Address SAST scan issues

Resolves: RHEL-36766
2024-08-16 12:26:57 +02:00 · 2024-08-16 12:26:57 +02:00 · dd7a5a9d22
commit dd7a5a9d22
parent acc18112a5
2 changed files with 8 additions and 2 deletions
--- a/openssh-8.0p1-pkcs11-uri.patch
+++ b/openssh-8.0p1-pkcs11-uri.patch
@ -964,7 +964,7 @@ diff -up openssh-9.6p1/ssh-add.c.pkcs11-uri openssh-9.6p1/ssh-add.c
 diff -up openssh-9.6p1/ssh-agent.c.pkcs11-uri openssh-9.6p1/ssh-agent.c
 --- openssh-9.6p1/ssh-agent.c.pkcs11-uri	2023-12-18 15:59:50.000000000 +0100
 +++ openssh-9.6p1/ssh-agent.c	2024-01-12 14:25:25.234942360 +0100
-@@ -1549,10 +1549,72 @@ add_p11_identity(struct sshkey *key, cha
+@@ -1549,10 +1549,74 @@ add_p11_identity(struct sshkey *key, cha
 	idtab->nentries++;
 }
 
@ -978,6 +978,8 @@ diff -up openssh-9.6p1/ssh-agent.c.pkcs11-uri openssh-9.6p1/ssh-agent.c
 +	if (provider == NULL)
 +		return NULL;
 +
+	memset(canonical_provider, 0, sizeof(canonical_provider));
+
 +	if (strlen(provider) >= strlen(PKCS11_URI_SCHEME) &&
 +	    strncmp(provider, PKCS11_URI_SCHEME,
 +	    strlen(PKCS11_URI_SCHEME)) == 0) {
--- a/openssh.spec
+++ b/openssh.spec
@ -39,7 +39,7 @@
 %{?static_openssl:%global static_libcrypto 1}

 %global openssh_ver 9.8p1
-%global openssh_rel 3
+%global openssh_rel 4

 Summary: An open source implementation of SSH protocol version 2
 Name: openssh
@ -653,6 +653,10 @@ test -f %{sysconfig_anaconda} && \
 %attr(0755,root,root) %{_libdir}/sshtest/sk-dummy.so

 %changelog
+* Fri Aug 16 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.8p1-4
+- Address SAST scan issues
+  Resolves: RHEL-36766
+
 * Mon Aug 05 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.8p1-3
 - sshd doesn't propose to enter password again when a non-existing user is specified
  Resolves: RHEL-11981