]> git.ipfire.org Git - people/ms/ipfire-3.x.git/blame - openssh/patches/openssh-5.9p1-coverity.patch
projects / people / ms / ipfire-3.x.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
openssh: Update to 5.9p1.
[people/ms/ipfire-3.x.git] / openssh / patches / openssh-5.9p1-coverity.patch
CommitLineData
9d8fd3ad
SS		 1diff -up openssh-5.9p1/auth-pam.c.coverity openssh-5.9p1/auth-pam.c
2--- openssh-5.9p1/auth-pam.c.coverity 2009-07-12 14:07:21.000000000 +0200
3+++ openssh-5.9p1/auth-pam.c 2011-09-14 08:09:47.074520582 +0200
4@@ -216,7 +216,12 @@ pthread_join(sp_pthread_t thread, void *
5 if (sshpam_thread_status != -1)
6 return (sshpam_thread_status);
7 signal(SIGCHLD, sshpam_oldsig);
8- waitpid(thread, &status, 0);
9+ while (waitpid(thread, &status, 0) < 0) {
10+ if (errno == EINTR)
11+ continue;
12+ fatal("%s: waitpid: %s", __func__,
13+ strerror(errno));
14+ }
15 return (status);
16 }
17 #endif
18diff -up openssh-5.9p1/channels.c.coverity openssh-5.9p1/channels.c
19--- openssh-5.9p1/channels.c.coverity 2011-06-23 00:31:57.000000000 +0200
20+++ openssh-5.9p1/channels.c 2011-09-14 08:09:47.556582810 +0200
21@@ -229,11 +229,11 @@ channel_register_fds(Channel *c, int rfd
22 channel_max_fd = MAX(channel_max_fd, wfd);
23 channel_max_fd = MAX(channel_max_fd, efd);
24
25- if (rfd != -1)
26+ if (rfd >= 0)
27 fcntl(rfd, F_SETFD, FD_CLOEXEC);
28- if (wfd != -1 && wfd != rfd)
29+ if (wfd >= 0 && wfd != rfd)
30 fcntl(wfd, F_SETFD, FD_CLOEXEC);
31- if (efd != -1 && efd != rfd && efd != wfd)
32+ if (efd >= 0 && efd != rfd && efd != wfd)
33 fcntl(efd, F_SETFD, FD_CLOEXEC);
34
35 c->rfd = rfd;
36@@ -248,11 +248,11 @@ channel_register_fds(Channel *c, int rfd
37
38 /* enable nonblocking mode */
39 if (nonblock) {
40- if (rfd != -1)
41+ if (rfd >= 0)
42 set_nonblock(rfd);
43- if (wfd != -1)
44+ if (wfd >= 0)
45 set_nonblock(wfd);
46- if (efd != -1)
47+ if (efd >= 0)
48 set_nonblock(efd);
49 }
50 }
51diff -up openssh-5.9p1/clientloop.c.coverity openssh-5.9p1/clientloop.c
52--- openssh-5.9p1/clientloop.c.coverity 2011-06-23 00:31:58.000000000 +0200
53+++ openssh-5.9p1/clientloop.c 2011-09-14 08:17:41.556521887 +0200
54@@ -1970,14 +1970,15 @@ client_input_global_request(int type, u_
55 char *rtype;
56 int want_reply;
57 int success = 0;
58+/* success is still 0 the packet is allways SSH2_MSG_REQUEST_FAILURE, isn't it? */
59
60 rtype = packet_get_string(NULL);
61 want_reply = packet_get_char();
62 debug("client_input_global_request: rtype %s want_reply %d",
63 rtype, want_reply);
64 if (want_reply) {
65- packet_start(success ?
66- SSH2_MSG_REQUEST_SUCCESS : SSH2_MSG_REQUEST_FAILURE);
67+ packet_start(/*success ?
68+ SSH2_MSG_REQUEST_SUCCESS :*/ SSH2_MSG_REQUEST_FAILURE);
69 packet_send();
70 packet_write_wait();
71 }
72diff -up openssh-5.9p1/key.c.coverity openssh-5.9p1/key.c
73--- openssh-5.9p1/key.c.coverity 2011-05-20 11:03:08.000000000 +0200
74+++ openssh-5.9p1/key.c 2011-09-14 08:09:47.803458435 +0200
75@@ -803,8 +803,10 @@ key_read(Key *ret, char **cpp)
76 success = 1;
77 /*XXXX*/
78 key_free(k);
79+/*XXXX
80 if (success != 1)
81 break;
82+XXXX*/
83 /* advance cp: skip whitespace and data */
84 while (*cp == ' ' || *cp == '\t')
85 cp++;
86diff -up openssh-5.9p1/misc.c.coverity openssh-5.9p1/misc.c
87diff -up openssh-5.9p1/monitor.c.coverity openssh-5.9p1/monitor.c
88--- openssh-5.9p1/monitor.c.coverity 2011-08-05 22:15:18.000000000 +0200
89+++ openssh-5.9p1/monitor.c 2011-09-14 08:09:47.914584009 +0200
90@@ -420,7 +420,7 @@ monitor_child_preauth(Authctxt *_authctx
91 }
92
93 /* Drain any buffered messages from the child */
94- while (pmonitor->m_log_recvfd != -1 && monitor_read_log(pmonitor) == 0)
95+ while (pmonitor->m_log_recvfd >= 0 && monitor_read_log(pmonitor) == 0)
96 ;
97
98 if (!authctxt->valid)
99@@ -1161,6 +1161,10 @@ mm_answer_keyallowed(int sock, Buffer *m
100 break;
101 }
102 }
103+
104+ debug3("%s: key %p is %s",
105+ __func__, key, allowed ? "allowed" : "not allowed");
106+
107 if (key != NULL)
108 key_free(key);
109
110@@ -1182,9 +1186,6 @@ mm_answer_keyallowed(int sock, Buffer *m
111 xfree(chost);
112 }
113
114- debug3("%s: key %p is %s",
115- __func__, key, allowed ? "allowed" : "not allowed");
116-
117 buffer_clear(m);
118 buffer_put_int(m, allowed);
119 buffer_put_int(m, forced_command != NULL);
120diff -up openssh-5.9p1/monitor_wrap.c.coverity openssh-5.9p1/monitor_wrap.c
121--- openssh-5.9p1/monitor_wrap.c.coverity 2011-09-14 08:11:36.480500123 +0200
122+++ openssh-5.9p1/monitor_wrap.c 2011-09-14 08:14:11.279520598 +0200
123@@ -707,10 +707,10 @@ mm_pty_allocate(int *ptyfd, int *ttyfd,
124 if ((tmp1 = dup(pmonitor->m_recvfd)) == -1 ||
125 (tmp2 = dup(pmonitor->m_recvfd)) == -1) {
126 error("%s: cannot allocate fds for pty", __func__);
127- if (tmp1 > 0)
128+ if (tmp1 >= 0)
129 close(tmp1);
130- if (tmp2 > 0)
131- close(tmp2);
132+ /*DEAD CODE if (tmp2 >= 0)
133+ close(tmp2);*/
134 return 0;
135 }
136 close(tmp1);
137diff -up openssh-5.9p1/openbsd-compat/bindresvport.c.coverity openssh-5.9p1/openbsd-compat/bindresvport.c
138--- openssh-5.9p1/openbsd-compat/bindresvport.c.coverity 2010-12-03 00:50:26.000000000 +0100
139+++ openssh-5.9p1/openbsd-compat/bindresvport.c 2011-09-14 08:09:48.084459344 +0200
140@@ -58,7 +58,7 @@ bindresvport_sa(int sd, struct sockaddr
141 struct sockaddr_in6 *in6;
142 u_int16_t *portp;
143 u_int16_t port;
144- socklen_t salen;
145+ socklen_t salen = sizeof(struct sockaddr_storage);
146 int i;
147
148 if (sa == NULL) {
149diff -up openssh-5.9p1/packet.c.coverity openssh-5.9p1/packet.c
150--- openssh-5.9p1/packet.c.coverity 2011-05-15 00:58:15.000000000 +0200
151+++ openssh-5.9p1/packet.c 2011-09-14 08:09:48.184587842 +0200
152@@ -1177,6 +1177,7 @@ packet_read_poll1(void)
153 case DEATTACK_DETECTED:
154 packet_disconnect("crc32 compensation attack: "
155 "network attack detected");
156+ break;
157 case DEATTACK_DOS_DETECTED:
158 packet_disconnect("deattack denial of "
159 "service detected");
160@@ -1684,7 +1685,7 @@ void
161 packet_write_wait(void)
162 {
163 fd_set *setp;
164- int ret, ms_remain;
165+ int ret, ms_remain = 0;
166 struct timeval start, timeout, *timeoutp = NULL;
167
168 setp = (fd_set *)xcalloc(howmany(active_state->connection_out + 1,
169diff -up openssh-5.9p1/progressmeter.c.coverity openssh-5.9p1/progressmeter.c
170--- openssh-5.9p1/progressmeter.c.coverity 2006-08-05 04:39:40.000000000 +0200
171+++ openssh-5.9p1/progressmeter.c 2011-09-14 08:09:48.300586004 +0200
172@@ -65,7 +65,7 @@ static void update_progress_meter(int);
173
174 static time_t start; /* start progress */
175 static time_t last_update; /* last progress update */
176-static char *file; /* name of the file being transferred */
177+static const char *file; /* name of the file being transferred */
178 static off_t end_pos; /* ending position of transfer */
179 static off_t cur_pos; /* transfer position as of last refresh */
180 static volatile off_t *counter; /* progress counter */
181@@ -247,7 +247,7 @@ update_progress_meter(int ignore)
182 }
183
184 void
185-start_progress_meter(char *f, off_t filesize, off_t *ctr)
186+start_progress_meter(const char *f, off_t filesize, off_t *ctr)
187 {
188 start = last_update = time(NULL);
189 file = f;
190diff -up openssh-5.9p1/progressmeter.h.coverity openssh-5.9p1/progressmeter.h
191--- openssh-5.9p1/progressmeter.h.coverity 2006-03-26 05:30:02.000000000 +0200
192+++ openssh-5.9p1/progressmeter.h 2011-09-14 08:09:48.420645724 +0200
193@@ -23,5 +23,5 @@
194 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
195 */
196
197-void start_progress_meter(char *, off_t, off_t *);
198+void start_progress_meter(const char *, off_t, off_t *);
199 void stop_progress_meter(void);
200diff -up openssh-5.9p1/scp.c.coverity openssh-5.9p1/scp.c
201--- openssh-5.9p1/scp.c.coverity 2011-01-06 12:41:21.000000000 +0100
202+++ openssh-5.9p1/scp.c 2011-09-14 08:09:48.531505457 +0200
203@@ -155,7 +155,7 @@ killchild(int signo)
204 {
205 if (do_cmd_pid > 1) {
206 kill(do_cmd_pid, signo ? signo : SIGTERM);
207- waitpid(do_cmd_pid, NULL, 0);
208+ (void) waitpid(do_cmd_pid, NULL, 0);
209 }
210
211 if (signo)
212diff -up openssh-5.9p1/servconf.c.coverity openssh-5.9p1/servconf.c
213--- openssh-5.9p1/servconf.c.coverity 2011-06-23 00:30:03.000000000 +0200
214+++ openssh-5.9p1/servconf.c 2011-09-14 08:30:17.557468182 +0200
215@@ -609,7 +609,7 @@ match_cfg_line(char **condition, int lin
216 debug3("checking syntax for 'Match %s'", cp);
217 else
218 debug3("checking match for '%s' user %s host %s addr %s", cp,
219- user ? user : "(null)", host ? host : "(null)",
220+ user /* User is not NULL ? user : "(null)" */, host ? host : "(null)",
221 address ? address : "(null)");
222
223 while ((attrib = strdelim(&cp)) && *attrib != '\0') {
224@@ -1171,7 +1171,7 @@ process_server_config_line(ServerOptions
225 fatal("%s line %d: Missing subsystem name.",
226 filename, linenum);
227 if (!*activep) {
228- arg = strdelim(&cp);
229+ /*arg =*/ (void) strdelim(&cp);
230 break;
231 }
232 for (i = 0; i < options->num_subsystems; i++)
233@@ -1262,8 +1262,9 @@ process_server_config_line(ServerOptions
234 if (*activep && *charptr == NULL) {
235 *charptr = tilde_expand_filename(arg, getuid());
236 /* increase optional counter */
237- if (intptr != NULL)
238- *intptr = *intptr + 1;
239+ /* DEAD CODE intptr is still NULL ;)
240+ if (intptr != NULL)
241+ *intptr = *intptr + 1; */
242 }
243 break;
244
245diff -up openssh-5.9p1/serverloop.c.coverity openssh-5.9p1/serverloop.c
246--- openssh-5.9p1/serverloop.c.coverity 2011-05-20 11:02:50.000000000 +0200
247+++ openssh-5.9p1/serverloop.c 2011-09-14 08:09:48.793586380 +0200
248@@ -147,13 +147,13 @@ notify_setup(void)
249 static void
250 notify_parent(void)
251 {
252- if (notify_pipe[1] != -1)
253+ if (notify_pipe[1] >= 0)
254 write(notify_pipe[1], "", 1);
255 }
256 static void
257 notify_prepare(fd_set *readset)
258 {
259- if (notify_pipe[0] != -1)
260+ if (notify_pipe[0] >= 0)
261 FD_SET(notify_pipe[0], readset);
262 }
263 static void
264@@ -161,8 +161,8 @@ notify_done(fd_set *readset)
265 {
266 char c;
267
268- if (notify_pipe[0] != -1 && FD_ISSET(notify_pipe[0], readset))
269- while (read(notify_pipe[0], &c, 1) != -1)
270+ if (notify_pipe[0] >= 0 && FD_ISSET(notify_pipe[0], readset))
271+ while (read(notify_pipe[0], &c, 1) >= 0)
272 debug2("notify_done: reading");
273 }
274
275@@ -330,7 +330,7 @@ wait_until_can_do_something(fd_set **rea
276 * If we have buffered data, try to write some of that data
277 * to the program.
278 */
279- if (fdin != -1 && buffer_len(&stdin_buffer) > 0)
280+ if (fdin >= 0 && buffer_len(&stdin_buffer) > 0)
281 FD_SET(fdin, *writesetp);
282 }
283 notify_prepare(*readsetp);
284@@ -470,7 +470,7 @@ process_output(fd_set *writeset)
285 int len;
286
287 /* Write buffered data to program stdin. */
288- if (!compat20 && fdin != -1 && FD_ISSET(fdin, writeset)) {
289+ if (!compat20 && fdin >= 0 && FD_ISSET(fdin, writeset)) {
290 data = buffer_ptr(&stdin_buffer);
291 dlen = buffer_len(&stdin_buffer);
292 len = write(fdin, data, dlen);
293@@ -583,7 +583,7 @@ server_loop(pid_t pid, int fdin_arg, int
294 set_nonblock(fdin);
295 set_nonblock(fdout);
296 /* we don't have stderr for interactive terminal sessions, see below */
297- if (fderr != -1)
298+ if (fderr >= 0)
299 set_nonblock(fderr);
300
301 if (!(datafellows & SSH_BUG_IGNOREMSG) && isatty(fdin))
302@@ -607,7 +607,7 @@ server_loop(pid_t pid, int fdin_arg, int
303 max_fd = MAX(connection_in, connection_out);
304 max_fd = MAX(max_fd, fdin);
305 max_fd = MAX(max_fd, fdout);
306- if (fderr != -1)
307+ if (fderr >= 0)
308 max_fd = MAX(max_fd, fderr);
309 #endif
310
311@@ -637,7 +637,7 @@ server_loop(pid_t pid, int fdin_arg, int
312 * If we have received eof, and there is no more pending
313 * input data, cause a real eof by closing fdin.
314 */
315- if (stdin_eof && fdin != -1 && buffer_len(&stdin_buffer) == 0) {
316+ if (stdin_eof && fdin >= 0 && buffer_len(&stdin_buffer) == 0) {
317 if (fdin != fdout)
318 close(fdin);
319 else
320@@ -735,15 +735,15 @@ server_loop(pid_t pid, int fdin_arg, int
321 buffer_free(&stderr_buffer);
322
323 /* Close the file descriptors. */
324- if (fdout != -1)
325+ if (fdout >= 0)
326 close(fdout);
327 fdout = -1;
328 fdout_eof = 1;
329- if (fderr != -1)
330+ if (fderr >= 0)
331 close(fderr);
332 fderr = -1;
333 fderr_eof = 1;
334- if (fdin != -1)
335+ if (fdin >= 0)
336 close(fdin);
337 fdin = -1;
338
339@@ -937,7 +937,7 @@ server_input_window_size(int type, u_int
340
341 debug("Window change received.");
342 packet_check_eom();
343- if (fdin != -1)
344+ if (fdin >= 0)
345 pty_change_window_size(fdin, row, col, xpixel, ypixel);
346 }
347
348@@ -990,7 +990,7 @@ server_request_tun(void)
349 }
350
351 tun = packet_get_int();
352- if (forced_tun_device != -1) {
353+ if (forced_tun_device >= 0) {
354 if (tun != SSH_TUNID_ANY && forced_tun_device != tun)
355 goto done;
356 tun = forced_tun_device;
357diff -up openssh-5.9p1/sftp-client.c.coverity openssh-5.9p1/sftp-client.c
358--- openssh-5.9p1/sftp-client.c.coverity 2010-12-04 23:02:48.000000000 +0100
359+++ openssh-5.9p1/sftp-client.c 2011-09-14 08:09:48.910470343 +0200
360@@ -149,7 +149,7 @@ get_msg(struct sftp_conn *conn, Buffer *
361 }
362
363 static void
364-send_string_request(struct sftp_conn *conn, u_int id, u_int code, char *s,
365+send_string_request(struct sftp_conn *conn, u_int id, u_int code, const char *s,
366 u_int len)
367 {
368 Buffer msg;
369@@ -165,7 +165,7 @@ send_string_request(struct sftp_conn *co
370
371 static void
372 send_string_attrs_request(struct sftp_conn *conn, u_int id, u_int code,
373- char *s, u_int len, Attrib *a)
374+ const char *s, u_int len, Attrib *a)
375 {
376 Buffer msg;
377
378@@ -422,7 +422,7 @@ sftp_proto_version(struct sftp_conn *con
379 }
380
381 int
382-do_close(struct sftp_conn *conn, char *handle, u_int handle_len)
383+do_close(struct sftp_conn *conn, const char *handle, u_int handle_len)
384 {
385 u_int id, status;
386 Buffer msg;
387@@ -447,7 +447,7 @@ do_close(struct sftp_conn *conn, char *h
388
389
390 static int
391-do_lsreaddir(struct sftp_conn *conn, char *path, int printflag,
392+do_lsreaddir(struct sftp_conn *conn, const char *path, int printflag,
393 SFTP_DIRENT ***dir)
394 {
395 Buffer msg;
396@@ -571,7 +571,7 @@ do_lsreaddir(struct sftp_conn *conn, cha
397 }
398
399 int
400-do_readdir(struct sftp_conn *conn, char *path, SFTP_DIRENT ***dir)
401+do_readdir(struct sftp_conn *conn, const char *path, SFTP_DIRENT ***dir)
402 {
403 return(do_lsreaddir(conn, path, 0, dir));
404 }
405@@ -589,7 +589,7 @@ void free_sftp_dirents(SFTP_DIRENT **s)
406 }
407
408 int
409-do_rm(struct sftp_conn *conn, char *path)
410+do_rm(struct sftp_conn *conn, const char *path)
411 {
412 u_int status, id;
413
414@@ -604,7 +604,7 @@ do_rm(struct sftp_conn *conn, char *path
415 }
416
417 int
418-do_mkdir(struct sftp_conn *conn, char *path, Attrib *a, int printflag)
419+do_mkdir(struct sftp_conn *conn, const char *path, Attrib *a, int printflag)
420 {
421 u_int status, id;
422
423@@ -620,7 +620,7 @@ do_mkdir(struct sftp_conn *conn, char *p
424 }
425
426 int
427-do_rmdir(struct sftp_conn *conn, char *path)
428+do_rmdir(struct sftp_conn *conn, const char *path)
429 {
430 u_int status, id;
431
432@@ -636,7 +636,7 @@ do_rmdir(struct sftp_conn *conn, char *p
433 }
434
435 Attrib *
436-do_stat(struct sftp_conn *conn, char *path, int quiet)
437+do_stat(struct sftp_conn *conn, const char *path, int quiet)
438 {
439 u_int id;
440
441@@ -650,7 +650,7 @@ do_stat(struct sftp_conn *conn, char *pa
442 }
443
444 Attrib *
445-do_lstat(struct sftp_conn *conn, char *path, int quiet)
446+do_lstat(struct sftp_conn *conn, const char *path, int quiet)
447 {
448 u_int id;
449
450@@ -684,7 +684,7 @@ do_fstat(struct sftp_conn *conn, char *h
451 #endif
452
453 int
454-do_setstat(struct sftp_conn *conn, char *path, Attrib *a)
455+do_setstat(struct sftp_conn *conn, const char *path, Attrib *a)
456 {
457 u_int status, id;
458
459@@ -701,7 +701,7 @@ do_setstat(struct sftp_conn *conn, char
460 }
461
462 int
463-do_fsetstat(struct sftp_conn *conn, char *handle, u_int handle_len,
464+do_fsetstat(struct sftp_conn *conn, const char *handle, u_int handle_len,
465 Attrib *a)
466 {
467 u_int status, id;
468@@ -718,12 +718,12 @@ do_fsetstat(struct sftp_conn *conn, char
469 }
470
471 char *
472-do_realpath(struct sftp_conn *conn, char *path)
473+do_realpath(struct sftp_conn *conn, const char *path)
474 {
475 Buffer msg;
476 u_int type, expected_id, count, id;
477 char *filename, *longname;
478- Attrib *a;
479+/*UNUSED Attrib *a; */
480
481 expected_id = id = conn->msg_id++;
482 send_string_request(conn, id, SSH2_FXP_REALPATH, path,
483@@ -754,7 +754,7 @@ do_realpath(struct sftp_conn *conn, char
484
485 filename = buffer_get_string(&msg, NULL);
486 longname = buffer_get_string(&msg, NULL);
487- a = decode_attrib(&msg);
488+ /*a =*/ (void) decode_attrib(&msg);
489
490 debug3("SSH_FXP_REALPATH %s -> %s", path, filename);
491
492@@ -766,7 +766,7 @@ do_realpath(struct sftp_conn *conn, char
493 }
494
495 int
496-do_rename(struct sftp_conn *conn, char *oldpath, char *newpath)
497+do_rename(struct sftp_conn *conn, const char *oldpath, const char *newpath)
498 {
499 Buffer msg;
500 u_int status, id;
501@@ -800,7 +800,7 @@ do_rename(struct sftp_conn *conn, char *
502 }
503
504 int
505-do_hardlink(struct sftp_conn *conn, char *oldpath, char *newpath)
506+do_hardlink(struct sftp_conn *conn, const char *oldpath, const char *newpath)
507 {
508 Buffer msg;
509 u_int status, id;
510@@ -833,7 +833,7 @@ do_hardlink(struct sftp_conn *conn, char
511 }
512
513 int
514-do_symlink(struct sftp_conn *conn, char *oldpath, char *newpath)
515+do_symlink(struct sftp_conn *conn, const char *oldpath, const char *newpath)
516 {
517 Buffer msg;
518 u_int status, id;
519@@ -984,7 +984,7 @@ send_read_request(struct sftp_conn *conn
520 }
521
522 int
523-do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
524+do_download(struct sftp_conn *conn, const char *remote_path, const char *local_path,
525 Attrib *a, int pflag)
526 {
527 Attrib junk;
528@@ -1223,7 +1223,7 @@ do_download(struct sftp_conn *conn, char
529 }
530
531 static int
532-download_dir_internal(struct sftp_conn *conn, char *src, char *dst,
533+download_dir_internal(struct sftp_conn *conn, const char *src, const char *dst,
534 Attrib *dirattrib, int pflag, int printflag, int depth)
535 {
536 int i, ret = 0;
537@@ -1313,7 +1313,7 @@ download_dir_internal(struct sftp_conn *
538 }
539
540 int
541-download_dir(struct sftp_conn *conn, char *src, char *dst,
542+download_dir(struct sftp_conn *conn, const char *src, const char *dst,
543 Attrib *dirattrib, int pflag, int printflag)
544 {
545 char *src_canon;
546@@ -1331,7 +1331,7 @@ download_dir(struct sftp_conn *conn, cha
547 }
548
549 int
550-do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
551+do_upload(struct sftp_conn *conn, const char *local_path, const char *remote_path,
552 int pflag)
553 {
554 int local_fd;
555@@ -1514,7 +1514,7 @@ do_upload(struct sftp_conn *conn, char *
556 }
557
558 static int
559-upload_dir_internal(struct sftp_conn *conn, char *src, char *dst,
560+upload_dir_internal(struct sftp_conn *conn, const char *src, const char *dst,
561 int pflag, int printflag, int depth)
562 {
563 int ret = 0, status;
564@@ -1605,7 +1605,7 @@ upload_dir_internal(struct sftp_conn *co
565 }
566
567 int
568-upload_dir(struct sftp_conn *conn, char *src, char *dst, int printflag,
569+upload_dir(struct sftp_conn *conn, const char *src, const char *dst, int printflag,
570 int pflag)
571 {
572 char *dst_canon;
573@@ -1622,7 +1622,7 @@ upload_dir(struct sftp_conn *conn, char
574 }
575
576 char *
577-path_append(char *p1, char *p2)
578+path_append(const char *p1, const char *p2)
579 {
580 char *ret;
581 size_t len = strlen(p1) + strlen(p2) + 2;
582diff -up openssh-5.9p1/sftp-client.h.coverity openssh-5.9p1/sftp-client.h
583--- openssh-5.9p1/sftp-client.h.coverity 2010-12-04 23:02:48.000000000 +0100
584+++ openssh-5.9p1/sftp-client.h 2011-09-14 08:09:49.021583940 +0200
585@@ -56,49 +56,49 @@ struct sftp_conn *do_init(int, int, u_in
586 u_int sftp_proto_version(struct sftp_conn *);
587
588 /* Close file referred to by 'handle' */
589-int do_close(struct sftp_conn *, char *, u_int);
590+int do_close(struct sftp_conn *, const char *, u_int);
591
592 /* Read contents of 'path' to NULL-terminated array 'dir' */
593-int do_readdir(struct sftp_conn *, char *, SFTP_DIRENT ***);
594+int do_readdir(struct sftp_conn *, const char *, SFTP_DIRENT ***);
595
596 /* Frees a NULL-terminated array of SFTP_DIRENTs (eg. from do_readdir) */
597 void free_sftp_dirents(SFTP_DIRENT **);
598
599 /* Delete file 'path' */
600-int do_rm(struct sftp_conn *, char *);
601+int do_rm(struct sftp_conn *, const char *);
602
603 /* Create directory 'path' */
604-int do_mkdir(struct sftp_conn *, char *, Attrib *, int);
605+int do_mkdir(struct sftp_conn *, const char *, Attrib *, int);
606
607 /* Remove directory 'path' */
608-int do_rmdir(struct sftp_conn *, char *);
609+int do_rmdir(struct sftp_conn *, const char *);
610
611 /* Get file attributes of 'path' (follows symlinks) */
612-Attrib *do_stat(struct sftp_conn *, char *, int);
613+Attrib *do_stat(struct sftp_conn *, const char *, int);
614
615 /* Get file attributes of 'path' (does not follow symlinks) */
616-Attrib *do_lstat(struct sftp_conn *, char *, int);
617+Attrib *do_lstat(struct sftp_conn *, const char *, int);
618
619 /* Set file attributes of 'path' */
620-int do_setstat(struct sftp_conn *, char *, Attrib *);
621+int do_setstat(struct sftp_conn *, const char *, Attrib *);
622
623 /* Set file attributes of open file 'handle' */
624-int do_fsetstat(struct sftp_conn *, char *, u_int, Attrib *);
625+int do_fsetstat(struct sftp_conn *, const char *, u_int, Attrib *);
626
627 /* Canonicalise 'path' - caller must free result */
628-char *do_realpath(struct sftp_conn *, char *);
629+char *do_realpath(struct sftp_conn *, const char *);
630
631 /* Get statistics for filesystem hosting file at "path" */
632 int do_statvfs(struct sftp_conn *, const char *, struct sftp_statvfs *, int);
633
634 /* Rename 'oldpath' to 'newpath' */
635-int do_rename(struct sftp_conn *, char *, char *);
636+int do_rename(struct sftp_conn *, const char *, const char *);
637
638 /* Link 'oldpath' to 'newpath' */
639-int do_hardlink(struct sftp_conn *, char *, char *);
640+int do_hardlink(struct sftp_conn *, const char *, const char *);
641
642-/* Rename 'oldpath' to 'newpath' */
643-int do_symlink(struct sftp_conn *, char *, char *);
644+/* Symlink 'oldpath' to 'newpath' */
645+int do_symlink(struct sftp_conn *, const char *, const char *);
646
647 /* XXX: add callbacks to do_download/do_upload so we can do progress meter */
648
649@@ -106,27 +106,27 @@ int do_symlink(struct sftp_conn *, char
650 * Download 'remote_path' to 'local_path'. Preserve permissions and times
651 * if 'pflag' is set
652 */
653-int do_download(struct sftp_conn *, char *, char *, Attrib *, int);
654+int do_download(struct sftp_conn *, const char *, const char *, Attrib *, int);
655
656 /*
657 * Recursively download 'remote_directory' to 'local_directory'. Preserve
658 * times if 'pflag' is set
659 */
660-int download_dir(struct sftp_conn *, char *, char *, Attrib *, int, int);
661+int download_dir(struct sftp_conn *, const char *, const char *, Attrib *, int, int);
662
663 /*
664 * Upload 'local_path' to 'remote_path'. Preserve permissions and times
665 * if 'pflag' is set
666 */
667-int do_upload(struct sftp_conn *, char *, char *, int);
668+int do_upload(struct sftp_conn *, const char *, const char *, int);
669
670 /*
671 * Recursively upload 'local_directory' to 'remote_directory'. Preserve
672 * times if 'pflag' is set
673 */
674-int upload_dir(struct sftp_conn *, char *, char *, int, int);
675+int upload_dir(struct sftp_conn *, const char *, const char *, int, int);
676
677 /* Concatenate paths, taking care of slashes. Caller must free result. */
678-char *path_append(char *, char *);
679+char *path_append(const char *, const char *);
680
681 #endif
682diff -up openssh-5.9p1/sftp.c.coverity openssh-5.9p1/sftp.c
683--- openssh-5.9p1/sftp.c.coverity 2010-12-04 23:02:48.000000000 +0100
684+++ openssh-5.9p1/sftp.c 2011-09-14 08:09:49.468493585 +0200
685@@ -206,7 +206,7 @@ killchild(int signo)
686 {
687 if (sshpid > 1) {
688 kill(sshpid, SIGTERM);
689- waitpid(sshpid, NULL, 0);
690+ (void) waitpid(sshpid, NULL, 0);
691 }
692
693 _exit(1);
694@@ -316,7 +316,7 @@ local_do_ls(const char *args)
695
696 /* Strip one path (usually the pwd) from the start of another */
697 static char *
698-path_strip(char *path, char *strip)
699+path_strip(const char *path, const char *strip)
700 {
701 size_t len;
702
703@@ -334,7 +334,7 @@ path_strip(char *path, char *strip)
704 }
705
706 static char *
707-make_absolute(char *p, char *pwd)
708+make_absolute(char *p, const char *pwd)
709 {
710 char *abs_str;
711
712@@ -482,7 +482,7 @@ parse_df_flags(const char *cmd, char **a
713 }
714
715 static int
716-is_dir(char *path)
717+is_dir(const char *path)
718 {
719 struct stat sb;
720
721@@ -494,7 +494,7 @@ is_dir(char *path)
722 }
723
724 static int
725-remote_is_dir(struct sftp_conn *conn, char *path)
726+remote_is_dir(struct sftp_conn *conn, const char *path)
727 {
728 Attrib *a;
729
730@@ -508,7 +508,7 @@ remote_is_dir(struct sftp_conn *conn, ch
731
732 /* Check whether path returned from glob(..., GLOB_MARK, ...) is a directory */
733 static int
734-pathname_is_dir(char *pathname)
735+pathname_is_dir(const char *pathname)
736 {
737 size_t l = strlen(pathname);
738
739@@ -516,7 +516,7 @@ pathname_is_dir(char *pathname)
740 }
741
742 static int
743-process_get(struct sftp_conn *conn, char *src, char *dst, char *pwd,
744+process_get(struct sftp_conn *conn, const char *src, const char *dst, const char *pwd,
745 int pflag, int rflag)
746 {
747 char *abs_src = NULL;
748@@ -590,7 +590,7 @@ out:
749 }
750
751 static int
752-process_put(struct sftp_conn *conn, char *src, char *dst, char *pwd,
753+process_put(struct sftp_conn *conn, const char *src, const char *dst, const char *pwd,
754 int pflag, int rflag)
755 {
756 char *tmp_dst = NULL;
757@@ -695,7 +695,7 @@ sdirent_comp(const void *aa, const void
758
759 /* sftp ls.1 replacement for directories */
760 static int
761-do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag)
762+do_ls_dir(struct sftp_conn *conn, const char *path, const char *strip_path, int lflag)
763 {
764 int n;
765 u_int c = 1, colspace = 0, columns = 1;
766@@ -780,10 +780,10 @@ do_ls_dir(struct sftp_conn *conn, char *
767
768 /* sftp ls.1 replacement which handles path globs */
769 static int
770-do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path,
771+do_globbed_ls(struct sftp_conn *conn, const char *path, const char *strip_path,
772 int lflag)
773 {
774- Attrib *a = NULL;
775+/*UNUSED Attrib *a = NULL;*/
776 char *fname, *lname;
777 glob_t g;
778 int err;
779@@ -828,7 +828,7 @@ do_globbed_ls(struct sftp_conn *conn, ch
780 colspace = width / columns;
781 }
782
783- for (i = 0; g.gl_pathv[i] && !interrupted; i++, a = NULL) {
784+ for (i = 0; g.gl_pathv[i] && !interrupted; i++/*, a = NULL*/) {
785 fname = path_strip(g.gl_pathv[i], strip_path);
786 if (lflag & LS_LONG_VIEW) {
787 if (g.gl_statv[i] == NULL) {
788@@ -861,7 +861,7 @@ do_globbed_ls(struct sftp_conn *conn, ch
789 }
790
791 static int
792-do_df(struct sftp_conn *conn, char *path, int hflag, int iflag)
793+do_df(struct sftp_conn *conn, const char *path, int hflag, int iflag)
794 {
795 struct sftp_statvfs st;
796 char s_used[FMT_SCALED_STRSIZE];
797diff -up openssh-5.9p1/ssh-agent.c.coverity openssh-5.9p1/ssh-agent.c
798--- openssh-5.9p1/ssh-agent.c.coverity 2011-06-03 06:14:16.000000000 +0200
799+++ openssh-5.9p1/ssh-agent.c 2011-09-14 08:09:49.572460295 +0200
800@@ -1147,8 +1147,8 @@ main(int ac, char **av)
801 sanitise_stdfd();
802
803 /* drop */
804- setegid(getgid());
805- setgid(getgid());
806+ (void) setegid(getgid());
807+ (void) setgid(getgid());
808
809 #if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
810 /* Disable ptrace on Linux without sgid bit */
811diff -up openssh-5.9p1/sshd.c.coverity openssh-5.9p1/sshd.c
812--- openssh-5.9p1/sshd.c.coverity 2011-06-23 11:45:51.000000000 +0200
813+++ openssh-5.9p1/sshd.c 2011-09-14 08:09:49.687509968 +0200
814@@ -676,8 +676,10 @@ privsep_preauth(Authctxt *authctxt)
815 if (getuid() == 0 || geteuid() == 0)
816 privsep_preauth_child();
817 setproctitle("%s", "[net]");
818- if (box != NULL)
819+ if (box != NULL) {
820 ssh_sandbox_child(box);
821+ xfree(box);
822+ }
823
824 return 0;
825 }
826@@ -1302,6 +1304,9 @@ server_accept_loop(int *sock_in, int *so
827 if (num_listen_socks < 0)
828 break;
829 }
830+
831+ if (fdset != NULL)
832+ xfree(fdset);
833 }
834
835
836@@ -1774,7 +1779,7 @@ main(int ac, char **av)
837
838 /* Chdir to the root directory so that the current disk can be
839 unmounted if desired. */
840- chdir("/");
841+ (void) chdir("/");
842
843 /* ignore SIGPIPE */
844 signal(SIGPIPE, SIG_IGN);
Michael's tree of IPFire 3.x.