a2e7f72
diff -up openssh-8.5p1/addr.c.coverity openssh-8.5p1/addr.c
a2e7f72
--- openssh-8.5p1/addr.c.coverity	2021-03-02 11:31:47.000000000 +0100
a2e7f72
+++ openssh-8.5p1/addr.c	2021-03-24 12:03:33.782968159 +0100
a2e7f72
@@ -312,8 +312,10 @@ addr_pton(const char *p, struct xaddr *n
a2e7f72
 	if (p == NULL || getaddrinfo(p, NULL, &hints, &ai) != 0)
a2e7f72
 		return -1;
a2e7f72
 
a2e7f72
-	if (ai == NULL || ai->ai_addr == NULL)
a2e7f72
+	if (ai == NULL || ai->ai_addr == NULL) {
a2e7f72
+		freeaddrinfo(ai);
a2e7f72
 		return -1;
a2e7f72
+	}
a2e7f72
 
a2e7f72
 	if (n != NULL && addr_sa_to_xaddr(ai->ai_addr, ai->ai_addrlen,
a2e7f72
 	    n) == -1) {
a2e7f72
@@ -336,12 +338,16 @@ addr_sa_pton(const char *h, const char *
a2e7f72
 	if (h == NULL || getaddrinfo(h, s, &hints, &ai) != 0)
a2e7f72
 		return -1;
a2e7f72
 
a2e7f72
-	if (ai == NULL || ai->ai_addr == NULL)
a2e7f72
+	if (ai == NULL || ai->ai_addr == NULL) {
a2e7f72
+		freeaddrinfo(ai);
a2e7f72
 		return -1;
a2e7f72
+	}
a2e7f72
 
a2e7f72
 	if (sa != NULL) {
a2e7f72
-		if (slen < ai->ai_addrlen)
a2e7f72
+		if (slen < ai->ai_addrlen) {
a2e7f72
+			freeaddrinfo(ai);
a2e7f72
 			return -1;
a2e7f72
+		}
a2e7f72
 		memcpy(sa, &ai->ai_addr, ai->ai_addrlen);
a2e7f72
 	}
a2e7f72
 
a2e7f72
diff -up openssh-8.5p1/auth-krb5.c.coverity openssh-8.5p1/auth-krb5.c
a2e7f72
--- openssh-8.5p1/auth-krb5.c.coverity	2021-03-24 12:03:33.724967756 +0100
a2e7f72
+++ openssh-8.5p1/auth-krb5.c	2021-03-24 12:03:33.782968159 +0100
a2e7f72
@@ -426,6 +426,7 @@ ssh_krb5_cc_new_unique(krb5_context ctx,
a2e7f72
 		umask(old_umask);
a2e7f72
 		if (tmpfd == -1) {
a2e7f72
 			logit("mkstemp(): %.100s", strerror(oerrno));
a2e7f72
+			free(ccname);
a2e7f72
 			return oerrno;
a2e7f72
 		}
a2e7f72
 
a2e7f72
@@ -433,6 +434,7 @@ ssh_krb5_cc_new_unique(krb5_context ctx,
a2e7f72
 			oerrno = errno;
a2e7f72
 			logit("fchmod(): %.100s", strerror(oerrno));
a2e7f72
 			close(tmpfd);
a2e7f72
+			free(ccname);
a2e7f72
 			return oerrno;
a2e7f72
 		}
a2e7f72
 		/* make sure the KRB5CCNAME is set for non-standard location */
a2e7f72
diff -up openssh-8.5p1/auth-options.c.coverity openssh-8.5p1/auth-options.c
a2e7f72
--- openssh-8.5p1/auth-options.c.coverity	2021-03-02 11:31:47.000000000 +0100
a2e7f72
+++ openssh-8.5p1/auth-options.c	2021-03-24 12:03:33.782968159 +0100
a2e7f72
@@ -409,8 +409,10 @@ sshauthopt_parse(const char *opts, const
a2e7f72
 				errstr = "invalid environment string";
a2e7f72
 				goto fail;
a2e7f72
 			}
a2e7f72
-			if ((cp = strdup(opt)) == NULL)
a2e7f72
+			if ((cp = strdup(opt)) == NULL) {
a2e7f72
+				free(opt);
a2e7f72
 				goto alloc_fail;
a2e7f72
+			}
a2e7f72
 			cp[tmp - opt] = '\0'; /* truncate at '=' */
a2e7f72
 			if (!valid_env_name(cp)) {
a2e7f72
 				free(cp);
a2e7f72
@@ -706,6 +708,7 @@ serialise_array(struct sshbuf *m, char *
a2e7f72
 		return r;
a2e7f72
 	}
a2e7f72
 	/* success */
a2e7f72
+	sshbuf_free(b);
a2e7f72
 	return 0;
a2e7f72
 }
a2e7f72
 
6cf9b8e
diff -up openssh-7.4p1/channels.c.coverity openssh-7.4p1/channels.c
6cf9b8e
--- openssh-7.4p1/channels.c.coverity	2016-12-23 16:40:26.881788686 +0100
6cf9b8e
+++ openssh-7.4p1/channels.c	2016-12-23 16:42:36.244818763 +0100
a2e7f72
@@ -1875,7 +1875,7 @@ channel_post_connecting(struct ssh *ssh,
a2e7f72
 		debug("channel %d: connection failed: %s",
a2e7f72
 		    c->self, strerror(err));
a2e7f72
 		/* Try next address, if any */
a2e7f72
-		if ((sock = connect_next(&c->connect_ctx)) > 0) {
a2e7f72
+		if ((sock = connect_next(&c->connect_ctx)) >= 0) {
a2e7f72
 			close(c->sock);
a2e7f72
 			c->sock = c->rfd = c->wfd = sock;
a2e7f72
 			channel_find_maxfd(ssh->chanctxt);
a2e7f72
@@ -3804,7 +3804,7 @@ int
a2e7f72
 channel_request_remote_forwarding(struct ssh *ssh, struct Forward *fwd)
a2e7f72
 {
a2e7f72
 	int r, success = 0, idx = -1;
a2e7f72
-	char *host_to_connect, *listen_host, *listen_path;
a2e7f72
+	char *host_to_connect = NULL, *listen_host = NULL, *listen_path = NULL;
a2e7f72
 	int port_to_connect, listen_port;
a2e7f72
 
a2e7f72
 	/* Send the forward request to the remote side. */
a2e7f72
@@ -3832,7 +3832,6 @@ channel_request_remote_forwarding(struct
a2e7f72
 	success = 1;
a2e7f72
 	if (success) {
a2e7f72
 		/* Record that connection to this host/port is permitted. */
a2e7f72
-		host_to_connect = listen_host = listen_path = NULL;
a2e7f72
 		port_to_connect = listen_port = 0;
a2e7f72
 		if (fwd->connect_path != NULL) {
a2e7f72
 			host_to_connect = xstrdup(fwd->connect_path);
a2e7f72
@@ -3853,6 +3852,9 @@ channel_request_remote_forwarding(struct
a2e7f72
 		    host_to_connect, port_to_connect,
a2e7f72
 		    listen_host, listen_path, listen_port, NULL);
a2e7f72
 	}
a2e7f72
+	free(host_to_connect);
a2e7f72
+	free(listen_host);
a2e7f72
+	free(listen_path);
a2e7f72
 	return idx;
a2e7f72
 }
a2e7f72
 
a2e7f72
diff -up openssh-8.5p1/compat.c.coverity openssh-8.5p1/compat.c
a2e7f72
--- openssh-8.5p1/compat.c.coverity	2021-03-24 12:03:33.768968062 +0100
a2e7f72
+++ openssh-8.5p1/compat.c	2021-03-24 12:03:33.783968166 +0100
a2e7f72
@@ -191,10 +191,12 @@ compat_kex_proposal(struct ssh *ssh, cha
a2e7f72
 		return p;
a2e7f72
 	debug2_f("original KEX proposal: %s", p);
a2e7f72
 	if ((ssh->compat & SSH_BUG_CURVE25519PAD) != 0)
a2e7f72
+		/* coverity[overwrite_var : FALSE] */
a2e7f72
 		if ((p = match_filter_denylist(p,
a2e7f72
 		    "curve25519-sha256@libssh.org")) == NULL)
a2e7f72
 			fatal("match_filter_denylist failed");
a2e7f72
 	if ((ssh->compat & SSH_OLD_DHGEX) != 0) {
a2e7f72
+		/* coverity[overwrite_var : FALSE] */
a2e7f72
 		if ((p = match_filter_denylist(p,
a2e7f72
 		    "diffie-hellman-group-exchange-sha256,"
a2e7f72
 		    "diffie-hellman-group-exchange-sha1")) == NULL)
a2e7f72
diff -up openssh-8.5p1/dns.c.coverity openssh-8.5p1/dns.c
a2e7f72
--- openssh-8.5p1/dns.c.coverity	2021-03-02 11:31:47.000000000 +0100
a2e7f72
+++ openssh-8.5p1/dns.c	2021-03-24 12:03:33.783968166 +0100
a2e7f72
@@ -282,6 +282,7 @@ verify_host_key_dns(const char *hostname
a2e7f72
 			    &hostkey_digest_len, hostkey)) {
a2e7f72
 				error("Error calculating key fingerprint.");
a2e7f72
 				freerrset(fingerprints);
a2e7f72
+				free(dnskey_digest);
a2e7f72
 				return -1;
a2e7f72
 			}
a2e7f72
 		}
a2e7f72
diff -up openssh-8.5p1/gss-genr.c.coverity openssh-8.5p1/gss-genr.c
446f300
--- openssh-8.5p1/gss-genr.c.coverity	2021-03-26 11:52:46.613942552 +0100
446f300
+++ openssh-8.5p1/gss-genr.c	2021-03-26 11:54:37.881726318 +0100
446f300
@@ -167,8 +167,9 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup
a2e7f72
 			enclen = __b64_ntop(digest,
a2e7f72
 			    ssh_digest_bytes(SSH_DIGEST_MD5), encoded,
a2e7f72
 			    ssh_digest_bytes(SSH_DIGEST_MD5) * 2);
a2e7f72
-
446f300
+#pragma GCC diagnostic ignored "-Wstringop-overflow"
a2e7f72
 			cp = strncpy(s, kex, strlen(kex));
446f300
+#pragma pop
a2e7f72
 			for ((p = strsep(&cp, ",")); p && *p != '\0';
a2e7f72
 				(p = strsep(&cp, ","))) {
446f300
 				if (sshbuf_len(buf) != 0 &&
a2e7f72
diff -up openssh-8.5p1/kexgssc.c.coverity openssh-8.5p1/kexgssc.c
a2e7f72
--- openssh-8.5p1/kexgssc.c.coverity	2021-03-24 12:03:33.711967665 +0100
a2e7f72
+++ openssh-8.5p1/kexgssc.c	2021-03-24 12:03:33.783968166 +0100
a2e7f72
@@ -98,8 +98,10 @@ kexgss_client(struct ssh *ssh)
a2e7f72
 	default:
a2e7f72
 		fatal_f("Unexpected KEX type %d", kex->kex_type);
a2e7f72
 	}
a2e7f72
-	if (r != 0)
a2e7f72
+	if (r != 0) {
a2e7f72
+		ssh_gssapi_delete_ctx(&ctxt);
a2e7f72
 		return r;
a2e7f72
+	}
a2e7f72
 
a2e7f72
 	token_ptr = GSS_C_NO_BUFFER;
a2e7f72
 
a2e7f72
diff -up openssh-8.5p1/krl.c.coverity openssh-8.5p1/krl.c
a2e7f72
--- openssh-8.5p1/krl.c.coverity	2021-03-02 11:31:47.000000000 +0100
a2e7f72
+++ openssh-8.5p1/krl.c	2021-03-24 12:03:33.783968166 +0100
a2e7f72
@@ -1209,6 +1209,7 @@ ssh_krl_from_blob(struct sshbuf *buf, st
a2e7f72
 	sshkey_free(key);
a2e7f72
 	sshbuf_free(copy);
a2e7f72
 	sshbuf_free(sect);
a2e7f72
+	/* coverity[leaked_storage : FALSE] */
a2e7f72
 	return r;
a2e7f72
 }
a2e7f72
 
a2e7f72
@@ -1261,6 +1262,7 @@ is_key_revoked(struct ssh_krl *krl, cons
a2e7f72
 		return r;
a2e7f72
 	erb = RB_FIND(revoked_blob_tree, &krl->revoked_sha1s, &rb);
a2e7f72
 	free(rb.blob);
a2e7f72
+	rb.blob = NULL; /* make coverity happy */
a2e7f72
 	if (erb != NULL) {
a2e7f72
 		KRL_DBG(("revoked by key SHA1"));
a2e7f72
 		return SSH_ERR_KEY_REVOKED;
a2e7f72
@@ -1271,6 +1273,7 @@ is_key_revoked(struct ssh_krl *krl, cons
a2e7f72
 		return r;
a2e7f72
 	erb = RB_FIND(revoked_blob_tree, &krl->revoked_sha256s, &rb);
a2e7f72
 	free(rb.blob);
a2e7f72
+	rb.blob = NULL; /* make coverity happy */
a2e7f72
 	if (erb != NULL) {
a2e7f72
 		KRL_DBG(("revoked by key SHA256"));
a2e7f72
 		return SSH_ERR_KEY_REVOKED;
a2e7f72
@@ -1282,6 +1285,7 @@ is_key_revoked(struct ssh_krl *krl, cons
a2e7f72
 		return r;
a2e7f72
 	erb = RB_FIND(revoked_blob_tree, &krl->revoked_keys, &rb);
a2e7f72
 	free(rb.blob);
a2e7f72
+	rb.blob = NULL; /* make coverity happy */
a2e7f72
 	if (erb != NULL) {
a2e7f72
 		KRL_DBG(("revoked by explicit key"));
a2e7f72
 		return SSH_ERR_KEY_REVOKED;
a2e7f72
diff -up openssh-8.5p1/loginrec.c.coverity openssh-8.5p1/loginrec.c
a2e7f72
--- openssh-8.5p1/loginrec.c.coverity	2021-03-24 13:18:53.793225885 +0100
a2e7f72
+++ openssh-8.5p1/loginrec.c	2021-03-24 13:21:27.948404751 +0100
a2e7f72
@@ -690,9 +690,11 @@ construct_utmp(struct logininfo *li,
a2e7f72
 	 */
a2e7f72
 
a2e7f72
 	/* Use strncpy because we don't necessarily want null termination */
a2e7f72
+	/* coverity[buffer_size_warning : FALSE] */
a2e7f72
 	strncpy(ut->ut_name, li->username,
a2e7f72
 	    MIN_SIZEOF(ut->ut_name, li->username));
a2e7f72
 # ifdef HAVE_HOST_IN_UTMP
a2e7f72
+	/* coverity[buffer_size_warning : FALSE] */
a2e7f72
 	strncpy(ut->ut_host, li->hostname,
a2e7f72
 	    MIN_SIZEOF(ut->ut_host, li->hostname));
a2e7f72
 # endif
a2e7f72
@@ -1690,6 +1692,7 @@ record_failed_login(struct ssh *ssh, con
a2e7f72
 
a2e7f72
 	memset(&ut, 0, sizeof(ut));
a2e7f72
 	/* strncpy because we don't necessarily want nul termination */
a2e7f72
+	/* coverity[buffer_size_warning : FALSE] */
a2e7f72
 	strncpy(ut.ut_user, username, sizeof(ut.ut_user));
a2e7f72
 	strlcpy(ut.ut_line, "ssh:notty", sizeof(ut.ut_line));
a2e7f72
 
a2e7f72
@@ -1699,6 +1702,7 @@ record_failed_login(struct ssh *ssh, con
a2e7f72
 	ut.ut_pid = getpid();
a2e7f72
 
a2e7f72
 	/* strncpy because we don't necessarily want nul termination */
a2e7f72
+	/* coverity[buffer_size_warning : FALSE] */
a2e7f72
 	strncpy(ut.ut_host, hostname, sizeof(ut.ut_host));
a2e7f72
 
a2e7f72
 	if (ssh_packet_connection_is_on_socket(ssh) &&
a2e7f72
diff -up openssh-8.5p1/misc.c.coverity openssh-8.5p1/misc.c
a2e7f72
--- openssh-8.5p1/misc.c.coverity	2021-03-24 12:03:33.745967902 +0100
a2e7f72
+++ openssh-8.5p1/misc.c	2021-03-24 13:31:47.037079617 +0100
a2e7f72
@@ -1425,6 +1425,8 @@ sanitise_stdfd(void)
a2e7f72
 	}
a2e7f72
 	if (nullfd > STDERR_FILENO)
a2e7f72
 		close(nullfd);
446f300
+	/* coverity[leaked_handle : FALSE]*/
446f300
+	/* coverity[leaked_handle : FALSE]*/
a2e7f72
 }
a2e7f72
 
a2e7f72
 char *
a2e7f72
@@ -2511,6 +2513,7 @@ stdfd_devnull(int do_stdin, int do_stdou
a2e7f72
 	}
a2e7f72
 	if (devnull > STDERR_FILENO)
a2e7f72
 		close(devnull);
446f300
+	/* coverity[leaked_handle : FALSE]*/
a2e7f72
 	return ret;
a2e7f72
 }
a2e7f72
 
a2e7f72
diff -up openssh-8.5p1/moduli.c.coverity openssh-8.5p1/moduli.c
a2e7f72
--- openssh-8.5p1/moduli.c.coverity	2021-03-02 11:31:47.000000000 +0100
a2e7f72
+++ openssh-8.5p1/moduli.c	2021-03-24 12:03:33.784968173 +0100
a2e7f72
@@ -476,6 +476,7 @@ write_checkpoint(char *cpfile, u_int32_t
a2e7f72
 	else
a2e7f72
 		logit("failed to write to checkpoint file '%s': %s", cpfile,
a2e7f72
 		    strerror(errno));
a2e7f72
+	/* coverity[leaked_storage : FALSE] */
a2e7f72
 }
a2e7f72
 
a2e7f72
 static unsigned long
6cf9b8e
diff -up openssh-7.4p1/monitor.c.coverity openssh-7.4p1/monitor.c
6cf9b8e
--- openssh-7.4p1/monitor.c.coverity	2016-12-23 16:40:26.888788688 +0100
6cf9b8e
+++ openssh-7.4p1/monitor.c	2016-12-23 16:40:26.900788691 +0100
6cf9b8e
@@ -411,7 +411,7 @@ monitor_child_preauth(Authctxt *_authctx
def1deb
 	mm_get_keystate(ssh, pmonitor);
Jan F. Chadima cff1d0c
 
Jan F. Chadima cff1d0c
 	/* Drain any buffered messages from the child */
Jan F. Chadima cff1d0c
-	while (pmonitor->m_log_recvfd != -1 && monitor_read_log(pmonitor) == 0)
Jan F. Chadima cff1d0c
+	while (pmonitor->m_log_recvfd >= 0 && monitor_read_log(pmonitor) == 0)
Jan F. Chadima cff1d0c
 		;
Jan F. Chadima cff1d0c
 
3cd4899
 	if (pmonitor->m_recvfd >= 0)
a2e7f72
@@ -1678,7 +1678,7 @@ mm_answer_pty(struct ssh *ssh, int sock,
a2e7f72
 	s->ptymaster = s->ptyfd;
a2e7f72
 
a2e7f72
 	debug3_f("tty %s ptyfd %d", s->tty, s->ttyfd);
a2e7f72
-
a2e7f72
+	/* coverity[leaked_handle : FALSE] */
a2e7f72
 	return (0);
a2e7f72
 
a2e7f72
  error:
6cf9b8e
diff -up openssh-7.4p1/monitor_wrap.c.coverity openssh-7.4p1/monitor_wrap.c
6cf9b8e
--- openssh-7.4p1/monitor_wrap.c.coverity	2016-12-23 16:40:26.892788689 +0100
6cf9b8e
+++ openssh-7.4p1/monitor_wrap.c	2016-12-23 16:40:26.900788691 +0100
6cf9b8e
@@ -525,10 +525,10 @@ mm_pty_allocate(int *ptyfd, int *ttyfd,
Jan F. Chadima cff1d0c
 	if ((tmp1 = dup(pmonitor->m_recvfd)) == -1 ||
Jan F. Chadima cff1d0c
 	    (tmp2 = dup(pmonitor->m_recvfd)) == -1) {
25c16c6
 		error_f("cannot allocate fds for pty");
Jan F. Chadima cff1d0c
-		if (tmp1 > 0)
Jan F. Chadima cff1d0c
+		if (tmp1 >= 0)
Jan F. Chadima cff1d0c
 			close(tmp1);
Jan F. Chadima cff1d0c
-		if (tmp2 > 0)
Jan F. Chadima cff1d0c
-			close(tmp2);
Jan F. Chadima cff1d0c
+		/*DEAD CODE if (tmp2 >= 0)
Jan F. Chadima cff1d0c
+			close(tmp2);*/
Jan F. Chadima cff1d0c
 		return 0;
Jan F. Chadima cff1d0c
 	}
Jan F. Chadima cff1d0c
 	close(tmp1);
6cf9b8e
diff -up openssh-7.4p1/openbsd-compat/bindresvport.c.coverity openssh-7.4p1/openbsd-compat/bindresvport.c
6cf9b8e
--- openssh-7.4p1/openbsd-compat/bindresvport.c.coverity	2016-12-19 05:59:41.000000000 +0100
6cf9b8e
+++ openssh-7.4p1/openbsd-compat/bindresvport.c	2016-12-23 16:40:26.901788691 +0100
132f8f8
@@ -58,7 +58,7 @@ bindresvport_sa(int sd, struct sockaddr
Jan F. Chadima ea97ffa
 	struct sockaddr_in6 *in6;
Jan F. Chadima ea97ffa
 	u_int16_t *portp;
Jan F. Chadima ea97ffa
 	u_int16_t port;
Jan F. Chadima ea97ffa
-	socklen_t salen;
Jan F. Chadima ea97ffa
+	socklen_t salen = sizeof(struct sockaddr_storage);
Jan F. Chadima ea97ffa
 	int i;
Jan F. Chadima ea97ffa
 
Jan F. Chadima ea97ffa
 	if (sa == NULL) {
a2e7f72
diff -up openssh-8.5p1/readconf.c.coverity openssh-8.5p1/readconf.c
a2e7f72
--- openssh-8.5p1/readconf.c.coverity	2021-03-24 12:03:33.778968131 +0100
a2e7f72
+++ openssh-8.5p1/readconf.c	2021-03-24 12:03:33.785968180 +0100
a2e7f72
@@ -1847,6 +1847,7 @@ parse_pubkey_algos:
a2e7f72
 			} else if (r != 0) {
a2e7f72
 				error("%.200s line %d: glob failed for %s.",
a2e7f72
 				    filename, linenum, arg2);
a2e7f72
+				free(arg2);
a2e7f72
 				return -1;
a2e7f72
 			}
a2e7f72
 			free(arg2);
6cf9b8e
diff -up openssh-7.4p1/scp.c.coverity openssh-7.4p1/scp.c
6cf9b8e
--- openssh-7.4p1/scp.c.coverity	2016-12-23 16:40:26.856788681 +0100
6cf9b8e
+++ openssh-7.4p1/scp.c	2016-12-23 16:40:26.901788691 +0100
6cf9b8e
@@ -157,7 +157,7 @@ killchild(int signo)
Jan F. Chadima 3b545be
 {
Jan F. Chadima 3b545be
 	if (do_cmd_pid > 1) {
Jan F. Chadima 3b545be
 		kill(do_cmd_pid, signo ? signo : SIGTERM);
Jan F. Chadima 3b545be
-		waitpid(do_cmd_pid, NULL, 0);
Jan F. Chadima 3b545be
+		(void) waitpid(do_cmd_pid, NULL, 0);
Jan F. Chadima 3b545be
 	}
Jan F. Chadima 3b545be
 
Jan F. Chadima 3b545be
 	if (signo)
6cf9b8e
diff -up openssh-7.4p1/servconf.c.coverity openssh-7.4p1/servconf.c
6cf9b8e
--- openssh-7.4p1/servconf.c.coverity	2016-12-23 16:40:26.896788690 +0100
6cf9b8e
+++ openssh-7.4p1/servconf.c	2016-12-23 16:40:26.901788691 +0100
6cf9b8e
@@ -1547,7 +1547,7 @@ process_server_config_line(ServerOptions
Jan F. Chadima ea97ffa
 			fatal("%s line %d: Missing subsystem name.",
Jan F. Chadima ea97ffa
 			    filename, linenum);
Jan F. Chadima ea97ffa
 		if (!*activep) {
Jan F. Chadima ea97ffa
-			arg = strdelim(&cp;;
Jan F. Chadima ea97ffa
+			/*arg =*/ (void) strdelim(&cp;;
Jan F. Chadima ea97ffa
 			break;
Jan F. Chadima ea97ffa
 		}
Jan F. Chadima ea97ffa
 		for (i = 0; i < options->num_subsystems; i++)
6cf9b8e
@@ -1638,8 +1638,9 @@ process_server_config_line(ServerOptions
Jan F. Chadima cff1d0c
 		if (*activep && *charptr == NULL) {
Jan F. Chadima cff1d0c
 			*charptr = tilde_expand_filename(arg, getuid());
Jan F. Chadima cff1d0c
 			/* increase optional counter */
Jan F. Chadima cff1d0c
-			if (intptr != NULL)
Jan F. Chadima cff1d0c
-				*intptr = *intptr + 1;
Jan F. Chadima cff1d0c
+			/* DEAD CODE intptr is still NULL ;)
Jan F. Chadima cff1d0c
+  			 if (intptr != NULL)
Jan F. Chadima cff1d0c
+				*intptr = *intptr + 1; */
Jan F. Chadima cff1d0c
 		}
Jan F. Chadima cff1d0c
 		break;
Jan F. Chadima cff1d0c
 
6cf9b8e
diff -up openssh-7.4p1/serverloop.c.coverity openssh-7.4p1/serverloop.c
6cf9b8e
--- openssh-7.4p1/serverloop.c.coverity	2016-12-19 05:59:41.000000000 +0100
6cf9b8e
+++ openssh-7.4p1/serverloop.c	2016-12-23 16:40:26.902788691 +0100
6cf9b8e
@@ -125,13 +125,13 @@ notify_setup(void)
Jan F. Chadima 3b545be
 static void
Jan F. Chadima 3b545be
 notify_parent(void)
Jan F. Chadima 3b545be
 {
Jan F. Chadima 3b545be
-	if (notify_pipe[1] != -1)
Jan F. Chadima 3b545be
+	if (notify_pipe[1] >= 0)
84822b5
 		(void)write(notify_pipe[1], "", 1);
Jan F. Chadima 3b545be
 }
Jan F. Chadima 3b545be
 static void
Jan F. Chadima 3b545be
 notify_prepare(fd_set *readset)
Jan F. Chadima 3b545be
 {
Jan F. Chadima 3b545be
-	if (notify_pipe[0] != -1)
Jan F. Chadima 3b545be
+	if (notify_pipe[0] >= 0)
Jan F. Chadima 3b545be
 		FD_SET(notify_pipe[0], readset);
Jan F. Chadima 3b545be
 }
Jan F. Chadima 3b545be
 static void
6cf9b8e
@@ -139,8 +139,8 @@ notify_done(fd_set *readset)
Jan F. Chadima 3b545be
 {
Jan F. Chadima 3b545be
 	char c;
Jan F. Chadima 3b545be
 
Jan F. Chadima 3b545be
-	if (notify_pipe[0] != -1 && FD_ISSET(notify_pipe[0], readset))
Jan F. Chadima 3b545be
-		while (read(notify_pipe[0], &c, 1) != -1)
Jan F. Chadima 3b545be
+	if (notify_pipe[0] >= 0 && FD_ISSET(notify_pipe[0], readset))
Jan F. Chadima 3b545be
+		while (read(notify_pipe[0], &c, 1) >= 0)
25c16c6
 			debug2_f("reading");
Jan F. Chadima 3b545be
 }
Jan F. Chadima 3b545be
 
6cf9b8e
@@ -518,7 +518,7 @@ server_request_tun(void)
25c16c6
 		debug_f("invalid tun");
def1deb
 		goto done;
Jan F. Chadima 3b545be
 	}
3cd4899
-	if (auth_opts->force_tun_device != -1) {
3cd4899
+	if (auth_opts->force_tun_device >= 0) {
def1deb
 		if (tun != SSH_TUNID_ANY &&
def1deb
 		    auth_opts->force_tun_device != (int)tun)
Jan F. Chadima 3b545be
 			goto done;
a2e7f72
diff -up openssh-8.5p1/session.c.coverity openssh-8.5p1/session.c
a2e7f72
--- openssh-8.5p1/session.c.coverity	2021-03-24 12:03:33.777968124 +0100
a2e7f72
+++ openssh-8.5p1/session.c	2021-03-24 12:03:33.786968187 +0100
a2e7f72
@@ -1223,12 +1223,14 @@ do_setup_env(struct ssh *ssh, Session *s
a2e7f72
 	/* Environment specified by admin */
a2e7f72
 	for (i = 0; i < options.num_setenv; i++) {
a2e7f72
 		cp = xstrdup(options.setenv[i]);
a2e7f72
+		/* coverity[overwrite_var : FALSE] */
a2e7f72
 		if ((value = strchr(cp, '=')) == NULL) {
a2e7f72
 			/* shouldn't happen; vars are checked in servconf.c */
a2e7f72
 			fatal("Invalid config SetEnv: %s", options.setenv[i]);
a2e7f72
 		}
a2e7f72
 		*value++ = '\0';
a2e7f72
 		child_set_env(&env, &envsize, cp, value);
a2e7f72
+		free(cp);
a2e7f72
 	}
a2e7f72
 
a2e7f72
 	/* SSH_CLIENT deprecated */
6cf9b8e
diff -up openssh-7.4p1/sftp.c.coverity openssh-7.4p1/sftp.c
6cf9b8e
--- openssh-7.4p1/sftp.c.coverity	2016-12-19 05:59:41.000000000 +0100
6cf9b8e
+++ openssh-7.4p1/sftp.c	2016-12-23 16:40:26.903788691 +0100
6cf9b8e
@@ -224,7 +224,7 @@ killchild(int signo)
51f5c1c
 	pid = sshpid;
51f5c1c
 	if (pid > 1) {
51f5c1c
 		kill(pid, SIGTERM);
51f5c1c
-		waitpid(pid, NULL, 0);
51f5c1c
+		(void) waitpid(pid, NULL, 0);
84822b5
 	}
84822b5
 
84822b5
 	_exit(1);
a2e7f72
@@ -762,6 +762,8 @@ process_put(struct sftp_conn *conn, cons
a2e7f72
 			    fflag || global_fflag) == -1)
a2e7f72
 				err = -1;
a2e7f72
 		}
a2e7f72
+		free(abs_dst);
a2e7f72
+		abs_dst = NULL;
a2e7f72
 	}
a2e7f72
 
a2e7f72
 out:
a2e7f72
@@ -985,6 +987,7 @@ do_globbed_ls(struct sftp_conn *conn, co
a2e7f72
 		if (lflag & LS_LONG_VIEW) {
a2e7f72
 			if (g.gl_statv[i] == NULL) {
a2e7f72
 				error("no stat information for %s", fname);
a2e7f72
+				free(fname);
a2e7f72
 				continue;
a2e7f72
 			}
a2e7f72
 			lname = ls_file(fname, g.gl_statv[i], 1,
a2e7f72
diff -up openssh-8.5p1/sk-usbhid.c.coverity openssh-8.5p1/sk-usbhid.c
a2e7f72
--- openssh-8.5p1/sk-usbhid.c.coverity	2021-03-02 11:31:47.000000000 +0100
a2e7f72
+++ openssh-8.5p1/sk-usbhid.c	2021-03-24 12:03:33.786968187 +0100
a2e7f72
@@ -1256,6 +1256,7 @@ sk_load_resident_keys(const char *pin, s
a2e7f72
 		freezero(rks[i], sizeof(*rks[i]));
a2e7f72
 	}
a2e7f72
 	free(rks);
a2e7f72
+	free(device);
a2e7f72
 	return ret;
a2e7f72
 }
a2e7f72
 
6cf9b8e
diff -up openssh-7.4p1/ssh-agent.c.coverity openssh-7.4p1/ssh-agent.c
6cf9b8e
--- openssh-7.4p1/ssh-agent.c.coverity	2016-12-19 05:59:41.000000000 +0100
6cf9b8e
+++ openssh-7.4p1/ssh-agent.c	2016-12-23 16:40:26.903788691 +0100
a2e7f72
@@ -869,6 +869,7 @@ sanitize_pkcs11_provider(const char *pro
a2e7f72
 
a2e7f72
 		if (pkcs11_uri_parse(provider, uri) != 0) {
a2e7f72
 			error("Failed to parse PKCS#11 URI");
a2e7f72
+			pkcs11_uri_cleanup(uri);
a2e7f72
 			return NULL;
a2e7f72
 		}
a2e7f72
 		/* validate also provider from URI */
6cf9b8e
@@ -1220,8 +1220,8 @@ main(int ac, char **av)
Jan F. Chadima ea97ffa
 	sanitise_stdfd();
Jan F. Chadima ea97ffa
 
Jan F. Chadima ea97ffa
 	/* drop */
Jan F. Chadima ea97ffa
-	setegid(getgid());
Jan F. Chadima ea97ffa
-	setgid(getgid());
Jan F. Chadima ea97ffa
+	(void) setegid(getgid());
Jan F. Chadima ea97ffa
+	(void) setgid(getgid());
Jan F. Chadima ea97ffa
 
5878ebb
 	platform_disable_tracing(0);	/* strict=no */
5878ebb
 
a2e7f72
diff -up openssh-8.5p1/ssh.c.coverity openssh-8.5p1/ssh.c
a2e7f72
--- openssh-8.5p1/ssh.c.coverity	2021-03-24 12:03:33.779968138 +0100
a2e7f72
+++ openssh-8.5p1/ssh.c	2021-03-24 12:03:33.786968187 +0100
a2e7f72
@@ -1746,6 +1746,7 @@ control_persist_detach(void)
a2e7f72
 		close(muxserver_sock);
a2e7f72
 		muxserver_sock = -1;
a2e7f72
 		options.control_master = SSHCTL_MASTER_NO;
a2e7f72
+		/* coverity[leaked_handle: FALSE]*/
a2e7f72
 		muxclient(options.control_path);
a2e7f72
 		/* muxclient() doesn't return on success. */
a2e7f72
 		fatal("Failed to connect to new control master");
6cf9b8e
diff -up openssh-7.4p1/sshd.c.coverity openssh-7.4p1/sshd.c
6cf9b8e
--- openssh-7.4p1/sshd.c.coverity	2016-12-23 16:40:26.897788690 +0100
6cf9b8e
+++ openssh-7.4p1/sshd.c	2016-12-23 16:40:26.904788692 +0100
6cf9b8e
@@ -691,8 +691,10 @@ privsep_preauth(Authctxt *authctxt)
13073f8
 
def1deb
 		privsep_preauth_child(ssh);
Jan F. Chadima cff1d0c
 		setproctitle("%s", "[net]");
Jan F. Chadima cff1d0c
-		if (box != NULL)
Jan F. Chadima cff1d0c
+		if (box != NULL) {
Jan F. Chadima cff1d0c
 			ssh_sandbox_child(box);
84822b5
+			free(box);
Jan F. Chadima cff1d0c
+		}
Jan F. Chadima cff1d0c
 
Jan F. Chadima cff1d0c
 		return 0;
Jan F. Chadima cff1d0c
 	}
6cf9b8e
@@ -1386,6 +1388,9 @@ server_accept_loop(int *sock_in, int *so
def1deb
 			explicit_bzero(rnd, sizeof(rnd));
def1deb
 		}
Jan F. Chadima 3b545be
 	}
Jan F. Chadima 3b545be
+
Jan F. Chadima 3b545be
+	if (fdset != NULL)
84822b5
+		free(fdset);
Jan F. Chadima 3b545be
 }
Jan F. Chadima 3b545be
 
5878ebb
 /*
a2e7f72
@@ -2474,7 +2479,7 @@ do_ssh2_kex(struct ssh *ssh)
a2e7f72
 	if (options.rekey_limit || options.rekey_interval)
a2e7f72
 		ssh_packet_set_rekey_limits(ssh, options.rekey_limit,
a2e7f72
 		    options.rekey_interval);
a2e7f72
-
a2e7f72
+	/* coverity[leaked_storage : FALSE]*/
a2e7f72
 	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(
a2e7f72
 	    ssh, list_hostkey_types());
a2e7f72
 
a2e7f72
@@ -2519,8 +2524,11 @@ do_ssh2_kex(struct ssh *ssh)
a2e7f72
 
a2e7f72
 	if (newstr)
a2e7f72
 		myproposal[PROPOSAL_KEX_ALGS] = newstr;
a2e7f72
-	else
a2e7f72
+	else {
a2e7f72
 		fatal("No supported key exchange algorithms");
a2e7f72
+		free(gss);
a2e7f72
+	     }
a2e7f72
+	     /* coverity[leaked_storage: FALSE]*/
a2e7f72
 	}
a2e7f72
 #endif
a2e7f72
 
a2e7f72
diff -up openssh-8.5p1/ssh-keygen.c.coverity openssh-8.5p1/ssh-keygen.c
a2e7f72
--- openssh-8.5p1/ssh-keygen.c.coverity	2021-03-24 12:03:33.780968145 +0100
a2e7f72
+++ openssh-8.5p1/ssh-keygen.c	2021-03-24 12:03:33.787968194 +0100
a2e7f72
@@ -2332,6 +2332,9 @@ update_krl_from_file(struct passwd *pw,
a2e7f72
 			r = ssh_krl_revoke_key_sha256(krl, blob, blen);
a2e7f72
 			if (r != 0)
a2e7f72
 				fatal_fr(r, "revoke key failed");
a2e7f72
+			freezero(blob, blen);
a2e7f72
+			blob = NULL;
a2e7f72
+			blen = 0;
a2e7f72
 		} else {
a2e7f72
 			if (strncasecmp(cp, "key:", 4) == 0) {
a2e7f72
 				cp += 4;
a2e7f72
@@ -2879,6 +2882,7 @@ do_moduli_screen(const char *out_file, c
a2e7f72
 		} else if (strncmp(opts[i], "start-line=", 11) == 0) {
a2e7f72
 			start_lineno = strtoul(opts[i]+11, NULL, 10);
a2e7f72
 		} else if (strncmp(opts[i], "checkpoint=", 11) == 0) {
a2e7f72
+			free(checkpoint);
a2e7f72
 			checkpoint = xstrdup(opts[i]+11);
a2e7f72
 		} else if (strncmp(opts[i], "generator=", 10) == 0) {
a2e7f72
 			generator_wanted = (u_int32_t)strtonum(
a2e7f72
@@ -2920,6 +2924,9 @@ do_moduli_screen(const char *out_file, c
a2e7f72
 #else /* WITH_OPENSSL */
a2e7f72
 	fatal("Moduli screening is not supported");
a2e7f72
 #endif /* WITH_OPENSSL */
a2e7f72
+	free(checkpoint);
a2e7f72
+	if (in != stdin)
a2e7f72
+		fclose(in);
a2e7f72
 }
a2e7f72
 
a2e7f72
 static char *
a2e7f72
diff -up openssh-8.5p1/sshsig.c.coverity openssh-8.5p1/sshsig.c
a2e7f72
--- openssh-8.5p1/sshsig.c.coverity	2021-03-02 11:31:47.000000000 +0100
a2e7f72
+++ openssh-8.5p1/sshsig.c	2021-03-24 12:03:33.787968194 +0100
a2e7f72
@@ -515,6 +515,7 @@ hash_file(int fd, const char *hashalg, s
a2e7f72
 			oerrno = errno;
a2e7f72
 			error_f("read: %s", strerror(errno));
a2e7f72
 			ssh_digest_free(ctx);
a2e7f72
+			ctx = NULL;
a2e7f72
 			errno = oerrno;
a2e7f72
 			r = SSH_ERR_SYSTEM_ERROR;
a2e7f72
 			goto out;