)
|
||||
return (0);
|
||||
}
|
||||
|
||||
@ -38,19 +38,20 @@ diff -up openssh-7.6p1/ssh-pkcs11-client.c.pkcs11-ecdsa openssh-7.6p1/ssh-pkcs11
|
||||
+pkcs11_ecdsa_private_sign(const unsigned char *from, int flen,
|
||||
+ const BIGNUM *inv, const BIGNUM *rp, EC_KEY * ecdsa)
|
||||
+{
|
||||
+ struct sshkey *key;
|
||||
+ struct sshkey *key = NULL;
|
||||
+ u_char *blob, *signature = NULL;
|
||||
+ size_t blen, slen = 0;
|
||||
+ struct sshbuf *msg;
|
||||
+ struct sshbuf *msg = NULL;
|
||||
+ ECDSA_SIG *ret = NULL;
|
||||
+ BIGNUM *r = NULL, *s = NULL;
|
||||
+ int rv;
|
||||
+
|
||||
+ key = sshkey_new(KEY_ECDSA);
|
||||
+ if ((key = sshkey_new(KEY_ECDSA)) == NULL)
|
||||
+ fatal("%s: sshkey_new failed", __func__);
|
||||
+ key->ecdsa = ecdsa;
|
||||
+ key->ecdsa_nid = sshkey_ecdsa_key_to_nid(ecdsa);
|
||||
+ if (sshkey_to_blob(key, &blob, &blen) == 0)
|
||||
+ return NULL;
|
||||
+ goto out;
|
||||
+ if ((msg = sshbuf_new()) == NULL)
|
||||
+ fatal("%s: sshbuf_new failed", __func__);
|
||||
+ if ((rv = sshbuf_put_u8(msg, SSH2_AGENTC_SIGN_REQUEST)) != 0 ||
|
||||
@ -76,6 +77,8 @@ diff -up openssh-7.6p1/ssh-pkcs11-client.c.pkcs11-ecdsa openssh-7.6p1/ssh-pkcs11
|
||||
+ }
|
||||
+ free(signature);
|
||||
+ }
|
||||
+out:
|
||||
+ sshkey_free(key);
|
||||
+ sshbuf_free(msg);
|
||||
+ return (ret);
|
||||
+}
|
||||
|
@ -3469,7 +3469,7 @@ index 00000000..da15c164
|
||||
+ struct sshbuf *value)
|
||||
+{
|
||||
+ char *new_part;
|
||||
+ size_t size;
|
||||
+ size_t size = 0;
|
||||
+
|
||||
+ if (value == NULL)
|
||||
+ return NULL;
|
||||
@ -3482,7 +3482,7 @@ index 00000000..da15c164
|
||||
+ sshbuf_free(value);
|
||||
+ free(part);
|
||||
+
|
||||
+ if (size < 0)
|
||||
+ if (size <= 0)
|
||||
+ return NULL;
|
||||
+ return new_part;
|
||||
+}
|
||||
@ -3490,7 +3490,7 @@ index 00000000..da15c164
|
||||
+char *
|
||||
+pkcs11_uri_get(struct pkcs11_uri *uri)
|
||||
+{
|
||||
+ size_t size = -1;
|
||||
+ size_t size = 0;
|
||||
+ char *p = NULL, *path = NULL, *query = NULL;
|
||||
+
|
||||
+ /* compose a percent-encoded ID */
|
||||
@ -3549,7 +3549,7 @@ index 00000000..da15c164
|
||||
+err:
|
||||
+ free(query);
|
||||
+ free(path);
|
||||
+ if (size < 0)
|
||||
+ if (size <= 0)
|
||||
+ return NULL;
|
||||
+ return p;
|
||||
+}
|
||||
|
@ -92,21 +92,21 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-compat
|
||||
|
||||
void
|
||||
-agent_action(Buffer *buf, char ** action, size_t count)
|
||||
+agent_action(struct sshbuf *buf, char ** action, size_t count)
|
||||
+agent_action(struct sshbuf **buf, char ** action, size_t count)
|
||||
{
|
||||
size_t i;
|
||||
- pamsshagentauth_buffer_init(buf);
|
||||
+ int r;
|
||||
|
||||
- pamsshagentauth_buffer_put_int(buf, count);
|
||||
+ if ((buf = sshbuf_new()) == NULL)
|
||||
+ if ((*buf = sshbuf_new()) == NULL)
|
||||
+ fatal("%s: sshbuf_new failed", __func__);
|
||||
+ if ((r = sshbuf_put_u32(buf, count)) != 0)
|
||||
+ if ((r = sshbuf_put_u32(*buf, count)) != 0)
|
||||
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
|
||||
for (i = 0; i < count; i++) {
|
||||
- pamsshagentauth_buffer_put_cstring(buf, action[i]);
|
||||
+ if ((r = sshbuf_put_cstring(buf, action[i])) != 0)
|
||||
+ if ((r = sshbuf_put_cstring(*buf, action[i])) != 0)
|
||||
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
}
|
||||
}
|
||||
@ -152,7 +152,7 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-compat
|
||||
free_logbuf = 1;
|
||||
action_logbuf = log_action(reported_argv, count);
|
||||
- agent_action(&action_agentbuf, reported_argv, count);
|
||||
+ agent_action(action_agentbuf, reported_argv, count);
|
||||
+ agent_action(&action_agentbuf, reported_argv, count);
|
||||
pamsshagentauth_free_command_line(reported_argv, count);
|
||||
}
|
||||
else {
|
||||
|
@ -44,15 +44,16 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-agent o
|
||||
if ((ac = ssh_get_authentication_connection_for_uid(uid))) {
|
||||
verbose("Contacted ssh-agent of user %s (%u)", ruser, uid);
|
||||
- for (key = ssh_get_first_identity(ac, &comment, 2); key != NULL; key = ssh_get_next_identity(ac, &comment, 2))
|
||||
+ if ((r = ssh_fetch_identitylist(ac->fd, &idlist)) != 0) {
|
||||
+ if (r != SSH_ERR_AGENT_NO_IDENTITIES)
|
||||
+ fprintf(stderr, "error fetching identities for "
|
||||
+ "protocol %d: %s\n", 2, ssh_err(r));
|
||||
+ } else {
|
||||
+ for (i = 0; i < idlist->nkeys; i++)
|
||||
{
|
||||
- {
|
||||
- if(key != NULL) {
|
||||
+ if(idlist->keys[i] != NULL) {
|
||||
+ if ((r = ssh_fetch_identitylist(ac->fd, &idlist)) != 0) {
|
||||
+ if (r != SSH_ERR_AGENT_NO_IDENTITIES)
|
||||
+ fprintf(stderr, "error fetching identities for "
|
||||
+ "protocol %d: %s\n", 2, ssh_err(r));
|
||||
+ } else {
|
||||
+ for (i = 0; i < idlist->nkeys; i++)
|
||||
+ {
|
||||
+ if (idlist->keys[i] != NULL) {
|
||||
id = xcalloc(1, sizeof(*id));
|
||||
- id->key = key;
|
||||
- id->filename = comment;
|
||||
@ -67,14 +68,17 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-agent o
|
||||
free(id);
|
||||
if(retval == 1)
|
||||
break;
|
||||
}
|
||||
}
|
||||
sshbuf_free(session_id2);
|
||||
- }
|
||||
- }
|
||||
+ }
|
||||
+ }
|
||||
- sshbuf_free(session_id2);
|
||||
- ssh_close_authentication_connection(ac);
|
||||
+ ssh_free_identitylist(idlist);
|
||||
+ sshbuf_free(session_id2);
|
||||
+ ssh_free_identitylist(idlist);
|
||||
+ }
|
||||
+ ssh_close_authentication_socket(ac->fd);
|
||||
+ free(ac);
|
||||
+ }
|
||||
}
|
||||
else {
|
||||
verbose("No ssh-agent could be contacted");
|
||||
|
Loading…
Reference in New Issue
Block a user