-
-
Notifications
You must be signed in to change notification settings - Fork 6.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
broken sftp_quote logic #2143
Comments
That function code is very similar with the |
I think the coverity errors 1424908, 1424902 and 1424901 are also shared between the two back-ends, though the last looks like a false negative. That is pretty much an argument for @kdudka 's suggestion to make the SCP/SFTP part separated from the back-end. |
But if it could, it still would be pointless to check that after it has already been dereferenced / increased! And thanks for pointing out that this flaw exists in lib/ssh.c too. I'll take care of that in a PR! |
Figured out while reviwring code in the libssh backend. The pointer was checked for NULL after having been dereferenced, so we know it would always equal true or it would've crashed. Pointed-out-by: Nikos Mavrogiannopoulos Bug #2143
... by removing a superfluous NULL pointer check that also confuses Coverity. Fixes #2143
in the beginning of the function lib/ssh-libssh.c:sftp_quote() there's this line:
char *cmd = sshc->quote_item->data;
This is fine, because we know
sshc->quote_item
to be non-NULL due to earlier checks before this function is called.This
cmd
pointer is then dereferenced and possibly increased but on line 2528 it is checked for NULL?if(cmd) {
... if cmd would be NULL there, it would already have done wrong and crashed. It can't be NULL there!
But the if condition always ends with a
return;
and below, outside of the if block (on line 2657 in my version - this means this is code that can never be reached: dead code), there's a final check ifsshc->quote_item
is NULL (which again, it can't be) and if it is, it would call state()...(CID 1424902 by coverity, interpreted a bit by me)
/cc @nmav
The text was updated successfully, but these errors were encountered: