OpenCoverage

authfile.c

Absolute File Name:

/home/opencoverage/opencoverage/guest-scripts/openssh/src/authfile.c

Source code

Switch to Preprocessed file

Line Source Count

1 /* $OpenBSD: authfile.c,v 1.131 2018/09/21 12:20:12 djm Exp $ */ -

2 /* -

4 * -

5 * Redistribution and use in source and binary forms, with or without -

6 * modification, are permitted provided that the following conditions -

7 * are met: -

8 * 1. Redistributions of source code must retain the above copyright -

9 * notice, this list of conditions and the following disclaimer. -

10 * 2. Redistributions in binary form must reproduce the above copyright -

11 * notice, this list of conditions and the following disclaimer in the -

12 * documentation and/or other materials provided with the distribution. -

13 * -

14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR -

15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -

16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -

17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, -

18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -

19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -

20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -

21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -

22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -

23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -

24 */ -

25 -

26 #include "includes.h" -

27 -

28 #include <sys/types.h> -

29 #include <sys/stat.h> -

30 #include <sys/uio.h> -

31 -

32 #include <errno.h> -

33 #include <fcntl.h> -

34 #include <stdio.h> -

35 #include <stdarg.h> -

36 #include <stdlib.h> -

37 #include <string.h> -

38 #include <unistd.h> -

39 #include <limits.h> -

40 -

41 #include "cipher.h" -

42 #include "ssh.h" -

43 #include "log.h" -

44 #include "authfile.h" -

45 #include "misc.h" -

46 #include "atomicio.h" -

47 #include "sshkey.h" -

48 #include "sshbuf.h" -

49 #include "ssherr.h" -

50 #include "krl.h" -

51 -

52 #define MAX_KEY_FILE_SIZE (1024 * 1024) -

53 -

54 /* Save a key blob to a file */ -

55 static int -

56 sshkey_save_private_blob(struct sshbuf *keybuf, const char *filename) -

57 { -

58 int fd, oerrno; -

59 -

if ((fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600)) < 0)

(fd = open(fil...0 , 0600)) < 0	Description
TRUE	never evaluated
FALSE	evaluated 7 times by 1 test Evaluated by: ssh-keygen

0-7

return SSH_ERR_SYSTEM_ERROR;

never executed: return -24;

if (atomicio(vwrite, fd, sshbuf_mutable_ptr(keybuf),

atomicio((ssiz...uf_len(keybuf)	Description
TRUE	never evaluated
FALSE	evaluated 7 times by 1 test Evaluated by: ssh-keygen

0-7

sshbuf_len(keybuf)) != sshbuf_len(keybuf)) {

atomicio((ssiz...uf_len(keybuf)	Description
TRUE	never evaluated
FALSE	evaluated 7 times by 1 test Evaluated by: ssh-keygen

0-7

64 oerrno = errno; -

65 close(fd); -

66 unlink(filename); -

67 errno = oerrno; -

return SSH_ERR_SYSTEM_ERROR;

never executed: return -24;

69 } -

70 close(fd); -

return 0;

executed 7 times by 1 test: return 0;

Executed by:

ssh-keygen

72 } -

73 -

74 int -

75 sshkey_save_private(struct sshkey *key, const char *filename, -

76 const char *passphrase, const char *comment, -

77 int force_new_format, const char *new_format_cipher, int new_format_rounds) -

78 { -

79 struct sshbuf *keyblob = NULL; -

80 int r; -

81 -

if ((keyblob = sshbuf_new()) == NULL)

(keyblob = ssh...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 7 times by 1 test Evaluated by: ssh-keygen

0-7

return SSH_ERR_ALLOC_FAIL;

never executed: return -2;

if ((r = sshkey_private_to_fileblob(key, keyblob, passphrase, comment,

(r = sshkey_pr..._rounds)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 7 times by 1 test Evaluated by: ssh-keygen

0-7

force_new_format, new_format_cipher, new_format_rounds)) != 0)

(r = sshkey_pr..._rounds)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 7 times by 1 test Evaluated by: ssh-keygen

0-7

goto out;

never executed: goto out;

if ((r = sshkey_save_private_blob(keyblob, filename)) != 0)

(r = sshkey_sa...ilename)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 7 times by 1 test Evaluated by: ssh-keygen

0-7

goto out;

never executed: goto out;

89 r = 0; -

out:

code before this statement executed 7 times by 1 test: out:

Executed by:

ssh-keygen

91 sshbuf_free(keyblob); -

return r;

executed 7 times by 1 test: return r;

Executed by:

ssh-keygen

93 } -

94 -

95 /* Load a key from a fd into a buffer */ -

96 int -

97 sshkey_load_file(int fd, struct sshbuf *blob) -

98 { -

99 u_char buf[1024]; -

100 size_t len; -

101 struct stat st; -

102 int r; -

103 -

104

if (fstat(fd, &st) < 0)

fstat(fd, &st) < 0	Description
TRUE	never evaluated
FALSE	evaluated 67 times by 3 tests Evaluated by: ssh-keygen sshd test_sshkey

0-67

105

return SSH_ERR_SYSTEM_ERROR;

never executed: return -24;

106

if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&

(st.st_mode & ...010000 )) == 0	Description
TRUE	never evaluated
FALSE	evaluated 67 times by 3 tests Evaluated by: ssh-keygen sshd test_sshkey

0-67

107

st.st_size > MAX_KEY_FILE_SIZE)

st.st_size > (1024 * 1024)	Description
TRUE	never evaluated
FALSE	never evaluated

108

return SSH_ERR_INVALID_FORMAT;

never executed: return -4;

109 for (;;) { -

110

if ((len = atomicio(read, fd, buf, sizeof(buf))) == 0) {

(len = atomici...of(buf))) == 0	Description
TRUE	evaluated 67 times by 3 tests Evaluated by: ssh-keygen sshd test_sshkey
FALSE	evaluated 71 times by 3 tests Evaluated by: ssh-keygen sshd test_sshkey

67-71

111

if (errno == EPIPE)

(*__errno_location ()) == 32	Description
TRUE	evaluated 67 times by 3 tests Evaluated by: ssh-keygen sshd test_sshkey
FALSE	never evaluated

0-67

112

break;

executed 67 times by 3 tests: break;

Executed by:

ssh-keygen
sshd
test_sshkey

113 r = SSH_ERR_SYSTEM_ERROR; -

114

goto out;

never executed: goto out;

115 } -

116

if ((r = sshbuf_put(blob, buf, len)) != 0)

(r = sshbuf_pu...uf, len)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 71 times by 3 tests Evaluated by: ssh-keygen sshd test_sshkey

0-71

117

goto out;

never executed: goto out;

118

if (sshbuf_len(blob) > MAX_KEY_FILE_SIZE) {

sshbuf_len(blo... (1024 * 1024)	Description
TRUE	never evaluated
FALSE	evaluated 71 times by 3 tests Evaluated by: ssh-keygen sshd test_sshkey

0-71

119 r = SSH_ERR_INVALID_FORMAT; -

120

goto out;

never executed: goto out;

121 } -

122

}

executed 71 times by 3 tests: end of block

Executed by:

ssh-keygen
sshd
test_sshkey

123

if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&

(st.st_mode & ...010000 )) == 0	Description
TRUE	never evaluated
FALSE	evaluated 67 times by 3 tests Evaluated by: ssh-keygen sshd test_sshkey

0-67

124

st.st_size != (off_t)sshbuf_len(blob)) {

st.st_size != ...hbuf_len(blob)	Description
TRUE	never evaluated
FALSE	never evaluated

125 r = SSH_ERR_FILE_CHANGED; -

126

goto out;

never executed: goto out;

127 } -

128 r = 0; -

129 -

130

out:

code before this statement executed 67 times by 3 tests: out:

Executed by:

ssh-keygen
sshd
test_sshkey

131 explicit_bzero(buf, sizeof(buf)); -

132

if (r != 0)

r != 0	Description
TRUE	never evaluated
FALSE	evaluated 67 times by 3 tests Evaluated by: ssh-keygen sshd test_sshkey

0-67

133

sshbuf_reset(blob);

never executed: sshbuf_reset(blob);

134

return r;

executed 67 times by 3 tests: return r;

Executed by:

ssh-keygen
sshd
test_sshkey

135 } -

136 -

137 -

138 /* XXX remove error() calls from here? */ -

139 int -

140 sshkey_perm_ok(int fd, const char *filename) -

141 { -

142 struct stat st; -

143 -

144

if (fstat(fd, &st) < 0)

fstat(fd, &st) < 0	Description
TRUE	never evaluated
FALSE	evaluated 6 times by 2 tests Evaluated by: ssh-keygen sshd

0-6

145

return SSH_ERR_SYSTEM_ERROR;

never executed: return -24;

146 /* -

147 * if a key owned by the user is accessed, then we check the -

148 * permissions of the file. if the key owned by a different user, -

149 * then we don't care. -

150 */ -

151 #ifdef HAVE_CYGWIN -

152 if (check_ntsec(filename)) -

153 #endif -

154

if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) {

(st.st_uid == getuid())	Description
TRUE	evaluated 6 times by 2 tests Evaluated by: ssh-keygen sshd
FALSE	never evaluated

(st.st_mode & 077) != 0	Description
TRUE	never evaluated
FALSE	evaluated 6 times by 2 tests Evaluated by: ssh-keygen sshd

0-6

155 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); -

156 error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @"); -

157 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); -

158 error("Permissions 0%3.3o for '%s' are too open.", -

159 (u_int)st.st_mode & 0777, filename); -

160 error("It is required that your private key files are NOT accessible by others."); -

161 error("This private key will be ignored."); -

162

return SSH_ERR_KEY_BAD_PERMISSIONS;

never executed: return -44;

163 } -

164

return 0;

executed 6 times by 2 tests: return 0;

Executed by:

ssh-keygen
sshd

165 } -

166 -

167 /* XXX kill perm_ok now that we have SSH_ERR_KEY_BAD_PERMISSIONS? */ -

168 int -

169 sshkey_load_private_type(int type, const char *filename, const char *passphrase, -

170 struct sshkey **keyp, char **commentp, int *perm_ok) -

171 { -

172 int fd, r; -

173 -

174

if (keyp != NULL)

keyp != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

175

*keyp = NULL;

never executed: *keyp = ((void *)0) ;

176

if (commentp != NULL)

commentp != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

177

*commentp = NULL;

never executed: *commentp = ((void *)0) ;

178 -

179

if ((fd = open(filename, O_RDONLY)) < 0) {

(fd = open(filename, 00 )) < 0	Description
TRUE	never evaluated
FALSE	never evaluated

180

if (perm_ok != NULL)

perm_ok != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

181

*perm_ok = 0;

never executed: *perm_ok = 0;

182

return SSH_ERR_SYSTEM_ERROR;

never executed: return -24;

183 } -

184

if (sshkey_perm_ok(fd, filename) != 0) {

sshkey_perm_ok...filename) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

185

if (perm_ok != NULL)

perm_ok != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

186

*perm_ok = 0;

never executed: *perm_ok = 0;

187 r = SSH_ERR_KEY_BAD_PERMISSIONS; -

188

goto out;

never executed: goto out;

189 } -

190

if (perm_ok != NULL)

perm_ok != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

191

*perm_ok = 1;

never executed: *perm_ok = 1;

192 -

193 r = sshkey_load_private_type_fd(fd, type, passphrase, keyp, commentp); -

194

if (r == 0 && keyp && *keyp)

r == 0	Description
TRUE	never evaluated
FALSE	never evaluated

keyp	Description
TRUE	never evaluated
FALSE	never evaluated

*keyp	Description
TRUE	never evaluated
FALSE	never evaluated

195

r = sshkey_set_filename(*keyp, filename);

never executed: r = sshkey_set_filename(*keyp, filename);

196

out:

code before this statement never executed: out:

197 close(fd); -

198

return r;

never executed: return r;

199 } -

200 -

201 int -

202 sshkey_load_private_type_fd(int fd, int type, const char *passphrase, -

203 struct sshkey **keyp, char **commentp) -

204 { -

205 struct sshbuf *buffer = NULL; -

206 int r; -

207 -

208

if (keyp != NULL)

keyp != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

209

*keyp = NULL;

never executed: *keyp = ((void *)0) ;

210

if ((buffer = sshbuf_new()) == NULL) {

(buffer = sshb...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

211 r = SSH_ERR_ALLOC_FAIL; -

212

goto out;

never executed: goto out;

213 } -

214

if ((r = sshkey_load_file(fd, buffer)) != 0 ||

(r = sshkey_lo... buffer)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

215

(r = sshkey_parse_private_fileblob_type(buffer, type,

(r = sshkey_pa...ommentp)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

216

passphrase, keyp, commentp)) != 0)

(r = sshkey_pa...ommentp)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

217

goto out;

never executed: goto out;

218 -

219 /* success */ -

220 r = 0; -

221

out:

code before this statement never executed: out:

222 sshbuf_free(buffer); -

223

return r;

never executed: return r;

224 } -

225 -

226 /* XXX this is almost identical to sshkey_load_private_type() */ -

227 int -

228 sshkey_load_private(const char *filename, const char *passphrase, -

229 struct sshkey **keyp, char **commentp) -

230 { -

231 struct sshbuf *buffer = NULL; -

232 int r, fd; -

233 -

234

if (keyp != NULL)

keyp != ((void *)0)	Description
TRUE	evaluated 6 times by 2 tests Evaluated by: ssh-keygen sshd
FALSE	never evaluated

0-6

235

*keyp = NULL;

executed 6 times by 2 tests: *keyp = ((void *)0) ;

Executed by:

ssh-keygen
sshd

236

if (commentp != NULL)

commentp != ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 6 times by 2 tests Evaluated by: ssh-keygen sshd

0-6

237

*commentp = NULL;

never executed: *commentp = ((void *)0) ;

238 -

239

if ((fd = open(filename, O_RDONLY)) < 0)

(fd = open(filename, 00 )) < 0	Description
TRUE	never evaluated
FALSE	evaluated 6 times by 2 tests Evaluated by: ssh-keygen sshd

0-6

240

return SSH_ERR_SYSTEM_ERROR;

never executed: return -24;

241

if (sshkey_perm_ok(fd, filename) != 0) {

sshkey_perm_ok...filename) != 0	Description
TRUE	never evaluated
FALSE	evaluated 6 times by 2 tests Evaluated by: ssh-keygen sshd

0-6

242 r = SSH_ERR_KEY_BAD_PERMISSIONS; -

243

goto out;

never executed: goto out;

244 } -

245 -

246

if ((buffer = sshbuf_new()) == NULL) {

(buffer = sshb...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 6 times by 2 tests Evaluated by: ssh-keygen sshd

0-6

247 r = SSH_ERR_ALLOC_FAIL; -

248

goto out;

never executed: goto out;

249 } -

250

if ((r = sshkey_load_file(fd, buffer)) != 0 ||

(r = sshkey_lo... buffer)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 6 times by 2 tests Evaluated by: ssh-keygen sshd

0-6

251

(r = sshkey_parse_private_fileblob(buffer, passphrase, keyp,

(r = sshkey_pa...ommentp)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 6 times by 2 tests Evaluated by: ssh-keygen sshd

0-6

252

commentp)) != 0)

(r = sshkey_pa...ommentp)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 6 times by 2 tests Evaluated by: ssh-keygen sshd

0-6

253

goto out;

never executed: goto out;

254

if (keyp && *keyp &&

keyp	Description
TRUE	evaluated 6 times by 2 tests Evaluated by: ssh-keygen sshd
FALSE	never evaluated

*keyp	Description
TRUE	evaluated 6 times by 2 tests Evaluated by: ssh-keygen sshd
FALSE	never evaluated

0-6

255

(r = sshkey_set_filename(*keyp, filename)) != 0)

(r = sshkey_se...ilename)) != 0	Description
TRUE	never evaluated
FALSE	evaluated 6 times by 2 tests Evaluated by: ssh-keygen sshd

0-6

256

goto out;

never executed: goto out;

257 r = 0; -

258

out:

code before this statement executed 6 times by 2 tests: out:

Executed by:

ssh-keygen
sshd

259 close(fd); -

260 sshbuf_free(buffer); -

261

return r;

executed 6 times by 2 tests: return r;

Executed by:

ssh-keygen
sshd

262 } -

263 -

264 static int -

265 sshkey_try_load_public(struct sshkey *k, const char *filename, char **commentp) -

266 { -

267 FILE *f; -

268 char *line = NULL, *cp; -

269 size_t linesize = 0; -

270 int r; -

271 -

272

if (commentp != NULL)

commentp != ((void *)0)	Description
TRUE	evaluated 16 times by 1 test Evaluated by: ssh-keygen
FALSE	evaluated 590 times by 4 tests Evaluated by: ssh-keygen sshd test_hostkeys test_sshkey

16-590

273

*commentp = NULL;

executed 16 times by 1 test: *commentp = ((void *)0) ;

Executed by:

ssh-keygen

274

if ((f = fopen(filename, "r")) == NULL)

(f = fopen(fil...== ((void *)0)	Description
TRUE	evaluated 2 times by 1 test Evaluated by: sshd
FALSE	evaluated 604 times by 4 tests Evaluated by: ssh-keygen sshd test_hostkeys test_sshkey

2-604

275

return SSH_ERR_SYSTEM_ERROR;

executed 2 times by 1 test: return -24;

Executed by:

sshd

276

while (getline(&line, &linesize, f) != -1) {

getline(&line,...size, f) != -1	Description
TRUE	evaluated 604 times by 4 tests Evaluated by: ssh-keygen sshd test_hostkeys test_sshkey
FALSE	never evaluated

0-604

277 cp = line; -

278 switch (*cp) { -

279

case '#':

never executed: case '#':

280

case '\n':

never executed: case '\n':

281

case '\0':

never executed: case '\0':

282

continue;

never executed: continue;

283 } -

284 /* Abort loading if this looks like a private key */ -

285

if (strncmp(cp, "-----BEGIN", 10) == 0 ||

never executed: __result = (((const unsigned char *) (const char *) ( cp ))[3] - __s2[3]);

never executed: end of block

never executed: __result = (((const unsigned char *) (const char *) ( "-----BEGIN" ))[3] - __s2[3]);

never executed: end of block

(__extension__... , 10 ))) == 0	Description
TRUE	evaluated 12 times by 2 tests Evaluated by: ssh-keygen sshd
FALSE	evaluated 592 times by 4 tests Evaluated by: ssh-keygen sshd test_hostkeys test_sshkey

__builtin_constant_p ( 10 )	Description
TRUE	evaluated 604 times by 4 tests Evaluated by: ssh-keygen sshd test_hostkeys test_sshkey
FALSE	never evaluated

__builtin_constant_p ( cp )	Description
TRUE	never evaluated
FALSE	evaluated 604 times by 4 tests Evaluated by: ssh-keygen sshd test_hostkeys test_sshkey

strlen ( cp ) ...ize_t) ( 10 ))	Description
TRUE	never evaluated
FALSE	never evaluated

__builtin_cons..."-----BEGIN" )	Description
TRUE	evaluated 604 times by 4 tests Evaluated by: ssh-keygen sshd test_hostkeys test_sshkey
FALSE	never evaluated

strlen ( "----...ize_t) ( 10 ))	Description
TRUE	never evaluated
FALSE	evaluated 604 times by 4 tests Evaluated by: ssh-keygen sshd test_hostkeys test_sshkey

__s1_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

0-604

286

strcmp(cp, "SSH PRIVATE KEY FILE") == 0)

never executed: __result = (((const unsigned char *) (const char *) ( cp ))[3] - __s2[3]);

never executed: end of block

never executed: __result = (((const unsigned char *) (const char *) ( "SSH PRIVATE KEY FILE" ))[3] - __s2[3]);

never executed: end of block

__extension__ ... )))); }) == 0	Description
TRUE	never evaluated
FALSE	evaluated 592 times by 4 tests Evaluated by: ssh-keygen sshd test_hostkeys test_sshkey

__s1_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s1_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 0	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 1	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

__s2_len > 2	Description
TRUE	never evaluated
FALSE	never evaluated

__result == 0	Description
TRUE	never evaluated
FALSE	never evaluated

0-592

287

break;

executed 12 times by 2 tests: break;

Executed by:

ssh-keygen
sshd

288 /* Skip leading whitespace. */ -

289

for (; *cp && (*cp == ' ' || *cp == '\t'); cp++)

*cp	Description
TRUE	evaluated 592 times by 4 tests Evaluated by: ssh-keygen sshd test_hostkeys test_sshkey
FALSE	never evaluated

*cp == ' '	Description
TRUE	never evaluated
FALSE	evaluated 592 times by 4 tests Evaluated by: ssh-keygen sshd test_hostkeys test_sshkey

*cp == '\t'	Description
TRUE	never evaluated
FALSE	evaluated 592 times by 4 tests Evaluated by: ssh-keygen sshd test_hostkeys test_sshkey

0-592

290

;

never executed: ;

291

if (*cp) {

*cp	Description
TRUE	evaluated 592 times by 4 tests Evaluated by: ssh-keygen sshd test_hostkeys test_sshkey
FALSE	never evaluated

0-592

292

if ((r = sshkey_read(k, &cp)) == 0) {

(r = sshkey_read(k, &cp)) == 0	Description
TRUE	evaluated 592 times by 4 tests Evaluated by: ssh-keygen sshd test_hostkeys test_sshkey
FALSE	never evaluated

0-592

293 cp[strcspn(cp, "\r\n")] = '\0'; -

294

if (commentp) {

commentp	Description
TRUE	evaluated 8 times by 1 test Evaluated by: ssh-keygen
FALSE	evaluated 584 times by 4 tests Evaluated by: ssh-keygen sshd test_hostkeys test_sshkey

8-584

295

*commentp = strdup(*cp ?

never executed: __retval = (char *) memcpy (__retval, *cp ? cp : filename , __len);

__retval != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

*cp	Description
TRUE	never evaluated
FALSE	never evaluated

*cp	Description
TRUE	never evaluated
FALSE	never evaluated

((const char *... ))[0] == '\0'	Description
TRUE	never evaluated
FALSE	never evaluated

*cp	Description
TRUE	never evaluated
FALSE	never evaluated

__builtin_cons...p : filename )	Description
TRUE	never evaluated
FALSE	evaluated 8 times by 1 test Evaluated by: ssh-keygen

((size_t)(cons...lename ) == 1)	Description
TRUE	never evaluated
FALSE	never evaluated

0-8

296 cp : filename); -

297

if (*commentp == NULL)

commentp == ((void )0)	Description
TRUE	never evaluated
FALSE	evaluated 8 times by 1 test Evaluated by: ssh-keygen

0-8

298

r = SSH_ERR_ALLOC_FAIL;

never executed: r = -2;

299

}

executed 8 times by 1 test: end of block

Executed by:

ssh-keygen

300 free(line); -

301 fclose(f); -

302

return r;

executed 592 times by 4 tests: return r;

Executed by:

ssh-keygen
sshd
test_hostkeys
test_sshkey

592

303 } -

304

}

never executed: end of block

305

}

never executed: end of block

306 free(line); -

307 fclose(f); -

308

return SSH_ERR_INVALID_FORMAT;

executed 12 times by 2 tests: return -4;

Executed by:

ssh-keygen
sshd

309 } -

310 -

311 /* load public key from any pubkey file */ -

312 int -

313 sshkey_load_public(const char *filename, struct sshkey **keyp, char **commentp) -

314 { -

315 struct sshkey *pub = NULL; -

316 char *file = NULL; -

317 int r; -

318 -

319

if (keyp != NULL)

keyp != ((void *)0)	Description
TRUE	evaluated 583 times by 4 tests Evaluated by: ssh-keygen sshd test_hostkeys test_sshkey
FALSE	never evaluated

0-583

320

*keyp = NULL;

executed 583 times by 4 tests: *keyp = ((void *)0) ;

Executed by:

ssh-keygen
sshd
test_hostkeys
test_sshkey

583

321

if (commentp != NULL)

commentp != ((void *)0)	Description
TRUE	evaluated 8 times by 1 test Evaluated by: ssh-keygen
FALSE	evaluated 575 times by 4 tests Evaluated by: ssh-keygen sshd test_hostkeys test_sshkey

8-575

322

*commentp = NULL;

executed 8 times by 1 test: *commentp = ((void *)0) ;

Executed by:

ssh-keygen

323 -

324

if ((pub = sshkey_new(KEY_UNSPEC)) == NULL)

(pub = sshkey_...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 583 times by 4 tests Evaluated by: ssh-keygen sshd test_hostkeys test_sshkey

0-583

325

return SSH_ERR_ALLOC_FAIL;

never executed: return -2;

326

if ((r = sshkey_try_load_public(pub, filename, commentp)) == 0) {

(r = sshkey_tr...ommentp)) == 0	Description
TRUE	evaluated 571 times by 3 tests Evaluated by: ssh-keygen test_hostkeys test_sshkey
FALSE	evaluated 12 times by 2 tests Evaluated by: ssh-keygen sshd

12-571

327

if (keyp != NULL) {

keyp != ((void *)0)	Description
TRUE	evaluated 571 times by 3 tests Evaluated by: ssh-keygen test_hostkeys test_sshkey
FALSE	never evaluated

0-571

328 *keyp = pub; -

329 pub = NULL; -

330

}

executed 571 times by 3 tests: end of block

Executed by:

ssh-keygen
test_hostkeys
test_sshkey

571

331 r = 0; -

332

goto out;

executed 571 times by 3 tests: goto out;

Executed by:

ssh-keygen
test_hostkeys
test_sshkey

571

333 } -

334 sshkey_free(pub); -

335 -

336 /* try .pub suffix */ -

337

if (asprintf(&file, "%s.pub", filename) == -1)

asprintf(&file...ilename) == -1	Description
TRUE	never evaluated
FALSE	evaluated 12 times by 2 tests Evaluated by: ssh-keygen sshd

0-12

338

return SSH_ERR_ALLOC_FAIL;

never executed: return -2;

339

if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) {

(pub = sshkey_...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 12 times by 2 tests Evaluated by: ssh-keygen sshd

0-12

340 r = SSH_ERR_ALLOC_FAIL; -

341

goto out;

never executed: goto out;

342 } -

343

if ((r = sshkey_try_load_public(pub, file, commentp)) == 0) {

(r = sshkey_tr...ommentp)) == 0	Description
TRUE	evaluated 10 times by 2 tests Evaluated by: ssh-keygen sshd
FALSE	evaluated 2 times by 1 test Evaluated by: sshd

2-10

344

if (keyp != NULL) {

keyp != ((void *)0)	Description
TRUE	evaluated 10 times by 2 tests Evaluated by: ssh-keygen sshd
FALSE	never evaluated

0-10

345 *keyp = pub; -

346 pub = NULL; -

347

}

executed 10 times by 2 tests: end of block

Executed by:

ssh-keygen
sshd

348 r = 0; -

349

}

executed 10 times by 2 tests: end of block

Executed by:

ssh-keygen
sshd

350

out:

code before this statement executed 12 times by 2 tests: out:

Executed by:

ssh-keygen
sshd

351 free(file); -

352 sshkey_free(pub); -

353

return r;

executed 583 times by 4 tests: return r;

Executed by:

ssh-keygen
sshd
test_hostkeys
test_sshkey

583

354 } -

355 -

356 /* Load the certificate associated with the named private key */ -

357 int -

358 sshkey_load_cert(const char *filename, struct sshkey **keyp) -

359 { -

360 struct sshkey *pub = NULL; -

361 char *file = NULL; -

362 int r = SSH_ERR_INTERNAL_ERROR; -

363 -

364

if (keyp != NULL)

keyp != ((void *)0)	Description
TRUE	evaluated 11 times by 1 test Evaluated by: test_sshkey
FALSE	never evaluated

0-11

365

*keyp = NULL;

executed 11 times by 1 test: *keyp = ((void *)0) ;

Executed by:

test_sshkey

366 -

367

if (asprintf(&file, "%s-cert.pub", filename) == -1)

asprintf(&file...ilename) == -1	Description
TRUE	never evaluated
FALSE	evaluated 11 times by 1 test Evaluated by: test_sshkey

0-11

368

return SSH_ERR_ALLOC_FAIL;

never executed: return -2;

369 -

370

if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) {

(pub = sshkey_...== ((void *)0)	Description
TRUE	never evaluated
FALSE	evaluated 11 times by 1 test Evaluated by: test_sshkey

0-11

371

goto out;

never executed: goto out;

372 } -

373

if ((r = sshkey_try_load_public(pub, file, NULL)) != 0)

(r = sshkey_tr...d *)0) )) != 0	Description
TRUE	never evaluated
FALSE	evaluated 11 times by 1 test Evaluated by: test_sshkey

0-11

374

goto out;

never executed: goto out;

375 /* success */ -

376

if (keyp != NULL) {

keyp != ((void *)0)	Description
TRUE	evaluated 11 times by 1 test Evaluated by: test_sshkey
FALSE	never evaluated

0-11

377 *keyp = pub; -

378 pub = NULL; -

379

}

executed 11 times by 1 test: end of block

Executed by:

test_sshkey

380 r = 0; -

381

out:

code before this statement executed 11 times by 1 test: out:

Executed by:

test_sshkey

382 free(file); -

383 sshkey_free(pub); -

384

return r;

executed 11 times by 1 test: return r;

Executed by:

test_sshkey

385 } -

386 -

387 /* Load private key and certificate */ -

388 int -

389 sshkey_load_private_cert(int type, const char *filename, const char *passphrase, -

390 struct sshkey **keyp, int *perm_ok) -

391 { -

392 struct sshkey *key = NULL, *cert = NULL; -

393 int r; -

394 -

395

if (keyp != NULL)

keyp != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

396

*keyp = NULL;

never executed: *keyp = ((void *)0) ;

397 -

398 switch (type) { -

399 #ifdef WITH_OPENSSL -

400

case KEY_RSA:

never executed: case KEY_RSA:

401

case KEY_DSA:

never executed: case KEY_DSA:

402

case KEY_ECDSA:

never executed: case KEY_ECDSA:

403 #endif /* WITH_OPENSSL */ -

404

case KEY_ED25519:

never executed: case KEY_ED25519:

405

case KEY_XMSS:

never executed: case KEY_XMSS:

406

case KEY_UNSPEC:

never executed: case KEY_UNSPEC:

407

break;

never executed: break;

408

default:

never executed: default:

409

return SSH_ERR_KEY_TYPE_UNKNOWN;

never executed: return -14;

410 } -

411 -

412

if ((r = sshkey_load_private_type(type, filename,

(r = sshkey_lo...perm_ok)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

413

passphrase, &key, NULL, perm_ok)) != 0 ||

(r = sshkey_lo...perm_ok)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

414

(r = sshkey_load_cert(filename, &cert)) != 0)

(r = sshkey_lo..., &cert)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

415

goto out;

never executed: goto out;

416 -

417 /* Make sure the private key matches the certificate */ -

418

if (sshkey_equal_public(key, cert) == 0) {

sshkey_equal_p...ey, cert) == 0	Description
TRUE	never evaluated
FALSE	never evaluated

419 r = SSH_ERR_KEY_CERT_MISMATCH; -

420

goto out;

never executed: goto out;

421 } -

422 -

423

if ((r = sshkey_to_certified(key)) != 0 ||

(r = sshkey_to...ied(key)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

424

(r = sshkey_cert_copy(cert, key)) != 0)

(r = sshkey_ce...rt, key)) != 0	Description
TRUE	never evaluated
FALSE	never evaluated

425

goto out;

never executed: goto out;

426 r = 0; -

427

if (keyp != NULL) {

keyp != ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

428 *keyp = key; -

429 key = NULL; -

430

}

never executed: end of block

431

out:

code before this statement never executed: out:

432 sshkey_free(key); -

433 sshkey_free(cert); -

434

return r;

never executed: return r;

435 } -

436 -

437 /* -

438 * Returns success if the specified "key" is listed in the file "filename", -

439 * SSH_ERR_KEY_NOT_FOUND: if the key is not listed or another error. -

440 * If "strict_type" is set then the key type must match exactly, -

441 * otherwise a comparison that ignores certficiate data is performed. -

442 * If "check_ca" is set and "key" is a certificate, then its CA key is -

443 * also checked and sshkey_in_file() will return success if either is found. -

444 */ -

445 int -

446 sshkey_in_file(struct sshkey *key, const char *filename, int strict_type, -

447 int check_ca) -

448 { -

449 FILE *f; -

450 char *line = NULL, *cp; -

451 size_t linesize = 0; -

452 int r = 0; -

453 struct sshkey *pub = NULL; -

454 -

455 int (*sshkey_compare)(const struct sshkey *, const struct sshkey *) = -

456

strict_type ? sshkey_equal : sshkey_equal_public;

strict_type	Description
TRUE	never evaluated
FALSE	never evaluated

457 -

458

if ((f = fopen(filename, "r")) == NULL)

(f = fopen(fil...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

459

return SSH_ERR_SYSTEM_ERROR;

never executed: return -24;

460 -

461

while (getline(&line, &linesize, f) != -1) {

getline(&line,...size, f) != -1	Description
TRUE	never evaluated
FALSE	never evaluated

462 sshkey_free(pub); -

463 pub = NULL; -

464 cp = line; -

465 -

466 /* Skip leading whitespace. */ -

467

for (; *cp && (*cp == ' ' || *cp == '\t'); cp++)

*cp	Description
TRUE	never evaluated
FALSE	never evaluated

*cp == ' '	Description
TRUE	never evaluated
FALSE	never evaluated

*cp == '\t'	Description
TRUE	never evaluated
FALSE	never evaluated

468

;

never executed: ;

469 -

470 /* Skip comments and empty lines */ -

471 switch (*cp) { -

472

case '#':

never executed: case '#':

473

case '\n':

never executed: case '\n':

474

case '\0':

never executed: case '\0':

475

continue;

never executed: continue;

476 } -

477 -

478

if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) {

(pub = sshkey_...== ((void *)0)	Description
TRUE	never evaluated
FALSE	never evaluated

479 r = SSH_ERR_ALLOC_FAIL; -

480

goto out;

never executed: goto out;

481 } -

482 switch (r = sshkey_read(pub, &cp)) { -

483

case 0:

never executed: case 0:

484

break;

never executed: break;

485

case SSH_ERR_KEY_LENGTH:

never executed: case -56:

486

continue;

never executed: continue;

487

default:

never executed: default:

488

goto out;

never executed: goto out;

489 } -

490

if (sshkey_compare(key, pub) ||

sshkey_compare(key, pub)	Description
TRUE	never evaluated
FALSE	never evaluated

491

(check_ca && sshkey_is_cert(key) &&

check_ca	Description
TRUE	never evaluated
FALSE	never evaluated

sshkey_is_cert(key)	Description
TRUE	never evaluated
FALSE	never evaluated

492

sshkey_compare(key->cert->signature_key, pub))) {

sshkey_compare...ture_key, pub)	Description
TRUE	never evaluated
FALSE	never evaluated

493 r = 0; -

494

goto out;

never executed: goto out;

495 } -

496

}

never executed: end of block

497 r = SSH_ERR_KEY_NOT_FOUND; -

498

out:

code before this statement never executed: out:

499 free(line); -

500 sshkey_free(pub); -

501 fclose(f); -

502

return r;

never executed: return r;

503 } -

504 -

505 /* -

506 * Checks whether the specified key is revoked, returning 0 if not, -

507 * SSH_ERR_KEY_REVOKED if it is or another error code if something -

508 * unexpected happened. -

509 * This will check both the key and, if it is a certificate, its CA key too. -

510 * "revoked_keys_file" may be a KRL or a one-per-line list of public keys. -

511 */ -

512 int -

513 sshkey_check_revoked(struct sshkey *key, const char *revoked_keys_file) -

514 { -

515 int r; -

516 -

517 r = ssh_krl_file_contains_key(revoked_keys_file, key); -

518 /* If this was not a KRL to begin with then continue below */ -

519

if (r != SSH_ERR_KRL_BAD_MAGIC)

r != -50	Description
TRUE	never evaluated
FALSE	never evaluated

520

return r;

never executed: return r;

521 -

522 /* -

523 * If the file is not a KRL or we can't handle KRLs then attempt to -

524 * parse the file as a flat list of keys. -

525 */ -

526 switch ((r = sshkey_in_file(key, revoked_keys_file, 0, 1))) { -

527

case 0:

never executed: case 0:

528 /* Key found => revoked */ -

529

return SSH_ERR_KEY_REVOKED;

never executed: return -51;

530

case SSH_ERR_KEY_NOT_FOUND:

never executed: case -46:

531 /* Key not found => not revoked */ -

532

return 0;

never executed: return 0;

533

default:

never executed: default:

534 /* Some other error occurred */ -

535

return r;

never executed: return r;

536 } -

537 } -

538 -

Source code

Switch to Preprocessed file

Generated by Squish Coco 4.2.2