diff --git a/libssh-0.8.3-fix-covscan-errors.patch b/libssh-0.8.3-fix-covscan-errors.patch new file mode 100644 index 0000000..6110c82 --- /dev/null +++ b/libssh-0.8.3-fix-covscan-errors.patch @@ -0,0 +1,2065 @@ +diff --git a/examples/libssh_scp.c b/examples/libssh_scp.c +index 46199f47..ff38b830 100644 +--- a/examples/libssh_scp.c ++++ b/examples/libssh_scp.c +@@ -25,148 +25,230 @@ program. + static char **sources; + static int nsources; + static char *destination; +-static int verbosity=0; ++static int verbosity = 0; + + struct location { +- int is_ssh; +- char *user; +- char *host; +- char *path; +- ssh_session session; +- ssh_scp scp; +- FILE *file; ++ int is_ssh; ++ char *user; ++ char *host; ++ char *path; ++ ssh_session session; ++ ssh_scp scp; ++ FILE *file; + }; + + enum { +- READ, +- WRITE ++ READ, ++ WRITE + }; + +-static void usage(const char *argv0){ +- fprintf(stderr,"Usage : %s [options] [[user@]host1:]file1 ... \n" +- " [[user@]host2:]destination\n" +- "sample scp client - libssh-%s\n", +-// "Options :\n", +-// " -r : use RSA to verify host public key\n", +- argv0, +- ssh_version(0)); +- exit(0); ++static void usage(const char *argv0) { ++ fprintf(stderr, "Usage : %s [options] [[user@]host1:]file1 ... \n" ++ " [[user@]host2:]destination\n" ++ "sample scp client - libssh-%s\n", ++ // "Options :\n", ++ // " -r : use RSA to verify host public key\n", ++ argv0, ++ ssh_version(0)); ++ exit(0); + } + +-static int opts(int argc, char **argv){ +- int i; +- while((i=getopt(argc,argv,"v"))!=-1){ +- switch(i){ +- case 'v': +- verbosity++; +- break; +- default: +- fprintf(stderr,"unknown option %c\n",optopt); ++static int opts(int argc, char **argv) { ++ int i; ++ ++ while((i = getopt(argc, argv, "v")) != -1) { ++ switch(i) { ++ case 'v': ++ verbosity++; ++ break; ++ default: ++ fprintf(stderr, "unknown option %c\n", optopt); ++ usage(argv[0]); ++ return -1; ++ } ++ } ++ ++ nsources = argc - optind - 1; ++ if (nsources < 1) { + usage(argv[0]); + return -1; + } +- } +- nsources=argc-optind-1; +- if(nsources < 1){ +- usage(argv[0]); +- return -1; +- } +- sources=malloc((nsources + 1) * sizeof(char *)); +- if(sources == NULL) +- return -1; +- for(i=0;ihost=location->user=NULL; +- ptr=strchr(loc,':'); +- if(ptr != NULL){ +- location->is_ssh=1; +- location->path=strdup(ptr+1); +- *ptr='\0'; +- ptr=strchr(loc,'@'); +- if(ptr != NULL){ +- location->host=strdup(ptr+1); +- *ptr='\0'; +- location->user=strdup(loc); +- } else { +- location->host=strdup(loc); ++ sources = malloc((nsources + 1) * sizeof(char *)); ++ if (sources == NULL) { ++ return -1; + } +- } else { +- location->is_ssh=0; +- location->path=strdup(loc); +- } +- return location; +-} + +-static int open_location(struct location *loc, int flag){ +- if(loc->is_ssh && flag==WRITE){ +- loc->session=connect_ssh(loc->host,loc->user,verbosity); +- if(!loc->session){ +- fprintf(stderr,"Couldn't connect to %s\n",loc->host); +- return -1; ++ for(i = 0; i < nsources; ++i) { ++ sources[i] = argv[optind]; ++ optind++; + } +- loc->scp=ssh_scp_new(loc->session,SSH_SCP_WRITE,loc->path); +- if(!loc->scp){ +- fprintf(stderr,"error : %s\n",ssh_get_error(loc->session)); +- return -1; ++ ++ sources[i] = NULL; ++ destination = argv[optind]; ++ return 0; ++} ++ ++static void location_free(struct location *loc) ++{ ++ if (loc) { ++ if (loc->path) { ++ free(loc->path); ++ } ++ loc->path = NULL; ++ if (loc->is_ssh) { ++ if (loc->host) { ++ free(loc->host); ++ } ++ loc->host = NULL; ++ if (loc->user) { ++ free(loc->user); ++ } ++ loc->user = NULL; ++ if (loc->host) { ++ free(loc->host); ++ } ++ loc->host = NULL; ++ } ++ free(loc); + } +- if(ssh_scp_init(loc->scp)==SSH_ERROR){ +- fprintf(stderr,"error : %s\n",ssh_get_error(loc->session)); +- ssh_scp_free(loc->scp); +- loc->scp = NULL; +- return -1; ++} ++ ++static struct location *parse_location(char *loc) { ++ struct location *location; ++ char *ptr; ++ ++ location = malloc(sizeof(struct location)); ++ if (location == NULL) { ++ return NULL; + } +- return 0; +- } else if(loc->is_ssh && flag==READ){ +- loc->session=connect_ssh(loc->host, loc->user,verbosity); +- if(!loc->session){ +- fprintf(stderr,"Couldn't connect to %s\n",loc->host); +- return -1; ++ memset(location, 0, sizeof(struct location)); ++ ++ location->host = location->user = NULL; ++ ptr = strchr(loc, ':'); ++ ++ if (ptr != NULL) { ++ location->is_ssh = 1; ++ location->path = strdup(ptr+1); ++ *ptr = '\0'; ++ ptr = strchr(loc, '@'); ++ ++ if (ptr != NULL) { ++ location->host = strdup(ptr+1); ++ *ptr = '\0'; ++ location->user = strdup(loc); ++ } else { ++ location->host = strdup(loc); ++ } ++ } else { ++ location->is_ssh = 0; ++ location->path = strdup(loc); + } +- loc->scp=ssh_scp_new(loc->session,SSH_SCP_READ,loc->path); +- if(!loc->scp){ +- fprintf(stderr,"error : %s\n",ssh_get_error(loc->session)); +- return -1; ++ return location; ++} ++ ++static void close_location(struct location *loc) { ++ int rc; ++ ++ if (loc) { ++ if (loc->is_ssh) { ++ if (loc->scp) { ++ rc = ssh_scp_close(loc->scp); ++ if (rc == SSH_ERROR) { ++ fprintf(stderr, ++ "Error closing scp: %s\n", ++ ssh_get_error(loc->session)); ++ } ++ ssh_scp_free(loc->scp); ++ loc->scp = NULL; ++ } ++ if (loc->session) { ++ ssh_disconnect(loc->session); ++ ssh_free(loc->session); ++ loc->session = NULL; ++ } ++ } else { ++ if (loc->file) { ++ fclose(loc->file); ++ loc->file = NULL; ++ } ++ } + } +- if(ssh_scp_init(loc->scp)==SSH_ERROR){ +- fprintf(stderr,"error : %s\n",ssh_get_error(loc->session)); +- ssh_scp_free(loc->scp); +- loc->scp = NULL; +- return -1; ++} ++ ++static int open_location(struct location *loc, int flag) { ++ if (loc->is_ssh && flag == WRITE) { ++ loc->session = connect_ssh(loc->host, loc->user, verbosity); ++ if (!loc->session) { ++ fprintf(stderr, "Couldn't connect to %s\n", loc->host); ++ return -1; ++ } ++ ++ loc->scp = ssh_scp_new(loc->session, SSH_SCP_WRITE, loc->path); ++ if (!loc->scp) { ++ fprintf(stderr, "error : %s\n", ssh_get_error(loc->session)); ++ ssh_disconnect(loc->session); ++ ssh_free(loc->session); ++ loc->session = NULL; ++ return -1; ++ } ++ ++ if (ssh_scp_init(loc->scp) == SSH_ERROR) { ++ fprintf(stderr, "error : %s\n", ssh_get_error(loc->session)); ++ ssh_scp_free(loc->scp); ++ loc->scp = NULL; ++ ssh_disconnect(loc->session); ++ ssh_free(loc->session); ++ loc->session = NULL; ++ return -1; ++ } ++ return 0; ++ } else if (loc->is_ssh && flag == READ) { ++ loc->session = connect_ssh(loc->host, loc->user, verbosity); ++ if (!loc->session) { ++ fprintf(stderr, "Couldn't connect to %s\n", loc->host); ++ return -1; ++ } ++ ++ loc->scp = ssh_scp_new(loc->session, SSH_SCP_READ, loc->path); ++ if (!loc->scp) { ++ fprintf(stderr, "error : %s\n", ssh_get_error(loc->session)); ++ ssh_disconnect(loc->session); ++ ssh_free(loc->session); ++ loc->session = NULL; ++ return -1; ++ } ++ ++ if (ssh_scp_init(loc->scp) == SSH_ERROR) { ++ fprintf(stderr, "error : %s\n", ssh_get_error(loc->session)); ++ ssh_scp_free(loc->scp); ++ loc->scp = NULL; ++ ssh_disconnect(loc->session); ++ ssh_free(loc->session); ++ loc->session = NULL; ++ return -1; ++ } ++ return 0; ++ } else { ++ loc->file = fopen(loc->path, flag == READ ? "r":"w"); ++ if (!loc->file) { ++ if (errno == EISDIR) { ++ if (chdir(loc->path)) { ++ fprintf(stderr, ++ "Error changing directory to %s: %s\n", ++ loc->path, strerror(errno)); ++ return -1; ++ } ++ return 0; ++ } ++ fprintf(stderr, ++ "Error opening %s: %s\n", ++ loc->path, strerror(errno)); ++ return -1; ++ } ++ return 0; + } +- return 0; +- } else { +- loc->file=fopen(loc->path,flag==READ ? "r":"w"); +- if(!loc->file){ +- if(errno==EISDIR){ +- if(chdir(loc->path)){ +- fprintf(stderr,"Error changing directory to %s: %s\n",loc->path,strerror(errno)); +- return -1; +- } +- return 0; +- } +- fprintf(stderr,"Error opening %s: %s\n",loc->path,strerror(errno)); +- return -1; +- } +- return 0; +- } +- return -1; ++ return -1; + } + + /** @brief copies files from source location to destination +@@ -174,155 +256,197 @@ static int open_location(struct location *loc, int flag){ + * @param dest destination location + * @param recursive Copy also directories + */ +-static int do_copy(struct location *src, struct location *dest, int recursive){ +- int size; +- socket_t fd; +- struct stat s; +- int w,r; +- char buffer[16384]; +- int total=0; +- int mode; +- char *filename = NULL; +- /* recursive mode doesn't work yet */ +- (void)recursive; +- /* Get the file name and size*/ +- if(!src->is_ssh){ +- fd = fileno(src->file); +- if (fd < 0) { +- fprintf(stderr, "Invalid file pointer, error: %s\n", strerror(errno)); +- return -1; ++static int do_copy(struct location *src, struct location *dest, int recursive) { ++ int size; ++ socket_t fd; ++ struct stat s; ++ int w, r; ++ char buffer[16384]; ++ int total = 0; ++ int mode; ++ char *filename = NULL; ++ /* recursive mode doesn't work yet */ ++ (void)recursive; ++ /* Get the file name and size*/ ++ if (!src->is_ssh) { ++ fd = fileno(src->file); ++ if (fd < 0) { ++ fprintf(stderr, ++ "Invalid file pointer, error: %s\n", ++ strerror(errno)); ++ return -1; ++ } ++ r = fstat(fd, &s); ++ if (r < 0) { ++ return -1; ++ } ++ size = s.st_size; ++ mode = s.st_mode & ~S_IFMT; ++ filename = ssh_basename(src->path); ++ } else { ++ size = 0; ++ do { ++ r = ssh_scp_pull_request(src->scp); ++ if (r == SSH_SCP_REQUEST_NEWDIR) { ++ ssh_scp_deny_request(src->scp, "Not in recursive mode"); ++ continue; ++ } ++ if (r == SSH_SCP_REQUEST_NEWFILE) { ++ size = ssh_scp_request_get_size(src->scp); ++ filename = strdup(ssh_scp_request_get_filename(src->scp)); ++ mode = ssh_scp_request_get_permissions(src->scp); ++ //ssh_scp_accept_request(src->scp); ++ break; ++ } ++ if (r == SSH_ERROR) { ++ fprintf(stderr, ++ "Error: %s\n", ++ ssh_get_error(src->session)); ++ ssh_string_free_char(filename); ++ return -1; ++ } ++ } while(r != SSH_SCP_REQUEST_NEWFILE); + } +- r = fstat(fd, &s); +- if (r < 0) { +- return -1; ++ ++ if (dest->is_ssh) { ++ r = ssh_scp_push_file(dest->scp, src->path, size, mode); ++ // snprintf(buffer, sizeof(buffer), "C0644 %d %s\n", size, src->path); ++ if (r == SSH_ERROR) { ++ fprintf(stderr, ++ "error: %s\n", ++ ssh_get_error(dest->session)); ++ ssh_string_free_char(filename); ++ ssh_scp_free(dest->scp); ++ dest->scp = NULL; ++ return -1; ++ } ++ } else { ++ if (!dest->file) { ++ dest->file = fopen(filename, "w"); ++ if (!dest->file) { ++ fprintf(stderr, ++ "Cannot open %s for writing: %s\n", ++ filename, strerror(errno)); ++ if (src->is_ssh) { ++ ssh_scp_deny_request(src->scp, "Cannot open local file"); ++ } ++ ssh_string_free_char(filename); ++ return -1; ++ } ++ } ++ if (src->is_ssh) { ++ ssh_scp_accept_request(src->scp); ++ } + } +- size=s.st_size; +- mode = s.st_mode & ~S_IFMT; +- filename=ssh_basename(src->path); +- } else { +- size=0; ++ + do { +- r=ssh_scp_pull_request(src->scp); +- if(r==SSH_SCP_REQUEST_NEWDIR){ +- ssh_scp_deny_request(src->scp,"Not in recursive mode"); +- continue; +- } +- if(r==SSH_SCP_REQUEST_NEWFILE){ +- size=ssh_scp_request_get_size(src->scp); +- filename=strdup(ssh_scp_request_get_filename(src->scp)); +- mode=ssh_scp_request_get_permissions(src->scp); +- //ssh_scp_accept_request(src->scp); +- break; +- } +- if(r==SSH_ERROR){ +- fprintf(stderr,"Error: %s\n",ssh_get_error(src->session)); ++ if (src->is_ssh) { ++ r = ssh_scp_read(src->scp, buffer, sizeof(buffer)); ++ if (r == SSH_ERROR) { ++ fprintf(stderr, ++ "Error reading scp: %s\n", ++ ssh_get_error(src->session)); ++ ssh_string_free_char(filename); ++ return -1; ++ } ++ ++ if (r == 0) { ++ break; ++ } ++ } else { ++ r = fread(buffer, 1, sizeof(buffer), src->file); ++ if (r == 0) { ++ break; ++ } ++ ++ if (r < 0) { ++ fprintf(stderr, ++ "Error reading file: %s\n", ++ strerror(errno)); ++ ssh_string_free_char(filename); ++ return -1; ++ } ++ } ++ ++ if (dest->is_ssh) { ++ w = ssh_scp_write(dest->scp, buffer, r); ++ if (w == SSH_ERROR) { ++ fprintf(stderr, ++ "Error writing in scp: %s\n", ++ ssh_get_error(dest->session)); ++ ssh_scp_free(dest->scp); ++ dest->scp = NULL; ++ ssh_string_free_char(filename); ++ return -1; ++ } ++ } else { ++ w = fwrite(buffer, r, 1, dest->file); ++ if (w <= 0) { ++ fprintf(stderr, ++ "Error writing in local file: %s\n", ++ strerror(errno)); + ssh_string_free_char(filename); +- return -1; +- } +- } while(r != SSH_SCP_REQUEST_NEWFILE); +- } +- +- if(dest->is_ssh){ +- r=ssh_scp_push_file(dest->scp,src->path, size, mode); +- // snprintf(buffer,sizeof(buffer),"C0644 %d %s\n",size,src->path); +- if(r==SSH_ERROR){ +- fprintf(stderr,"error: %s\n",ssh_get_error(dest->session)); +- ssh_string_free_char(filename); +- ssh_scp_free(dest->scp); +- dest->scp = NULL; +- return -1; +- } +- } else { +- if(!dest->file){ +- dest->file=fopen(filename,"w"); +- if(!dest->file){ +- fprintf(stderr,"Cannot open %s for writing: %s\n",filename,strerror(errno)); +- if(src->is_ssh) +- ssh_scp_deny_request(src->scp,"Cannot open local file"); +- ssh_string_free_char(filename); +- return -1; +- } +- } +- if(src->is_ssh){ +- ssh_scp_accept_request(src->scp); +- } +- } +- do { +- if(src->is_ssh){ +- r=ssh_scp_read(src->scp,buffer,sizeof(buffer)); +- if(r==SSH_ERROR){ +- fprintf(stderr,"Error reading scp: %s\n",ssh_get_error(src->session)); +- ssh_string_free_char(filename); +- return -1; +- } +- if(r==0) +- break; +- } else { +- r=fread(buffer,1,sizeof(buffer),src->file); +- if(r==0) +- break; +- if(r<0){ +- fprintf(stderr,"Error reading file: %s\n",strerror(errno)); +- ssh_string_free_char(filename); +- return -1; +- } +- } +- if(dest->is_ssh){ +- w=ssh_scp_write(dest->scp,buffer,r); +- if(w == SSH_ERROR){ +- fprintf(stderr,"Error writing in scp: %s\n",ssh_get_error(dest->session)); +- ssh_scp_free(dest->scp); +- dest->scp=NULL; +- ssh_string_free_char(filename); +- return -1; +- } +- } else { +- w=fwrite(buffer,r,1,dest->file); +- if(w<=0){ +- fprintf(stderr,"Error writing in local file: %s\n",strerror(errno)); +- ssh_string_free_char(filename); +- return -1; +- } +- } +- total+=r; +- +- } while(total < size); +- ssh_string_free_char(filename); +- printf("wrote %d bytes\n",total); +- return 0; ++ return -1; ++ } ++ } ++ total += r; ++ ++ } while(total < size); ++ ++ ssh_string_free_char(filename); ++ printf("wrote %d bytes\n", total); ++ return 0; + } + +-int main(int argc, char **argv){ +- struct location *dest, *src; +- int i; +- int r; +- if(opts(argc,argv)<0) +- return EXIT_FAILURE; +- dest=parse_location(destination); +- if(open_location(dest,WRITE)<0) +- return EXIT_FAILURE; +- for(i=0;iis_ssh && dest->scp != NULL) { +- r=ssh_scp_close(dest->scp); +- if(r == SSH_ERROR){ +- fprintf(stderr,"Error closing scp: %s\n",ssh_get_error(dest->session)); +- ssh_scp_free(dest->scp); +- dest->scp=NULL; +- return -1; +- } +- } else { +- fclose(dest->file); +- dest->file=NULL; +- } +- ssh_disconnect(dest->session); +- ssh_finalize(); +- return 0; ++ ++ for (i = 0; i < nsources; ++i) { ++ src = parse_location(sources[i]); ++ if (src == NULL) { ++ r = EXIT_FAILURE; ++ goto close_dest; ++ } ++ ++ if (open_location(src, READ) < 0) { ++ location_free(src); ++ r = EXIT_FAILURE; ++ goto close_dest; ++ } ++ ++ if (do_copy(src, dest, 0) < 0) { ++ close_location(src); ++ location_free(src); ++ break; ++ } ++ ++ close_location(src); ++ location_free(src); ++ } ++ ++ r = 0; ++ ++close_dest: ++ close_location(dest); ++ location_free(dest); ++end: ++ return r; + } +diff --git a/include/libssh/libssh.h b/include/libssh/libssh.h +index a83bd8a2..a5d046f0 100644 +--- a/include/libssh/libssh.h ++++ b/include/libssh/libssh.h +@@ -630,6 +630,8 @@ typedef int (*ssh_auth_callback) (const char *prompt, char *buf, size_t len, + int echo, int verify, void *userdata); + + LIBSSH_API ssh_key ssh_key_new(void); ++#define SSH_KEY_FREE(x) \ ++ do { if ((x) != NULL) { ssh_key_free(x); x = NULL; } } while(0) + LIBSSH_API void ssh_key_free (ssh_key key); + LIBSSH_API enum ssh_keytypes_e ssh_key_type(const ssh_key key); + LIBSSH_API const char *ssh_key_type_to_char(enum ssh_keytypes_e type); +diff --git a/src/messages.c b/src/messages.c +index 9ddfe15c..8733875c 100644 +--- a/src/messages.c ++++ b/src/messages.c +@@ -430,6 +430,13 @@ void ssh_message_queue(ssh_session session, ssh_message message){ + } + if (session->ssh_message_list != NULL) { + ssh_list_append(session->ssh_message_list, message); ++ } else { ++ /* If the message list couldn't be allocated, the message can't be ++ * enqueued */ ++ ssh_message_reply_default(message); ++ ssh_set_error_oom(session); ++ ssh_message_free(message); ++ return; + } + } + } +diff --git a/tests/client/torture_auth.c b/tests/client/torture_auth.c +index df7f2714..5f4a4ed8 100644 +--- a/tests/client/torture_auth.c ++++ b/tests/client/torture_auth.c +@@ -534,8 +534,8 @@ static void torture_auth_cert(void **state) { + rc = ssh_userauth_publickey(session, NULL, privkey); + assert_int_equal(rc, SSH_AUTH_SUCCESS); + +- ssh_key_free(privkey); +- ssh_key_free(cert); ++ SSH_KEY_FREE(privkey); ++ SSH_KEY_FREE(cert); + } + + static void torture_auth_agent_cert(void **state) { +diff --git a/tests/unittests/torture_buffer.c b/tests/unittests/torture_buffer.c +index 4d29a2a5..f5cb8f65 100644 +--- a/tests/unittests/torture_buffer.c ++++ b/tests/unittests/torture_buffer.c +@@ -22,7 +22,7 @@ static int setup(void **state) { + } + + static int teardown(void **state) { +- ssh_buffer_free(*state); ++ SSH_BUFFER_FREE(*state); + + return 0; + } +@@ -125,9 +125,9 @@ static void torture_ssh_buffer_get_ssh_string(void **state) { + for(l=0;lopts.wanted_methods[SSH_KEX], KEXALGORITHMS); + +@@ -223,14 +223,14 @@ static void torture_config_glob(void **state) { + assert_non_null(v); + + assert_string_equal(v, PROXYCMD); +- ssh_string_free_char(v); ++ SSH_STRING_FREE_CHAR(v); + + ret = ssh_options_get(session, SSH_OPTIONS_IDENTITY, &v); + assert_true(ret == 0); + assert_non_null(v); + + assert_string_equal(v, ID_FILE); +- ssh_string_free_char(v); ++ SSH_STRING_FREE_CHAR(v); + #endif /* HAVE_GLOB */ + } + +diff --git a/tests/unittests/torture_hashes.c b/tests/unittests/torture_hashes.c +index 104aa7c9..59e23d28 100644 +--- a/tests/unittests/torture_hashes.c ++++ b/tests/unittests/torture_hashes.c +@@ -41,88 +41,91 @@ static int setup_rsa_key(void **state) + + static int teardown(void **state) + { +- ssh_key_free(*state); ++ SSH_KEY_FREE(*state); + return 0; + } + + static void torture_md5_hash(void **state) + { + ssh_key pubkey = *state; +- unsigned char *hash = NULL; ++ char *hash = NULL; + char *hexa = NULL; + size_t hlen; + int rc = 0; + +- rc = ssh_get_publickey_hash(pubkey, SSH_PUBLICKEY_HASH_MD5, &hash, &hlen); ++ rc = ssh_get_publickey_hash(pubkey, SSH_PUBLICKEY_HASH_MD5, ++ (unsigned char **)&hash, &hlen); + assert_true(rc == 0); + +- hexa = ssh_get_hexa(hash, hlen); +- ssh_string_free_char((char *)hash); ++ hexa = ssh_get_hexa((unsigned char *)hash, hlen); ++ SSH_STRING_FREE_CHAR(hash); + assert_string_equal(hexa, + "50:15:a0:9b:92:bf:33:1c:01:c5:8c:fe:18:fa:ce:78"); + +- ssh_string_free_char(hexa); ++ SSH_STRING_FREE_CHAR(hexa); + } + + static void torture_sha1_hash(void **state) + { + ssh_key pubkey = *state; +- unsigned char *hash = NULL; ++ char *hash = NULL; + char *sha1 = NULL; + int rc = 0; + size_t hlen; + +- rc = ssh_get_publickey_hash(pubkey, SSH_PUBLICKEY_HASH_SHA1, &hash, &hlen); ++ rc = ssh_get_publickey_hash(pubkey, SSH_PUBLICKEY_HASH_SHA1, ++ (unsigned char **)&hash, &hlen); + assert_true(rc == 0); + +- sha1 = ssh_get_b64_unpadded(hash, hlen); +- ssh_string_free_char((char *)hash); ++ sha1 = ssh_get_b64_unpadded((unsigned char *)hash, hlen); ++ SSH_STRING_FREE_CHAR(hash); + assert_string_equal(sha1, "6wP+houujQmxLBiFugTcoeoODCM"); + +- ssh_string_free_char(sha1); ++ SSH_STRING_FREE_CHAR(sha1); + } + + static void torture_sha256_hash(void **state) + { + ssh_key pubkey = *state; +- unsigned char *hash = NULL; ++ char *hash = NULL; + char *sha256 = NULL; + int rc = 0; + size_t hlen; + +- rc = ssh_get_publickey_hash(pubkey, SSH_PUBLICKEY_HASH_SHA256, &hash, &hlen); ++ rc = ssh_get_publickey_hash(pubkey, SSH_PUBLICKEY_HASH_SHA256, ++ (unsigned char **)&hash, &hlen); + assert_true(rc == 0); + +- sha256 = ssh_get_b64_unpadded(hash, hlen); +- ssh_string_free_char((char *)hash); ++ sha256 = ssh_get_b64_unpadded((unsigned char *)hash, hlen); ++ SSH_STRING_FREE_CHAR(hash); + assert_string_equal(sha256, "jXstVLLe84fSDo1kEYGn6iumnPCSorhaiWxnJz8VTII"); + +- ssh_string_free_char(sha256); ++ SSH_STRING_FREE_CHAR(sha256); + + } + + static void torture_sha256_fingerprint(void **state) + { + ssh_key pubkey = *state; +- unsigned char *hash = NULL; ++ char *hash = NULL; + char *sha256 = NULL; + int rc = 0; + size_t hlen; + + rc = ssh_get_publickey_hash(pubkey, + SSH_PUBLICKEY_HASH_SHA256, +- &hash, ++ (unsigned char **)&hash, + &hlen); + assert_true(rc == 0); + + sha256 = ssh_get_fingerprint_hash(SSH_PUBLICKEY_HASH_SHA256, +- hash, ++ (unsigned char *)hash, + hlen); +- ssh_string_free_char(discard_const(hash)); ++ SSH_STRING_FREE_CHAR(hash); + assert_string_equal(sha256, + "SHA256:jXstVLLe84fSDo1kEYGn6iumnPCSorhaiWxnJz8VTII"); + +- ssh_string_free_char(sha256); ++ SSH_STRING_FREE_CHAR(sha256); + } + + int torture_run_tests(void) { +diff --git a/tests/unittests/torture_keyfiles.c b/tests/unittests/torture_keyfiles.c +index de924f00..59a4f5ee 100644 +--- a/tests/unittests/torture_keyfiles.c ++++ b/tests/unittests/torture_keyfiles.c +@@ -111,7 +111,7 @@ static void torture_pubkey_from_file(void **state) { + + assert_true(rc == 0); + +- ssh_string_free(pubkey); ++ SSH_STRING_FREE(pubkey); + + /* test if it returns 1 if pubkey doesn't exist */ + unlink(LIBSSH_RSA_TESTKEY ".pub"); +@@ -119,11 +119,17 @@ static void torture_pubkey_from_file(void **state) { + rc = ssh_try_publickey_from_file(session, LIBSSH_RSA_TESTKEY, &pubkey, &type); + assert_true(rc == 1); + ++ /* This free is unnecessary, but the static analyser does not know */ ++ SSH_STRING_FREE(pubkey); ++ + /* test if it returns -1 if privkey doesn't exist */ + unlink(LIBSSH_RSA_TESTKEY); + + rc = ssh_try_publickey_from_file(session, LIBSSH_RSA_TESTKEY, &pubkey, &type); + assert_true(rc == -1); ++ ++ /* This free is unnecessary, but the static analyser does not know */ ++ SSH_STRING_FREE(pubkey); + } + + static int torture_read_one_line(const char *filename, char *buffer, size_t len) { +@@ -210,8 +216,8 @@ static void torture_pubkey_generate_from_privkey(void **state) { + + assert_string_equal(pubkey_line_orig, pubkey_line_new); + +- ssh_string_free(pubkey_orig); +- ssh_string_free(pubkey_new); ++ SSH_STRING_FREE(pubkey_orig); ++ SSH_STRING_FREE(pubkey_new); + } + + /** +diff --git a/tests/unittests/torture_options.c b/tests/unittests/torture_options.c +index d9cd6e2a..7addce76 100644 +--- a/tests/unittests/torture_options.c ++++ b/tests/unittests/torture_options.c +@@ -560,7 +560,7 @@ static void torture_bind_options_import_key(void **state) + /* set invalid key */ + rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_IMPORT_KEY, key); + assert_int_equal(rc, -1); +- ssh_key_free(key); ++ SSH_KEY_FREE(key); + + /* set rsa key */ + base64_key = torture_get_testkey(SSH_KEYTYPE_RSA, 0, 0); +diff --git a/tests/unittests/torture_pki_dsa.c b/tests/unittests/torture_pki_dsa.c +index e8d03904..41ab9063 100644 +--- a/tests/unittests/torture_pki_dsa.c ++++ b/tests/unittests/torture_pki_dsa.c +@@ -82,7 +82,7 @@ static void torture_pki_dsa_import_pubkey_file(void **state) + assert_return_code(rc, errno); + assert_non_null(pubkey); + +- ssh_key_free(pubkey); ++ SSH_KEY_FREE(pubkey); + } + + static void torture_pki_dsa_import_pubkey_from_openssh_privkey(void **state) +@@ -97,7 +97,7 @@ static void torture_pki_dsa_import_pubkey_from_openssh_privkey(void **state) + assert_return_code(rc, errno); + assert_non_null(pubkey); + +- ssh_key_free(pubkey); ++ SSH_KEY_FREE(pubkey); + } + + static void torture_pki_dsa_import_privkey_base64(void **state) +@@ -115,7 +115,7 @@ static void torture_pki_dsa_import_privkey_base64(void **state) + &key); + assert_true(rc == 0); + +- ssh_key_free(key); ++ SSH_KEY_FREE(key); + } + + #ifdef HAVE_LIBCRYPTO +@@ -154,8 +154,8 @@ static void torture_pki_dsa_write_privkey(void **state) + rc = ssh_key_cmp(origkey, privkey, SSH_KEY_CMP_PRIVATE); + assert_true(rc == 0); + +- ssh_key_free(origkey); +- ssh_key_free(privkey); ++ SSH_KEY_FREE(origkey); ++ SSH_KEY_FREE(privkey); + + /* Test with passphrase */ + rc = ssh_pki_import_privkey_file(LIBSSH_DSA_TESTKEY_PASSPHRASE, +@@ -192,8 +192,8 @@ static void torture_pki_dsa_write_privkey(void **state) + rc = ssh_key_cmp(origkey, privkey, SSH_KEY_CMP_PRIVATE); + assert_true(rc == 0); + +- ssh_key_free(origkey); +- ssh_key_free(privkey); ++ SSH_KEY_FREE(origkey); ++ SSH_KEY_FREE(privkey); + } + #endif + +@@ -215,8 +215,7 @@ static void torture_pki_dsa_import_privkey_base64_passphrase(void **state) + rc = ssh_key_is_private(key); + assert_true(rc == 1); + +- ssh_key_free(key); +- key = NULL; ++ SSH_KEY_FREE(key); + + /* test if it returns -1 if passphrase is wrong */ + rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_DSS, 0, 1), +@@ -247,8 +246,7 @@ static void torture_pki_dsa_import_privkey_base64_passphrase(void **state) + rc = ssh_key_is_private(key); + assert_true(rc == 1); + +- ssh_key_free(key); +- key = NULL; ++ SSH_KEY_FREE(key); + + /* test if it returns -1 if passphrase is wrong */ + rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_DSS, 0, 1), +@@ -259,7 +257,7 @@ static void torture_pki_dsa_import_privkey_base64_passphrase(void **state) + assert_true(rc == -1); + + /* This free in unnecessary, but the static analyser does not know */ +- ssh_key_free(key); ++ SSH_KEY_FREE(key); + + #ifndef HAVE_LIBCRYPTO + /* test if it returns -1 if passphrase is NULL */ +@@ -272,7 +270,7 @@ static void torture_pki_dsa_import_privkey_base64_passphrase(void **state) + assert_true(rc == -1); + + /* This free in unnecessary, but the static analyser does not know */ +- ssh_key_free(key); ++ SSH_KEY_FREE(key); + #endif /* HAVE_LIBCRYPTO */ + } + +@@ -299,8 +297,7 @@ torture_pki_dsa_import_openssh_privkey_base64_passphrase(void **state) + rc = ssh_key_is_private(key); + assert_true(rc == 1); + +- ssh_key_free(key); +- key = NULL; ++ SSH_KEY_FREE(key); + + /* test if it returns -1 if passphrase is wrong */ + rc = ssh_pki_import_privkey_base64(keystring, +@@ -328,8 +325,7 @@ torture_pki_dsa_import_openssh_privkey_base64_passphrase(void **state) + rc = ssh_key_is_private(key); + assert_true(rc == 1); + +- ssh_key_free(key); +- key = NULL; ++ SSH_KEY_FREE(key); + + /* test if it returns -1 if passphrase is wrong */ + rc = ssh_pki_import_privkey_base64(keystring, +@@ -339,6 +335,9 @@ torture_pki_dsa_import_openssh_privkey_base64_passphrase(void **state) + &key); + assert_true(rc == -1); + ++ /* This free is unnecessary, but the static analyser does not know */ ++ SSH_KEY_FREE(key); ++ + /* test if it returns -1 if passphrase is NULL */ + rc = ssh_pki_import_privkey_base64(keystring, + NULL, +@@ -346,6 +345,9 @@ torture_pki_dsa_import_openssh_privkey_base64_passphrase(void **state) + NULL, + &key); + assert_true(rc == -1); ++ ++ /* This free is unnecessary, but the static analyser does not know */ ++ SSH_KEY_FREE(key); + } + + +@@ -371,8 +373,8 @@ static void torture_pki_dsa_publickey_from_privatekey(void **state) + rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey); + assert_true(rc == SSH_OK); + +- ssh_key_free(key); +- ssh_key_free(pubkey); ++ SSH_KEY_FREE(key); ++ SSH_KEY_FREE(pubkey); + } + + static void torture_pki_dsa_import_cert_file(void **state) +@@ -392,7 +394,7 @@ static void torture_pki_dsa_import_cert_file(void **state) + rc = ssh_key_is_public(cert); + assert_true(rc == 1); + +- ssh_key_free(cert); ++ SSH_KEY_FREE(cert); + } + + static void torture_pki_dsa_publickey_base64(void **state) +@@ -443,7 +445,7 @@ static void torture_pki_dsa_publickey_base64(void **state) + + free(b64_key); + free(key_buf); +- ssh_key_free(key); ++ SSH_KEY_FREE(key); + } + + static void torture_pki_dsa_generate_pubkey_from_privkey(void **state) +@@ -482,8 +484,8 @@ static void torture_pki_dsa_generate_pubkey_from_privkey(void **state) + pubkey_generated, + len); + +- ssh_key_free(privkey); +- ssh_key_free(pubkey); ++ SSH_KEY_FREE(privkey); ++ SSH_KEY_FREE(pubkey); + } + + static void torture_pki_dsa_duplicate_key(void **state) +@@ -503,7 +505,7 @@ static void torture_pki_dsa_duplicate_key(void **state) + + rc = ssh_pki_export_pubkey_base64(pubkey, &b64_key); + assert_true(rc == 0); +- ssh_key_free(pubkey); ++ SSH_KEY_FREE(pubkey); + + rc = ssh_pki_import_privkey_file(LIBSSH_DSA_TESTKEY, + NULL, +@@ -530,11 +532,11 @@ static void torture_pki_dsa_duplicate_key(void **state) + rc = ssh_key_cmp(privkey, privkey_dup, SSH_KEY_CMP_PRIVATE); + assert_true(rc == 0); + +- ssh_key_free(pubkey); +- ssh_key_free(privkey); +- ssh_key_free(privkey_dup); +- ssh_string_free_char(b64_key); +- ssh_string_free_char(b64_key_gen); ++ SSH_KEY_FREE(pubkey); ++ SSH_KEY_FREE(privkey); ++ SSH_KEY_FREE(privkey_dup); ++ SSH_STRING_FREE_CHAR(b64_key); ++ SSH_STRING_FREE_CHAR(b64_key_gen); + } + + static void torture_pki_dsa_generate_key(void **state) +@@ -553,8 +555,7 @@ static void torture_pki_dsa_generate_key(void **state) + rc = pki_signature_verify(session,sign,key,DSA_HASH,20); + assert_true(rc == SSH_OK); + ssh_signature_free(sign); +- ssh_key_free(key); +- key=NULL; ++ SSH_KEY_FREE(key); + + rc = ssh_pki_generate(SSH_KEYTYPE_DSS, 2048, &key); + assert_true(rc == SSH_OK); +@@ -564,8 +565,7 @@ static void torture_pki_dsa_generate_key(void **state) + rc = pki_signature_verify(session,sign,key,DSA_HASH,20); + assert_true(rc == SSH_OK); + ssh_signature_free(sign); +- ssh_key_free(key); +- key=NULL; ++ SSH_KEY_FREE(key); + + rc = ssh_pki_generate(SSH_KEYTYPE_DSS, 3072, &key); + assert_true(rc == SSH_OK); +@@ -575,8 +575,7 @@ static void torture_pki_dsa_generate_key(void **state) + rc = pki_signature_verify(session,sign,key,DSA_HASH,20); + assert_true(rc == SSH_OK); + ssh_signature_free(sign); +- ssh_key_free(key); +- key=NULL; ++ SSH_KEY_FREE(key); + + ssh_free(session); + } +diff --git a/tests/unittests/torture_pki_ecdsa.c b/tests/unittests/torture_pki_ecdsa.c +index 497c7379..7ef354f7 100644 +--- a/tests/unittests/torture_pki_ecdsa.c ++++ b/tests/unittests/torture_pki_ecdsa.c +@@ -121,7 +121,7 @@ static void torture_pki_ecdsa_import_pubkey_file(void **state) + assert_return_code(rc, errno); + assert_non_null(pubkey); + +- ssh_key_free(pubkey); ++ SSH_KEY_FREE(pubkey); + } + + static void torture_pki_ecdsa_import_pubkey_from_openssh_privkey(void **state) +@@ -136,7 +136,7 @@ static void torture_pki_ecdsa_import_pubkey_from_openssh_privkey(void **state) + assert_return_code(rc, errno); + assert_non_null(pubkey); + +- ssh_key_free(pubkey); ++ SSH_KEY_FREE(pubkey); + } + + static void torture_pki_ecdsa_import_privkey_base64(void **state) +@@ -158,7 +158,7 @@ static void torture_pki_ecdsa_import_privkey_base64(void **state) + assert_true(rc == 1); + + free(key_str); +- ssh_key_free(key); ++ SSH_KEY_FREE(key); + } + + static void torture_pki_ecdsa_publickey_from_privatekey(void **state) +@@ -181,8 +181,8 @@ static void torture_pki_ecdsa_publickey_from_privatekey(void **state) + assert_true(rc == SSH_OK); + + free(key_str); +- ssh_key_free(key); +- ssh_key_free(pubkey); ++ SSH_KEY_FREE(key); ++ SSH_KEY_FREE(pubkey); + } + + static void torture_pki_ecdsa_publickey_base64(void **state) +@@ -219,7 +219,7 @@ static void torture_pki_ecdsa_publickey_base64(void **state) + + free(b64_key); + free(key_buf); +- ssh_key_free(key); ++ SSH_KEY_FREE(key); + } + + static void torture_pki_ecdsa_generate_pubkey_from_privkey(void **state) +@@ -261,8 +261,8 @@ static void torture_pki_ecdsa_generate_pubkey_from_privkey(void **state) + len = torture_pubkey_len(pubkey_original); + assert_int_equal(strncmp(pubkey_original, pubkey_generated, len), 0); + +- ssh_key_free(privkey); +- ssh_key_free(pubkey); ++ SSH_KEY_FREE(privkey); ++ SSH_KEY_FREE(pubkey); + } + + static void torture_pki_ecdsa_duplicate_key(void **state) +@@ -281,7 +281,7 @@ static void torture_pki_ecdsa_duplicate_key(void **state) + + rc = ssh_pki_export_pubkey_base64(pubkey, &b64_key); + assert_true(rc == 0); +- ssh_key_free(pubkey); ++ SSH_KEY_FREE(pubkey); + + rc = ssh_pki_import_privkey_file(LIBSSH_ECDSA_TESTKEY, + NULL, +@@ -307,11 +307,11 @@ static void torture_pki_ecdsa_duplicate_key(void **state) + rc = ssh_key_cmp(privkey, privkey_dup, SSH_KEY_CMP_PRIVATE); + assert_true(rc == 0); + +- ssh_key_free(pubkey); +- ssh_key_free(privkey); +- ssh_key_free(privkey_dup); +- ssh_string_free_char(b64_key); +- ssh_string_free_char(b64_key_gen); ++ SSH_KEY_FREE(pubkey); ++ SSH_KEY_FREE(privkey); ++ SSH_KEY_FREE(privkey_dup); ++ SSH_STRING_FREE_CHAR(b64_key); ++ SSH_STRING_FREE_CHAR(b64_key_gen); + } + + /* Test case for bug #147: Private ECDSA key duplication did not carry +@@ -342,9 +342,9 @@ static void torture_pki_ecdsa_duplicate_then_demote(void **state) + assert_true(rc == 0); + assert_int_equal(pubkey->ecdsa_nid, privkey->ecdsa_nid); + +- ssh_key_free(pubkey); +- ssh_key_free(privkey); +- ssh_key_free(privkey_dup); ++ SSH_KEY_FREE(pubkey); ++ SSH_KEY_FREE(privkey); ++ SSH_KEY_FREE(privkey_dup); + } + + static void torture_pki_generate_key_ecdsa(void **state) +@@ -373,8 +373,7 @@ static void torture_pki_generate_key_ecdsa(void **state) + assert_true(strcmp(etype_char, "ecdsa-sha2-nistp256") == 0); + + ssh_signature_free(sign); +- ssh_key_free(key); +- key=NULL; ++ SSH_KEY_FREE(key); + + rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA, 384, &key); + assert_true(rc == SSH_OK); +@@ -391,8 +390,7 @@ static void torture_pki_generate_key_ecdsa(void **state) + assert_true(strcmp(etype_char, "ecdsa-sha2-nistp384") == 0); + + ssh_signature_free(sign); +- ssh_key_free(key); +- key=NULL; ++ SSH_KEY_FREE(key); + + rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA, 512, &key); + assert_true(rc == SSH_OK); +@@ -409,8 +407,7 @@ static void torture_pki_generate_key_ecdsa(void **state) + assert_true(strcmp(etype_char, "ecdsa-sha2-nistp521") == 0); + + ssh_signature_free(sign); +- ssh_key_free(key); +- key=NULL; ++ SSH_KEY_FREE(key); + + ssh_free(session); + } +@@ -451,8 +448,8 @@ static void torture_pki_ecdsa_write_privkey(void **state) + rc = ssh_key_cmp(origkey, privkey, SSH_KEY_CMP_PRIVATE); + assert_true(rc == 0); + +- ssh_key_free(origkey); +- ssh_key_free(privkey); ++ SSH_KEY_FREE(origkey); ++ SSH_KEY_FREE(privkey); + + /* Test with passphrase */ + rc = ssh_pki_import_privkey_file(LIBSSH_ECDSA_TESTKEY_PASSPHRASE, +@@ -489,8 +486,8 @@ static void torture_pki_ecdsa_write_privkey(void **state) + rc = ssh_key_cmp(origkey, privkey, SSH_KEY_CMP_PRIVATE); + assert_true(rc == 0); + +- ssh_key_free(origkey); +- ssh_key_free(privkey); ++ SSH_KEY_FREE(origkey); ++ SSH_KEY_FREE(privkey); + } + #endif /* HAVE_LIBCRYPTO */ + +@@ -508,7 +505,7 @@ static void torture_pki_ecdsa_name(void **state, const char *expected_name) + etype_char =ssh_pki_key_ecdsa_name(key); + assert_true(strcmp(etype_char, expected_name) == 0); + +- ssh_key_free(key); ++ SSH_KEY_FREE(key); + } + + static void torture_pki_ecdsa_name256(void **state) +diff --git a/tests/unittests/torture_pki_ed25519.c b/tests/unittests/torture_pki_ed25519.c +index 39012168..a4b147bf 100644 +--- a/tests/unittests/torture_pki_ed25519.c ++++ b/tests/unittests/torture_pki_ed25519.c +@@ -62,7 +62,7 @@ static void torture_pki_ed25519_import_pubkey_file(void **state) + assert_return_code(rc, errno); + assert_non_null(pubkey); + +- ssh_key_free(pubkey); ++ SSH_KEY_FREE(pubkey); + } + + static void torture_pki_ed25519_import_pubkey_from_openssh_privkey(void **state) +@@ -77,7 +77,7 @@ static void torture_pki_ed25519_import_pubkey_from_openssh_privkey(void **state) + assert_return_code(rc, errno); + assert_non_null(pubkey); + +- ssh_key_free(pubkey); ++ SSH_KEY_FREE(pubkey); + } + + static void torture_pki_ed25519_import_privkey_base64(void **state) +@@ -106,7 +106,7 @@ static void torture_pki_ed25519_import_privkey_base64(void **state) + assert_true(rc == 1); + + free(key_str); +- ssh_key_free(key); ++ SSH_KEY_FREE(key); + + } + +@@ -141,7 +141,7 @@ static void torture_pki_ed25519_import_export_privkey_base64(void **state) + NULL, + &b64_key); + assert_return_code(rc, errno); +- ssh_key_free(key); ++ SSH_KEY_FREE(key); + + rc = ssh_pki_import_privkey_base64(b64_key, + passphrase, +@@ -157,7 +157,7 @@ static void torture_pki_ed25519_import_export_privkey_base64(void **state) + assert_true(rc == 1); + + SSH_STRING_FREE_CHAR(b64_key); +- ssh_key_free(key); ++ SSH_KEY_FREE(key); + } + + static void torture_pki_ed25519_publickey_from_privatekey(void **state) +@@ -184,8 +184,8 @@ static void torture_pki_ed25519_publickey_from_privatekey(void **state) + rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey); + assert_true(rc == SSH_OK); + +- ssh_key_free(key); +- ssh_key_free(pubkey); ++ SSH_KEY_FREE(key); ++ SSH_KEY_FREE(pubkey); + } + + static void torture_pki_ed25519_publickey_base64(void **state) +@@ -222,7 +222,7 @@ static void torture_pki_ed25519_publickey_base64(void **state) + + free(b64_key); + free(key_buf); +- ssh_key_free(key); ++ SSH_KEY_FREE(key); + } + + static void torture_pki_ed25519_generate_pubkey_from_privkey(void **state) +@@ -261,8 +261,8 @@ static void torture_pki_ed25519_generate_pubkey_from_privkey(void **state) + pubkey_generated, + len); + +- ssh_key_free(privkey); +- ssh_key_free(pubkey); ++ SSH_KEY_FREE(privkey); ++ SSH_KEY_FREE(pubkey); + } + + static void torture_pki_ed25519_generate_key(void **state) +@@ -293,8 +293,7 @@ static void torture_pki_ed25519_generate_key(void **state) + assert_true(rc == SSH_ERROR); + + ssh_signature_free(sign); +- ssh_key_free(key); +- key=NULL; ++ SSH_KEY_FREE(key); + + ssh_free(session); + } +@@ -336,7 +335,7 @@ static void torture_pki_ed25519_write_privkey(void **state) + assert_true(rc == 0); + + unlink(LIBSSH_ED25519_TESTKEY); +- ssh_key_free(privkey); ++ SSH_KEY_FREE(privkey); + /* do the same with passphrase */ + rc = ssh_pki_export_privkey_file(origkey, + torture_get_testkey_passphrase(), +@@ -365,8 +364,8 @@ static void torture_pki_ed25519_write_privkey(void **state) + assert_true(rc == 0); + unlink(LIBSSH_ED25519_TESTKEY); + +- ssh_key_free(origkey); +- ssh_key_free(privkey); ++ SSH_KEY_FREE(origkey); ++ SSH_KEY_FREE(privkey); + + /* Test with passphrase */ + rc = ssh_pki_import_privkey_file(LIBSSH_ED25519_TESTKEY_PASSPHRASE, +@@ -404,8 +403,8 @@ static void torture_pki_ed25519_write_privkey(void **state) + rc = ssh_key_cmp(origkey, privkey, SSH_KEY_CMP_PRIVATE); + assert_true(rc == 0); + +- ssh_key_free(origkey); +- ssh_key_free(privkey); ++ SSH_KEY_FREE(origkey); ++ SSH_KEY_FREE(privkey); + } + + static void torture_pki_ed25519_sign(void **state) +@@ -441,8 +440,8 @@ static void torture_pki_ed25519_sign(void **state) + assert_memory_equal(ssh_string_data(blob), ref_signature, sizeof(ref_signature)); + /* ssh_print_hexa("signature", ssh_string_data(blob), ssh_string_len(blob)); */ + ssh_signature_free(sig); +- ssh_key_free(privkey); +- ssh_string_free(blob); ++ SSH_KEY_FREE(privkey); ++ SSH_STRING_FREE(blob); + + } + +@@ -473,8 +472,8 @@ static void torture_pki_ed25519_verify(void **state){ + ssh_signature_free(sig); + /* alter signature and expect false result */ + +- ssh_key_free(pubkey); +- ssh_string_free(blob); ++ SSH_KEY_FREE(pubkey); ++ SSH_STRING_FREE(blob); + free(pkey_ptr); + } + +@@ -509,8 +508,8 @@ static void torture_pki_ed25519_verify_bad(void **state){ + ssh_signature_free(sig); + + } +- ssh_key_free(pubkey); +- ssh_string_free(blob); ++ SSH_KEY_FREE(pubkey); ++ SSH_STRING_FREE(blob); + free(pkey_ptr); + } + +@@ -535,8 +534,7 @@ static void torture_pki_ed25519_import_privkey_base64_passphrase(void **state) + rc = ssh_key_is_private(key); + assert_true(rc == 1); + +- ssh_key_free(key); +- key = NULL; ++ SSH_KEY_FREE(key); + + /* test if it returns -1 if passphrase is wrong */ + rc = ssh_pki_import_privkey_base64(testkey, +@@ -545,7 +543,7 @@ static void torture_pki_ed25519_import_privkey_base64_passphrase(void **state) + NULL, + &key); + assert_true(rc == -1); +- ssh_key_free(key); ++ SSH_KEY_FREE(key); + } + + static void torture_pki_ed25519_privkey_dup(void **state) +@@ -572,8 +570,8 @@ static void torture_pki_ed25519_privkey_dup(void **state) + dup = ssh_key_dup(key); + assert_non_null(dup); + +- ssh_key_free(key); +- ssh_key_free(dup); ++ SSH_KEY_FREE(key); ++ SSH_KEY_FREE(dup); + } + + static void torture_pki_ed25519_pubkey_dup(void **state) +@@ -609,8 +607,8 @@ static void torture_pki_ed25519_pubkey_dup(void **state) + assert_true(rc == 1); + + SAFE_FREE(pub_str); +- ssh_key_free(pubkey); +- ssh_key_free(dup); ++ SSH_KEY_FREE(pubkey); ++ SSH_KEY_FREE(dup); + } + + int torture_run_tests(void) { +diff --git a/tests/unittests/torture_pki_rsa.c b/tests/unittests/torture_pki_rsa.c +index 0d5e97fa..15ad6466 100644 +--- a/tests/unittests/torture_pki_rsa.c ++++ b/tests/unittests/torture_pki_rsa.c +@@ -84,7 +84,7 @@ static void torture_pki_rsa_import_pubkey_file(void **state) + assert_return_code(rc, errno); + assert_non_null(pubkey); + +- ssh_key_free(pubkey); ++ SSH_KEY_FREE(pubkey); + } + + static void torture_pki_rsa_import_pubkey_from_openssh_privkey(void **state) +@@ -99,7 +99,7 @@ static void torture_pki_rsa_import_pubkey_from_openssh_privkey(void **state) + assert_return_code(rc, errno); + assert_non_null(pubkey); + +- ssh_key_free(pubkey); ++ SSH_KEY_FREE(pubkey); + } + + static void torture_pki_rsa_import_privkey_base64_NULL_key(void **state) +@@ -131,7 +131,7 @@ static void torture_pki_rsa_import_privkey_base64_NULL_str(void **state) + rc = ssh_pki_import_privkey_base64(NULL, passphrase, NULL, NULL, &key); + assert_true(rc == -1); + +- ssh_key_free(key); ++ SSH_KEY_FREE(key); + } + + static void torture_pki_rsa_import_privkey_base64(void **state) +@@ -160,7 +160,7 @@ static void torture_pki_rsa_import_privkey_base64(void **state) + assert_true(rc == 1); + + free(key_str); +- ssh_key_free(key); ++ SSH_KEY_FREE(key); + } + + static void torture_pki_rsa_publickey_from_privatekey(void **state) +@@ -185,8 +185,8 @@ static void torture_pki_rsa_publickey_from_privatekey(void **state) + rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey); + assert_true(rc == SSH_OK); + +- ssh_key_free(key); +- ssh_key_free(pubkey); ++ SSH_KEY_FREE(key); ++ SSH_KEY_FREE(pubkey); + } + + static void torture_pki_rsa_copy_cert_to_privkey(void **state) +@@ -239,9 +239,9 @@ static void torture_pki_rsa_copy_cert_to_privkey(void **state) + rc = ssh_pki_copy_cert_to_privkey(cert, privkey); + assert_true(rc == SSH_ERROR); + +- ssh_key_free(cert); +- ssh_key_free(privkey); +- ssh_key_free(pubkey); ++ SSH_KEY_FREE(cert); ++ SSH_KEY_FREE(privkey); ++ SSH_KEY_FREE(pubkey); + } + + static void torture_pki_rsa_import_cert_file(void **state) { +@@ -260,7 +260,7 @@ static void torture_pki_rsa_import_cert_file(void **state) { + rc = ssh_key_is_public(cert); + assert_true(rc == 1); + +- ssh_key_free(cert); ++ SSH_KEY_FREE(cert); + } + + static void torture_pki_rsa_publickey_base64(void **state) +@@ -297,7 +297,7 @@ static void torture_pki_rsa_publickey_base64(void **state) + + free(b64_key); + free(key_buf); +- ssh_key_free(key); ++ SSH_KEY_FREE(key); + } + + static void torture_pki_rsa_generate_pubkey_from_privkey(void **state) { +@@ -335,8 +335,8 @@ static void torture_pki_rsa_generate_pubkey_from_privkey(void **state) { + pubkey_generated, + len); + +- ssh_key_free(privkey); +- ssh_key_free(pubkey); ++ SSH_KEY_FREE(privkey); ++ SSH_KEY_FREE(pubkey); + } + + static void torture_pki_rsa_duplicate_key(void **state) +@@ -356,7 +356,7 @@ static void torture_pki_rsa_duplicate_key(void **state) + + rc = ssh_pki_export_pubkey_base64(pubkey, &b64_key); + assert_true(rc == 0); +- ssh_key_free(pubkey); ++ SSH_KEY_FREE(pubkey); + + rc = ssh_pki_import_privkey_file(LIBSSH_RSA_TESTKEY, + NULL, +@@ -382,11 +382,11 @@ static void torture_pki_rsa_duplicate_key(void **state) + rc = ssh_key_cmp(privkey, privkey_dup, SSH_KEY_CMP_PRIVATE); + assert_true(rc == 0); + +- ssh_key_free(pubkey); +- ssh_key_free(privkey); +- ssh_key_free(privkey_dup); +- ssh_string_free_char(b64_key); +- ssh_string_free_char(b64_key_gen); ++ SSH_KEY_FREE(pubkey); ++ SSH_KEY_FREE(privkey); ++ SSH_KEY_FREE(privkey_dup); ++ SSH_STRING_FREE_CHAR(b64_key); ++ SSH_STRING_FREE_CHAR(b64_key_gen); + } + + static void torture_pki_rsa_generate_key(void **state) +@@ -405,7 +405,7 @@ static void torture_pki_rsa_generate_key(void **state) + rc = pki_signature_verify(session,sign,key,RSA_HASH,20); + assert_true(rc == SSH_OK); + ssh_signature_free(sign); +- ssh_key_free(key); ++ SSH_KEY_FREE(key); + key=NULL; + + rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 2048, &key); +@@ -416,7 +416,7 @@ static void torture_pki_rsa_generate_key(void **state) + rc = pki_signature_verify(session,sign,key,RSA_HASH,20); + assert_true(rc == SSH_OK); + ssh_signature_free(sign); +- ssh_key_free(key); ++ SSH_KEY_FREE(key); + key=NULL; + + rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 4096, &key); +@@ -427,7 +427,7 @@ static void torture_pki_rsa_generate_key(void **state) + rc = pki_signature_verify(session,sign,key,RSA_HASH,20); + assert_true(rc == SSH_OK); + ssh_signature_free(sign); +- ssh_key_free(key); ++ SSH_KEY_FREE(key); + key=NULL; + + ssh_free(session); +@@ -477,7 +477,7 @@ static void torture_pki_rsa_sha2(void **state) + ssh_signature_free(sign); + + /* Cleanup */ +- ssh_key_free(key); ++ SSH_KEY_FREE(key); + ssh_free(session); + } + +@@ -518,8 +518,8 @@ static void torture_pki_rsa_write_privkey(void **state) + rc = ssh_key_cmp(origkey, privkey, SSH_KEY_CMP_PRIVATE); + assert_true(rc == 0); + +- ssh_key_free(origkey); +- ssh_key_free(privkey); ++ SSH_KEY_FREE(origkey); ++ SSH_KEY_FREE(privkey); + + /* Test with passphrase */ + rc = ssh_pki_import_privkey_file(LIBSSH_RSA_TESTKEY_PASSPHRASE, +@@ -557,8 +557,8 @@ static void torture_pki_rsa_write_privkey(void **state) + rc = ssh_key_cmp(origkey, privkey, SSH_KEY_CMP_PRIVATE); + assert_true(rc == 0); + +- ssh_key_free(origkey); +- ssh_key_free(privkey); ++ SSH_KEY_FREE(origkey); ++ SSH_KEY_FREE(privkey); + } + #endif /* HAVE_LIBCRYPTO */ + +@@ -581,8 +581,7 @@ static void torture_pki_rsa_import_privkey_base64_passphrase(void **state) + rc = ssh_key_is_private(key); + assert_true(rc == 1); + +- ssh_key_free(key); +- key = NULL; ++ SSH_KEY_FREE(key); + + /* test if it returns -1 if passphrase is wrong */ + rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0, 1), +@@ -591,8 +590,7 @@ static void torture_pki_rsa_import_privkey_base64_passphrase(void **state) + NULL, + &key); + assert_true(rc == -1); +- ssh_key_free(key); +- key = NULL; ++ SSH_KEY_FREE(key); + + #ifndef HAVE_LIBCRYPTO + /* test if it returns -1 if passphrase is NULL */ +@@ -603,8 +601,7 @@ static void torture_pki_rsa_import_privkey_base64_passphrase(void **state) + NULL, + &key); + assert_true(rc == -1); +- ssh_key_free(key); +- key = NULL; ++ SSH_KEY_FREE(key); + #endif + } + +@@ -631,8 +628,7 @@ torture_pki_rsa_import_openssh_privkey_base64_passphrase(void **state) + rc = ssh_key_is_private(key); + assert_true(rc == 1); + +- ssh_key_free(key); +- key = NULL; ++ SSH_KEY_FREE(key); + + /* test if it returns -1 if passphrase is wrong */ + rc = ssh_pki_import_privkey_base64(keystring, +@@ -641,8 +637,7 @@ torture_pki_rsa_import_openssh_privkey_base64_passphrase(void **state) + NULL, + &key); + assert_true(rc == -1); +- ssh_key_free(key); +- key = NULL; ++ SSH_KEY_FREE(key); + + /* test if it returns -1 if passphrase is NULL */ + /* libcrypto asks for a passphrase, so skip this test */ +@@ -652,8 +647,7 @@ torture_pki_rsa_import_openssh_privkey_base64_passphrase(void **state) + NULL, + &key); + assert_true(rc == -1); +- ssh_key_free(key); +- key = NULL; ++ SSH_KEY_FREE(key); + } + + int torture_run_tests(void) { +diff --git a/tests/unittests/torture_threads_buffer.c b/tests/unittests/torture_threads_buffer.c +index e3cebdc9..2e6f30b6 100644 +--- a/tests/unittests/torture_threads_buffer.c ++++ b/tests/unittests/torture_threads_buffer.c +@@ -87,7 +87,7 @@ static void *thread_growing_buffer(void *threadid) + } + + /* Teardown */ +- ssh_buffer_free(buffer); ++ SSH_BUFFER_FREE(buffer); + pthread_exit(NULL); + } + +@@ -134,14 +134,14 @@ static void *thread_growing_buffer_shifting(void *threadid) + if (ssh_buffer_get_len(buffer) * 4 < buffer->allocated) { + assert_true(ssh_buffer_get_len(buffer) * 4 >= buffer->allocated); + /* Teardown */ +- ssh_buffer_free(buffer); ++ SSH_BUFFER_FREE(buffer); + pthread_exit(NULL); + } + } + } + + /* Teardown */ +- ssh_buffer_free(buffer); ++ SSH_BUFFER_FREE(buffer); + pthread_exit(NULL); + } + +@@ -198,7 +198,7 @@ static void *thread_buffer_prepend(void *threadid) + assert_memory_equal(ssh_buffer_get(buffer), "12345bcdef", 10); + + /* Teardown */ +- ssh_buffer_free(buffer); ++ SSH_BUFFER_FREE(buffer); + pthread_exit(NULL); + } + +@@ -247,9 +247,9 @@ static void *thread_ssh_buffer_get_ssh_string(void *threadid) + for (l = 0; l < k; ++l) { + ssh_string str = ssh_buffer_get_ssh_string(buffer); + assert_null(str); +- ssh_string_free(str); ++ SSH_STRING_FREE(str); + } +- ssh_buffer_free(buffer); ++ SSH_BUFFER_FREE(buffer); + } + } + } +@@ -316,10 +316,10 @@ static void *thread_ssh_buffer_add_format(void *threadid) + assert_int_equal(len, sizeof(verif) - 1); + assert_memory_equal(ssh_buffer_get(buffer), verif, sizeof(verif) -1); + +- ssh_string_free(s); ++ SSH_STRING_FREE(s); + + /* Teardown */ +- ssh_buffer_free(buffer); ++ SSH_BUFFER_FREE(buffer); + pthread_exit(NULL); + } + +@@ -397,7 +397,7 @@ static void *thread_ssh_buffer_get_format(void *threadid) { + SAFE_FREE(s2); + + /* Teardown */ +- ssh_buffer_free(buffer); ++ SSH_BUFFER_FREE(buffer); + pthread_exit(NULL); + } + +@@ -458,7 +458,7 @@ static void *thread_ssh_buffer_get_format_error(void *threadid) + assert_true(s2 == NULL); + + /* Teardown */ +- ssh_buffer_free(buffer); ++ SSH_BUFFER_FREE(buffer); + pthread_exit(NULL); + } + +@@ -514,7 +514,7 @@ static void *thread_buffer_pack_badformat(void *threadid) + * it could crash the process */ + + /* Teardown */ +- ssh_buffer_free(buffer); ++ SSH_BUFFER_FREE(buffer); + pthread_exit(NULL); + } + +diff --git a/tests/unittests/torture_threads_pki_rsa.c b/tests/unittests/torture_threads_pki_rsa.c +index d19d8bbf..1313f566 100644 +--- a/tests/unittests/torture_threads_pki_rsa.c ++++ b/tests/unittests/torture_threads_pki_rsa.c +@@ -143,7 +143,7 @@ static void *thread_pki_rsa_import_pubkey_file(void *threadid) + assert_return_code(rc, errno); + assert_non_null(pubkey); + +- ssh_key_free(pubkey); ++ SSH_KEY_FREE(pubkey); + + pthread_exit(NULL); + } +@@ -201,7 +201,7 @@ static void *thread_pki_rsa_import_privkey_base64_NULL_str(void *threadid) + rc = ssh_pki_import_privkey_base64(NULL, passphrase, NULL, NULL, &key); + assert_true(rc == -1); + +- ssh_key_free(key); ++ SSH_KEY_FREE(key); + pthread_exit(NULL); + } + +@@ -242,7 +242,7 @@ static void *thread_pki_rsa_import_privkey_base64(void *threadid) + assert_true(ok); + + free(key_str); +- ssh_key_free(key); ++ SSH_KEY_FREE(key); + + pthread_exit(NULL); + } +@@ -283,8 +283,8 @@ static void *thread_pki_rsa_publickey_from_privatekey(void *threadid) + assert_true(rc == SSH_OK); + assert_non_null(pubkey); + +- ssh_key_free(key); +- ssh_key_free(pubkey); ++ SSH_KEY_FREE(key); ++ SSH_KEY_FREE(pubkey); + pthread_exit(NULL); + } + +@@ -349,9 +349,9 @@ static void *thread_pki_rsa_copy_cert_to_privkey(void *threadid) + rc = ssh_pki_copy_cert_to_privkey(cert, privkey); + assert_true(rc == SSH_ERROR); + +- ssh_key_free(cert); +- ssh_key_free(privkey); +- ssh_key_free(pubkey); ++ SSH_KEY_FREE(cert); ++ SSH_KEY_FREE(privkey); ++ SSH_KEY_FREE(pubkey); + pthread_exit(NULL); + } + +@@ -383,7 +383,7 @@ static void *thread_pki_rsa_import_cert_file(void *threadid) + rc = ssh_key_is_public(cert); + assert_true(rc == 1); + +- ssh_key_free(cert); ++ SSH_KEY_FREE(cert); + pthread_exit(NULL); + } + +@@ -432,7 +432,7 @@ static void *thread_pki_rsa_publickey_base64(void *threadid) + + free(b64_key); + free(key_buf); +- ssh_key_free(key); ++ SSH_KEY_FREE(key); + pthread_exit(NULL); + } + +@@ -464,7 +464,7 @@ static void *thread_pki_rsa_duplicate_key(void *threadid) + + rc = ssh_pki_export_pubkey_base64(pubkey, &b64_key); + assert_true(rc == 0); +- ssh_key_free(pubkey); ++ SSH_KEY_FREE(pubkey); + + rc = ssh_pki_import_privkey_file(LIBSSH_RSA_TESTKEY, + NULL, +@@ -489,11 +489,11 @@ static void *thread_pki_rsa_duplicate_key(void *threadid) + cmp = ssh_key_cmp(privkey, privkey_dup, SSH_KEY_CMP_PRIVATE); + assert_true(cmp == 0); + +- ssh_key_free(pubkey); +- ssh_key_free(privkey); +- ssh_key_free(privkey_dup); +- ssh_string_free_char(b64_key); +- ssh_string_free_char(b64_key_gen); ++ SSH_KEY_FREE(pubkey); ++ SSH_KEY_FREE(privkey); ++ SSH_KEY_FREE(privkey_dup); ++ SSH_STRING_FREE_CHAR(b64_key); ++ SSH_STRING_FREE_CHAR(b64_key_gen); + pthread_exit(NULL); + } + +@@ -531,8 +531,7 @@ static void *thread_pki_rsa_generate_key(void *threadid) + assert_ssh_return_code(session, rc); + + ssh_signature_free(sign); +- ssh_key_free(key); +- key = NULL; ++ SSH_KEY_FREE(key); + + rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 2048, &key); + assert_ssh_return_code(session, rc); +@@ -545,8 +544,7 @@ static void *thread_pki_rsa_generate_key(void *threadid) + assert_ssh_return_code(session, rc); + + ssh_signature_free(sign); +- ssh_key_free(key); +- key = NULL; ++ SSH_KEY_FREE(key); + + + rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 4096, &key); +@@ -560,7 +558,7 @@ static void *thread_pki_rsa_generate_key(void *threadid) + assert_true(rc == SSH_OK); + + ssh_signature_free(sign); +- ssh_key_free(key); ++ SSH_KEY_FREE(key); + key = NULL; + + ssh_free(session); +@@ -596,8 +594,7 @@ static void *thread_pki_rsa_import_privkey_base64_passphrase(void *threadid) + rc = ssh_key_is_private(key); + assert_true(rc == 1); + +- ssh_key_free(key); +- key = NULL; ++ SSH_KEY_FREE(key); + + /* test if it returns -1 if passphrase is wrong */ + rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0, 1), +@@ -606,8 +603,7 @@ static void *thread_pki_rsa_import_privkey_base64_passphrase(void *threadid) + NULL, + &key); + assert_true(rc == -1); +- ssh_key_free(key); +- key = NULL; ++ SSH_KEY_FREE(key); + + #ifndef HAVE_LIBCRYPTO + /* test if it returns -1 if passphrase is NULL */ +@@ -618,8 +614,7 @@ static void *thread_pki_rsa_import_privkey_base64_passphrase(void *threadid) + NULL, + &key); + assert_true(rc == -1); +- ssh_key_free(key); +- key = NULL; ++ SSH_KEY_FREE(key); + #endif + pthread_exit(NULL); + } diff --git a/libssh.spec b/libssh.spec index dc05dbd..2eb5c71 100644 --- a/libssh.spec +++ b/libssh.spec @@ -1,6 +1,6 @@ Name: libssh Version: 0.8.3 -Release: 2%{?dist} +Release: 3%{?dist} Summary: A library implementing the SSH protocol License: LGPLv2+ URL: http://www.libssh.org @@ -9,6 +9,8 @@ Source0: https://www.libssh.org/files/0.8/%{name}-%{version}.tar.xz Source1: https://www.libssh.org/files/0.8/%{name}-%{version}.tar.xz.asc Source2: https://cryptomilk.org/gpgkey-8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D.gpg#/%{name}.keyring +Patch1: libssh-0.8.3-fix-covscan-errors.patch + BuildRequires: cmake BuildRequires: doxygen BuildRequires: gcc-c++ @@ -104,6 +106,9 @@ popd %{_libdir}/libssh_threads.so %changelog +* Mon Oct 01 2018 Anderson Sasaki - 0.8.3-3 +- Fixed errors found by static code analysis + * Tue Sep 25 2018 Anderson Sasaki - 0.8.3-2 - Add missing libssh_threads.so link to libssh-devel package