parent
d029bb77ce
commit
9254840e21
@ -1,3 +1,79 @@
|
|||||||
|
diff -up openssh-8.5p1/addr.c.coverity openssh-8.5p1/addr.c
|
||||||
|
--- openssh-8.5p1/addr.c.coverity 2021-03-02 11:31:47.000000000 +0100
|
||||||
|
+++ openssh-8.5p1/addr.c 2021-03-24 12:03:33.782968159 +0100
|
||||||
|
@@ -312,8 +312,10 @@ addr_pton(const char *p, struct xaddr *n
|
||||||
|
if (p == NULL || getaddrinfo(p, NULL, &hints, &ai) != 0)
|
||||||
|
return -1;
|
||||||
|
|
||||||
|
- if (ai == NULL || ai->ai_addr == NULL)
|
||||||
|
+ if (ai == NULL || ai->ai_addr == NULL) {
|
||||||
|
+ freeaddrinfo(ai);
|
||||||
|
return -1;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
if (n != NULL && addr_sa_to_xaddr(ai->ai_addr, ai->ai_addrlen,
|
||||||
|
n) == -1) {
|
||||||
|
@@ -336,12 +338,16 @@ addr_sa_pton(const char *h, const char *
|
||||||
|
if (h == NULL || getaddrinfo(h, s, &hints, &ai) != 0)
|
||||||
|
return -1;
|
||||||
|
|
||||||
|
- if (ai == NULL || ai->ai_addr == NULL)
|
||||||
|
+ if (ai == NULL || ai->ai_addr == NULL) {
|
||||||
|
+ freeaddrinfo(ai);
|
||||||
|
return -1;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
if (sa != NULL) {
|
||||||
|
- if (slen < ai->ai_addrlen)
|
||||||
|
+ if (slen < ai->ai_addrlen) {
|
||||||
|
+ freeaddrinfo(ai);
|
||||||
|
return -1;
|
||||||
|
+ }
|
||||||
|
memcpy(sa, &ai->ai_addr, ai->ai_addrlen);
|
||||||
|
}
|
||||||
|
|
||||||
|
diff -up openssh-8.5p1/auth-krb5.c.coverity openssh-8.5p1/auth-krb5.c
|
||||||
|
--- openssh-8.5p1/auth-krb5.c.coverity 2021-03-24 12:03:33.724967756 +0100
|
||||||
|
+++ openssh-8.5p1/auth-krb5.c 2021-03-24 12:03:33.782968159 +0100
|
||||||
|
@@ -426,6 +426,7 @@ ssh_krb5_cc_new_unique(krb5_context ctx,
|
||||||
|
umask(old_umask);
|
||||||
|
if (tmpfd == -1) {
|
||||||
|
logit("mkstemp(): %.100s", strerror(oerrno));
|
||||||
|
+ free(ccname);
|
||||||
|
return oerrno;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -433,6 +434,7 @@ ssh_krb5_cc_new_unique(krb5_context ctx,
|
||||||
|
oerrno = errno;
|
||||||
|
logit("fchmod(): %.100s", strerror(oerrno));
|
||||||
|
close(tmpfd);
|
||||||
|
+ free(ccname);
|
||||||
|
return oerrno;
|
||||||
|
}
|
||||||
|
/* make sure the KRB5CCNAME is set for non-standard location */
|
||||||
|
diff -up openssh-8.5p1/auth-options.c.coverity openssh-8.5p1/auth-options.c
|
||||||
|
--- openssh-8.5p1/auth-options.c.coverity 2021-03-02 11:31:47.000000000 +0100
|
||||||
|
+++ openssh-8.5p1/auth-options.c 2021-03-24 12:03:33.782968159 +0100
|
||||||
|
@@ -409,8 +409,10 @@ sshauthopt_parse(const char *opts, const
|
||||||
|
errstr = "invalid environment string";
|
||||||
|
goto fail;
|
||||||
|
}
|
||||||
|
- if ((cp = strdup(opt)) == NULL)
|
||||||
|
+ if ((cp = strdup(opt)) == NULL) {
|
||||||
|
+ free(opt);
|
||||||
|
goto alloc_fail;
|
||||||
|
+ }
|
||||||
|
cp[tmp - opt] = '\0'; /* truncate at '=' */
|
||||||
|
if (!valid_env_name(cp)) {
|
||||||
|
free(cp);
|
||||||
|
@@ -706,6 +708,7 @@ serialise_array(struct sshbuf *m, char *
|
||||||
|
return r;
|
||||||
|
}
|
||||||
|
/* success */
|
||||||
|
+ sshbuf_free(b);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
diff -up openssh-7.4p1/channels.c.coverity openssh-7.4p1/channels.c
|
diff -up openssh-7.4p1/channels.c.coverity openssh-7.4p1/channels.c
|
||||||
--- openssh-7.4p1/channels.c.coverity 2016-12-23 16:40:26.881788686 +0100
|
--- openssh-7.4p1/channels.c.coverity 2016-12-23 16:40:26.881788686 +0100
|
||||||
+++ openssh-7.4p1/channels.c 2016-12-23 16:42:36.244818763 +0100
|
+++ openssh-7.4p1/channels.c 2016-12-23 16:42:36.244818763 +0100
|
||||||
@ -16,6 +92,195 @@ diff -up openssh-7.4p1/channels.c.coverity openssh-7.4p1/channels.c
|
|||||||
set_nonblock(efd);
|
set_nonblock(efd);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@@ -1875,7 +1875,7 @@ channel_post_connecting(struct ssh *ssh,
|
||||||
|
debug("channel %d: connection failed: %s",
|
||||||
|
c->self, strerror(err));
|
||||||
|
/* Try next address, if any */
|
||||||
|
- if ((sock = connect_next(&c->connect_ctx)) > 0) {
|
||||||
|
+ if ((sock = connect_next(&c->connect_ctx)) >= 0) {
|
||||||
|
close(c->sock);
|
||||||
|
c->sock = c->rfd = c->wfd = sock;
|
||||||
|
channel_find_maxfd(ssh->chanctxt);
|
||||||
|
@@ -3804,7 +3804,7 @@ int
|
||||||
|
channel_request_remote_forwarding(struct ssh *ssh, struct Forward *fwd)
|
||||||
|
{
|
||||||
|
int r, success = 0, idx = -1;
|
||||||
|
- char *host_to_connect, *listen_host, *listen_path;
|
||||||
|
+ char *host_to_connect = NULL, *listen_host = NULL, *listen_path = NULL;
|
||||||
|
int port_to_connect, listen_port;
|
||||||
|
|
||||||
|
/* Send the forward request to the remote side. */
|
||||||
|
@@ -3832,7 +3832,6 @@ channel_request_remote_forwarding(struct
|
||||||
|
success = 1;
|
||||||
|
if (success) {
|
||||||
|
/* Record that connection to this host/port is permitted. */
|
||||||
|
- host_to_connect = listen_host = listen_path = NULL;
|
||||||
|
port_to_connect = listen_port = 0;
|
||||||
|
if (fwd->connect_path != NULL) {
|
||||||
|
host_to_connect = xstrdup(fwd->connect_path);
|
||||||
|
@@ -3853,6 +3852,9 @@ channel_request_remote_forwarding(struct
|
||||||
|
host_to_connect, port_to_connect,
|
||||||
|
listen_host, listen_path, listen_port, NULL);
|
||||||
|
}
|
||||||
|
+ free(host_to_connect);
|
||||||
|
+ free(listen_host);
|
||||||
|
+ free(listen_path);
|
||||||
|
return idx;
|
||||||
|
}
|
||||||
|
|
||||||
|
diff -up openssh-8.5p1/compat.c.coverity openssh-8.5p1/compat.c
|
||||||
|
--- openssh-8.5p1/compat.c.coverity 2021-03-24 12:03:33.768968062 +0100
|
||||||
|
+++ openssh-8.5p1/compat.c 2021-03-24 12:03:33.783968166 +0100
|
||||||
|
@@ -191,10 +191,12 @@ compat_kex_proposal(struct ssh *ssh, cha
|
||||||
|
return p;
|
||||||
|
debug2_f("original KEX proposal: %s", p);
|
||||||
|
if ((ssh->compat & SSH_BUG_CURVE25519PAD) != 0)
|
||||||
|
+ /* coverity[overwrite_var : FALSE] */
|
||||||
|
if ((p = match_filter_denylist(p,
|
||||||
|
"curve25519-sha256@libssh.org")) == NULL)
|
||||||
|
fatal("match_filter_denylist failed");
|
||||||
|
if ((ssh->compat & SSH_OLD_DHGEX) != 0) {
|
||||||
|
+ /* coverity[overwrite_var : FALSE] */
|
||||||
|
if ((p = match_filter_denylist(p,
|
||||||
|
"diffie-hellman-group-exchange-sha256,"
|
||||||
|
"diffie-hellman-group-exchange-sha1")) == NULL)
|
||||||
|
diff -up openssh-8.5p1/dns.c.coverity openssh-8.5p1/dns.c
|
||||||
|
--- openssh-8.5p1/dns.c.coverity 2021-03-02 11:31:47.000000000 +0100
|
||||||
|
+++ openssh-8.5p1/dns.c 2021-03-24 12:03:33.783968166 +0100
|
||||||
|
@@ -282,6 +282,7 @@ verify_host_key_dns(const char *hostname
|
||||||
|
&hostkey_digest_len, hostkey)) {
|
||||||
|
error("Error calculating key fingerprint.");
|
||||||
|
freerrset(fingerprints);
|
||||||
|
+ free(dnskey_digest);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
diff -up openssh-8.5p1/gss-genr.c.coverity openssh-8.5p1/gss-genr.c
|
||||||
|
--- openssh-8.5p1/gss-genr.c.coverity 2021-03-26 11:52:46.613942552 +0100
|
||||||
|
+++ openssh-8.5p1/gss-genr.c 2021-03-26 11:54:37.881726318 +0100
|
||||||
|
@@ -167,8 +167,9 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup
|
||||||
|
enclen = __b64_ntop(digest,
|
||||||
|
ssh_digest_bytes(SSH_DIGEST_MD5), encoded,
|
||||||
|
ssh_digest_bytes(SSH_DIGEST_MD5) * 2);
|
||||||
|
-
|
||||||
|
+#pragma GCC diagnostic ignored "-Wstringop-overflow"
|
||||||
|
cp = strncpy(s, kex, strlen(kex));
|
||||||
|
+#pragma pop
|
||||||
|
for ((p = strsep(&cp, ",")); p && *p != '\0';
|
||||||
|
(p = strsep(&cp, ","))) {
|
||||||
|
if (sshbuf_len(buf) != 0 &&
|
||||||
|
diff -up openssh-8.5p1/kexgssc.c.coverity openssh-8.5p1/kexgssc.c
|
||||||
|
--- openssh-8.5p1/kexgssc.c.coverity 2021-03-24 12:03:33.711967665 +0100
|
||||||
|
+++ openssh-8.5p1/kexgssc.c 2021-03-24 12:03:33.783968166 +0100
|
||||||
|
@@ -98,8 +98,10 @@ kexgss_client(struct ssh *ssh)
|
||||||
|
default:
|
||||||
|
fatal_f("Unexpected KEX type %d", kex->kex_type);
|
||||||
|
}
|
||||||
|
- if (r != 0)
|
||||||
|
+ if (r != 0) {
|
||||||
|
+ ssh_gssapi_delete_ctx(&ctxt);
|
||||||
|
return r;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
token_ptr = GSS_C_NO_BUFFER;
|
||||||
|
|
||||||
|
diff -up openssh-8.5p1/krl.c.coverity openssh-8.5p1/krl.c
|
||||||
|
--- openssh-8.5p1/krl.c.coverity 2021-03-02 11:31:47.000000000 +0100
|
||||||
|
+++ openssh-8.5p1/krl.c 2021-03-24 12:03:33.783968166 +0100
|
||||||
|
@@ -1209,6 +1209,7 @@ ssh_krl_from_blob(struct sshbuf *buf, st
|
||||||
|
sshkey_free(key);
|
||||||
|
sshbuf_free(copy);
|
||||||
|
sshbuf_free(sect);
|
||||||
|
+ /* coverity[leaked_storage : FALSE] */
|
||||||
|
return r;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -1261,6 +1262,7 @@ is_key_revoked(struct ssh_krl *krl, cons
|
||||||
|
return r;
|
||||||
|
erb = RB_FIND(revoked_blob_tree, &krl->revoked_sha1s, &rb);
|
||||||
|
free(rb.blob);
|
||||||
|
+ rb.blob = NULL; /* make coverity happy */
|
||||||
|
if (erb != NULL) {
|
||||||
|
KRL_DBG(("revoked by key SHA1"));
|
||||||
|
return SSH_ERR_KEY_REVOKED;
|
||||||
|
@@ -1271,6 +1273,7 @@ is_key_revoked(struct ssh_krl *krl, cons
|
||||||
|
return r;
|
||||||
|
erb = RB_FIND(revoked_blob_tree, &krl->revoked_sha256s, &rb);
|
||||||
|
free(rb.blob);
|
||||||
|
+ rb.blob = NULL; /* make coverity happy */
|
||||||
|
if (erb != NULL) {
|
||||||
|
KRL_DBG(("revoked by key SHA256"));
|
||||||
|
return SSH_ERR_KEY_REVOKED;
|
||||||
|
@@ -1282,6 +1285,7 @@ is_key_revoked(struct ssh_krl *krl, cons
|
||||||
|
return r;
|
||||||
|
erb = RB_FIND(revoked_blob_tree, &krl->revoked_keys, &rb);
|
||||||
|
free(rb.blob);
|
||||||
|
+ rb.blob = NULL; /* make coverity happy */
|
||||||
|
if (erb != NULL) {
|
||||||
|
KRL_DBG(("revoked by explicit key"));
|
||||||
|
return SSH_ERR_KEY_REVOKED;
|
||||||
|
diff -up openssh-8.5p1/loginrec.c.coverity openssh-8.5p1/loginrec.c
|
||||||
|
--- openssh-8.5p1/loginrec.c.coverity 2021-03-24 13:18:53.793225885 +0100
|
||||||
|
+++ openssh-8.5p1/loginrec.c 2021-03-24 13:21:27.948404751 +0100
|
||||||
|
@@ -690,9 +690,11 @@ construct_utmp(struct logininfo *li,
|
||||||
|
*/
|
||||||
|
|
||||||
|
/* Use strncpy because we don't necessarily want null termination */
|
||||||
|
+ /* coverity[buffer_size_warning : FALSE] */
|
||||||
|
strncpy(ut->ut_name, li->username,
|
||||||
|
MIN_SIZEOF(ut->ut_name, li->username));
|
||||||
|
# ifdef HAVE_HOST_IN_UTMP
|
||||||
|
+ /* coverity[buffer_size_warning : FALSE] */
|
||||||
|
strncpy(ut->ut_host, li->hostname,
|
||||||
|
MIN_SIZEOF(ut->ut_host, li->hostname));
|
||||||
|
# endif
|
||||||
|
@@ -1690,6 +1692,7 @@ record_failed_login(struct ssh *ssh, con
|
||||||
|
|
||||||
|
memset(&ut, 0, sizeof(ut));
|
||||||
|
/* strncpy because we don't necessarily want nul termination */
|
||||||
|
+ /* coverity[buffer_size_warning : FALSE] */
|
||||||
|
strncpy(ut.ut_user, username, sizeof(ut.ut_user));
|
||||||
|
strlcpy(ut.ut_line, "ssh:notty", sizeof(ut.ut_line));
|
||||||
|
|
||||||
|
@@ -1699,6 +1702,7 @@ record_failed_login(struct ssh *ssh, con
|
||||||
|
ut.ut_pid = getpid();
|
||||||
|
|
||||||
|
/* strncpy because we don't necessarily want nul termination */
|
||||||
|
+ /* coverity[buffer_size_warning : FALSE] */
|
||||||
|
strncpy(ut.ut_host, hostname, sizeof(ut.ut_host));
|
||||||
|
|
||||||
|
if (ssh_packet_connection_is_on_socket(ssh) &&
|
||||||
|
diff -up openssh-8.5p1/misc.c.coverity openssh-8.5p1/misc.c
|
||||||
|
--- openssh-8.5p1/misc.c.coverity 2021-03-24 12:03:33.745967902 +0100
|
||||||
|
+++ openssh-8.5p1/misc.c 2021-03-24 13:31:47.037079617 +0100
|
||||||
|
@@ -1425,6 +1425,8 @@ sanitise_stdfd(void)
|
||||||
|
}
|
||||||
|
if (nullfd > STDERR_FILENO)
|
||||||
|
close(nullfd);
|
||||||
|
+ /* coverity[leaked_handle : FALSE]*/
|
||||||
|
+ /* coverity[leaked_handle : FALSE]*/
|
||||||
|
}
|
||||||
|
|
||||||
|
char *
|
||||||
|
@@ -2511,6 +2513,7 @@ stdfd_devnull(int do_stdin, int do_stdou
|
||||||
|
}
|
||||||
|
if (devnull > STDERR_FILENO)
|
||||||
|
close(devnull);
|
||||||
|
+ /* coverity[leaked_handle : FALSE]*/
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
diff -up openssh-8.5p1/moduli.c.coverity openssh-8.5p1/moduli.c
|
||||||
|
--- openssh-8.5p1/moduli.c.coverity 2021-03-02 11:31:47.000000000 +0100
|
||||||
|
+++ openssh-8.5p1/moduli.c 2021-03-24 12:03:33.784968173 +0100
|
||||||
|
@@ -476,6 +476,7 @@ write_checkpoint(char *cpfile, u_int32_t
|
||||||
|
else
|
||||||
|
logit("failed to write to checkpoint file '%s': %s", cpfile,
|
||||||
|
strerror(errno));
|
||||||
|
+ /* coverity[leaked_storage : FALSE] */
|
||||||
|
}
|
||||||
|
|
||||||
|
static unsigned long
|
||||||
diff -up openssh-7.4p1/monitor.c.coverity openssh-7.4p1/monitor.c
|
diff -up openssh-7.4p1/monitor.c.coverity openssh-7.4p1/monitor.c
|
||||||
--- openssh-7.4p1/monitor.c.coverity 2016-12-23 16:40:26.888788688 +0100
|
--- openssh-7.4p1/monitor.c.coverity 2016-12-23 16:40:26.888788688 +0100
|
||||||
+++ openssh-7.4p1/monitor.c 2016-12-23 16:40:26.900788691 +0100
|
+++ openssh-7.4p1/monitor.c 2016-12-23 16:40:26.900788691 +0100
|
||||||
@ -28,6 +293,15 @@ diff -up openssh-7.4p1/monitor.c.coverity openssh-7.4p1/monitor.c
|
|||||||
;
|
;
|
||||||
|
|
||||||
if (pmonitor->m_recvfd >= 0)
|
if (pmonitor->m_recvfd >= 0)
|
||||||
|
@@ -1678,7 +1678,7 @@ mm_answer_pty(struct ssh *ssh, int sock,
|
||||||
|
s->ptymaster = s->ptyfd;
|
||||||
|
|
||||||
|
debug3_f("tty %s ptyfd %d", s->tty, s->ttyfd);
|
||||||
|
-
|
||||||
|
+ /* coverity[leaked_handle : FALSE] */
|
||||||
|
return (0);
|
||||||
|
|
||||||
|
error:
|
||||||
diff -up openssh-7.4p1/monitor_wrap.c.coverity openssh-7.4p1/monitor_wrap.c
|
diff -up openssh-7.4p1/monitor_wrap.c.coverity openssh-7.4p1/monitor_wrap.c
|
||||||
--- openssh-7.4p1/monitor_wrap.c.coverity 2016-12-23 16:40:26.892788689 +0100
|
--- openssh-7.4p1/monitor_wrap.c.coverity 2016-12-23 16:40:26.892788689 +0100
|
||||||
+++ openssh-7.4p1/monitor_wrap.c 2016-12-23 16:40:26.900788691 +0100
|
+++ openssh-7.4p1/monitor_wrap.c 2016-12-23 16:40:26.900788691 +0100
|
||||||
@ -57,6 +331,17 @@ diff -up openssh-7.4p1/openbsd-compat/bindresvport.c.coverity openssh-7.4p1/open
|
|||||||
int i;
|
int i;
|
||||||
|
|
||||||
if (sa == NULL) {
|
if (sa == NULL) {
|
||||||
|
diff -up openssh-8.5p1/readconf.c.coverity openssh-8.5p1/readconf.c
|
||||||
|
--- openssh-8.5p1/readconf.c.coverity 2021-03-24 12:03:33.778968131 +0100
|
||||||
|
+++ openssh-8.5p1/readconf.c 2021-03-24 12:03:33.785968180 +0100
|
||||||
|
@@ -1847,6 +1847,7 @@ parse_pubkey_algos:
|
||||||
|
} else if (r != 0) {
|
||||||
|
error("%.200s line %d: glob failed for %s.",
|
||||||
|
filename, linenum, arg2);
|
||||||
|
+ free(arg2);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
free(arg2);
|
||||||
diff -up openssh-7.4p1/scp.c.coverity openssh-7.4p1/scp.c
|
diff -up openssh-7.4p1/scp.c.coverity openssh-7.4p1/scp.c
|
||||||
--- openssh-7.4p1/scp.c.coverity 2016-12-23 16:40:26.856788681 +0100
|
--- openssh-7.4p1/scp.c.coverity 2016-12-23 16:40:26.856788681 +0100
|
||||||
+++ openssh-7.4p1/scp.c 2016-12-23 16:40:26.901788691 +0100
|
+++ openssh-7.4p1/scp.c 2016-12-23 16:40:26.901788691 +0100
|
||||||
@ -132,6 +417,24 @@ diff -up openssh-7.4p1/serverloop.c.coverity openssh-7.4p1/serverloop.c
|
|||||||
if (tun != SSH_TUNID_ANY &&
|
if (tun != SSH_TUNID_ANY &&
|
||||||
auth_opts->force_tun_device != (int)tun)
|
auth_opts->force_tun_device != (int)tun)
|
||||||
goto done;
|
goto done;
|
||||||
|
diff -up openssh-8.5p1/session.c.coverity openssh-8.5p1/session.c
|
||||||
|
--- openssh-8.5p1/session.c.coverity 2021-03-24 12:03:33.777968124 +0100
|
||||||
|
+++ openssh-8.5p1/session.c 2021-03-24 12:03:33.786968187 +0100
|
||||||
|
@@ -1223,12 +1223,14 @@ do_setup_env(struct ssh *ssh, Session *s
|
||||||
|
/* Environment specified by admin */
|
||||||
|
for (i = 0; i < options.num_setenv; i++) {
|
||||||
|
cp = xstrdup(options.setenv[i]);
|
||||||
|
+ /* coverity[overwrite_var : FALSE] */
|
||||||
|
if ((value = strchr(cp, '=')) == NULL) {
|
||||||
|
/* shouldn't happen; vars are checked in servconf.c */
|
||||||
|
fatal("Invalid config SetEnv: %s", options.setenv[i]);
|
||||||
|
}
|
||||||
|
*value++ = '\0';
|
||||||
|
child_set_env(&env, &envsize, cp, value);
|
||||||
|
+ free(cp);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* SSH_CLIENT deprecated */
|
||||||
diff -up openssh-7.4p1/sftp.c.coverity openssh-7.4p1/sftp.c
|
diff -up openssh-7.4p1/sftp.c.coverity openssh-7.4p1/sftp.c
|
||||||
--- openssh-7.4p1/sftp.c.coverity 2016-12-19 05:59:41.000000000 +0100
|
--- openssh-7.4p1/sftp.c.coverity 2016-12-19 05:59:41.000000000 +0100
|
||||||
+++ openssh-7.4p1/sftp.c 2016-12-23 16:40:26.903788691 +0100
|
+++ openssh-7.4p1/sftp.c 2016-12-23 16:40:26.903788691 +0100
|
||||||
@ -144,9 +447,45 @@ diff -up openssh-7.4p1/sftp.c.coverity openssh-7.4p1/sftp.c
|
|||||||
}
|
}
|
||||||
|
|
||||||
_exit(1);
|
_exit(1);
|
||||||
|
@@ -762,6 +762,8 @@ process_put(struct sftp_conn *conn, cons
|
||||||
|
fflag || global_fflag) == -1)
|
||||||
|
err = -1;
|
||||||
|
}
|
||||||
|
+ free(abs_dst);
|
||||||
|
+ abs_dst = NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
out:
|
||||||
|
@@ -985,6 +987,7 @@ do_globbed_ls(struct sftp_conn *conn, co
|
||||||
|
if (lflag & LS_LONG_VIEW) {
|
||||||
|
if (g.gl_statv[i] == NULL) {
|
||||||
|
error("no stat information for %s", fname);
|
||||||
|
+ free(fname);
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
lname = ls_file(fname, g.gl_statv[i], 1,
|
||||||
|
diff -up openssh-8.5p1/sk-usbhid.c.coverity openssh-8.5p1/sk-usbhid.c
|
||||||
|
--- openssh-8.5p1/sk-usbhid.c.coverity 2021-03-02 11:31:47.000000000 +0100
|
||||||
|
+++ openssh-8.5p1/sk-usbhid.c 2021-03-24 12:03:33.786968187 +0100
|
||||||
|
@@ -1256,6 +1256,7 @@ sk_load_resident_keys(const char *pin, s
|
||||||
|
freezero(rks[i], sizeof(*rks[i]));
|
||||||
|
}
|
||||||
|
free(rks);
|
||||||
|
+ free(device);
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
diff -up openssh-7.4p1/ssh-agent.c.coverity openssh-7.4p1/ssh-agent.c
|
diff -up openssh-7.4p1/ssh-agent.c.coverity openssh-7.4p1/ssh-agent.c
|
||||||
--- openssh-7.4p1/ssh-agent.c.coverity 2016-12-19 05:59:41.000000000 +0100
|
--- openssh-7.4p1/ssh-agent.c.coverity 2016-12-19 05:59:41.000000000 +0100
|
||||||
+++ openssh-7.4p1/ssh-agent.c 2016-12-23 16:40:26.903788691 +0100
|
+++ openssh-7.4p1/ssh-agent.c 2016-12-23 16:40:26.903788691 +0100
|
||||||
|
@@ -869,6 +869,7 @@ sanitize_pkcs11_provider(const char *pro
|
||||||
|
|
||||||
|
if (pkcs11_uri_parse(provider, uri) != 0) {
|
||||||
|
error("Failed to parse PKCS#11 URI");
|
||||||
|
+ pkcs11_uri_cleanup(uri);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
/* validate also provider from URI */
|
||||||
@@ -1220,8 +1220,8 @@ main(int ac, char **av)
|
@@ -1220,8 +1220,8 @@ main(int ac, char **av)
|
||||||
sanitise_stdfd();
|
sanitise_stdfd();
|
||||||
|
|
||||||
@ -158,6 +497,17 @@ diff -up openssh-7.4p1/ssh-agent.c.coverity openssh-7.4p1/ssh-agent.c
|
|||||||
|
|
||||||
platform_disable_tracing(0); /* strict=no */
|
platform_disable_tracing(0); /* strict=no */
|
||||||
|
|
||||||
|
diff -up openssh-8.5p1/ssh.c.coverity openssh-8.5p1/ssh.c
|
||||||
|
--- openssh-8.5p1/ssh.c.coverity 2021-03-24 12:03:33.779968138 +0100
|
||||||
|
+++ openssh-8.5p1/ssh.c 2021-03-24 12:03:33.786968187 +0100
|
||||||
|
@@ -1746,6 +1746,7 @@ control_persist_detach(void)
|
||||||
|
close(muxserver_sock);
|
||||||
|
muxserver_sock = -1;
|
||||||
|
options.control_master = SSHCTL_MASTER_NO;
|
||||||
|
+ /* coverity[leaked_handle: FALSE]*/
|
||||||
|
muxclient(options.control_path);
|
||||||
|
/* muxclient() doesn't return on success. */
|
||||||
|
fatal("Failed to connect to new control master");
|
||||||
diff -up openssh-7.4p1/sshd.c.coverity openssh-7.4p1/sshd.c
|
diff -up openssh-7.4p1/sshd.c.coverity openssh-7.4p1/sshd.c
|
||||||
--- openssh-7.4p1/sshd.c.coverity 2016-12-23 16:40:26.897788690 +0100
|
--- openssh-7.4p1/sshd.c.coverity 2016-12-23 16:40:26.897788690 +0100
|
||||||
+++ openssh-7.4p1/sshd.c 2016-12-23 16:40:26.904788692 +0100
|
+++ openssh-7.4p1/sshd.c 2016-12-23 16:40:26.904788692 +0100
|
||||||
@ -183,3 +533,67 @@ diff -up openssh-7.4p1/sshd.c.coverity openssh-7.4p1/sshd.c
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@@ -2474,7 +2479,7 @@ do_ssh2_kex(struct ssh *ssh)
|
||||||
|
if (options.rekey_limit || options.rekey_interval)
|
||||||
|
ssh_packet_set_rekey_limits(ssh, options.rekey_limit,
|
||||||
|
options.rekey_interval);
|
||||||
|
-
|
||||||
|
+ /* coverity[leaked_storage : FALSE]*/
|
||||||
|
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(
|
||||||
|
ssh, list_hostkey_types());
|
||||||
|
|
||||||
|
@@ -2519,8 +2524,11 @@ do_ssh2_kex(struct ssh *ssh)
|
||||||
|
|
||||||
|
if (newstr)
|
||||||
|
myproposal[PROPOSAL_KEX_ALGS] = newstr;
|
||||||
|
- else
|
||||||
|
+ else {
|
||||||
|
fatal("No supported key exchange algorithms");
|
||||||
|
+ free(gss);
|
||||||
|
+ }
|
||||||
|
+ /* coverity[leaked_storage: FALSE]*/
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
diff -up openssh-8.5p1/ssh-keygen.c.coverity openssh-8.5p1/ssh-keygen.c
|
||||||
|
--- openssh-8.5p1/ssh-keygen.c.coverity 2021-03-24 12:03:33.780968145 +0100
|
||||||
|
+++ openssh-8.5p1/ssh-keygen.c 2021-03-24 12:03:33.787968194 +0100
|
||||||
|
@@ -2332,6 +2332,9 @@ update_krl_from_file(struct passwd *pw,
|
||||||
|
r = ssh_krl_revoke_key_sha256(krl, blob, blen);
|
||||||
|
if (r != 0)
|
||||||
|
fatal_fr(r, "revoke key failed");
|
||||||
|
+ freezero(blob, blen);
|
||||||
|
+ blob = NULL;
|
||||||
|
+ blen = 0;
|
||||||
|
} else {
|
||||||
|
if (strncasecmp(cp, "key:", 4) == 0) {
|
||||||
|
cp += 4;
|
||||||
|
@@ -2879,6 +2882,7 @@ do_moduli_screen(const char *out_file, c
|
||||||
|
} else if (strncmp(opts[i], "start-line=", 11) == 0) {
|
||||||
|
start_lineno = strtoul(opts[i]+11, NULL, 10);
|
||||||
|
} else if (strncmp(opts[i], "checkpoint=", 11) == 0) {
|
||||||
|
+ free(checkpoint);
|
||||||
|
checkpoint = xstrdup(opts[i]+11);
|
||||||
|
} else if (strncmp(opts[i], "generator=", 10) == 0) {
|
||||||
|
generator_wanted = (u_int32_t)strtonum(
|
||||||
|
@@ -2920,6 +2924,9 @@ do_moduli_screen(const char *out_file, c
|
||||||
|
#else /* WITH_OPENSSL */
|
||||||
|
fatal("Moduli screening is not supported");
|
||||||
|
#endif /* WITH_OPENSSL */
|
||||||
|
+ free(checkpoint);
|
||||||
|
+ if (in != stdin)
|
||||||
|
+ fclose(in);
|
||||||
|
}
|
||||||
|
|
||||||
|
static char *
|
||||||
|
diff -up openssh-8.5p1/sshsig.c.coverity openssh-8.5p1/sshsig.c
|
||||||
|
--- openssh-8.5p1/sshsig.c.coverity 2021-03-02 11:31:47.000000000 +0100
|
||||||
|
+++ openssh-8.5p1/sshsig.c 2021-03-24 12:03:33.787968194 +0100
|
||||||
|
@@ -515,6 +515,7 @@ hash_file(int fd, const char *hashalg, s
|
||||||
|
oerrno = errno;
|
||||||
|
error_f("read: %s", strerror(errno));
|
||||||
|
ssh_digest_free(ctx);
|
||||||
|
+ ctx = NULL;
|
||||||
|
errno = oerrno;
|
||||||
|
r = SSH_ERR_SYSTEM_ERROR;
|
||||||
|
goto out;
|
||||||
|
@ -51,7 +51,7 @@
|
|||||||
|
|
||||||
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
|
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
|
||||||
%global openssh_ver 8.5p1
|
%global openssh_ver 8.5p1
|
||||||
%global openssh_rel 2
|
%global openssh_rel 3
|
||||||
%global pam_ssh_agent_ver 0.10.4
|
%global pam_ssh_agent_ver 0.10.4
|
||||||
%global pam_ssh_agent_rel 2
|
%global pam_ssh_agent_rel 2
|
||||||
|
|
||||||
@ -650,6 +650,9 @@ test -f %{sysconfig_anaconda} && \
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Apr 13 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.5p1-3
|
||||||
|
- Coverity fixes for 8.5p1 (#1938831)
|
||||||
|
|
||||||
* Tue Mar 09 2021 Rex Dieter <rdieter@fedoraproject.org> - 8.5p1-2
|
* Tue Mar 09 2021 Rex Dieter <rdieter@fedoraproject.org> - 8.5p1-2
|
||||||
- ssh-agent.serivce is user unit (#1761817#27)
|
- ssh-agent.serivce is user unit (#1761817#27)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user