Fix null dereference issues found by covscan

Related: rhbz#2182252, rhbz#2189740 Signed-off-by: Norbert Pocs <npocs@redhat.com>
2023-05-22 12:53:18 +02:00 · 2023-05-22 12:53:18 +02:00 · 18eec23532
commit 18eec23532
parent e3ddbe6a80
2 changed files with 63 additions and 1 deletions
--- a/covscan23_1.patch
+++ b/covscan23_1.patch
@ -0,0 +1,57 @@
+File ../libssh-0.10.4/.git is a regular file while file ./.git is a directory
+diff --color -ru ../libssh-0.10.4/src/sftp.c ./src/sftp.c
+--- ../libssh-0.10.4/src/sftp.c	2023-05-22 12:45:48.383509085 +0200
+++ ./src/sftp.c	2023-05-22 12:54:31.004037650 +0200
+@@ -1755,6 +1755,10 @@
+ int sftp_close(sftp_file file){
+   int err = SSH_NO_ERROR;
+ 
+  if (file == NULL) {
+      return err;
+  }
+
+   SAFE_FREE(file->name);
+   if (file->handle){
+     err = sftp_handle_close(file->sftp,file->handle);
+@@ -1917,7 +1921,7 @@
+ 
+ /* Read from a file using an opened sftp file handle. */
+ ssize_t sftp_read(sftp_file handle, void *buf, size_t count) {
+-  sftp_session sftp = handle->sftp;
+  sftp_session sftp;
+   sftp_message msg = NULL;
+   sftp_status_message status;
+   ssh_string datastring;
+@@ -1926,6 +1930,11 @@
+   uint32_t id;
+   int rc;
+ 
+  if (handle == NULL) {
+      return -1;
+  }
+  sftp = handle->sftp;
+
+   if (handle->eof) {
+     return 0;
+   }
+@@ -2147,7 +2156,7 @@
+ }
+ 
+ ssize_t sftp_write(sftp_file file, const void *buf, size_t count) {
+-  sftp_session sftp = file->sftp;
+  sftp_session sftp;
+   sftp_message msg = NULL;
+   sftp_status_message status;
+   ssh_buffer buffer;
+@@ -2156,6 +2165,11 @@
+   size_t packetlen;
+   int rc;
+ 
+  if (file == NULL) {
+      return -1;
+  }
+  sftp = file->sftp;
+
+   buffer = ssh_buffer_new();
+   if (buffer == NULL) {
+     ssh_set_error_oom(sftp->session);
--- a/libssh.spec
+++ b/libssh.spec
@ -1,6 +1,6 @@
 Name:           libssh
 Version:        0.10.4
-Release:        9%{?dist}
+Release:        10%{?dist}
 Summary:        A library implementing the SSH protocol
 License:        LGPLv2+
 URL:            http://www.libssh.org
@ -50,6 +50,7 @@ Patch8: null_dereference_rekey.patch
 Patch9: auth_bypass.patch
 Patch10: covscan23.patch
 Patch11: rekey_test_fixup.patch
+Patch12: covscan23_1.patch

 %description
 The ssh library was designed to be used by programmers needing a working SSH
@ -142,6 +143,10 @@ popd
 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/libssh/libssh_server.config

 %changelog
+* Mon May 22 2023 Norbert Pocs <npocs@redhat.com> - 0.10.4.10
+- Fix null dereference issues found by covscan
+- Related: rhbz#2182252, rhbz#2189740
+
 * Wed May 10 2023 Norbert Pocs <npocs@redhat.com> - 0.10.4-9
 - Fix CVE-2023-1667 and CVE-2023-2283
 - Fix issues found by cosvcan