Fix new coverity issues
Related: rhbz#2068423 Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
This commit is contained in:
Zoltan Fridrich
parent
d23afae05f
commit
9697eecfeb
|
|
@ -1,6 +1,6 @@
|
||||||
diff --color -rup a/compat.c b/compat.c
|
diff --color -rup a/compat.c b/compat.c
|
||||||
--- a/compat.c 2021-08-20 06:03:49.000000000 +0200
|
--- a/compat.c 2021-08-20 06:03:49.000000000 +0200
|
||||||
+++ b/compat.c 2022-07-11 10:00:56.661195753 +0200
|
+++ b/compat.c 2022-07-14 17:39:23.770268440 +0200
|
||||||
@@ -157,11 +157,12 @@ compat_banner(struct ssh *ssh, const cha
|
@@ -157,11 +157,12 @@ compat_banner(struct ssh *ssh, const cha
|
||||||
debug_f("no match: %s", version);
|
debug_f("no match: %s", version);
|
||||||
}
|
}
|
||||||
|
|
@ -58,9 +58,9 @@ diff --color -rup a/compat.c b/compat.c
|
||||||
debug2_f("compat KEX proposal: %s", p);
|
debug2_f("compat KEX proposal: %s", p);
|
||||||
if (*p == '\0')
|
if (*p == '\0')
|
||||||
diff --color -rup a/sshconnect2.c b/sshconnect2.c
|
diff --color -rup a/sshconnect2.c b/sshconnect2.c
|
||||||
--- a/sshconnect2.c 2022-07-11 09:54:22.300523575 +0200
|
--- a/sshconnect2.c 2022-07-14 17:38:43.241496549 +0200
|
||||||
+++ b/sshconnect2.c 2022-07-11 10:13:20.516655403 +0200
|
+++ b/sshconnect2.c 2022-07-14 17:39:23.772268479 +0200
|
||||||
@@ -218,6 +218,7 @@ ssh_kex2(struct ssh *ssh, char *host, st
|
@@ -222,6 +222,7 @@ ssh_kex2(struct ssh *ssh, char *host, st
|
||||||
{
|
{
|
||||||
char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };
|
char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };
|
||||||
char *s, *all_key;
|
char *s, *all_key;
|
||||||
|
|
@ -68,7 +68,7 @@ diff --color -rup a/sshconnect2.c b/sshconnect2.c
|
||||||
int r, use_known_hosts_order = 0;
|
int r, use_known_hosts_order = 0;
|
||||||
|
|
||||||
#if defined(GSSAPI) && defined(WITH_OPENSSL)
|
#if defined(GSSAPI) && defined(WITH_OPENSSL)
|
||||||
@@ -248,10 +249,9 @@ ssh_kex2(struct ssh *ssh, char *host, st
|
@@ -252,10 +253,9 @@ ssh_kex2(struct ssh *ssh, char *host, st
|
||||||
|
|
||||||
if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL)
|
if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL)
|
||||||
fatal_f("kex_names_cat");
|
fatal_f("kex_names_cat");
|
||||||
|
|
@ -81,7 +81,7 @@ diff --color -rup a/sshconnect2.c b/sshconnect2.c
|
||||||
compat_cipher_proposal(ssh, options.ciphers);
|
compat_cipher_proposal(ssh, options.ciphers);
|
||||||
myproposal[PROPOSAL_COMP_ALGS_CTOS] =
|
myproposal[PROPOSAL_COMP_ALGS_CTOS] =
|
||||||
myproposal[PROPOSAL_COMP_ALGS_STOC] =
|
myproposal[PROPOSAL_COMP_ALGS_STOC] =
|
||||||
@@ -260,12 +260,12 @@ ssh_kex2(struct ssh *ssh, char *host, st
|
@@ -264,12 +264,12 @@ ssh_kex2(struct ssh *ssh, char *host, st
|
||||||
myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
|
myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
|
||||||
if (use_known_hosts_order) {
|
if (use_known_hosts_order) {
|
||||||
/* Query known_hosts and prefer algorithms that appear there */
|
/* Query known_hosts and prefer algorithms that appear there */
|
||||||
|
|
@ -96,7 +96,7 @@ diff --color -rup a/sshconnect2.c b/sshconnect2.c
|
||||||
compat_pkalg_proposal(ssh, options.hostkeyalgorithms);
|
compat_pkalg_proposal(ssh, options.hostkeyalgorithms);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -379,6 +379,10 @@ ssh_kex2(struct ssh *ssh, char *host, st
|
@@ -383,6 +383,10 @@ ssh_kex2(struct ssh *ssh, char *host, st
|
||||||
(r = ssh_packet_write_wait(ssh)) != 0)
|
(r = ssh_packet_write_wait(ssh)) != 0)
|
||||||
fatal_fr(r, "send packet");
|
fatal_fr(r, "send packet");
|
||||||
#endif
|
#endif
|
||||||
|
|
@ -108,12 +108,13 @@ diff --color -rup a/sshconnect2.c b/sshconnect2.c
|
||||||
|
|
||||||
/*
|
/*
|
||||||
diff --color -rup a/sshd.c b/sshd.c
|
diff --color -rup a/sshd.c b/sshd.c
|
||||||
--- a/sshd.c 2022-07-11 09:54:22.301523594 +0200
|
--- a/sshd.c 2022-07-14 17:38:43.242496568 +0200
|
||||||
+++ b/sshd.c 2022-07-11 10:17:15.692209542 +0200
|
+++ b/sshd.c 2022-07-14 17:42:07.616388978 +0200
|
||||||
@@ -2479,14 +2479,14 @@ do_ssh2_kex(struct ssh *ssh)
|
@@ -2493,14 +2493,15 @@ do_ssh2_kex(struct ssh *ssh)
|
||||||
{
|
{
|
||||||
char *myproposal[PROPOSAL_MAX] = { KEX_SERVER };
|
char *myproposal[PROPOSAL_MAX] = { KEX_SERVER };
|
||||||
struct kex *kex;
|
struct kex *kex;
|
||||||
|
+ char *hostkey_types = NULL;
|
||||||
+ char *prop_kex = NULL, *prop_enc = NULL, *prop_hostkey = NULL;
|
+ char *prop_kex = NULL, *prop_enc = NULL, *prop_hostkey = NULL;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
|
|
@ -130,18 +131,20 @@ diff --color -rup a/sshd.c b/sshd.c
|
||||||
myproposal[PROPOSAL_MAC_ALGS_CTOS] =
|
myproposal[PROPOSAL_MAC_ALGS_CTOS] =
|
||||||
myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
|
myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
|
||||||
|
|
||||||
@@ -2499,8 +2499,8 @@ do_ssh2_kex(struct ssh *ssh)
|
@@ -2513,8 +2514,10 @@ do_ssh2_kex(struct ssh *ssh)
|
||||||
ssh_packet_set_rekey_limits(ssh, options.rekey_limit,
|
ssh_packet_set_rekey_limits(ssh, options.rekey_limit,
|
||||||
options.rekey_interval);
|
options.rekey_interval);
|
||||||
|
|
||||||
- myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(
|
- myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(
|
||||||
- ssh, list_hostkey_types());
|
- ssh, list_hostkey_types());
|
||||||
|
+ hostkey_types = list_hostkey_types();
|
||||||
+ myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = prop_hostkey =
|
+ myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = prop_hostkey =
|
||||||
+ compat_pkalg_proposal(ssh, list_hostkey_types());
|
+ compat_pkalg_proposal(ssh, hostkey_types);
|
||||||
|
+ free(hostkey_types);
|
||||||
|
|
||||||
#if defined(GSSAPI) && defined(WITH_OPENSSL)
|
#if defined(GSSAPI) && defined(WITH_OPENSSL)
|
||||||
{
|
{
|
||||||
@@ -2592,6 +2592,9 @@ do_ssh2_kex(struct ssh *ssh)
|
@@ -2606,6 +2609,9 @@ do_ssh2_kex(struct ssh *ssh)
|
||||||
(r = ssh_packet_write_wait(ssh)) != 0)
|
(r = ssh_packet_write_wait(ssh)) != 0)
|
||||||
fatal_fr(r, "send test");
|
fatal_fr(r, "send test");
|
||||||
#endif
|
#endif
|
||||||
|
|
|
||||||
|
|
@ -51,7 +51,7 @@
|
||||||
|
|
||||||
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
|
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
|
||||||
%global openssh_ver 8.7p1
|
%global openssh_ver 8.7p1
|
||||||
%global openssh_rel 17
|
%global openssh_rel 18
|
||||||
%global pam_ssh_agent_ver 0.10.4
|
%global pam_ssh_agent_ver 0.10.4
|
||||||
%global pam_ssh_agent_rel 4
|
%global pam_ssh_agent_rel 4
|
||||||
|
|
||||||
|
|
@ -725,6 +725,10 @@ test -f %{sysconfig_anaconda} && \
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Jul 14 2022 Zoltan Fridrich <zfridric@redhat.com> - 8.7p1-18
|
||||||
|
- Fix new coverity issues
|
||||||
|
Related: rhbz#2068423
|
||||||
|
|
||||||
* Thu Jul 14 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-17
|
* Thu Jul 14 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-17
|
||||||
- Disable ed25519 and ed25519-sk keys in FIPS mode
|
- Disable ed25519 and ed25519-sk keys in FIPS mode
|
||||||
Related: rhbz#2087915
|
Related: rhbz#2087915
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue