Skip to content

Commit 76af855

Browse files
authored
additional codeql fixes (#644)
* first pass at some codeql fixes * address review feedback
1 parent 28387fe commit 76af855

File tree

7 files changed

+18
-11
lines changed

7 files changed

+18
-11
lines changed

clientloop.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2266,7 +2266,7 @@ client_input_hostkeys(struct ssh *ssh)
22662266
}
22672267
fp = sshkey_fingerprint(key, options.fingerprint_hash,
22682268
SSH_FP_DEFAULT);
2269-
debug3_f("received %s key %s", sshkey_type(key), fp);
2269+
debug3_f("received %s key %s", sshkey_type(key), fp); // CodeQL [SM02311]: debug3_f can accept NULL value for fp
22702270
free(fp);
22712271

22722272
if (!key_accepted_by_hostkeyalgs(key)) {

contrib/win32/win32compat/ssh-agent/agent.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -300,8 +300,8 @@ get_con_client_info(struct agent_connection* con)
300300
goto done;
301301
}
302302

303-
if (GetTokenInformation(client_primary_token, TokenUser, NULL, 0, &info_len) == TRUE || // CodeQL [SM02320]: GetTokenInformation will initialize info
304-
(info = (TOKEN_USER*)malloc(info_len)) == NULL)
303+
if (GetTokenInformation(client_primary_token, TokenUser, NULL, 0, &info_len) == TRUE ||
304+
(info = (TOKEN_USER*)malloc(info_len)) == NULL) // CodeQL [SM02320]: GetTokenInformation will initialize info
305305
goto done;
306306

307307
if (GetTokenInformation(client_primary_token, TokenUser, info, info_len, &info_len) == FALSE)

readconf.c

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -337,6 +337,7 @@ kex_default_pk_alg(void)
337337
char *all_key;
338338

339339
all_key = sshkey_alg_list(0, 0, 1, ',');
340+
if (NULL == all_key) return NULL; // fix CodeQL SM02311
340341
pkalgs = match_filter_allowlist(KEX_DEFAULT_PK_ALG, all_key);
341342
free(all_key);
342343
}
@@ -2655,6 +2656,10 @@ fill_default_options(Options * options)
26552656
all_kex = kex_alg_list(',');
26562657
all_key = sshkey_alg_list(0, 0, 1, ',');
26572658
all_sig = sshkey_alg_list(0, 1, 1, ',');
2659+
if (NULL == all_key || NULL == all_sig) { // fix CodeQL SM02311
2660+
ret = SSH_ERR_INTERNAL_ERROR;
2661+
goto fail;
2662+
}
26582663
/* remove unsupported algos from default lists */
26592664
def_cipher = match_filter_allowlist(KEX_CLIENT_ENCRYPT, all_cipher);
26602665
def_mac = match_filter_allowlist(KEX_CLIENT_MAC, all_mac);
@@ -3281,7 +3286,7 @@ dump_client_config(Options *o, const char *host)
32813286
*/
32823287
all_key = sshkey_alg_list(0, 0, 1, ',');
32833288
if ((r = kex_assemble_names(&o->hostkeyalgorithms, kex_default_pk_alg(),
3284-
all_key)) != 0)
3289+
all_key)) != 0) // CodeQL [SM02311]: kex_assemble_names checks for NULL input
32853290
fatal_fr(r, "expand HostKeyAlgorithms");
32863291
free(all_key);
32873292

servconf.c

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -217,6 +217,7 @@ assemble_algorithms(ServerOptions *o)
217217
all_kex = kex_alg_list(',');
218218
all_key = sshkey_alg_list(0, 0, 1, ',');
219219
all_sig = sshkey_alg_list(0, 1, 1, ',');
220+
if (NULL == all_key || NULL == all_sig) goto fail; // fix CodeQL SM02311
220221
/* remove unsupported algos from default lists */
221222
def_cipher = match_filter_allowlist(KEX_SERVER_ENCRYPT, all_cipher);
222223
def_mac = match_filter_allowlist(KEX_SERVER_MAC, all_mac);
@@ -236,6 +237,7 @@ assemble_algorithms(ServerOptions *o)
236237
ASSEMBLE(pubkey_accepted_algos, def_key, all_key);
237238
ASSEMBLE(ca_sign_algorithms, def_sig, all_sig);
238239
#undef ASSEMBLE
240+
fail:
239241
free(all_cipher);
240242
free(all_mac);
241243
free(all_kex);
@@ -1048,7 +1050,7 @@ match_cfg_line(char **condition, int line, struct connection_info *ci)
10481050
ci->address ? ci->address : "(null)",
10491051
ci->laddress ? ci->laddress : "(null)", ci->lport);
10501052

1051-
while ((attrib = strdelim(&cp)) && *attrib != '\0') {
1053+
while ((attrib = strdelim(&cp)) && *attrib != '\0') { // CodeQL [SM02311]: false positive attrib is null checked
10521054
/* Terminate on comment */
10531055
if (*attrib == '#') {
10541056
cp = NULL; /* mark all arguments consumed */

sftp-client.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -537,12 +537,12 @@ do_init(int fd_in, int fd_out, u_int transfer_buflen, u_int num_requests,
537537
ret->exts |= SFTP_EXT_PATH_EXPAND;
538538
known = 1;
539539
} else if (strcmp(name, "copy-data") == 0 &&
540-
strcmp((char *)value, "1") == 0) {
540+
strcmp((char *)value, "1") == 0) { // CodeQL [SM03650] false positive: value has not been previously freed
541541
ret->exts |= SFTP_EXT_COPY_DATA;
542542
known = 1;
543543
} else if (strcmp(name,
544544
"[email protected]") == 0 &&
545-
strcmp((char *)value, "1") == 0) {
545+
strcmp((char *)value, "1") == 0) { // CodeQL [SM03650] false positive: value has not been previously freed
546546
ret->exts |= SFTP_EXT_GETUSERSGROUPS_BY_ID;
547547
known = 1;
548548
}

sshconnect.c

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1134,7 +1134,7 @@ check_host_key(char *hostname, const struct ssh_conn_info *cinfo,
11341134
options.fingerprint_hash, SSH_FP_RANDOMART);
11351135
if (fp == NULL || ra == NULL)
11361136
fatal_f("sshkey_fingerprint failed");
1137-
logit("Host key fingerprint is %s\n%s", fp, ra);
1137+
logit("Host key fingerprint is %s\n%s", fp, ra); // CodeQL [SM02311]: false positive NULL check for ra in earlier line
11381138
free(ra);
11391139
free(fp);
11401140
}
@@ -1188,7 +1188,7 @@ check_host_key(char *hostname, const struct ssh_conn_info *cinfo,
11881188
xextendf(&msg1, "\n", "%s key fingerprint is %s.",
11891189
type, fp);
11901190
if (options.visual_host_key)
1191-
xextendf(&msg1, "\n", "%s", ra);
1191+
xextendf(&msg1, "\n", "%s", ra); // CodeQL [SM02311]: false positive NULL check for ra in earlier line
11921192
if (options.verify_host_key_dns) {
11931193
xextendf(&msg1, "\n",
11941194
"%s host key fingerprint found in DNS.",
@@ -1640,7 +1640,7 @@ show_other_keys(struct hostkeys *hostkeys, struct sshkey *key)
16401640
found->host, found->file, found->line,
16411641
sshkey_type(found->key), fp);
16421642
if (options.visual_host_key)
1643-
logit("%s", ra);
1643+
logit("%s", ra); // CodeQL [SM02311]: false positive NULL check for ra in earlier line
16441644
free(ra);
16451645
free(fp);
16461646
ret = 1;

sshd.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1190,7 +1190,7 @@ notify_hostkeys(struct ssh *ssh)
11901190
continue;
11911191
fp = sshkey_fingerprint(key, options.fingerprint_hash,
11921192
SSH_FP_DEFAULT);
1193-
debug3_f("key %d: %s %s", i, sshkey_ssh_name(key), fp);
1193+
debug3_f("key %d: %s %s", i, sshkey_ssh_name(key), fp); // CodeQL [SM02311]: debug3_f can accept NULL value for fp
11941194
free(fp);
11951195
if (nkeys == 0) {
11961196
/*

0 commit comments

Comments
 (0)