simon-git: putty (main): Simon Tatham

Commits to Tartarus hosted VCS tartarus-commits at lists.tartarus.org
Wed Sep 7 14:53:18 BST 2022 

TL;DR:
  1f6d93f0 Fix a batch of resource leaks spotted by Coverity.
  3442fb1a windows/unicode.c: tighten up a bounds check.
  ebaa37e1 utils/cert-expr.c: remove 'lasttoktext' field.
  8c72a9da Windows Pageant: add a missing null-pointer check (maybe).
  d2165448 windows/console.c: add an assertion to pacify Coverity.

Repository:     https://git.tartarus.org/simon/putty.git
On the web:     https://git.tartarus.org/?p=simon/putty.git
Branch updated: main
Committer:      Simon Tatham <anakin at pobox.com>
Date:           2022-09-07 14:53:18

commit 1f6d93f0c87a478e10591960e71fe9dce0a0ecf0
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=1f6d93f0c87a478e10591960e71fe9dce0a0ecf0;hp=16d5bb726972df6b5329aa1654f649c0dce31ef0
Author: Simon Tatham <anakin at pobox.com>
Date:   Wed Sep 7 13:52:58 2022 +0100

    Fix a batch of resource leaks spotted by Coverity.

 crypto/ntru.c      | 10 ++++++++--
 ssh/kex2-client.c  |  1 +
 unix/storage.c     |  2 ++
 windows/puttygen.c |  1 +
 4 files changed, 12 insertions(+), 2 deletions(-)

commit 3442fb1aeba03778478f9ef1a4406ab7bb2777f4
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=3442fb1aeba03778478f9ef1a4406ab7bb2777f4;hp=1f6d93f0c87a478e10591960e71fe9dce0a0ecf0
Author: Simon Tatham <anakin at pobox.com>
Date:   Wed Sep 7 14:18:21 2022 +0100

    windows/unicode.c: tighten up a bounds check.
    
    Coverity points out that if we refer to cp_list[codepage - 65536], we
    ought to have ensured that codepage - 65536 was _less_ than
    lenof(cp_list), not just less or equal.

 windows/unicode.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

commit ebaa37e1590e77644aa5d0c9a85506f18b9bf38b
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=ebaa37e1590e77644aa5d0c9a85506f18b9bf38b;hp=3442fb1aeba03778478f9ef1a4406ab7bb2777f4
Author: Simon Tatham <anakin at pobox.com>
Date:   Wed Sep 7 14:23:36 2022 +0100

    utils/cert-expr.c: remove 'lasttoktext' field.
    
    Coverity spotted me copying an uninitialised variable into it, which
    made me wonder how I hadn't noticed. The answer is that nothing
    actually _uses_ that variable - it's written, but never read. I must
    have put it in during development, thinking I was going to need it for
    something, and then didn't end up using it after all.

 utils/cert-expr.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

commit 8c72a9daa4fffe989d6d342838f650a923058a86
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=8c72a9daa4fffe989d6d342838f650a923058a86;hp=ebaa37e1590e77644aa5d0c9a85506f18b9bf38b
Author: Simon Tatham <anakin at pobox.com>
Date:   Wed Sep 7 14:45:35 2022 +0100

    Windows Pageant: add a missing null-pointer check (maybe).
    
    Coverity complained in keylist_update_callback that in one if
    statement I was allowing for the possibility that alg == NULL, and in
    the next, I was assuming it would always be non-null.
    
    Right now I'm not actually convinced that _either_ check is necessary
    - it would make sense in an agent _client_, where you might be talking
    to an agent that knows key algorithms you don't, but this is the GUI
    built into Pageant itself, so any key it can store internally ought to
    have a known algorithm name.
    
    Still, this fix is certainly _correct_ even if not optimal, and it'll
    do for now.

 windows/pageant.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

commit d2165448021d434e8762c117cafd65cc689557b7
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=d2165448021d434e8762c117cafd65cc689557b7;hp=8c72a9daa4fffe989d6d342838f650a923058a86
Author: Simon Tatham <anakin at pobox.com>
Date:   Wed Sep 7 14:01:51 2022 +0100

    windows/console.c: add an assertion to pacify Coverity.
    
    It complained in console_confirm_ssh_host_key that if the caller
    passed in a SeatDialogText containing no SDT_PROMPT record, then
    'prompt' would be uninitialised.
    
    The answer is "don't do that, then", but fair enough that Coverity
    didn't know that. Added an assertion, which should keep it happy, and
    also cause better error handling if we ever _do_ make that mistake.

 windows/console.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

More information about the tartarus-commits mailing list