summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDarren Tucker <dtucker@zip.com.au>2013-06-02 07:31:17 +1000
committerDarren Tucker <dtucker@zip.com.au>2013-06-02 07:31:17 +1000
commita627d42e51ffa71e014d7b2d2c07118122fd3ec3 (patch)
tree7bda769de81f509e28d800916fa20abd37906d79
parentc7aad0058c957afeb26a3f703e8cb0eddeb62365 (diff)
- djm@cvs.openbsd.org 2013/05/17 00:13:13
[xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c dns.c packet.c readpass.c authfd.c moduli.c] bye, bye xfree(); ok markus@
Diffstat
-rw-r--r--ChangeLog17
-rw-r--r--addrmatch.c6
-rw-r--r--auth-chall.c12
-rw-r--r--auth-options.c60
-rw-r--r--auth-rsa.c6
-rw-r--r--auth.c16
-rw-r--r--auth1.c14
-rw-r--r--auth2-chall.c27
-rw-r--r--auth2-gss.c17
-rw-r--r--auth2-hostbased.c14
-rw-r--r--auth2-jpake.c24
-rw-r--r--auth2-kbdint.c6
-rw-r--r--auth2-passwd.c6
-rw-r--r--auth2-pubkey.c26
-rw-r--r--auth2.c17
-rw-r--r--authfd.c10
-rw-r--r--authfile.c10
-rw-r--r--bufaux.c6
-rw-r--r--bufbn.c18
-rw-r--r--bufec.c6
-rw-r--r--buffer.c4
-rw-r--r--canohost.c10
-rw-r--r--channels.c98
-rw-r--r--cipher-3des1.c6
-rw-r--r--cipher.c10
-rw-r--r--clientloop.c55
-rw-r--r--compat.c6
-rw-r--r--dns.c10
-rw-r--r--groupaccess.c5
-rw-r--r--gss-genr.c16
-rw-r--r--hostfile.c16
-rw-r--r--jpake.c8
-rw-r--r--kex.c18
-rw-r--r--kexdhc.c8
-rw-r--r--kexdhs.c8
-rw-r--r--kexecdhc.c8
-rw-r--r--kexecdhs.c8
-rw-r--r--kexgexc.c8
-rw-r--r--kexgexs.c8
-rw-r--r--key.c57
-rw-r--r--mac.c6
-rw-r--r--match.c15
-rw-r--r--misc.c12
-rw-r--r--moduli.c10
-rw-r--r--monitor.c125
-rw-r--r--monitor_mm.c13
-rw-r--r--monitor_wrap.c30
-rw-r--r--mux.c122
-rw-r--r--packet.c30
-rw-r--r--readconf.c30
-rw-r--r--readpass.c4
-rw-r--r--roaming_client.c9
-rw-r--r--rsa.c10
-rw-r--r--schnorr.c8
-rw-r--r--scp.c22
-rw-r--r--servconf.c9
-rw-r--r--serverloop.c32
-rw-r--r--session.c92
-rw-r--r--sftp-client.c54
-rw-r--r--sftp-common.c6
-rw-r--r--sftp-glob.c6
-rw-r--r--sftp-server.c58
-rw-r--r--sftp.c92
-rw-r--r--ssh-add.c20
-rw-r--r--ssh-agent.c63
-rw-r--r--ssh-dss.c10
-rw-r--r--ssh-ecdsa.c10
-rw-r--r--ssh-keygen.c104
-rw-r--r--ssh-keyscan.c16
-rw-r--r--ssh-keysign.c20
-rw-r--r--ssh-pkcs11-client.c10
-rw-r--r--ssh-pkcs11-helper.c23
-rw-r--r--ssh-pkcs11.c27
-rw-r--r--ssh-rsa.c23
-rw-r--r--ssh.c44
-rw-r--r--sshconnect.c41
-rw-r--r--sshconnect1.c18
-rw-r--r--sshconnect2.c145
-rw-r--r--sshd.c12
-rw-r--r--umac.c4
-rw-r--r--uuencode.c7
-rw-r--r--xmalloc.c10
-rw-r--r--xmalloc.h3
83 files changed, 987 insertions, 1103 deletions
diff --git a/ChangeLog b/ChangeLog
index 3fe13dfad..1de8ff835 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,23 @@
5 - (dtucker) [configure.ac defines.h] Test for fd_mask, howmany and NFDBITS 5 - (dtucker) [configure.ac defines.h] Test for fd_mask, howmany and NFDBITS
6 rather than trying to enumerate the plaforms that don't have them. 6 rather than trying to enumerate the plaforms that don't have them.
7 Based on a patch from Nathan Osman, with help from tim@. 7 Based on a patch from Nathan Osman, with help from tim@.
8 - (dtucker) OpenBSD CVS Sync
9 - djm@cvs.openbsd.org 2013/05/17 00:13:13
10 [xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
11 ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
12 gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
13 auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
14 servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
15 auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
16 sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
17 kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
18 kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
19 monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
20 ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
21 sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
22 ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
23 dns.c packet.c readpass.c authfd.c moduli.c]
24 bye, bye xfree(); ok markus@
8 25
920130529 2620130529
10 - (dtucker) [configure.ac openbsd-compat/bsd-misc.h] bz#2087: Add a null 27 - (dtucker) [configure.ac openbsd-compat/bsd-misc.h] bz#2087: Add a null
diff --git a/addrmatch.c b/addrmatch.c
index 388603cae..fb6de92e7 100644
--- a/addrmatch.c
+++ b/addrmatch.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: addrmatch.c,v 1.6 2012/06/21 00:16:07 dtucker Exp $ */ 1/* $OpenBSD: addrmatch.c,v 1.7 2013/05/17 00:13:13 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2004-2008 Damien Miller <djm@mindrot.org> 4 * Copyright (c) 2004-2008 Damien Miller <djm@mindrot.org>
@@ -420,7 +420,7 @@ addr_match_list(const char *addr, const char *_list)
420 goto foundit; 420 goto foundit;
421 } 421 }
422 } 422 }
423 xfree(o); 423 free(o);
424 424
425 return ret; 425 return ret;
426} 426}
@@ -494,7 +494,7 @@ addr_match_cidr_list(const char *addr, const char *_list)
494 continue; 494 continue;
495 } 495 }
496 } 496 }
497 xfree(o); 497 free(o);
498 498
499 return ret; 499 return ret;
500} 500}
diff --git a/auth-chall.c b/auth-chall.c
index 919b1eaa4..bfc51eae6 100644
--- a/auth-chall.c
+++ b/auth-chall.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth-chall.c,v 1.12 2006/08/03 03:34:41 deraadt Exp $ */ 1/* $OpenBSD: auth-chall.c,v 1.13 2013/05/17 00:13:13 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 * 4 *
@@ -69,11 +69,11 @@ get_challenge(Authctxt *authctxt)
69 fatal("get_challenge: numprompts < 1"); 69 fatal("get_challenge: numprompts < 1");
70 challenge = xstrdup(prompts[0]); 70 challenge = xstrdup(prompts[0]);
71 for (i = 0; i < numprompts; i++) 71 for (i = 0; i < numprompts; i++)
72 xfree(prompts[i]); 72 free(prompts[i]);
73 xfree(prompts); 73 free(prompts);
74 xfree(name); 74 free(name);
75 xfree(echo_on); 75 free(echo_on);
76 xfree(info); 76 free(info);
77 77
78 return (challenge); 78 return (challenge);
79} 79}
diff --git a/auth-options.c b/auth-options.c
index 23d0423e1..a8d738ace 100644
--- a/auth-options.c
+++ b/auth-options.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth-options.c,v 1.57 2012/12/02 20:46:11 djm Exp $ */ 1/* $OpenBSD: auth-options.c,v 1.58 2013/05/17 00:13:13 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -72,15 +72,15 @@ auth_clear_options(void)
72 while (custom_environment) { 72 while (custom_environment) {
73 struct envstring *ce = custom_environment; 73 struct envstring *ce = custom_environment;
74 custom_environment = ce->next; 74 custom_environment = ce->next;
75 xfree(ce->s); 75 free(ce->s);
76 xfree(ce); 76 free(ce);
77 } 77 }
78 if (forced_command) { 78 if (forced_command) {
79 xfree(forced_command); 79 free(forced_command);
80 forced_command = NULL; 80 forced_command = NULL;
81 } 81 }
82 if (authorized_principals) { 82 if (authorized_principals) {
83 xfree(authorized_principals); 83 free(authorized_principals);
84 authorized_principals = NULL; 84 authorized_principals = NULL;
85 } 85 }
86 forced_tun_device = -1; 86 forced_tun_device = -1;
@@ -149,7 +149,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
149 if (strncasecmp(opts, cp, strlen(cp)) == 0) { 149 if (strncasecmp(opts, cp, strlen(cp)) == 0) {
150 opts += strlen(cp); 150 opts += strlen(cp);
151 if (forced_command != NULL) 151 if (forced_command != NULL)
152 xfree(forced_command); 152 free(forced_command);
153 forced_command = xmalloc(strlen(opts) + 1); 153 forced_command = xmalloc(strlen(opts) + 1);
154 i = 0; 154 i = 0;
155 while (*opts) { 155 while (*opts) {
@@ -167,7 +167,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
167 file, linenum); 167 file, linenum);
168 auth_debug_add("%.100s, line %lu: missing end quote", 168 auth_debug_add("%.100s, line %lu: missing end quote",
169 file, linenum); 169 file, linenum);
170 xfree(forced_command); 170 free(forced_command);
171 forced_command = NULL; 171 forced_command = NULL;
172 goto bad_option; 172 goto bad_option;
173 } 173 }
@@ -180,7 +180,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
180 if (strncasecmp(opts, cp, strlen(cp)) == 0) { 180 if (strncasecmp(opts, cp, strlen(cp)) == 0) {
181 opts += strlen(cp); 181 opts += strlen(cp);
182 if (authorized_principals != NULL) 182 if (authorized_principals != NULL)
183 xfree(authorized_principals); 183 free(authorized_principals);
184 authorized_principals = xmalloc(strlen(opts) + 1); 184 authorized_principals = xmalloc(strlen(opts) + 1);
185 i = 0; 185 i = 0;
186 while (*opts) { 186 while (*opts) {
@@ -198,7 +198,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
198 file, linenum); 198 file, linenum);
199 auth_debug_add("%.100s, line %lu: missing end quote", 199 auth_debug_add("%.100s, line %lu: missing end quote",
200 file, linenum); 200 file, linenum);
201 xfree(authorized_principals); 201 free(authorized_principals);
202 authorized_principals = NULL; 202 authorized_principals = NULL;
203 goto bad_option; 203 goto bad_option;
204 } 204 }
@@ -232,7 +232,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
232 file, linenum); 232 file, linenum);
233 auth_debug_add("%.100s, line %lu: missing end quote", 233 auth_debug_add("%.100s, line %lu: missing end quote",
234 file, linenum); 234 file, linenum);
235 xfree(s); 235 free(s);
236 goto bad_option; 236 goto bad_option;
237 } 237 }
238 s[i] = '\0'; 238 s[i] = '\0';
@@ -269,7 +269,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
269 file, linenum); 269 file, linenum);
270 auth_debug_add("%.100s, line %lu: missing end quote", 270 auth_debug_add("%.100s, line %lu: missing end quote",
271 file, linenum); 271 file, linenum);
272 xfree(patterns); 272 free(patterns);
273 goto bad_option; 273 goto bad_option;
274 } 274 }
275 patterns[i] = '\0'; 275 patterns[i] = '\0';
@@ -277,7 +277,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
277 switch (match_host_and_ip(remote_host, remote_ip, 277 switch (match_host_and_ip(remote_host, remote_ip,
278 patterns)) { 278 patterns)) {
279 case 1: 279 case 1:
280 xfree(patterns); 280 free(patterns);
281 /* Host name matches. */ 281 /* Host name matches. */
282 goto next_option; 282 goto next_option;
283 case -1: 283 case -1:
@@ -287,7 +287,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
287 "invalid criteria", file, linenum); 287 "invalid criteria", file, linenum);
288 /* FALLTHROUGH */ 288 /* FALLTHROUGH */
289 case 0: 289 case 0:
290 xfree(patterns); 290 free(patterns);
291 logit("Authentication tried for %.100s with " 291 logit("Authentication tried for %.100s with "
292 "correct key but not from a permitted " 292 "correct key but not from a permitted "
293 "host (host=%.200s, ip=%.200s).", 293 "host (host=%.200s, ip=%.200s).",
@@ -323,7 +323,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
323 file, linenum); 323 file, linenum);
324 auth_debug_add("%.100s, line %lu: missing " 324 auth_debug_add("%.100s, line %lu: missing "
325 "end quote", file, linenum); 325 "end quote", file, linenum);
326 xfree(patterns); 326 free(patterns);
327 goto bad_option; 327 goto bad_option;
328 } 328 }
329 patterns[i] = '\0'; 329 patterns[i] = '\0';
@@ -337,7 +337,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
337 auth_debug_add("%.100s, line %lu: " 337 auth_debug_add("%.100s, line %lu: "
338 "Bad permitopen specification", file, 338 "Bad permitopen specification", file,
339 linenum); 339 linenum);
340 xfree(patterns); 340 free(patterns);
341 goto bad_option; 341 goto bad_option;
342 } 342 }
343 host = cleanhostname(host); 343 host = cleanhostname(host);
@@ -346,12 +346,12 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
346 "<%.100s>", file, linenum, p ? p : ""); 346 "<%.100s>", file, linenum, p ? p : "");
347 auth_debug_add("%.100s, line %lu: " 347 auth_debug_add("%.100s, line %lu: "
348 "Bad permitopen port", file, linenum); 348 "Bad permitopen port", file, linenum);
349 xfree(patterns); 349 free(patterns);
350 goto bad_option; 350 goto bad_option;
351 } 351 }
352 if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0) 352 if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0)
353 channel_add_permitted_opens(host, port); 353 channel_add_permitted_opens(host, port);
354 xfree(patterns); 354 free(patterns);
355 goto next_option; 355 goto next_option;
356 } 356 }
357 cp = "tunnel=\""; 357 cp = "tunnel=\"";
@@ -370,13 +370,13 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
370 file, linenum); 370 file, linenum);
371 auth_debug_add("%.100s, line %lu: missing end quote", 371 auth_debug_add("%.100s, line %lu: missing end quote",
372 file, linenum); 372 file, linenum);
373 xfree(tun); 373 free(tun);
374 forced_tun_device = -1; 374 forced_tun_device = -1;
375 goto bad_option; 375 goto bad_option;
376 } 376 }
377 tun[i] = '\0'; 377 tun[i] = '\0';
378 forced_tun_device = a2tun(tun, NULL); 378 forced_tun_device = a2tun(tun, NULL);
379 xfree(tun); 379 free(tun);
380 if (forced_tun_device == SSH_TUNID_ERR) { 380 if (forced_tun_device == SSH_TUNID_ERR) {
381 debug("%.100s, line %lu: invalid tun device", 381 debug("%.100s, line %lu: invalid tun device",
382 file, linenum); 382 file, linenum);
@@ -484,7 +484,7 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
484 if (*cert_forced_command != NULL) { 484 if (*cert_forced_command != NULL) {
485 error("Certificate has multiple " 485 error("Certificate has multiple "
486 "force-command options"); 486 "force-command options");
487 xfree(command); 487 free(command);
488 goto out; 488 goto out;
489 } 489 }
490 *cert_forced_command = command; 490 *cert_forced_command = command;
@@ -500,7 +500,7 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
500 if ((*cert_source_address_done)++) { 500 if ((*cert_source_address_done)++) {
501 error("Certificate has multiple " 501 error("Certificate has multiple "
502 "source-address options"); 502 "source-address options");
503 xfree(allowed); 503 free(allowed);
504 goto out; 504 goto out;
505 } 505 }
506 remote_ip = get_remote_ipaddr(); 506 remote_ip = get_remote_ipaddr();
@@ -508,7 +508,7 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
508 allowed)) { 508 allowed)) {
509 case 1: 509 case 1:
510 /* accepted */ 510 /* accepted */
511 xfree(allowed); 511 free(allowed);
512 break; 512 break;
513 case 0: 513 case 0:
514 /* no match */ 514 /* no match */
@@ -521,12 +521,12 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
521 "is not permitted to use this " 521 "is not permitted to use this "
522 "certificate for login.", 522 "certificate for login.",
523 remote_ip); 523 remote_ip);
524 xfree(allowed); 524 free(allowed);
525 goto out; 525 goto out;
526 case -1: 526 case -1:
527 error("Certificate source-address " 527 error("Certificate source-address "
528 "contents invalid"); 528 "contents invalid");
529 xfree(allowed); 529 free(allowed);
530 goto out; 530 goto out;
531 } 531 }
532 found = 1; 532 found = 1;
@@ -548,8 +548,8 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
548 goto out; 548 goto out;
549 } 549 }
550 buffer_clear(&data); 550 buffer_clear(&data);
551 xfree(name); 551 free(name);
552 xfree(data_blob); 552 free(data_blob);
553 name = data_blob = NULL; 553 name = data_blob = NULL;
554 } 554 }
555 /* successfully parsed all options */ 555 /* successfully parsed all options */
@@ -559,13 +559,13 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
559 if (ret != 0 && 559 if (ret != 0 &&
560 cert_forced_command != NULL && 560 cert_forced_command != NULL &&
561 *cert_forced_command != NULL) { 561 *cert_forced_command != NULL) {
562 xfree(*cert_forced_command); 562 free(*cert_forced_command);
563 *cert_forced_command = NULL; 563 *cert_forced_command = NULL;
564 } 564 }
565 if (name != NULL) 565 if (name != NULL)
566 xfree(name); 566 free(name);
567 if (data_blob != NULL) 567 if (data_blob != NULL)
568 xfree(data_blob); 568 free(data_blob);
569 buffer_free(&data); 569 buffer_free(&data);
570 buffer_free(&c); 570 buffer_free(&c);
571 return ret; 571 return ret;
@@ -627,7 +627,7 @@ auth_cert_options(Key *k, struct passwd *pw)
627 /* CA-specified forced command supersedes key option */ 627 /* CA-specified forced command supersedes key option */
628 if (cert_forced_command != NULL) { 628 if (cert_forced_command != NULL) {
629 if (forced_command != NULL) 629 if (forced_command != NULL)
630 xfree(forced_command); 630 free(forced_command);
631 forced_command = cert_forced_command; 631 forced_command = cert_forced_command;
632 } 632 }
633 return 0; 633 return 0;
diff --git a/auth-rsa.c b/auth-rsa.c
index 2c8a7cb35..748eaae09 100644
--- a/auth-rsa.c
+++ b/auth-rsa.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth-rsa.c,v 1.81 2012/10/30 21:29:54 djm Exp $ */ 1/* $OpenBSD: auth-rsa.c,v 1.82 2013/05/17 00:13:13 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -281,7 +281,7 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
281 file = expand_authorized_keys( 281 file = expand_authorized_keys(
282 options.authorized_keys_files[i], pw); 282 options.authorized_keys_files[i], pw);
283 allowed = rsa_key_allowed_in_file(pw, file, client_n, rkey); 283 allowed = rsa_key_allowed_in_file(pw, file, client_n, rkey);
284 xfree(file); 284 free(file);
285 } 285 }
286 286
287 restore_uid(); 287 restore_uid();
@@ -331,7 +331,7 @@ auth_rsa(Authctxt *authctxt, BIGNUM *client_n)
331 fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); 331 fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
332 verbose("Found matching %s key: %s", 332 verbose("Found matching %s key: %s",
333 key_type(key), fp); 333 key_type(key), fp);
334 xfree(fp); 334 free(fp);
335 key_free(key); 335 key_free(key);
336 336
337 packet_send_debug("RSA authentication accepted."); 337 packet_send_debug("RSA authentication accepted.");
diff --git a/auth.c b/auth.c
index 666c493dc..ac126e6f3 100644
--- a/auth.c
+++ b/auth.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth.c,v 1.101 2013/02/06 00:22:21 dtucker Exp $ */ 1/* $OpenBSD: auth.c,v 1.102 2013/05/17 00:13:13 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -165,17 +165,17 @@ allowed_user(struct passwd * pw)
165 if (stat(shell, &st) != 0) { 165 if (stat(shell, &st) != 0) {
166 logit("User %.100s not allowed because shell %.100s " 166 logit("User %.100s not allowed because shell %.100s "
167 "does not exist", pw->pw_name, shell); 167 "does not exist", pw->pw_name, shell);
168 xfree(shell); 168 free(shell);
169 return 0; 169 return 0;
170 } 170 }
171 if (S_ISREG(st.st_mode) == 0 || 171 if (S_ISREG(st.st_mode) == 0 ||
172 (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)) == 0) { 172 (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)) == 0) {
173 logit("User %.100s not allowed because shell %.100s " 173 logit("User %.100s not allowed because shell %.100s "
174 "is not executable", pw->pw_name, shell); 174 "is not executable", pw->pw_name, shell);
175 xfree(shell); 175 free(shell);
176 return 0; 176 return 0;
177 } 177 }
178 xfree(shell); 178 free(shell);
179 } 179 }
180 180
181 if (options.num_deny_users > 0 || options.num_allow_users > 0 || 181 if (options.num_deny_users > 0 || options.num_allow_users > 0 ||
@@ -355,7 +355,7 @@ expand_authorized_keys(const char *filename, struct passwd *pw)
355 i = snprintf(ret, sizeof(ret), "%s/%s", pw->pw_dir, file); 355 i = snprintf(ret, sizeof(ret), "%s/%s", pw->pw_dir, file);
356 if (i < 0 || (size_t)i >= sizeof(ret)) 356 if (i < 0 || (size_t)i >= sizeof(ret))
357 fatal("expand_authorized_keys: path too long"); 357 fatal("expand_authorized_keys: path too long");
358 xfree(file); 358 free(file);
359 return (xstrdup(ret)); 359 return (xstrdup(ret));
360} 360}
361 361
@@ -397,7 +397,7 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host,
397 load_hostkeys(hostkeys, host, user_hostfile); 397 load_hostkeys(hostkeys, host, user_hostfile);
398 restore_uid(); 398 restore_uid();
399 } 399 }
400 xfree(user_hostfile); 400 free(user_hostfile);
401 } 401 }
402 host_status = check_key_in_hostkeys(hostkeys, key, &found); 402 host_status = check_key_in_hostkeys(hostkeys, key, &found);
403 if (host_status == HOST_REVOKED) 403 if (host_status == HOST_REVOKED)
@@ -666,7 +666,7 @@ auth_key_is_revoked(Key *key)
666 key_fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); 666 key_fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
667 error("WARNING: authentication attempt with a revoked " 667 error("WARNING: authentication attempt with a revoked "
668 "%s key %s ", key_type(key), key_fp); 668 "%s key %s ", key_type(key), key_fp);
669 xfree(key_fp); 669 free(key_fp);
670 return 1; 670 return 1;
671 } 671 }
672 fatal("key_in_file returned junk"); 672 fatal("key_in_file returned junk");
@@ -697,7 +697,7 @@ auth_debug_send(void)
697 while (buffer_len(&auth_debug)) { 697 while (buffer_len(&auth_debug)) {
698 msg = buffer_get_string(&auth_debug, NULL); 698 msg = buffer_get_string(&auth_debug, NULL);
699 packet_send_debug("%s", msg); 699 packet_send_debug("%s", msg);
700 xfree(msg); 700 free(msg);
701 } 701 }
702} 702}
703 703
diff --git a/auth1.c b/auth1.c
index 6eea8d81e..238b3c9c3 100644
--- a/auth1.c
+++ b/auth1.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth1.c,v 1.77 2012/12/02 20:34:09 djm Exp $ */ 1/* $OpenBSD: auth1.c,v 1.78 2013/05/17 00:13:13 djm Exp $ */
2/* 2/*
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved 4 * All rights reserved
@@ -130,7 +130,7 @@ auth1_process_password(Authctxt *authctxt, char *info, size_t infolen)
130 authenticated = PRIVSEP(auth_password(authctxt, password)); 130 authenticated = PRIVSEP(auth_password(authctxt, password));
131 131
132 memset(password, 0, dlen); 132 memset(password, 0, dlen);
133 xfree(password); 133 free(password);
134 134
135 return (authenticated); 135 return (authenticated);
136} 136}
@@ -204,7 +204,7 @@ auth1_process_tis_challenge(Authctxt *authctxt, char *info, size_t infolen)
204 debug("sending challenge '%s'", challenge); 204 debug("sending challenge '%s'", challenge);
205 packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE); 205 packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE);
206 packet_put_cstring(challenge); 206 packet_put_cstring(challenge);
207 xfree(challenge); 207 free(challenge);
208 packet_send(); 208 packet_send();
209 packet_write_wait(); 209 packet_write_wait();
210 210
@@ -223,7 +223,7 @@ auth1_process_tis_response(Authctxt *authctxt, char *info, size_t infolen)
223 packet_check_eom(); 223 packet_check_eom();
224 authenticated = verify_response(authctxt, response); 224 authenticated = verify_response(authctxt, response);
225 memset(response, 'r', dlen); 225 memset(response, 'r', dlen);
226 xfree(response); 226 free(response);
227 227
228 return (authenticated); 228 return (authenticated);
229} 229}
@@ -356,10 +356,8 @@ do_authloop(Authctxt *authctxt)
356 auth_log(authctxt, authenticated, 0, get_authname(type), 356 auth_log(authctxt, authenticated, 0, get_authname(type),
357 NULL, info); 357 NULL, info);
358 358
359 if (client_user != NULL) { 359 free(client_user);
360 xfree(client_user); 360 client_user = NULL;
361 client_user = NULL;
362 }
363 361
364 if (authenticated) 362 if (authenticated)
365 return; 363 return;
diff --git a/auth2-chall.c b/auth2-chall.c
index ed1acdd3b..98f3093ce 100644
--- a/auth2-chall.c
+++ b/auth2-chall.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2-chall.c,v 1.37 2013/03/07 19:27:25 markus Exp $ */ 1/* $OpenBSD: auth2-chall.c,v 1.38 2013/05/17 00:13:13 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 * Copyright (c) 2001 Per Allansson. All rights reserved. 4 * Copyright (c) 2001 Per Allansson. All rights reserved.
@@ -147,11 +147,9 @@ kbdint_free(KbdintAuthctxt *kbdintctxt)
147{ 147{
148 if (kbdintctxt->device) 148 if (kbdintctxt->device)
149 kbdint_reset_device(kbdintctxt); 149 kbdint_reset_device(kbdintctxt);
150 if (kbdintctxt->devices) { 150 free(kbdintctxt->devices);
151 xfree(kbdintctxt->devices); 151 bzero(kbdintctxt, sizeof(*kbdintctxt));
152 kbdintctxt->devices = NULL; 152 free(kbdintctxt);
153 }
154 xfree(kbdintctxt);
155} 153}
156/* get next device */ 154/* get next device */
157static int 155static int
@@ -178,7 +176,7 @@ kbdint_next_device(Authctxt *authctxt, KbdintAuthctxt *kbdintctxt)
178 } 176 }
179 t = kbdintctxt->devices; 177 t = kbdintctxt->devices;
180 kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL; 178 kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL;
181 xfree(t); 179 free(t);
182 debug2("kbdint_next_device: devices %s", kbdintctxt->devices ? 180 debug2("kbdint_next_device: devices %s", kbdintctxt->devices ?
183 kbdintctxt->devices : "<empty>"); 181 kbdintctxt->devices : "<empty>");
184 } while (kbdintctxt->devices && !kbdintctxt->device); 182 } while (kbdintctxt->devices && !kbdintctxt->device);
@@ -272,11 +270,11 @@ send_userauth_info_request(Authctxt *authctxt)
272 packet_write_wait(); 270 packet_write_wait();
273 271
274 for (i = 0; i < kbdintctxt->nreq; i++) 272 for (i = 0; i < kbdintctxt->nreq; i++)
275 xfree(prompts[i]); 273 free(prompts[i]);
276 xfree(prompts); 274 free(prompts);
277 xfree(echo_on); 275 free(echo_on);
278 xfree(name); 276 free(name);
279 xfree(instr); 277 free(instr);
280 return 1; 278 return 1;
281} 279}
282 280
@@ -315,10 +313,9 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
315 313
316 for (i = 0; i < nresp; i++) { 314 for (i = 0; i < nresp; i++) {
317 memset(response[i], 'r', strlen(response[i])); 315 memset(response[i], 'r', strlen(response[i]));
318 xfree(response[i]); 316 free(response[i]);
319 } 317 }
320 if (response) 318 free(response);
321 xfree(response);
322 319
323 switch (res) { 320 switch (res) {
324 case 0: 321 case 0:
diff --git a/auth2-gss.c b/auth2-gss.c
index de1bd0644..638d8f88e 100644
--- a/auth2-gss.c
+++ b/auth2-gss.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2-gss.c,v 1.19 2013/04/05 00:14:00 djm Exp $ */ 1/* $OpenBSD: auth2-gss.c,v 1.20 2013/05/17 00:13:13 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. 4 * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -81,8 +81,7 @@ userauth_gssapi(Authctxt *authctxt)
81 do { 81 do {
82 mechs--; 82 mechs--;
83 83
84 if (doid) 84 free(doid);
85 xfree(doid);
86 85
87 present = 0; 86 present = 0;
88 doid = packet_get_string(&len); 87 doid = packet_get_string(&len);
@@ -101,7 +100,7 @@ userauth_gssapi(Authctxt *authctxt)
101 gss_release_oid_set(&ms, &supported); 100 gss_release_oid_set(&ms, &supported);
102 101
103 if (!present) { 102 if (!present) {
104 xfree(doid); 103 free(doid);
105 authctxt->server_caused_failure = 1; 104 authctxt->server_caused_failure = 1;
106 return (0); 105 return (0);
107 } 106 }
@@ -109,7 +108,7 @@ userauth_gssapi(Authctxt *authctxt)
109 if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, &goid)))) { 108 if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, &goid)))) {
110 if (ctxt != NULL) 109 if (ctxt != NULL)
111 ssh_gssapi_delete_ctx(&ctxt); 110 ssh_gssapi_delete_ctx(&ctxt);
112 xfree(doid); 111 free(doid);
113 authctxt->server_caused_failure = 1; 112 authctxt->server_caused_failure = 1;
114 return (0); 113 return (0);
115 } 114 }
@@ -122,7 +121,7 @@ userauth_gssapi(Authctxt *authctxt)
122 packet_put_string(doid, len); 121 packet_put_string(doid, len);
123 122
124 packet_send(); 123 packet_send();
125 xfree(doid); 124 free(doid);
126 125
127 dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, &input_gssapi_token); 126 dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, &input_gssapi_token);
128 dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_gssapi_errtok); 127 dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_gssapi_errtok);
@@ -153,7 +152,7 @@ input_gssapi_token(int type, u_int32_t plen, void *ctxt)
153 maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok, 152 maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok,
154 &send_tok, &flags)); 153 &send_tok, &flags));
155 154
156 xfree(recv_tok.value); 155 free(recv_tok.value);
157 156
158 if (GSS_ERROR(maj_status)) { 157 if (GSS_ERROR(maj_status)) {
159 if (send_tok.length != 0) { 158 if (send_tok.length != 0) {
@@ -208,7 +207,7 @@ input_gssapi_errtok(int type, u_int32_t plen, void *ctxt)
208 maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok, 207 maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok,
209 &send_tok, NULL)); 208 &send_tok, NULL));
210 209
211 xfree(recv_tok.value); 210 free(recv_tok.value);
212 211
213 /* We can't return anything to the client, even if we wanted to */ 212 /* We can't return anything to the client, even if we wanted to */
214 dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); 213 dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
@@ -281,7 +280,7 @@ input_gssapi_mic(int type, u_int32_t plen, void *ctxt)
281 logit("GSSAPI MIC check failed"); 280 logit("GSSAPI MIC check failed");
282 281
283 buffer_free(&b); 282 buffer_free(&b);
284 xfree(mic.value); 283 free(mic.value);
285 284
286 authctxt->postponed = 0; 285 authctxt->postponed = 0;
287 dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); 286 dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
diff --git a/auth2-hostbased.c b/auth2-hostbased.c
index cdf442f97..e6d05e261 100644
--- a/auth2-hostbased.c
+++ b/auth2-hostbased.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2-hostbased.c,v 1.14 2010/08/04 05:42:47 djm Exp $ */ 1/* $OpenBSD: auth2-hostbased.c,v 1.15 2013/05/17 00:13:13 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -128,11 +128,11 @@ done:
128 debug2("userauth_hostbased: authenticated %d", authenticated); 128 debug2("userauth_hostbased: authenticated %d", authenticated);
129 if (key != NULL) 129 if (key != NULL)
130 key_free(key); 130 key_free(key);
131 xfree(pkalg); 131 free(pkalg);
132 xfree(pkblob); 132 free(pkblob);
133 xfree(cuser); 133 free(cuser);
134 xfree(chost); 134 free(chost);
135 xfree(sig); 135 free(sig);
136 return authenticated; 136 return authenticated;
137} 137}
138 138
@@ -207,7 +207,7 @@ hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,
207 verbose("Accepted %s public key %s from %s@%s", 207 verbose("Accepted %s public key %s from %s@%s",
208 key_type(key), fp, cuser, lookup); 208 key_type(key), fp, cuser, lookup);
209 } 209 }
210 xfree(fp); 210 free(fp);
211 } 211 }
212 212
213 return (host_status == HOST_OK); 213 return (host_status == HOST_OK);
diff --git a/auth2-jpake.c b/auth2-jpake.c
index ed0eba47b..78a6b8817 100644
--- a/auth2-jpake.c
+++ b/auth2-jpake.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2-jpake.c,v 1.5 2012/12/02 20:34:09 djm Exp $ */ 1/* $OpenBSD: auth2-jpake.c,v 1.6 2013/05/17 00:13:13 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2008 Damien Miller. All rights reserved. 3 * Copyright (c) 2008 Damien Miller. All rights reserved.
4 * 4 *
@@ -179,7 +179,7 @@ derive_rawsalt(const char *username, u_char *rawsalt, u_int len)
179 __func__, len, digest_len); 179 __func__, len, digest_len);
180 memcpy(rawsalt, digest, len); 180 memcpy(rawsalt, digest, len);
181 bzero(digest, digest_len); 181 bzero(digest, digest_len);
182 xfree(digest); 182 free(digest);
183} 183}
184 184
185/* ASCII an integer [0, 64) for inclusion in a password/salt */ 185/* ASCII an integer [0, 64) for inclusion in a password/salt */
@@ -258,7 +258,7 @@ fake_salt_and_scheme(Authctxt *authctxt, char **salt, char **scheme)
258 makesalt(22, authctxt->user)); 258 makesalt(22, authctxt->user));
259 *scheme = xstrdup("bcrypt"); 259 *scheme = xstrdup("bcrypt");
260 } 260 }
261 xfree(style); 261 free(style);
262 debug3("%s: fake %s salt for user %s: %s", 262 debug3("%s: fake %s salt for user %s: %s",
263 __func__, *scheme, authctxt->user, *salt); 263 __func__, *scheme, authctxt->user, *salt);
264} 264}
@@ -361,7 +361,7 @@ auth2_jpake_get_pwdata(Authctxt *authctxt, BIGNUM **s,
361 JPAKE_DEBUG_BN((*s, "%s: s = ", __func__)); 361 JPAKE_DEBUG_BN((*s, "%s: s = ", __func__));
362#endif 362#endif
363 bzero(secret, secret_len); 363 bzero(secret, secret_len);
364 xfree(secret); 364 free(secret);
365} 365}
366 366
367/* 367/*
@@ -403,12 +403,12 @@ auth2_jpake_start(Authctxt *authctxt)
403 403
404 bzero(hash_scheme, strlen(hash_scheme)); 404 bzero(hash_scheme, strlen(hash_scheme));
405 bzero(salt, strlen(salt)); 405 bzero(salt, strlen(salt));
406 xfree(hash_scheme); 406 free(hash_scheme);
407 xfree(salt); 407 free(salt);
408 bzero(x3_proof, x3_proof_len); 408 bzero(x3_proof, x3_proof_len);
409 bzero(x4_proof, x4_proof_len); 409 bzero(x4_proof, x4_proof_len);
410 xfree(x3_proof); 410 free(x3_proof);
411 xfree(x4_proof); 411 free(x4_proof);
412 412
413 /* Expect step 1 packet from peer */ 413 /* Expect step 1 packet from peer */
414 dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP1, 414 dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP1,
@@ -455,8 +455,8 @@ input_userauth_jpake_client_step1(int type, u_int32_t seq, void *ctxt)
455 455
456 bzero(x1_proof, x1_proof_len); 456 bzero(x1_proof, x1_proof_len);
457 bzero(x2_proof, x2_proof_len); 457 bzero(x2_proof, x2_proof_len);
458 xfree(x1_proof); 458 free(x1_proof);
459 xfree(x2_proof); 459 free(x2_proof);
460 460
461 if (!use_privsep) 461 if (!use_privsep)
462 JPAKE_DEBUG_CTX((pctx, "step 2 sending in %s", __func__)); 462 JPAKE_DEBUG_CTX((pctx, "step 2 sending in %s", __func__));
@@ -469,7 +469,7 @@ input_userauth_jpake_client_step1(int type, u_int32_t seq, void *ctxt)
469 packet_write_wait(); 469 packet_write_wait();
470 470
471 bzero(x4_s_proof, x4_s_proof_len); 471 bzero(x4_s_proof, x4_s_proof_len);
472 xfree(x4_s_proof); 472 free(x4_s_proof);
473 473
474 /* Expect step 2 packet from peer */ 474 /* Expect step 2 packet from peer */
475 dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP2, 475 dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP2,
@@ -510,7 +510,7 @@ input_userauth_jpake_client_step2(int type, u_int32_t seq, void *ctxt)
510 &pctx->h_k_sid_sessid, &pctx->h_k_sid_sessid_len)); 510 &pctx->h_k_sid_sessid, &pctx->h_k_sid_sessid_len));
511 511
512 bzero(x2_s_proof, x2_s_proof_len); 512 bzero(x2_s_proof, x2_s_proof_len);
513 xfree(x2_s_proof); 513 free(x2_s_proof);
514 514
515 if (!use_privsep) 515 if (!use_privsep)
516 JPAKE_DEBUG_CTX((pctx, "confirm sending in %s", __func__)); 516 JPAKE_DEBUG_CTX((pctx, "confirm sending in %s", __func__));
diff --git a/auth2-kbdint.c b/auth2-kbdint.c
index fae67da6e..c39bdc62d 100644
--- a/auth2-kbdint.c
+++ b/auth2-kbdint.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2-kbdint.c,v 1.5 2006/08/03 03:34:41 deraadt Exp $ */ 1/* $OpenBSD: auth2-kbdint.c,v 1.6 2013/05/17 00:13:13 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -56,8 +56,8 @@ userauth_kbdint(Authctxt *authctxt)
56 if (options.challenge_response_authentication) 56 if (options.challenge_response_authentication)
57 authenticated = auth2_challenge(authctxt, devs); 57 authenticated = auth2_challenge(authctxt, devs);
58 58
59 xfree(devs); 59 free(devs);
60 xfree(lang); 60 free(lang);
61 return authenticated; 61 return authenticated;
62} 62}
63 63
diff --git a/auth2-passwd.c b/auth2-passwd.c
index 5f1f3635f..21bc5047d 100644
--- a/auth2-passwd.c
+++ b/auth2-passwd.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2-passwd.c,v 1.9 2006/08/03 03:34:41 deraadt Exp $ */ 1/* $OpenBSD: auth2-passwd.c,v 1.10 2013/05/17 00:13:13 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -60,7 +60,7 @@ userauth_passwd(Authctxt *authctxt)
60 /* discard new password from packet */ 60 /* discard new password from packet */
61 newpass = packet_get_string(&newlen); 61 newpass = packet_get_string(&newlen);
62 memset(newpass, 0, newlen); 62 memset(newpass, 0, newlen);
63 xfree(newpass); 63 free(newpass);
64 } 64 }
65 packet_check_eom(); 65 packet_check_eom();
66 66
@@ -69,7 +69,7 @@ userauth_passwd(Authctxt *authctxt)
69 else if (PRIVSEP(auth_password(authctxt, password)) == 1) 69 else if (PRIVSEP(auth_password(authctxt, password)) == 1)
70 authenticated = 1; 70 authenticated = 1;
71 memset(password, 0, len); 71 memset(password, 0, len);
72 xfree(password); 72 free(password);
73 return authenticated; 73 return authenticated;
74} 74}
75 75
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index c28bef7a2..4c326df7a 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2-pubkey.c,v 1.35 2013/03/07 00:19:59 djm Exp $ */ 1/* $OpenBSD: auth2-pubkey.c,v 1.36 2013/05/17 00:13:13 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -154,7 +154,7 @@ userauth_pubkey(Authctxt *authctxt)
154 buffer_len(&b))) == 1) 154 buffer_len(&b))) == 1)
155 authenticated = 1; 155 authenticated = 1;
156 buffer_free(&b); 156 buffer_free(&b);
157 xfree(sig); 157 free(sig);
158 } else { 158 } else {
159 debug("test whether pkalg/pkblob are acceptable"); 159 debug("test whether pkalg/pkblob are acceptable");
160 packet_check_eom(); 160 packet_check_eom();
@@ -182,8 +182,8 @@ done:
182 debug2("userauth_pubkey: authenticated %d pkalg %s", authenticated, pkalg); 182 debug2("userauth_pubkey: authenticated %d pkalg %s", authenticated, pkalg);
183 if (key != NULL) 183 if (key != NULL)
184 key_free(key); 184 key_free(key);
185 xfree(pkalg); 185 free(pkalg);
186 xfree(pkblob); 186 free(pkblob);
187 return authenticated; 187 return authenticated;
188} 188}
189 189
@@ -200,7 +200,7 @@ match_principals_option(const char *principal_list, struct KeyCert *cert)
200 principal_list, NULL)) != NULL) { 200 principal_list, NULL)) != NULL) {
201 debug3("matched principal from key options \"%.100s\"", 201 debug3("matched principal from key options \"%.100s\"",
202 result); 202 result);
203 xfree(result); 203 free(result);
204 return 1; 204 return 1;
205 } 205 }
206 } 206 }
@@ -336,7 +336,7 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
336 reason = "Certificate does not contain an " 336 reason = "Certificate does not contain an "
337 "authorized principal"; 337 "authorized principal";
338 fail_reason: 338 fail_reason:
339 xfree(fp); 339 free(fp);
340 error("%s", reason); 340 error("%s", reason);
341 auth_debug_add("%s", reason); 341 auth_debug_add("%s", reason);
342 continue; 342 continue;
@@ -346,13 +346,13 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
346 &reason) != 0) 346 &reason) != 0)
347 goto fail_reason; 347 goto fail_reason;
348 if (auth_cert_options(key, pw) != 0) { 348 if (auth_cert_options(key, pw) != 0) {
349 xfree(fp); 349 free(fp);
350 continue; 350 continue;
351 } 351 }
352 verbose("Accepted certificate ID \"%s\" " 352 verbose("Accepted certificate ID \"%s\" "
353 "signed by %s CA %s via %s", key->cert->key_id, 353 "signed by %s CA %s via %s", key->cert->key_id,
354 key_type(found), fp, file); 354 key_type(found), fp, file);
355 xfree(fp); 355 free(fp);
356 found_key = 1; 356 found_key = 1;
357 break; 357 break;
358 } else if (key_equal(found, key)) { 358 } else if (key_equal(found, key)) {
@@ -367,7 +367,7 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
367 fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX); 367 fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX);
368 verbose("Found matching %s key: %s", 368 verbose("Found matching %s key: %s",
369 key_type(found), fp); 369 key_type(found), fp);
370 xfree(fp); 370 free(fp);
371 break; 371 break;
372 } 372 }
373 } 373 }
@@ -425,10 +425,8 @@ user_cert_trusted_ca(struct passwd *pw, Key *key)
425 ret = 1; 425 ret = 1;
426 426
427 out: 427 out:
428 if (principals_file != NULL) 428 free(principals_file);
429 xfree(principals_file); 429 free(ca_fp);
430 if (ca_fp != NULL)
431 xfree(ca_fp);
432 return ret; 430 return ret;
433} 431}
434 432
@@ -633,7 +631,7 @@ user_key_allowed(struct passwd *pw, Key *key)
633 options.authorized_keys_files[i], pw); 631 options.authorized_keys_files[i], pw);
634 632
635 success = user_key_allowed2(pw, key, file); 633 success = user_key_allowed2(pw, key, file);
636 xfree(file); 634 free(file);
637 } 635 }
638 636
639 return success; 637 return success;
diff --git a/auth2.c b/auth2.c
index e44482164..5f136ce09 100644
--- a/auth2.c
+++ b/auth2.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2.c,v 1.127 2013/03/07 19:27:25 markus Exp $ */ 1/* $OpenBSD: auth2.c,v 1.128 2013/05/17 00:13:13 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -130,7 +130,7 @@ auth2_read_banner(void)
130 close(fd); 130 close(fd);
131 131
132 if (n != len) { 132 if (n != len) {
133 xfree(banner); 133 free(banner);
134 return (NULL); 134 return (NULL);
135 } 135 }
136 banner[n] = '\0'; 136 banner[n] = '\0';
@@ -166,8 +166,7 @@ userauth_banner(void)
166 userauth_send_banner(banner); 166 userauth_send_banner(banner);
167 167
168done: 168done:
169 if (banner) 169 free(banner);
170 xfree(banner);
171} 170}
172 171
173/* 172/*
@@ -212,7 +211,7 @@ input_service_request(int type, u_int32_t seq, void *ctxt)
212 debug("bad service request %s", service); 211 debug("bad service request %s", service);
213 packet_disconnect("bad service request %s", service); 212 packet_disconnect("bad service request %s", service);
214 } 213 }
215 xfree(service); 214 free(service);
216} 215}
217 216
218/*ARGSUSED*/ 217/*ARGSUSED*/
@@ -292,9 +291,9 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
292 } 291 }
293 userauth_finish(authctxt, authenticated, method, NULL); 292 userauth_finish(authctxt, authenticated, method, NULL);
294 293
295 xfree(service); 294 free(service);
296 xfree(user); 295 free(user);
297 xfree(method); 296 free(method);
298} 297}
299 298
300void 299void
@@ -382,7 +381,7 @@ userauth_finish(Authctxt *authctxt, int authenticated, const char *method,
382 packet_put_char(partial); 381 packet_put_char(partial);
383 packet_send(); 382 packet_send();
384 packet_write_wait(); 383 packet_write_wait();
385 xfree(methods); 384 free(methods);
386 } 385 }
387} 386}
388 387
diff --git a/authfd.c b/authfd.c
index f037e838b..775786bee 100644
--- a/authfd.c
+++ b/authfd.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: authfd.c,v 1.86 2011/07/06 18:09:21 tedu Exp $ */ 1/* $OpenBSD: authfd.c,v 1.87 2013/05/17 00:13:13 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -224,7 +224,7 @@ ssh_close_authentication_connection(AuthenticationConnection *auth)
224{ 224{
225 buffer_free(&auth->identities); 225 buffer_free(&auth->identities);
226 close(auth->fd); 226 close(auth->fd);
227 xfree(auth); 227 free(auth);
228} 228}
229 229
230/* Lock/unlock agent */ 230/* Lock/unlock agent */
@@ -343,7 +343,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio
343 blob = buffer_get_string(&auth->identities, &blen); 343 blob = buffer_get_string(&auth->identities, &blen);
344 *comment = buffer_get_string(&auth->identities, NULL); 344 *comment = buffer_get_string(&auth->identities, NULL);
345 key = key_from_blob(blob, blen); 345 key = key_from_blob(blob, blen);
346 xfree(blob); 346 free(blob);
347 break; 347 break;
348 default: 348 default:
349 return NULL; 349 return NULL;
@@ -436,7 +436,7 @@ ssh_agent_sign(AuthenticationConnection *auth,
436 buffer_put_string(&msg, blob, blen); 436 buffer_put_string(&msg, blob, blen);
437 buffer_put_string(&msg, data, datalen); 437 buffer_put_string(&msg, data, datalen);
438 buffer_put_int(&msg, flags); 438 buffer_put_int(&msg, flags);
439 xfree(blob); 439 free(blob);
440 440
441 if (ssh_request_reply(auth, &msg, &msg) == 0) { 441 if (ssh_request_reply(auth, &msg, &msg) == 0) {
442 buffer_free(&msg); 442 buffer_free(&msg);
@@ -612,7 +612,7 @@ ssh_remove_identity(AuthenticationConnection *auth, Key *key)
612 key_to_blob(key, &blob, &blen); 612 key_to_blob(key, &blob, &blen);
613 buffer_put_char(&msg, SSH2_AGENTC_REMOVE_IDENTITY); 613 buffer_put_char(&msg, SSH2_AGENTC_REMOVE_IDENTITY);
614 buffer_put_string(&msg, blob, blen); 614 buffer_put_string(&msg, blob, blen);
615 xfree(blob); 615 free(blob);
616 } else { 616 } else {
617 buffer_free(&msg); 617 buffer_free(&msg);
618 return 0; 618 return 0;
diff --git a/authfile.c b/authfile.c
index 91812bf87..63ae16bbd 100644
--- a/authfile.c
+++ b/authfile.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: authfile.c,v 1.96 2013/04/19 01:06:50 djm Exp $ */ 1/* $OpenBSD: authfile.c,v 1.97 2013/05/17 00:13:13 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -509,8 +509,8 @@ key_parse_private_rsa1(Buffer *blob, const char *passphrase, char **commentp)
509 return prv; 509 return prv;
510 510
511fail: 511fail:
512 if (commentp) 512 if (commentp != NULL)
513 xfree(*commentp); 513 free(*commentp);
514 key_free(prv); 514 key_free(prv);
515 return NULL; 515 return NULL;
516} 516}
@@ -832,10 +832,10 @@ key_load_cert(const char *filename)
832 pub = key_new(KEY_UNSPEC); 832 pub = key_new(KEY_UNSPEC);
833 xasprintf(&file, "%s-cert.pub", filename); 833 xasprintf(&file, "%s-cert.pub", filename);
834 if (key_try_load_public(pub, file, NULL) == 1) { 834 if (key_try_load_public(pub, file, NULL) == 1) {
835 xfree(file); 835 free(file);
836 return pub; 836 return pub;
837 } 837 }
838 xfree(file); 838 free(file);
839 key_free(pub); 839 key_free(pub);
840 return NULL; 840 return NULL;
841} 841}
diff --git a/bufaux.c b/bufaux.c
index 00208ca27..ec8853f8b 100644
--- a/bufaux.c
+++ b/bufaux.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: bufaux.c,v 1.50 2010/08/31 09:58:37 djm Exp $ */ 1/* $OpenBSD: bufaux.c,v 1.51 2013/05/17 00:13:13 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -181,7 +181,7 @@ buffer_get_string_ret(Buffer *buffer, u_int *length_ptr)
181 /* Get the string. */ 181 /* Get the string. */
182 if (buffer_get_ret(buffer, value, len) == -1) { 182 if (buffer_get_ret(buffer, value, len) == -1) {
183 error("buffer_get_string_ret: buffer_get failed"); 183 error("buffer_get_string_ret: buffer_get failed");
184 xfree(value); 184 free(value);
185 return (NULL); 185 return (NULL);
186 } 186 }
187 /* Append a null character to make processing easier. */ 187 /* Append a null character to make processing easier. */
@@ -216,7 +216,7 @@ buffer_get_cstring_ret(Buffer *buffer, u_int *length_ptr)
216 error("buffer_get_cstring_ret: string contains \\0"); 216 error("buffer_get_cstring_ret: string contains \\0");
217 else { 217 else {
218 bzero(ret, length); 218 bzero(ret, length);
219 xfree(ret); 219 free(ret);
220 return NULL; 220 return NULL;
221 } 221 }
222 } 222 }
diff --git a/bufbn.c b/bufbn.c
index 251cd0951..1fbfbbcc9 100644
--- a/bufbn.c
+++ b/bufbn.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: bufbn.c,v 1.6 2007/06/02 09:04:58 djm Exp $*/ 1/* $OpenBSD: bufbn.c,v 1.7 2013/05/17 00:13:13 djm Exp $*/
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -69,7 +69,7 @@ buffer_put_bignum_ret(Buffer *buffer, const BIGNUM *value)
69 if (oi != bin_size) { 69 if (oi != bin_size) {
70 error("buffer_put_bignum_ret: BN_bn2bin() failed: oi %d != bin_size %d", 70 error("buffer_put_bignum_ret: BN_bn2bin() failed: oi %d != bin_size %d",
71 oi, bin_size); 71 oi, bin_size);
72 xfree(buf); 72 free(buf);
73 return (-1); 73 return (-1);
74 } 74 }
75 75
@@ -80,7 +80,7 @@ buffer_put_bignum_ret(Buffer *buffer, const BIGNUM *value)
80 buffer_append(buffer, buf, oi); 80 buffer_append(buffer, buf, oi);
81 81
82 memset(buf, 0, bin_size); 82 memset(buf, 0, bin_size);
83 xfree(buf); 83 free(buf);
84 84
85 return (0); 85 return (0);
86} 86}
@@ -167,13 +167,13 @@ buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value)
167 if (oi < 0 || (u_int)oi != bytes - 1) { 167 if (oi < 0 || (u_int)oi != bytes - 1) {
168 error("buffer_put_bignum2_ret: BN_bn2bin() failed: " 168 error("buffer_put_bignum2_ret: BN_bn2bin() failed: "
169 "oi %d != bin_size %d", oi, bytes); 169 "oi %d != bin_size %d", oi, bytes);
170 xfree(buf); 170 free(buf);
171 return (-1); 171 return (-1);
172 } 172 }
173 hasnohigh = (buf[1] & 0x80) ? 0 : 1; 173 hasnohigh = (buf[1] & 0x80) ? 0 : 1;
174 buffer_put_string(buffer, buf+hasnohigh, bytes-hasnohigh); 174 buffer_put_string(buffer, buf+hasnohigh, bytes-hasnohigh);
175 memset(buf, 0, bytes); 175 memset(buf, 0, bytes);
176 xfree(buf); 176 free(buf);
177 return (0); 177 return (0);
178} 178}
179 179
@@ -197,21 +197,21 @@ buffer_get_bignum2_ret(Buffer *buffer, BIGNUM *value)
197 197
198 if (len > 0 && (bin[0] & 0x80)) { 198 if (len > 0 && (bin[0] & 0x80)) {
199 error("buffer_get_bignum2_ret: negative numbers not supported"); 199 error("buffer_get_bignum2_ret: negative numbers not supported");
200 xfree(bin); 200 free(bin);
201 return (-1); 201 return (-1);
202 } 202 }
203 if (len > 8 * 1024) { 203 if (len > 8 * 1024) {
204 error("buffer_get_bignum2_ret: cannot handle BN of size %d", 204 error("buffer_get_bignum2_ret: cannot handle BN of size %d",
205 len); 205 len);
206 xfree(bin); 206 free(bin);
207 return (-1); 207 return (-1);
208 } 208 }
209 if (BN_bin2bn(bin, len, value) == NULL) { 209 if (BN_bin2bn(bin, len, value) == NULL) {
210 error("buffer_get_bignum2_ret: BN_bin2bn failed"); 210 error("buffer_get_bignum2_ret: BN_bin2bn failed");
211 xfree(bin); 211 free(bin);
212 return (-1); 212 return (-1);
213 } 213 }
214 xfree(bin); 214 free(bin);
215 return (0); 215 return (0);
216} 216}
217 217
diff --git a/bufec.c b/bufec.c
index 3dcb49477..6c0048978 100644
--- a/bufec.c
+++ b/bufec.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: bufec.c,v 1.1 2010/08/31 11:54:45 djm Exp $ */ 1/* $OpenBSD: bufec.c,v 1.2 2013/05/17 00:13:13 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2010 Damien Miller <djm@mindrot.org> 3 * Copyright (c) 2010 Damien Miller <djm@mindrot.org>
4 * 4 *
@@ -78,7 +78,7 @@ buffer_put_ecpoint_ret(Buffer *buffer, const EC_GROUP *curve,
78 out: 78 out:
79 if (buf != NULL) { 79 if (buf != NULL) {
80 bzero(buf, len); 80 bzero(buf, len);
81 xfree(buf); 81 free(buf);
82 } 82 }
83 BN_CTX_free(bnctx); 83 BN_CTX_free(bnctx);
84 return ret; 84 return ret;
@@ -131,7 +131,7 @@ buffer_get_ecpoint_ret(Buffer *buffer, const EC_GROUP *curve,
131 out: 131 out:
132 BN_CTX_free(bnctx); 132 BN_CTX_free(bnctx);
133 bzero(buf, len); 133 bzero(buf, len);
134 xfree(buf); 134 free(buf);
135 return ret; 135 return ret;
136} 136}
137 137
diff --git a/buffer.c b/buffer.c
index ae9700344..007e7f94e 100644
--- a/buffer.c
+++ b/buffer.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: buffer.c,v 1.32 2010/02/09 03:56:28 djm Exp $ */ 1/* $OpenBSD: buffer.c,v 1.33 2013/05/17 00:13:13 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -50,7 +50,7 @@ buffer_free(Buffer *buffer)
50 if (buffer->alloc > 0) { 50 if (buffer->alloc > 0) {
51 memset(buffer->buf, 0, buffer->alloc); 51 memset(buffer->buf, 0, buffer->alloc);
52 buffer->alloc = 0; 52 buffer->alloc = 0;
53 xfree(buffer->buf); 53 free(buffer->buf);
54 } 54 }
55} 55}
56 56
diff --git a/canohost.c b/canohost.c
index dabd8a31a..69e8e6f6d 100644
--- a/canohost.c
+++ b/canohost.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: canohost.c,v 1.66 2010/01/13 01:20:20 dtucker Exp $ */ 1/* $OpenBSD: canohost.c,v 1.67 2013/05/17 00:13:13 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -41,7 +41,7 @@ static int cached_port = -1;
41 41
42/* 42/*
43 * Return the canonical name of the host at the other end of the socket. The 43 * Return the canonical name of the host at the other end of the socket. The
44 * caller should free the returned string with xfree. 44 * caller should free the returned string.
45 */ 45 */
46 46
47static char * 47static char *
@@ -323,10 +323,8 @@ get_local_name(int fd)
323void 323void
324clear_cached_addr(void) 324clear_cached_addr(void)
325{ 325{
326 if (canonical_host_ip != NULL) { 326 free(canonical_host_ip);
327 xfree(canonical_host_ip); 327 canonical_host_ip = NULL;
328 canonical_host_ip = NULL;
329 }
330 cached_port = -1; 328 cached_port = -1;
331} 329}
332 330
diff --git a/channels.c b/channels.c
index 12db962de..6031394cc 100644
--- a/channels.c
+++ b/channels.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: channels.c,v 1.320 2013/04/06 16:07:00 markus Exp $ */ 1/* $OpenBSD: channels.c,v 1.321 2013/05/17 00:13:13 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -401,7 +401,7 @@ channel_free(Channel *c)
401 401
402 s = channel_open_message(); 402 s = channel_open_message();
403 debug3("channel %d: status: %s", c->self, s); 403 debug3("channel %d: status: %s", c->self, s);
404 xfree(s); 404 free(s);
405 405
406 if (c->sock != -1) 406 if (c->sock != -1)
407 shutdown(c->sock, SHUT_RDWR); 407 shutdown(c->sock, SHUT_RDWR);
@@ -409,29 +409,23 @@ channel_free(Channel *c)
409 buffer_free(&c->input); 409 buffer_free(&c->input);
410 buffer_free(&c->output); 410 buffer_free(&c->output);
411 buffer_free(&c->extended); 411 buffer_free(&c->extended);
412 if (c->remote_name) { 412 free(c->remote_name);
413 xfree(c->remote_name); 413 c->remote_name = NULL;
414 c->remote_name = NULL; 414 free(c->path);
415 } 415 c->path = NULL;
416 if (c->path) { 416 free(c->listening_addr);
417 xfree(c->path); 417 c->listening_addr = NULL;
418 c->path = NULL;
419 }
420 if (c->listening_addr) {
421 xfree(c->listening_addr);
422 c->listening_addr = NULL;
423 }
424 while ((cc = TAILQ_FIRST(&c->status_confirms)) != NULL) { 418 while ((cc = TAILQ_FIRST(&c->status_confirms)) != NULL) {
425 if (cc->abandon_cb != NULL) 419 if (cc->abandon_cb != NULL)
426 cc->abandon_cb(c, cc->ctx); 420 cc->abandon_cb(c, cc->ctx);
427 TAILQ_REMOVE(&c->status_confirms, cc, entry); 421 TAILQ_REMOVE(&c->status_confirms, cc, entry);
428 bzero(cc, sizeof(*cc)); 422 bzero(cc, sizeof(*cc));
429 xfree(cc); 423 free(cc);
430 } 424 }
431 if (c->filter_cleanup != NULL && c->filter_ctx != NULL) 425 if (c->filter_cleanup != NULL && c->filter_ctx != NULL)
432 c->filter_cleanup(c->self, c->filter_ctx); 426 c->filter_cleanup(c->self, c->filter_ctx);
433 channels[c->self] = NULL; 427 channels[c->self] = NULL;
434 xfree(c); 428 free(c);
435} 429}
436 430
437void 431void
@@ -1080,10 +1074,8 @@ channel_decode_socks4(Channel *c, fd_set *readset, fd_set *writeset)
1080 strlcpy(username, p, sizeof(username)); 1074 strlcpy(username, p, sizeof(username));
1081 buffer_consume(&c->input, len); 1075 buffer_consume(&c->input, len);
1082 1076
1083 if (c->path != NULL) { 1077 free(c->path);
1084 xfree(c->path); 1078 c->path = NULL;
1085 c->path = NULL;
1086 }
1087 if (need == 1) { /* SOCKS4: one string */ 1079 if (need == 1) { /* SOCKS4: one string */
1088 host = inet_ntoa(s4_req.dest_addr); 1080 host = inet_ntoa(s4_req.dest_addr);
1089 c->path = xstrdup(host); 1081 c->path = xstrdup(host);
@@ -1216,10 +1208,8 @@ channel_decode_socks5(Channel *c, fd_set *readset, fd_set *writeset)
1216 buffer_get(&c->input, (char *)&dest_addr, addrlen); 1208 buffer_get(&c->input, (char *)&dest_addr, addrlen);
1217 buffer_get(&c->input, (char *)&dest_port, 2); 1209 buffer_get(&c->input, (char *)&dest_port, 2);
1218 dest_addr[addrlen] = '\0'; 1210 dest_addr[addrlen] = '\0';
1219 if (c->path != NULL) { 1211 free(c->path);
1220 xfree(c->path); 1212 c->path = NULL;
1221 c->path = NULL;
1222 }
1223 if (s5_req.atyp == SSH_SOCKS5_DOMAIN) { 1213 if (s5_req.atyp == SSH_SOCKS5_DOMAIN) {
1224 if (addrlen >= NI_MAXHOST) { 1214 if (addrlen >= NI_MAXHOST) {
1225 error("channel %d: dynamic request: socks5 hostname " 1215 error("channel %d: dynamic request: socks5 hostname "
@@ -1379,7 +1369,7 @@ channel_post_x11_listener(Channel *c, fd_set *readset, fd_set *writeset)
1379 packet_put_cstring(buf); 1369 packet_put_cstring(buf);
1380 packet_send(); 1370 packet_send();
1381 } 1371 }
1382 xfree(remote_ipaddr); 1372 free(remote_ipaddr);
1383 } 1373 }
1384} 1374}
1385 1375
@@ -1393,7 +1383,7 @@ port_open_helper(Channel *c, char *rtype)
1393 1383
1394 if (remote_port == -1) { 1384 if (remote_port == -1) {
1395 /* Fake addr/port to appease peers that validate it (Tectia) */ 1385 /* Fake addr/port to appease peers that validate it (Tectia) */
1396 xfree(remote_ipaddr); 1386 free(remote_ipaddr);
1397 remote_ipaddr = xstrdup("127.0.0.1"); 1387 remote_ipaddr = xstrdup("127.0.0.1");
1398 remote_port = 65535; 1388 remote_port = 65535;
1399 } 1389 }
@@ -1406,7 +1396,7 @@ port_open_helper(Channel *c, char *rtype)
1406 rtype, c->listening_port, c->path, c->host_port, 1396 rtype, c->listening_port, c->path, c->host_port,
1407 remote_ipaddr, remote_port); 1397 remote_ipaddr, remote_port);
1408 1398
1409 xfree(c->remote_name); 1399 free(c->remote_name);
1410 c->remote_name = xstrdup(buf); 1400 c->remote_name = xstrdup(buf);
1411 1401
1412 if (compat20) { 1402 if (compat20) {
@@ -1438,7 +1428,7 @@ port_open_helper(Channel *c, char *rtype)
1438 packet_put_cstring(c->remote_name); 1428 packet_put_cstring(c->remote_name);
1439 packet_send(); 1429 packet_send();
1440 } 1430 }
1441 xfree(remote_ipaddr); 1431 free(remote_ipaddr);
1442} 1432}
1443 1433
1444static void 1434static void
@@ -1691,7 +1681,7 @@ channel_handle_wfd(Channel *c, fd_set *readset, fd_set *writeset)
1691 if (c->datagram) { 1681 if (c->datagram) {
1692 /* ignore truncated writes, datagrams might get lost */ 1682 /* ignore truncated writes, datagrams might get lost */
1693 len = write(c->wfd, buf, dlen); 1683 len = write(c->wfd, buf, dlen);
1694 xfree(data); 1684 free(data);
1695 if (len < 0 && (errno == EINTR || errno == EAGAIN || 1685 if (len < 0 && (errno == EINTR || errno == EAGAIN ||
1696 errno == EWOULDBLOCK)) 1686 errno == EWOULDBLOCK))
1697 return 1; 1687 return 1;
@@ -2225,7 +2215,7 @@ channel_output_poll(void)
2225 debug("channel %d: datagram " 2215 debug("channel %d: datagram "
2226 "too big for channel", 2216 "too big for channel",
2227 c->self); 2217 c->self);
2228 xfree(data); 2218 free(data);
2229 continue; 2219 continue;
2230 } 2220 }
2231 packet_start(SSH2_MSG_CHANNEL_DATA); 2221 packet_start(SSH2_MSG_CHANNEL_DATA);
@@ -2233,7 +2223,7 @@ channel_output_poll(void)
2233 packet_put_string(data, dlen); 2223 packet_put_string(data, dlen);
2234 packet_send(); 2224 packet_send();
2235 c->remote_window -= dlen + 4; 2225 c->remote_window -= dlen + 4;
2236 xfree(data); 2226 free(data);
2237 } 2227 }
2238 continue; 2228 continue;
2239 } 2229 }
@@ -2405,13 +2395,13 @@ channel_input_extended_data(int type, u_int32_t seq, void *ctxt)
2405 if (data_len > c->local_window) { 2395 if (data_len > c->local_window) {
2406 logit("channel %d: rcvd too much extended_data %d, win %d", 2396 logit("channel %d: rcvd too much extended_data %d, win %d",
2407 c->self, data_len, c->local_window); 2397 c->self, data_len, c->local_window);
2408 xfree(data); 2398 free(data);
2409 return; 2399 return;
2410 } 2400 }
2411 debug2("channel %d: rcvd ext data %d", c->self, data_len); 2401 debug2("channel %d: rcvd ext data %d", c->self, data_len);
2412 c->local_window -= data_len; 2402 c->local_window -= data_len;
2413 buffer_append(&c->extended, data, data_len); 2403 buffer_append(&c->extended, data, data_len);
2414 xfree(data); 2404 free(data);
2415} 2405}
2416 2406
2417/* ARGSUSED */ 2407/* ARGSUSED */
@@ -2577,10 +2567,8 @@ channel_input_open_failure(int type, u_int32_t seq, void *ctxt)
2577 } 2567 }
2578 logit("channel %d: open failed: %s%s%s", id, 2568 logit("channel %d: open failed: %s%s%s", id,
2579 reason2txt(reason), msg ? ": ": "", msg ? msg : ""); 2569 reason2txt(reason), msg ? ": ": "", msg ? msg : "");
2580 if (msg != NULL) 2570 free(msg);
2581 xfree(msg); 2571 free(lang);
2582 if (lang != NULL)
2583 xfree(lang);
2584 if (c->open_confirm) { 2572 if (c->open_confirm) {
2585 debug2("callback start"); 2573 debug2("callback start");
2586 c->open_confirm(c->self, 0, c->open_confirm_ctx); 2574 c->open_confirm(c->self, 0, c->open_confirm_ctx);
@@ -2638,8 +2626,8 @@ channel_input_port_open(int type, u_int32_t seq, void *ctxt)
2638 packet_check_eom(); 2626 packet_check_eom();
2639 c = channel_connect_to(host, host_port, 2627 c = channel_connect_to(host, host_port,
2640 "connected socket", originator_string); 2628 "connected socket", originator_string);
2641 xfree(originator_string); 2629 free(originator_string);
2642 xfree(host); 2630 free(host);
2643 if (c == NULL) { 2631 if (c == NULL) {
2644 packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE); 2632 packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE);
2645 packet_put_int(remote_id); 2633 packet_put_int(remote_id);
@@ -2674,7 +2662,7 @@ channel_input_status_confirm(int type, u_int32_t seq, void *ctxt)
2674 cc->cb(type, c, cc->ctx); 2662 cc->cb(type, c, cc->ctx);
2675 TAILQ_REMOVE(&c->status_confirms, cc, entry); 2663 TAILQ_REMOVE(&c->status_confirms, cc, entry);
2676 bzero(cc, sizeof(*cc)); 2664 bzero(cc, sizeof(*cc));
2677 xfree(cc); 2665 free(cc);
2678} 2666}
2679 2667
2680/* -- tcp forwarding */ 2668/* -- tcp forwarding */
@@ -3054,7 +3042,7 @@ channel_request_rforward_cancel(const char *host, u_short port)
3054 3042
3055 permitted_opens[i].listen_port = 0; 3043 permitted_opens[i].listen_port = 0;
3056 permitted_opens[i].port_to_connect = 0; 3044 permitted_opens[i].port_to_connect = 0;
3057 xfree(permitted_opens[i].host_to_connect); 3045 free(permitted_opens[i].host_to_connect);
3058 permitted_opens[i].host_to_connect = NULL; 3046 permitted_opens[i].host_to_connect = NULL;
3059 3047
3060 return 0; 3048 return 0;
@@ -3095,7 +3083,7 @@ channel_input_port_forward_request(int is_root, int gateway_ports)
3095 host_port, gateway_ports); 3083 host_port, gateway_ports);
3096 3084
3097 /* Free the argument string. */ 3085 /* Free the argument string. */
3098 xfree(hostname); 3086 free(hostname);
3099 3087
3100 return (success ? 0 : -1); 3088 return (success ? 0 : -1);
3101} 3089}
@@ -3150,7 +3138,7 @@ channel_update_permitted_opens(int idx, int newport)
3150 } else { 3138 } else {
3151 permitted_opens[idx].listen_port = 0; 3139 permitted_opens[idx].listen_port = 0;
3152 permitted_opens[idx].port_to_connect = 0; 3140 permitted_opens[idx].port_to_connect = 0;
3153 xfree(permitted_opens[idx].host_to_connect); 3141 free(permitted_opens[idx].host_to_connect);
3154 permitted_opens[idx].host_to_connect = NULL; 3142 permitted_opens[idx].host_to_connect = NULL;
3155 } 3143 }
3156} 3144}
@@ -3183,12 +3171,9 @@ channel_clear_permitted_opens(void)
3183 int i; 3171 int i;
3184 3172
3185 for (i = 0; i < num_permitted_opens; i++) 3173 for (i = 0; i < num_permitted_opens; i++)
3186 if (permitted_opens[i].host_to_connect != NULL) 3174 free(permitted_opens[i].host_to_connect);
3187 xfree(permitted_opens[i].host_to_connect); 3175 free(permitted_opens);
3188 if (num_permitted_opens > 0) { 3176 permitted_opens = NULL;
3189 xfree(permitted_opens);
3190 permitted_opens = NULL;
3191 }
3192 num_permitted_opens = 0; 3177 num_permitted_opens = 0;
3193} 3178}
3194 3179
@@ -3198,12 +3183,9 @@ channel_clear_adm_permitted_opens(void)
3198 int i; 3183 int i;
3199 3184
3200 for (i = 0; i < num_adm_permitted_opens; i++) 3185 for (i = 0; i < num_adm_permitted_opens; i++)
3201 if (permitted_adm_opens[i].host_to_connect != NULL) 3186 free(permitted_adm_opens[i].host_to_connect);
3202 xfree(permitted_adm_opens[i].host_to_connect); 3187 free(permitted_adm_opens);
3203 if (num_adm_permitted_opens > 0) { 3188 permitted_adm_opens = NULL;
3204 xfree(permitted_adm_opens);
3205 permitted_adm_opens = NULL;
3206 }
3207 num_adm_permitted_opens = 0; 3189 num_adm_permitted_opens = 0;
3208} 3190}
3209 3191
@@ -3297,7 +3279,7 @@ connect_next(struct channel_connect *cctx)
3297static void 3279static void
3298channel_connect_ctx_free(struct channel_connect *cctx) 3280channel_connect_ctx_free(struct channel_connect *cctx)
3299{ 3281{
3300 xfree(cctx->host); 3282 free(cctx->host);
3301 if (cctx->aitop) 3283 if (cctx->aitop)
3302 freeaddrinfo(cctx->aitop); 3284 freeaddrinfo(cctx->aitop);
3303 bzero(cctx, sizeof(*cctx)); 3285 bzero(cctx, sizeof(*cctx));
@@ -3692,7 +3674,7 @@ x11_input_open(int type, u_int32_t seq, void *ctxt)
3692 c->remote_id = remote_id; 3674 c->remote_id = remote_id;
3693 c->force_drain = 1; 3675 c->force_drain = 1;
3694 } 3676 }
3695 xfree(remote_host); 3677 free(remote_host);
3696 if (c == NULL) { 3678 if (c == NULL) {
3697 /* Send refusal to the remote host. */ 3679 /* Send refusal to the remote host. */
3698 packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE); 3680 packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE);
@@ -3800,7 +3782,7 @@ x11_request_forwarding_with_spoofing(int client_session_id, const char *disp,
3800 packet_put_int(screen_number); 3782 packet_put_int(screen_number);
3801 packet_send(); 3783 packet_send();
3802 packet_write_wait(); 3784 packet_write_wait();
3803 xfree(new_data); 3785 free(new_data);
3804} 3786}
3805 3787
3806 3788
diff --git a/cipher-3des1.c b/cipher-3des1.c
index b7aa588cd..c8a70244b 100644
--- a/cipher-3des1.c
+++ b/cipher-3des1.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: cipher-3des1.c,v 1.7 2010/10/01 23:05:32 djm Exp $ */ 1/* $OpenBSD: cipher-3des1.c,v 1.8 2013/05/17 00:13:13 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2003 Markus Friedl. All rights reserved. 3 * Copyright (c) 2003 Markus Friedl. All rights reserved.
4 * 4 *
@@ -94,7 +94,7 @@ ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
94 EVP_CipherInit(&c->k2, EVP_des_cbc(), k2, NULL, !enc) == 0 || 94 EVP_CipherInit(&c->k2, EVP_des_cbc(), k2, NULL, !enc) == 0 ||
95 EVP_CipherInit(&c->k3, EVP_des_cbc(), k3, NULL, enc) == 0) { 95 EVP_CipherInit(&c->k3, EVP_des_cbc(), k3, NULL, enc) == 0) {
96 memset(c, 0, sizeof(*c)); 96 memset(c, 0, sizeof(*c));
97 xfree(c); 97 free(c);
98 EVP_CIPHER_CTX_set_app_data(ctx, NULL); 98 EVP_CIPHER_CTX_set_app_data(ctx, NULL);
99 return (0); 99 return (0);
100 } 100 }
@@ -135,7 +135,7 @@ ssh1_3des_cleanup(EVP_CIPHER_CTX *ctx)
135 EVP_CIPHER_CTX_cleanup(&c->k2); 135 EVP_CIPHER_CTX_cleanup(&c->k2);
136 EVP_CIPHER_CTX_cleanup(&c->k3); 136 EVP_CIPHER_CTX_cleanup(&c->k3);
137 memset(c, 0, sizeof(*c)); 137 memset(c, 0, sizeof(*c));
138 xfree(c); 138 free(c);
139 EVP_CIPHER_CTX_set_app_data(ctx, NULL); 139 EVP_CIPHER_CTX_set_app_data(ctx, NULL);
140 } 140 }
141 return (1); 141 return (1);
diff --git a/cipher.c b/cipher.c
index 5e3652135..a2cbe2bea 100644
--- a/cipher.c
+++ b/cipher.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: cipher.c,v 1.88 2013/04/19 01:06:50 djm Exp $ */ 1/* $OpenBSD: cipher.c,v 1.89 2013/05/17 00:13:13 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -205,14 +205,14 @@ ciphers_valid(const char *names)
205 c = cipher_by_name(p); 205 c = cipher_by_name(p);
206 if (c == NULL || c->number != SSH_CIPHER_SSH2) { 206 if (c == NULL || c->number != SSH_CIPHER_SSH2) {
207 debug("bad cipher %s [%s]", p, names); 207 debug("bad cipher %s [%s]", p, names);
208 xfree(cipher_list); 208 free(cipher_list);
209 return 0; 209 return 0;
210 } else { 210 } else {
211 debug3("cipher ok: %s [%s]", p, names); 211 debug3("cipher ok: %s [%s]", p, names);
212 } 212 }
213 } 213 }
214 debug3("ciphers ok: [%s]", names); 214 debug3("ciphers ok: [%s]", names);
215 xfree(cipher_list); 215 free(cipher_list);
216 return 1; 216 return 1;
217} 217}
218 218
@@ -314,8 +314,8 @@ cipher_init(CipherContext *cc, const Cipher *cipher,
314 cipher->discard_len) == 0) 314 cipher->discard_len) == 0)
315 fatal("evp_crypt: EVP_Cipher failed during discard"); 315 fatal("evp_crypt: EVP_Cipher failed during discard");
316 memset(discard, 0, cipher->discard_len); 316 memset(discard, 0, cipher->discard_len);
317 xfree(junk); 317 free(junk);
318 xfree(discard); 318 free(discard);
319 } 319 }
320} 320}
321 321
diff --git a/clientloop.c b/clientloop.c
index f1b108fcd..22138560b 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: clientloop.c,v 1.249 2013/05/16 02:00:34 dtucker Exp $ */ 1/* $OpenBSD: clientloop.c,v 1.250 2013/05/17 00:13:13 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -393,10 +393,8 @@ client_x11_get_proto(const char *display, const char *xauth_path,
393 unlink(xauthfile); 393 unlink(xauthfile);
394 rmdir(xauthdir); 394 rmdir(xauthdir);
395 } 395 }
396 if (xauthdir) 396 free(xauthdir);
397 xfree(xauthdir); 397 free(xauthfile);
398 if (xauthfile)
399 xfree(xauthfile);
400 398
401 /* 399 /*
402 * If we didn't get authentication data, just make up some 400 * If we didn't get authentication data, just make up some
@@ -552,7 +550,7 @@ client_global_request_reply(int type, u_int32_t seq, void *ctxt)
552 if (--gc->ref_count <= 0) { 550 if (--gc->ref_count <= 0) {
553 TAILQ_REMOVE(&global_confirms, gc, entry); 551 TAILQ_REMOVE(&global_confirms, gc, entry);
554 bzero(gc, sizeof(*gc)); 552 bzero(gc, sizeof(*gc));
555 xfree(gc); 553 free(gc);
556 } 554 }
557 555
558 packet_set_alive_timeouts(0); 556 packet_set_alive_timeouts(0);
@@ -826,13 +824,13 @@ client_status_confirm(int type, Channel *c, void *ctx)
826 chan_write_failed(c); 824 chan_write_failed(c);
827 } 825 }
828 } 826 }
829 xfree(cr); 827 free(cr);
830} 828}
831 829
832static void 830static void
833client_abandon_status_confirm(Channel *c, void *ctx) 831client_abandon_status_confirm(Channel *c, void *ctx)
834{ 832{
835 xfree(ctx); 833 free(ctx);
836} 834}
837 835
838void 836void
@@ -999,12 +997,9 @@ process_cmdline(void)
999out: 997out:
1000 signal(SIGINT, handler); 998 signal(SIGINT, handler);
1001 enter_raw_mode(options.request_tty == REQUEST_TTY_FORCE); 999 enter_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
1002 if (cmd) 1000 free(cmd);
1003 xfree(cmd); 1001 free(fwd.listen_host);
1004 if (fwd.listen_host != NULL) 1002 free(fwd.connect_host);
1005 xfree(fwd.listen_host);
1006 if (fwd.connect_host != NULL)
1007 xfree(fwd.connect_host);
1008} 1003}
1009 1004
1010/* reasons to suppress output of an escape command in help output */ 1005/* reasons to suppress output of an escape command in help output */
@@ -1261,7 +1256,7 @@ process_escapes(Channel *c, Buffer *bin, Buffer *bout, Buffer *berr,
1261 buffer_append(berr, string, strlen(string)); 1256 buffer_append(berr, string, strlen(string));
1262 s = channel_open_message(); 1257 s = channel_open_message();
1263 buffer_append(berr, s, strlen(s)); 1258 buffer_append(berr, s, strlen(s));
1264 xfree(s); 1259 free(s);
1265 continue; 1260 continue;
1266 1261
1267 case 'C': 1262 case 'C':
@@ -1450,7 +1445,7 @@ client_new_escape_filter_ctx(int escape_char)
1450void 1445void
1451client_filter_cleanup(int cid, void *ctx) 1446client_filter_cleanup(int cid, void *ctx)
1452{ 1447{
1453 xfree(ctx); 1448 free(ctx);
1454} 1449}
1455 1450
1456int 1451int
@@ -1661,10 +1656,8 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
1661 } 1656 }
1662 } 1657 }
1663 } 1658 }
1664 if (readset) 1659 free(readset);
1665 xfree(readset); 1660 free(writeset);
1666 if (writeset)
1667 xfree(writeset);
1668 1661
1669 /* Terminate the session. */ 1662 /* Terminate the session. */
1670 1663
@@ -1766,7 +1759,7 @@ client_input_stdout_data(int type, u_int32_t seq, void *ctxt)
1766 packet_check_eom(); 1759 packet_check_eom();
1767 buffer_append(&stdout_buffer, data, data_len); 1760 buffer_append(&stdout_buffer, data, data_len);
1768 memset(data, 0, data_len); 1761 memset(data, 0, data_len);
1769 xfree(data); 1762 free(data);
1770} 1763}
1771static void 1764static void
1772client_input_stderr_data(int type, u_int32_t seq, void *ctxt) 1765client_input_stderr_data(int type, u_int32_t seq, void *ctxt)
@@ -1776,7 +1769,7 @@ client_input_stderr_data(int type, u_int32_t seq, void *ctxt)
1776 packet_check_eom(); 1769 packet_check_eom();
1777 buffer_append(&stderr_buffer, data, data_len); 1770 buffer_append(&stderr_buffer, data, data_len);
1778 memset(data, 0, data_len); 1771 memset(data, 0, data_len);
1779 xfree(data); 1772 free(data);
1780} 1773}
1781static void 1774static void
1782client_input_exit_status(int type, u_int32_t seq, void *ctxt) 1775client_input_exit_status(int type, u_int32_t seq, void *ctxt)
@@ -1856,8 +1849,8 @@ client_request_forwarded_tcpip(const char *request_type, int rchan)
1856 c = channel_connect_by_listen_address(listen_port, 1849 c = channel_connect_by_listen_address(listen_port,
1857 "forwarded-tcpip", originator_address); 1850 "forwarded-tcpip", originator_address);
1858 1851
1859 xfree(originator_address); 1852 free(originator_address);
1860 xfree(listen_address); 1853 free(listen_address);
1861 return c; 1854 return c;
1862} 1855}
1863 1856
@@ -1891,7 +1884,7 @@ client_request_x11(const char *request_type, int rchan)
1891 /* XXX check permission */ 1884 /* XXX check permission */
1892 debug("client_request_x11: request from %s %d", originator, 1885 debug("client_request_x11: request from %s %d", originator,
1893 originator_port); 1886 originator_port);
1894 xfree(originator); 1887 free(originator);
1895 sock = x11_connect_display(); 1888 sock = x11_connect_display();
1896 if (sock < 0) 1889 if (sock < 0)
1897 return NULL; 1890 return NULL;
@@ -2018,7 +2011,7 @@ client_input_channel_open(int type, u_int32_t seq, void *ctxt)
2018 } 2011 }
2019 packet_send(); 2012 packet_send();
2020 } 2013 }
2021 xfree(ctype); 2014 free(ctype);
2022} 2015}
2023static void 2016static void
2024client_input_channel_req(int type, u_int32_t seq, void *ctxt) 2017client_input_channel_req(int type, u_int32_t seq, void *ctxt)
@@ -2064,7 +2057,7 @@ client_input_channel_req(int type, u_int32_t seq, void *ctxt)
2064 packet_put_int(c->remote_id); 2057 packet_put_int(c->remote_id);
2065 packet_send(); 2058 packet_send();
2066 } 2059 }
2067 xfree(rtype); 2060 free(rtype);
2068} 2061}
2069static void 2062static void
2070client_input_global_request(int type, u_int32_t seq, void *ctxt) 2063client_input_global_request(int type, u_int32_t seq, void *ctxt)
@@ -2083,7 +2076,7 @@ client_input_global_request(int type, u_int32_t seq, void *ctxt)
2083 packet_send(); 2076 packet_send();
2084 packet_write_wait(); 2077 packet_write_wait();
2085 } 2078 }
2086 xfree(rtype); 2079 free(rtype);
2087} 2080}
2088 2081
2089void 2082void
@@ -2133,7 +2126,7 @@ client_session2_setup(int id, int want_tty, int want_subsystem,
2133 /* Split */ 2126 /* Split */
2134 name = xstrdup(env[i]); 2127 name = xstrdup(env[i]);
2135 if ((val = strchr(name, '=')) == NULL) { 2128 if ((val = strchr(name, '=')) == NULL) {
2136 xfree(name); 2129 free(name);
2137 continue; 2130 continue;
2138 } 2131 }
2139 *val++ = '\0'; 2132 *val++ = '\0';
@@ -2147,7 +2140,7 @@ client_session2_setup(int id, int want_tty, int want_subsystem,
2147 } 2140 }
2148 if (!matched) { 2141 if (!matched) {
2149 debug3("Ignored env %s", name); 2142 debug3("Ignored env %s", name);
2150 xfree(name); 2143 free(name);
2151 continue; 2144 continue;
2152 } 2145 }
2153 2146
@@ -2156,7 +2149,7 @@ client_session2_setup(int id, int want_tty, int want_subsystem,
2156 packet_put_cstring(name); 2149 packet_put_cstring(name);
2157 packet_put_cstring(val); 2150 packet_put_cstring(val);
2158 packet_send(); 2151 packet_send();
2159 xfree(name); 2152 free(name);
2160 } 2153 }
2161 } 2154 }
2162 2155
diff --git a/compat.c b/compat.c
index f680f4fe3..ac353a706 100644
--- a/compat.c
+++ b/compat.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: compat.c,v 1.80 2012/08/17 01:30:00 djm Exp $ */ 1/* $OpenBSD: compat.c,v 1.81 2013/05/17 00:13:13 djm Exp $ */
2/* 2/*
3 * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. 3 * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
4 * 4 *
@@ -204,7 +204,7 @@ proto_spec(const char *spec)
204 break; 204 break;
205 } 205 }
206 } 206 }
207 xfree(s); 207 free(s);
208 return ret; 208 return ret;
209} 209}
210 210
@@ -230,7 +230,7 @@ compat_cipher_proposal(char *cipher_prop)
230 buffer_append(&b, "\0", 1); 230 buffer_append(&b, "\0", 1);
231 fix_ciphers = xstrdup(buffer_ptr(&b)); 231 fix_ciphers = xstrdup(buffer_ptr(&b));
232 buffer_free(&b); 232 buffer_free(&b);
233 xfree(orig_prop); 233 free(orig_prop);
234 debug2("Original cipher proposal: %s", cipher_prop); 234 debug2("Original cipher proposal: %s", cipher_prop);
235 debug2("Compat cipher proposal: %s", fix_ciphers); 235 debug2("Compat cipher proposal: %s", fix_ciphers);
236 if (!*fix_ciphers) 236 if (!*fix_ciphers)
diff --git a/dns.c b/dns.c
index 9e3084ba5..630b97ae8 100644
--- a/dns.c
+++ b/dns.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dns.c,v 1.28 2012/05/23 03:28:28 djm Exp $ */ 1/* $OpenBSD: dns.c,v 1.29 2013/05/17 00:13:13 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2003 Wesley Griffin. All rights reserved. 4 * Copyright (c) 2003 Wesley Griffin. All rights reserved.
@@ -261,7 +261,7 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address,
261 261
262 if (hostkey_digest_type != dnskey_digest_type) { 262 if (hostkey_digest_type != dnskey_digest_type) {
263 hostkey_digest_type = dnskey_digest_type; 263 hostkey_digest_type = dnskey_digest_type;
264 xfree(hostkey_digest); 264 free(hostkey_digest);
265 265
266 /* Initialize host key parameters */ 266 /* Initialize host key parameters */
267 if (!dns_read_key(&hostkey_algorithm, 267 if (!dns_read_key(&hostkey_algorithm,
@@ -281,10 +281,10 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address,
281 hostkey_digest_len) == 0) 281 hostkey_digest_len) == 0)
282 *flags |= DNS_VERIFY_MATCH; 282 *flags |= DNS_VERIFY_MATCH;
283 } 283 }
284 xfree(dnskey_digest); 284 free(dnskey_digest);
285 } 285 }
286 286
287 xfree(hostkey_digest); /* from key_fingerprint_raw() */ 287 free(hostkey_digest); /* from key_fingerprint_raw() */
288 freerrset(fingerprints); 288 freerrset(fingerprints);
289 289
290 if (*flags & DNS_VERIFY_FOUND) 290 if (*flags & DNS_VERIFY_FOUND)
@@ -327,7 +327,7 @@ export_dns_rr(const char *hostname, Key *key, FILE *f, int generic)
327 for (i = 0; i < rdata_digest_len; i++) 327 for (i = 0; i < rdata_digest_len; i++)
328 fprintf(f, "%02x", rdata_digest[i]); 328 fprintf(f, "%02x", rdata_digest[i]);
329 fprintf(f, "\n"); 329 fprintf(f, "\n");
330 xfree(rdata_digest); /* from key_fingerprint_raw() */ 330 free(rdata_digest); /* from key_fingerprint_raw() */
331 success = 1; 331 success = 1;
332 } 332 }
333 } 333 }
diff --git a/groupaccess.c b/groupaccess.c
index 2381aeb15..020deace7 100644
--- a/groupaccess.c
+++ b/groupaccess.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: groupaccess.c,v 1.13 2008/07/04 03:44:59 djm Exp $ */ 1/* $OpenBSD: groupaccess.c,v 1.14 2013/05/17 00:13:13 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Kevin Steves. All rights reserved. 3 * Copyright (c) 2001 Kevin Steves. All rights reserved.
4 * 4 *
@@ -31,6 +31,7 @@
31#include <grp.h> 31#include <grp.h>
32#include <unistd.h> 32#include <unistd.h>
33#include <stdarg.h> 33#include <stdarg.h>
34#include <stdlib.h>
34#include <string.h> 35#include <string.h>
35 36
36#include "xmalloc.h" 37#include "xmalloc.h"
@@ -122,7 +123,7 @@ ga_free(void)
122 123
123 if (ngroups > 0) { 124 if (ngroups > 0) {
124 for (i = 0; i < ngroups; i++) 125 for (i = 0; i < ngroups; i++)
125 xfree(groups_byname[i]); 126 free(groups_byname[i]);
126 ngroups = 0; 127 ngroups = 0;
127 xfree(groups_byname); 128 xfree(groups_byname);
128 } 129 }
diff --git a/gss-genr.c b/gss-genr.c
index 842f38582..bf164a77b 100644
--- a/gss-genr.c
+++ b/gss-genr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: gss-genr.c,v 1.20 2009/06/22 05:39:28 dtucker Exp $ */ 1/* $OpenBSD: gss-genr.c,v 1.21 2013/05/17 00:13:13 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved. 4 * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved.
@@ -59,8 +59,8 @@ void
59ssh_gssapi_set_oid_data(Gssctxt *ctx, void *data, size_t len) 59ssh_gssapi_set_oid_data(Gssctxt *ctx, void *data, size_t len)
60{ 60{
61 if (ctx->oid != GSS_C_NO_OID) { 61 if (ctx->oid != GSS_C_NO_OID) {
62 xfree(ctx->oid->elements); 62 free(ctx->oid->elements);
63 xfree(ctx->oid); 63 free(ctx->oid);
64 } 64 }
65 ctx->oid = xmalloc(sizeof(gss_OID_desc)); 65 ctx->oid = xmalloc(sizeof(gss_OID_desc));
66 ctx->oid->length = len; 66 ctx->oid->length = len;
@@ -83,7 +83,7 @@ ssh_gssapi_error(Gssctxt *ctxt)
83 83
84 s = ssh_gssapi_last_error(ctxt, NULL, NULL); 84 s = ssh_gssapi_last_error(ctxt, NULL, NULL);
85 debug("%s", s); 85 debug("%s", s);
86 xfree(s); 86 free(s);
87} 87}
88 88
89char * 89char *
@@ -164,8 +164,8 @@ ssh_gssapi_delete_ctx(Gssctxt **ctx)
164 if ((*ctx)->name != GSS_C_NO_NAME) 164 if ((*ctx)->name != GSS_C_NO_NAME)
165 gss_release_name(&ms, &(*ctx)->name); 165 gss_release_name(&ms, &(*ctx)->name);
166 if ((*ctx)->oid != GSS_C_NO_OID) { 166 if ((*ctx)->oid != GSS_C_NO_OID) {
167 xfree((*ctx)->oid->elements); 167 free((*ctx)->oid->elements);
168 xfree((*ctx)->oid); 168 free((*ctx)->oid);
169 (*ctx)->oid = GSS_C_NO_OID; 169 (*ctx)->oid = GSS_C_NO_OID;
170 } 170 }
171 if ((*ctx)->creds != GSS_C_NO_CREDENTIAL) 171 if ((*ctx)->creds != GSS_C_NO_CREDENTIAL)
@@ -175,7 +175,7 @@ ssh_gssapi_delete_ctx(Gssctxt **ctx)
175 if ((*ctx)->client_creds != GSS_C_NO_CREDENTIAL) 175 if ((*ctx)->client_creds != GSS_C_NO_CREDENTIAL)
176 gss_release_cred(&ms, &(*ctx)->client_creds); 176 gss_release_cred(&ms, &(*ctx)->client_creds);
177 177
178 xfree(*ctx); 178 free(*ctx);
179 *ctx = NULL; 179 *ctx = NULL;
180} 180}
181 181
@@ -222,7 +222,7 @@ ssh_gssapi_import_name(Gssctxt *ctx, const char *host)
222 &gssbuf, GSS_C_NT_HOSTBASED_SERVICE, &ctx->name))) 222 &gssbuf, GSS_C_NT_HOSTBASED_SERVICE, &ctx->name)))
223 ssh_gssapi_error(ctx); 223 ssh_gssapi_error(ctx);
224 224
225 xfree(gssbuf.value); 225 free(gssbuf.value);
226 return (ctx->major); 226 return (ctx->major);
227} 227}
228 228
diff --git a/hostfile.c b/hostfile.c
index b6f924b23..69d0d289e 100644
--- a/hostfile.c
+++ b/hostfile.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: hostfile.c,v 1.50 2010/12/04 13:31:37 djm Exp $ */ 1/* $OpenBSD: hostfile.c,v 1.51 2013/05/17 00:13:13 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -96,7 +96,7 @@ extract_salt(const char *s, u_int l, char *salt, size_t salt_len)
96 b64salt[b64len] = '\0'; 96 b64salt[b64len] = '\0';
97 97
98 ret = __b64_pton(b64salt, salt, salt_len); 98 ret = __b64_pton(b64salt, salt, salt_len);
99 xfree(b64salt); 99 free(b64salt);
100 if (ret == -1) { 100 if (ret == -1) {
101 debug2("extract_salt: salt decode error"); 101 debug2("extract_salt: salt decode error");
102 return (-1); 102 return (-1);
@@ -327,16 +327,14 @@ free_hostkeys(struct hostkeys *hostkeys)
327 u_int i; 327 u_int i;
328 328
329 for (i = 0; i < hostkeys->num_entries; i++) { 329 for (i = 0; i < hostkeys->num_entries; i++) {
330 xfree(hostkeys->entries[i].host); 330 free(hostkeys->entries[i].host);
331 xfree(hostkeys->entries[i].file); 331 free(hostkeys->entries[i].file);
332 key_free(hostkeys->entries[i].key); 332 key_free(hostkeys->entries[i].key);
333 bzero(hostkeys->entries + i, sizeof(*hostkeys->entries)); 333 bzero(hostkeys->entries + i, sizeof(*hostkeys->entries));
334 } 334 }
335 if (hostkeys->entries != NULL) 335 free(hostkeys->entries);
336 xfree(hostkeys->entries); 336 bzero(hostkeys, sizeof(*hostkeys));
337 hostkeys->entries = NULL; 337 free(hostkeys);
338 hostkeys->num_entries = 0;
339 xfree(hostkeys);
340} 338}
341 339
342static int 340static int
diff --git a/jpake.c b/jpake.c
index b010dafaa..3dd87916a 100644
--- a/jpake.c
+++ b/jpake.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: jpake.c,v 1.7 2012/06/18 11:43:53 dtucker Exp $ */ 1/* $OpenBSD: jpake.c,v 1.8 2013/05/17 00:13:13 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2008 Damien Miller. All rights reserved. 3 * Copyright (c) 2008 Damien Miller. All rights reserved.
4 * 4 *
@@ -106,7 +106,7 @@ jpake_free(struct jpake_ctx *pctx)
106 do { \ 106 do { \
107 if ((v) != NULL) { \ 107 if ((v) != NULL) { \
108 bzero((v), (l)); \ 108 bzero((v), (l)); \
109 xfree(v); \ 109 free(v); \
110 (v) = NULL; \ 110 (v) = NULL; \
111 (l) = 0; \ 111 (l) = 0; \
112 } \ 112 } \
@@ -134,7 +134,7 @@ jpake_free(struct jpake_ctx *pctx)
134#undef JPAKE_BUF_CLEAR_FREE 134#undef JPAKE_BUF_CLEAR_FREE
135 135
136 bzero(pctx, sizeof(*pctx)); 136 bzero(pctx, sizeof(*pctx));
137 xfree(pctx); 137 free(pctx);
138} 138}
139 139
140/* dump entire jpake_ctx. NB. includes private values! */ 140/* dump entire jpake_ctx. NB. includes private values! */
@@ -445,7 +445,7 @@ jpake_check_confirm(const BIGNUM *k,
445 expected_confirm_hash_len) == 0) 445 expected_confirm_hash_len) == 0)
446 success = 1; 446 success = 1;
447 bzero(expected_confirm_hash, expected_confirm_hash_len); 447 bzero(expected_confirm_hash, expected_confirm_hash_len);
448 xfree(expected_confirm_hash); 448 free(expected_confirm_hash);
449 debug3("%s: success = %d", __func__, success); 449 debug3("%s: success = %d", __func__, success);
450 return success; 450 return success;
451} 451}
diff --git a/kex.c b/kex.c
index 6b43a6dee..54bd1a438 100644
--- a/kex.c
+++ b/kex.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kex.c,v 1.90 2013/04/19 12:07:08 djm Exp $ */ 1/* $OpenBSD: kex.c,v 1.91 2013/05/17 00:13:13 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
4 * 4 *
@@ -126,12 +126,12 @@ kex_names_valid(const char *names)
126 (p = strsep(&cp, ","))) { 126 (p = strsep(&cp, ","))) {
127 if (kex_alg_by_name(p) == NULL) { 127 if (kex_alg_by_name(p) == NULL) {
128 error("Unsupported KEX algorithm \"%.100s\"", p); 128 error("Unsupported KEX algorithm \"%.100s\"", p);
129 xfree(s); 129 free(s);
130 return 0; 130 return 0;
131 } 131 }
132 } 132 }
133 debug3("kex names ok: [%s]", names); 133 debug3("kex names ok: [%s]", names);
134 xfree(s); 134 free(s);
135 return 1; 135 return 1;
136} 136}
137 137
@@ -191,8 +191,8 @@ kex_prop_free(char **proposal)
191 u_int i; 191 u_int i;
192 192
193 for (i = 0; i < PROPOSAL_MAX; i++) 193 for (i = 0; i < PROPOSAL_MAX; i++)
194 xfree(proposal[i]); 194 free(proposal[i]);
195 xfree(proposal); 195 free(proposal);
196} 196}
197 197
198/* ARGSUSED */ 198/* ARGSUSED */
@@ -229,7 +229,7 @@ kex_finish(Kex *kex)
229 buffer_clear(&kex->peer); 229 buffer_clear(&kex->peer);
230 /* buffer_clear(&kex->my); */ 230 /* buffer_clear(&kex->my); */
231 kex->flags &= ~KEX_INIT_SENT; 231 kex->flags &= ~KEX_INIT_SENT;
232 xfree(kex->name); 232 free(kex->name);
233 kex->name = NULL; 233 kex->name = NULL;
234} 234}
235 235
@@ -286,7 +286,7 @@ kex_input_kexinit(int type, u_int32_t seq, void *ctxt)
286 for (i = 0; i < KEX_COOKIE_LEN; i++) 286 for (i = 0; i < KEX_COOKIE_LEN; i++)
287 packet_get_char(); 287 packet_get_char();
288 for (i = 0; i < PROPOSAL_MAX; i++) 288 for (i = 0; i < PROPOSAL_MAX; i++)
289 xfree(packet_get_string(NULL)); 289 free(packet_get_string(NULL));
290 /* 290 /*
291 * XXX RFC4253 sec 7: "each side MAY guess" - currently no supported 291 * XXX RFC4253 sec 7: "each side MAY guess" - currently no supported
292 * KEX method has the server move first, but a server might be using 292 * KEX method has the server move first, but a server might be using
@@ -414,7 +414,7 @@ choose_hostkeyalg(Kex *k, char *client, char *server)
414 k->hostkey_type = key_type_from_name(hostkeyalg); 414 k->hostkey_type = key_type_from_name(hostkeyalg);
415 if (k->hostkey_type == KEY_UNSPEC) 415 if (k->hostkey_type == KEY_UNSPEC)
416 fatal("bad hostkey alg '%s'", hostkeyalg); 416 fatal("bad hostkey alg '%s'", hostkeyalg);
417 xfree(hostkeyalg); 417 free(hostkeyalg);
418} 418}
419 419
420static int 420static int
@@ -468,7 +468,7 @@ kex_choose_conf(Kex *kex)
468 roaming = match_list(KEX_RESUME, peer[PROPOSAL_KEX_ALGS], NULL); 468 roaming = match_list(KEX_RESUME, peer[PROPOSAL_KEX_ALGS], NULL);
469 if (roaming) { 469 if (roaming) {
470 kex->roaming = 1; 470 kex->roaming = 1;
471 xfree(roaming); 471 free(roaming);
472 } 472 }
473 } 473 }
474 474
diff --git a/kexdhc.c b/kexdhc.c
index 76ceb5dd8..ccd137cac 100644
--- a/kexdhc.c
+++ b/kexdhc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kexdhc.c,v 1.12 2010/11/10 01:33:07 djm Exp $ */ 1/* $OpenBSD: kexdhc.c,v 1.13 2013/05/17 00:13:13 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 * 4 *
@@ -125,7 +125,7 @@ kexdh_client(Kex *kex)
125 if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) 125 if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
126 fatal("kexdh_client: BN_bin2bn failed"); 126 fatal("kexdh_client: BN_bin2bn failed");
127 memset(kbuf, 0, klen); 127 memset(kbuf, 0, klen);
128 xfree(kbuf); 128 free(kbuf);
129 129
130 /* calc and verify H */ 130 /* calc and verify H */
131 kex_dh_hash( 131 kex_dh_hash(
@@ -139,14 +139,14 @@ kexdh_client(Kex *kex)
139 shared_secret, 139 shared_secret,
140 &hash, &hashlen 140 &hash, &hashlen
141 ); 141 );
142 xfree(server_host_key_blob); 142 free(server_host_key_blob);
143 BN_clear_free(dh_server_pub); 143 BN_clear_free(dh_server_pub);
144 DH_free(dh); 144 DH_free(dh);
145 145
146 if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1) 146 if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1)
147 fatal("key_verify failed for server_host_key"); 147 fatal("key_verify failed for server_host_key");
148 key_free(server_host_key); 148 key_free(server_host_key);
149 xfree(signature); 149 free(signature);
150 150
151 /* save session id */ 151 /* save session id */
152 if (kex->session_id == NULL) { 152 if (kex->session_id == NULL) {
diff --git a/kexdhs.c b/kexdhs.c
index f56e88764..15128632c 100644
--- a/kexdhs.c
+++ b/kexdhs.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kexdhs.c,v 1.12 2010/11/10 01:33:07 djm Exp $ */ 1/* $OpenBSD: kexdhs.c,v 1.13 2013/05/17 00:13:13 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 * 4 *
@@ -118,7 +118,7 @@ kexdh_server(Kex *kex)
118 if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) 118 if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
119 fatal("kexdh_server: BN_bin2bn failed"); 119 fatal("kexdh_server: BN_bin2bn failed");
120 memset(kbuf, 0, klen); 120 memset(kbuf, 0, klen);
121 xfree(kbuf); 121 free(kbuf);
122 122
123 key_to_blob(server_host_public, &server_host_key_blob, &sbloblen); 123 key_to_blob(server_host_public, &server_host_key_blob, &sbloblen);
124 124
@@ -157,8 +157,8 @@ kexdh_server(Kex *kex)
157 packet_put_string(signature, slen); 157 packet_put_string(signature, slen);
158 packet_send(); 158 packet_send();
159 159
160 xfree(signature); 160 free(signature);
161 xfree(server_host_key_blob); 161 free(server_host_key_blob);
162 /* have keys, free DH */ 162 /* have keys, free DH */
163 DH_free(dh); 163 DH_free(dh);
164 164
diff --git a/kexecdhc.c b/kexecdhc.c
index 04239a471..6193836c7 100644
--- a/kexecdhc.c
+++ b/kexecdhc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kexecdhc.c,v 1.3 2013/04/19 01:06:50 djm Exp $ */ 1/* $OpenBSD: kexecdhc.c,v 1.4 2013/05/17 00:13:13 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 * Copyright (c) 2010 Damien Miller. All rights reserved. 4 * Copyright (c) 2010 Damien Miller. All rights reserved.
@@ -120,7 +120,7 @@ kexecdh_client(Kex *kex)
120 if (BN_bin2bn(kbuf, klen, shared_secret) == NULL) 120 if (BN_bin2bn(kbuf, klen, shared_secret) == NULL)
121 fatal("%s: BN_bin2bn failed", __func__); 121 fatal("%s: BN_bin2bn failed", __func__);
122 memset(kbuf, 0, klen); 122 memset(kbuf, 0, klen);
123 xfree(kbuf); 123 free(kbuf);
124 124
125 /* calc and verify H */ 125 /* calc and verify H */
126 kex_ecdh_hash( 126 kex_ecdh_hash(
@@ -136,14 +136,14 @@ kexecdh_client(Kex *kex)
136 shared_secret, 136 shared_secret,
137 &hash, &hashlen 137 &hash, &hashlen
138 ); 138 );
139 xfree(server_host_key_blob); 139 free(server_host_key_blob);
140 EC_POINT_clear_free(server_public); 140 EC_POINT_clear_free(server_public);
141 EC_KEY_free(client_key); 141 EC_KEY_free(client_key);
142 142
143 if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1) 143 if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1)
144 fatal("key_verify failed for server_host_key"); 144 fatal("key_verify failed for server_host_key");
145 key_free(server_host_key); 145 key_free(server_host_key);
146 xfree(signature); 146 free(signature);
147 147
148 /* save session id */ 148 /* save session id */
149 if (kex->session_id == NULL) { 149 if (kex->session_id == NULL) {
diff --git a/kexecdhs.c b/kexecdhs.c
index 6519abbef..c42dcf448 100644
--- a/kexecdhs.c
+++ b/kexecdhs.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kexecdhs.c,v 1.3 2013/04/19 01:06:50 djm Exp $ */ 1/* $OpenBSD: kexecdhs.c,v 1.4 2013/05/17 00:13:13 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 * Copyright (c) 2010 Damien Miller. All rights reserved. 4 * Copyright (c) 2010 Damien Miller. All rights reserved.
@@ -112,7 +112,7 @@ kexecdh_server(Kex *kex)
112 if (BN_bin2bn(kbuf, klen, shared_secret) == NULL) 112 if (BN_bin2bn(kbuf, klen, shared_secret) == NULL)
113 fatal("%s: BN_bin2bn failed", __func__); 113 fatal("%s: BN_bin2bn failed", __func__);
114 memset(kbuf, 0, klen); 114 memset(kbuf, 0, klen);
115 xfree(kbuf); 115 free(kbuf);
116 116
117 /* calc H */ 117 /* calc H */
118 key_to_blob(server_host_public, &server_host_key_blob, &sbloblen); 118 key_to_blob(server_host_public, &server_host_key_blob, &sbloblen);
@@ -152,8 +152,8 @@ kexecdh_server(Kex *kex)
152 packet_put_string(signature, slen); 152 packet_put_string(signature, slen);
153 packet_send(); 153 packet_send();
154 154
155 xfree(signature); 155 free(signature);
156 xfree(server_host_key_blob); 156 free(server_host_key_blob);
157 /* have keys, free server key */ 157 /* have keys, free server key */
158 EC_KEY_free(server_key); 158 EC_KEY_free(server_key);
159 159
diff --git a/kexgexc.c b/kexgexc.c
index 79552d709..5a3be2005 100644
--- a/kexgexc.c
+++ b/kexgexc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kexgexc.c,v 1.12 2010/11/10 01:33:07 djm Exp $ */ 1/* $OpenBSD: kexgexc.c,v 1.13 2013/05/17 00:13:13 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Niels Provos. All rights reserved. 3 * Copyright (c) 2000 Niels Provos. All rights reserved.
4 * Copyright (c) 2001 Markus Friedl. All rights reserved. 4 * Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -163,7 +163,7 @@ kexgex_client(Kex *kex)
163 if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) 163 if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
164 fatal("kexgex_client: BN_bin2bn failed"); 164 fatal("kexgex_client: BN_bin2bn failed");
165 memset(kbuf, 0, klen); 165 memset(kbuf, 0, klen);
166 xfree(kbuf); 166 free(kbuf);
167 167
168 if (datafellows & SSH_OLD_DHGEX) 168 if (datafellows & SSH_OLD_DHGEX)
169 min = max = -1; 169 min = max = -1;
@@ -186,13 +186,13 @@ kexgex_client(Kex *kex)
186 186
187 /* have keys, free DH */ 187 /* have keys, free DH */
188 DH_free(dh); 188 DH_free(dh);
189 xfree(server_host_key_blob); 189 free(server_host_key_blob);
190 BN_clear_free(dh_server_pub); 190 BN_clear_free(dh_server_pub);
191 191
192 if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1) 192 if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1)
193 fatal("key_verify failed for server_host_key"); 193 fatal("key_verify failed for server_host_key");
194 key_free(server_host_key); 194 key_free(server_host_key);
195 xfree(signature); 195 free(signature);
196 196
197 /* save session id */ 197 /* save session id */
198 if (kex->session_id == NULL) { 198 if (kex->session_id == NULL) {
diff --git a/kexgexs.c b/kexgexs.c
index a5e3df7bc..a543dda82 100644
--- a/kexgexs.c
+++ b/kexgexs.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kexgexs.c,v 1.14 2010/11/10 01:33:07 djm Exp $ */ 1/* $OpenBSD: kexgexs.c,v 1.15 2013/05/17 00:13:13 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Niels Provos. All rights reserved. 3 * Copyright (c) 2000 Niels Provos. All rights reserved.
4 * Copyright (c) 2001 Markus Friedl. All rights reserved. 4 * Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -155,7 +155,7 @@ kexgex_server(Kex *kex)
155 if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) 155 if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
156 fatal("kexgex_server: BN_bin2bn failed"); 156 fatal("kexgex_server: BN_bin2bn failed");
157 memset(kbuf, 0, klen); 157 memset(kbuf, 0, klen);
158 xfree(kbuf); 158 free(kbuf);
159 159
160 key_to_blob(server_host_public, &server_host_key_blob, &sbloblen); 160 key_to_blob(server_host_public, &server_host_key_blob, &sbloblen);
161 161
@@ -201,8 +201,8 @@ kexgex_server(Kex *kex)
201 packet_put_string(signature, slen); 201 packet_put_string(signature, slen);
202 packet_send(); 202 packet_send();
203 203
204 xfree(signature); 204 free(signature);
205 xfree(server_host_key_blob); 205 free(server_host_key_blob);
206 /* have keys, free DH */ 206 /* have keys, free DH */
207 DH_free(dh); 207 DH_free(dh);
208 208
diff --git a/key.c b/key.c
index b8c60cb2c..8183ec90e 100644
--- a/key.c
+++ b/key.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: key.c,v 1.102 2013/05/10 04:08:01 djm Exp $ */ 1/* $OpenBSD: key.c,v 1.103 2013/05/17 00:13:13 djm Exp $ */
2/* 2/*
3 * read_bignum(): 3 * read_bignum():
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -187,15 +187,13 @@ cert_free(struct KeyCert *cert)
187 buffer_free(&cert->certblob); 187 buffer_free(&cert->certblob);
188 buffer_free(&cert->critical); 188 buffer_free(&cert->critical);
189 buffer_free(&cert->extensions); 189 buffer_free(&cert->extensions);
190 if (cert->key_id != NULL) 190 free(cert->key_id);
191 xfree(cert->key_id);
192 for (i = 0; i < cert->nprincipals; i++) 191 for (i = 0; i < cert->nprincipals; i++)
193 xfree(cert->principals[i]); 192 free(cert->principals[i]);
194 if (cert->principals != NULL) 193 free(cert->principals);
195 xfree(cert->principals);
196 if (cert->signature_key != NULL) 194 if (cert->signature_key != NULL)
197 key_free(cert->signature_key); 195 key_free(cert->signature_key);
198 xfree(cert); 196 free(cert);
199} 197}
200 198
201void 199void
@@ -239,7 +237,7 @@ key_free(Key *k)
239 k->cert = NULL; 237 k->cert = NULL;
240 } 238 }
241 239
242 xfree(k); 240 free(k);
243} 241}
244 242
245static int 243static int
@@ -389,7 +387,7 @@ key_fingerprint_raw(const Key *k, enum fp_type dgst_type,
389 EVP_DigestUpdate(&ctx, blob, len); 387 EVP_DigestUpdate(&ctx, blob, len);
390 EVP_DigestFinal(&ctx, retval, dgst_raw_length); 388 EVP_DigestFinal(&ctx, retval, dgst_raw_length);
391 memset(blob, 0, len); 389 memset(blob, 0, len);
392 xfree(blob); 390 free(blob);
393 } else { 391 } else {
394 fatal("key_fingerprint_raw: blob is null"); 392 fatal("key_fingerprint_raw: blob is null");
395 } 393 }
@@ -596,7 +594,7 @@ key_fingerprint(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep)
596 break; 594 break;
597 } 595 }
598 memset(dgst_raw, 0, dgst_raw_len); 596 memset(dgst_raw, 0, dgst_raw_len);
599 xfree(dgst_raw); 597 free(dgst_raw);
600 return retval; 598 return retval;
601} 599}
602 600
@@ -741,11 +739,11 @@ key_read(Key *ret, char **cpp)
741 n = uudecode(cp, blob, len); 739 n = uudecode(cp, blob, len);
742 if (n < 0) { 740 if (n < 0) {
743 error("key_read: uudecode %s failed", cp); 741 error("key_read: uudecode %s failed", cp);
744 xfree(blob); 742 free(blob);
745 return -1; 743 return -1;
746 } 744 }
747 k = key_from_blob(blob, (u_int)n); 745 k = key_from_blob(blob, (u_int)n);
748 xfree(blob); 746 free(blob);
749 if (k == NULL) { 747 if (k == NULL) {
750 error("key_read: key_from_blob %s failed", cp); 748 error("key_read: key_from_blob %s failed", cp);
751 return -1; 749 return -1;
@@ -886,8 +884,8 @@ key_write(const Key *key, FILE *f)
886 fprintf(f, "%s %s", key_ssh_name(key), uu); 884 fprintf(f, "%s %s", key_ssh_name(key), uu);
887 success = 1; 885 success = 1;
888 } 886 }
889 xfree(blob); 887 free(blob);
890 xfree(uu); 888 free(uu);
891 889
892 return success; 890 return success;
893} 891}
@@ -1292,12 +1290,12 @@ key_names_valid2(const char *names)
1292 switch (key_type_from_name(p)) { 1290 switch (key_type_from_name(p)) {
1293 case KEY_RSA1: 1291 case KEY_RSA1:
1294 case KEY_UNSPEC: 1292 case KEY_UNSPEC:
1295 xfree(s); 1293 free(s);
1296 return 0; 1294 return 0;
1297 } 1295 }
1298 } 1296 }
1299 debug3("key names ok: [%s]", names); 1297 debug3("key names ok: [%s]", names);
1300 xfree(s); 1298 free(s);
1301 return 1; 1299 return 1;
1302} 1300}
1303 1301
@@ -1419,16 +1417,11 @@ cert_parse(Buffer *b, Key *key, const u_char *blob, u_int blen)
1419 1417
1420 out: 1418 out:
1421 buffer_free(&tmp); 1419 buffer_free(&tmp);
1422 if (principals != NULL) 1420 free(principals);
1423 xfree(principals); 1421 free(critical);
1424 if (critical != NULL) 1422 free(exts);
1425 xfree(critical); 1423 free(sig_key);
1426 if (exts != NULL) 1424 free(sig);
1427 xfree(exts);
1428 if (sig_key != NULL)
1429 xfree(sig_key);
1430 if (sig != NULL)
1431 xfree(sig);
1432 return ret; 1425 return ret;
1433} 1426}
1434 1427
@@ -1548,10 +1541,8 @@ key_from_blob(const u_char *blob, u_int blen)
1548 if (key != NULL && rlen != 0) 1541 if (key != NULL && rlen != 0)
1549 error("key_from_blob: remaining bytes in key blob %d", rlen); 1542 error("key_from_blob: remaining bytes in key blob %d", rlen);
1550 out: 1543 out:
1551 if (ktype != NULL) 1544 free(ktype);
1552 xfree(ktype); 1545 free(curve);
1553 if (curve != NULL)
1554 xfree(curve);
1555#ifdef OPENSSL_HAS_ECC 1546#ifdef OPENSSL_HAS_ECC
1556 if (q != NULL) 1547 if (q != NULL)
1557 EC_POINT_free(q); 1548 EC_POINT_free(q);
@@ -1901,7 +1892,7 @@ key_certify(Key *k, Key *ca)
1901 default: 1892 default:
1902 error("%s: key has incorrect type %s", __func__, key_type(k)); 1893 error("%s: key has incorrect type %s", __func__, key_type(k));
1903 buffer_clear(&k->cert->certblob); 1894 buffer_clear(&k->cert->certblob);
1904 xfree(ca_blob); 1895 free(ca_blob);
1905 return -1; 1896 return -1;
1906 } 1897 }
1907 1898
@@ -1937,7 +1928,7 @@ key_certify(Key *k, Key *ca)
1937 1928
1938 buffer_put_string(&k->cert->certblob, NULL, 0); /* reserved */ 1929 buffer_put_string(&k->cert->certblob, NULL, 0); /* reserved */
1939 buffer_put_string(&k->cert->certblob, ca_blob, ca_len); 1930 buffer_put_string(&k->cert->certblob, ca_blob, ca_len);
1940 xfree(ca_blob); 1931 free(ca_blob);
1941 1932
1942 /* Sign the whole mess */ 1933 /* Sign the whole mess */
1943 if (key_sign(ca, &sig_blob, &sig_len, buffer_ptr(&k->cert->certblob), 1934 if (key_sign(ca, &sig_blob, &sig_len, buffer_ptr(&k->cert->certblob),
@@ -1948,7 +1939,7 @@ key_certify(Key *k, Key *ca)
1948 } 1939 }
1949 /* Append signature and we are done */ 1940 /* Append signature and we are done */
1950 buffer_put_string(&k->cert->certblob, sig_blob, sig_len); 1941 buffer_put_string(&k->cert->certblob, sig_blob, sig_len);
1951 xfree(sig_blob); 1942 free(sig_blob);
1952 1943
1953 return 0; 1944 return 0;
1954} 1945}
diff --git a/mac.c b/mac.c
index da68803f5..907e19781 100644
--- a/mac.c
+++ b/mac.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: mac.c,v 1.22 2013/04/19 01:06:50 djm Exp $ */ 1/* $OpenBSD: mac.c,v 1.23 2013/05/17 00:13:13 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 * 4 *
@@ -235,13 +235,13 @@ mac_valid(const char *names)
235 (p = strsep(&cp, MAC_SEP))) { 235 (p = strsep(&cp, MAC_SEP))) {
236 if (mac_setup(NULL, p) < 0) { 236 if (mac_setup(NULL, p) < 0) {
237 debug("bad mac %s [%s]", p, names); 237 debug("bad mac %s [%s]", p, names);
238 xfree(maclist); 238 free(maclist);
239 return (0); 239 return (0);
240 } else { 240 } else {
241 debug3("mac ok: %s [%s]", p, names); 241 debug3("mac ok: %s [%s]", p, names);
242 } 242 }
243 } 243 }
244 debug3("macs ok: [%s]", names); 244 debug3("macs ok: [%s]", names);
245 xfree(maclist); 245 free(maclist);
246 return (1); 246 return (1);
247} 247}
diff --git a/match.c b/match.c
index 238947778..7be7d2c5c 100644
--- a/match.c
+++ b/match.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: match.c,v 1.27 2008/06/10 23:06:19 djm Exp $ */ 1/* $OpenBSD: match.c,v 1.28 2013/05/17 00:13:13 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -40,6 +40,7 @@
40#include <sys/types.h> 40#include <sys/types.h>
41 41
42#include <ctype.h> 42#include <ctype.h>
43#include <stdlib.h>
43#include <string.h> 44#include <string.h>
44 45
45#include "xmalloc.h" 46#include "xmalloc.h"
@@ -226,14 +227,14 @@ match_user(const char *user, const char *host, const char *ipaddr,
226 227
227 if ((ret = match_pattern(user, pat)) == 1) 228 if ((ret = match_pattern(user, pat)) == 1)
228 ret = match_host_and_ip(host, ipaddr, p); 229 ret = match_host_and_ip(host, ipaddr, p);
229 xfree(pat); 230 free(pat);
230 231
231 return ret; 232 return ret;
232} 233}
233 234
234/* 235/*
235 * Returns first item from client-list that is also supported by server-list, 236 * Returns first item from client-list that is also supported by server-list,
236 * caller must xfree() returned string. 237 * caller must free the returned string.
237 */ 238 */
238#define MAX_PROP 40 239#define MAX_PROP 40
239#define SEP "," 240#define SEP ","
@@ -264,15 +265,15 @@ match_list(const char *client, const char *server, u_int *next)
264 if (next != NULL) 265 if (next != NULL)
265 *next = (cp == NULL) ? 266 *next = (cp == NULL) ?
266 strlen(c) : (u_int)(cp - c); 267 strlen(c) : (u_int)(cp - c);
267 xfree(c); 268 free(c);
268 xfree(s); 269 free(s);
269 return ret; 270 return ret;
270 } 271 }
271 } 272 }
272 } 273 }
273 if (next != NULL) 274 if (next != NULL)
274 *next = strlen(c); 275 *next = strlen(c);
275 xfree(c); 276 free(c);
276 xfree(s); 277 free(s);
277 return NULL; 278 return NULL;
278} 279}
diff --git a/misc.c b/misc.c
index 77f4a37a1..4aa5fdc8b 100644
--- a/misc.c
+++ b/misc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: misc.c,v 1.88 2013/04/24 16:01:46 tedu Exp $ */ 1/* $OpenBSD: misc.c,v 1.89 2013/05/17 00:13:13 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * Copyright (c) 2005,2006 Damien Miller. All rights reserved. 4 * Copyright (c) 2005,2006 Damien Miller. All rights reserved.
@@ -253,13 +253,13 @@ a2tun(const char *s, int *remote)
253 *remote = SSH_TUNID_ANY; 253 *remote = SSH_TUNID_ANY;
254 sp = xstrdup(s); 254 sp = xstrdup(s);
255 if ((ep = strchr(sp, ':')) == NULL) { 255 if ((ep = strchr(sp, ':')) == NULL) {
256 xfree(sp); 256 free(sp);
257 return (a2tun(s, NULL)); 257 return (a2tun(s, NULL));
258 } 258 }
259 ep[0] = '\0'; ep++; 259 ep[0] = '\0'; ep++;
260 *remote = a2tun(ep, NULL); 260 *remote = a2tun(ep, NULL);
261 tun = a2tun(sp, NULL); 261 tun = a2tun(sp, NULL);
262 xfree(sp); 262 free(sp);
263 return (*remote == SSH_TUNID_ERR ? *remote : tun); 263 return (*remote == SSH_TUNID_ERR ? *remote : tun);
264 } 264 }
265 265
@@ -492,7 +492,7 @@ replacearg(arglist *args, u_int which, char *fmt, ...)
492 if (which >= args->num) 492 if (which >= args->num)
493 fatal("replacearg: tried to replace invalid arg %d >= %d", 493 fatal("replacearg: tried to replace invalid arg %d >= %d",
494 which, args->num); 494 which, args->num);
495 xfree(args->list[which]); 495 free(args->list[which]);
496 args->list[which] = cp; 496 args->list[which] = cp;
497} 497}
498 498
@@ -503,8 +503,8 @@ freeargs(arglist *args)
503 503
504 if (args->list != NULL) { 504 if (args->list != NULL) {
505 for (i = 0; i < args->num; i++) 505 for (i = 0; i < args->num; i++)
506 xfree(args->list[i]); 506 free(args->list[i]);
507 xfree(args->list); 507 free(args->list);
508 args->nalloc = args->num = 0; 508 args->nalloc = args->num = 0;
509 args->list = NULL; 509 args->list = NULL;
510 } 510 }
diff --git a/moduli.c b/moduli.c
index 5267bb9ab..294ff8fde 100644
--- a/moduli.c
+++ b/moduli.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: moduli.c,v 1.26 2012/07/06 00:41:59 dtucker Exp $ */ 1/* $OpenBSD: moduli.c,v 1.27 2013/05/17 00:13:13 djm Exp $ */
2/* 2/*
3 * Copyright 1994 Phil Karn <karn@qualcomm.com> 3 * Copyright 1994 Phil Karn <karn@qualcomm.com>
4 * Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com> 4 * Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com>
@@ -433,9 +433,9 @@ gen_candidates(FILE *out, u_int32_t memory, u_int32_t power, BIGNUM *start)
433 433
434 time(&time_stop); 434 time(&time_stop);
435 435
436 xfree(LargeSieve); 436 free(LargeSieve);
437 xfree(SmallSieve); 437 free(SmallSieve);
438 xfree(TinySieve); 438 free(TinySieve);
439 439
440 logit("%.24s Found %u candidates", ctime(&time_stop), r); 440 logit("%.24s Found %u candidates", ctime(&time_stop), r);
441 441
@@ -709,7 +709,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted,
709 } 709 }
710 710
711 time(&time_stop); 711 time(&time_stop);
712 xfree(lp); 712 free(lp);
713 BN_free(p); 713 BN_free(p);
714 BN_free(q); 714 BN_free(q);
715 BN_CTX_free(ctx); 715 BN_CTX_free(ctx);
diff --git a/monitor.c b/monitor.c
index 372c9d044..132f60df9 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: monitor.c,v 1.123 2013/05/16 04:09:13 dtucker Exp $ */ 1/* $OpenBSD: monitor.c,v 1.124 2013/05/17 00:13:13 djm Exp $ */
2/* 2/*
3 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
4 * Copyright 2002 Markus Friedl <markus@openbsd.org> 4 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -551,7 +551,7 @@ monitor_read_log(struct monitor *pmonitor)
551 do_log2(level, "%s [preauth]", msg); 551 do_log2(level, "%s [preauth]", msg);
552 552
553 buffer_free(&logmsg); 553 buffer_free(&logmsg);
554 xfree(msg); 554 free(msg);
555 555
556 return 0; 556 return 0;
557} 557}
@@ -642,12 +642,9 @@ static void
642monitor_reset_key_state(void) 642monitor_reset_key_state(void)
643{ 643{
644 /* reset state */ 644 /* reset state */
645 if (key_blob != NULL) 645 free(key_blob);
646 xfree(key_blob); 646 free(hostbased_cuser);
647 if (hostbased_cuser != NULL) 647 free(hostbased_chost);
648 xfree(hostbased_cuser);
649 if (hostbased_chost != NULL)
650 xfree(hostbased_chost);
651 key_blob = NULL; 648 key_blob = NULL;
652 key_bloblen = 0; 649 key_bloblen = 0;
653 key_blobtype = MM_NOKEY; 650 key_blobtype = MM_NOKEY;
@@ -728,8 +725,8 @@ mm_answer_sign(int sock, Buffer *m)
728 buffer_clear(m); 725 buffer_clear(m);
729 buffer_put_string(m, signature, siglen); 726 buffer_put_string(m, signature, siglen);
730 727
731 xfree(p); 728 free(p);
732 xfree(signature); 729 free(signature);
733 730
734 mm_request_send(sock, MONITOR_ANS_SIGN, m); 731 mm_request_send(sock, MONITOR_ANS_SIGN, m);
735 732
@@ -760,7 +757,7 @@ mm_answer_pwnamallow(int sock, Buffer *m)
760 757
761 authctxt->user = xstrdup(username); 758 authctxt->user = xstrdup(username);
762 setproctitle("%s [priv]", pwent ? username : "unknown"); 759 setproctitle("%s [priv]", pwent ? username : "unknown");
763 xfree(username); 760 free(username);
764 761
765 buffer_clear(m); 762 buffer_clear(m);
766 763
@@ -840,9 +837,7 @@ int mm_answer_auth2_read_banner(int sock, Buffer *m)
840 banner = auth2_read_banner(); 837 banner = auth2_read_banner();
841 buffer_put_cstring(m, banner != NULL ? banner : ""); 838 buffer_put_cstring(m, banner != NULL ? banner : "");
842 mm_request_send(sock, MONITOR_ANS_AUTH2_READ_BANNER, m); 839 mm_request_send(sock, MONITOR_ANS_AUTH2_READ_BANNER, m);
843 840 free(banner);
844 if (banner != NULL)
845 xfree(banner);
846 841
847 return (0); 842 return (0);
848} 843}
@@ -858,7 +853,7 @@ mm_answer_authserv(int sock, Buffer *m)
858 __func__, authctxt->service, authctxt->style); 853 __func__, authctxt->service, authctxt->style);
859 854
860 if (strlen(authctxt->style) == 0) { 855 if (strlen(authctxt->style) == 0) {
861 xfree(authctxt->style); 856 free(authctxt->style);
862 authctxt->style = NULL; 857 authctxt->style = NULL;
863 } 858 }
864 859
@@ -878,7 +873,7 @@ mm_answer_authpassword(int sock, Buffer *m)
878 authenticated = options.password_authentication && 873 authenticated = options.password_authentication &&
879 auth_password(authctxt, passwd); 874 auth_password(authctxt, passwd);
880 memset(passwd, 0, strlen(passwd)); 875 memset(passwd, 0, strlen(passwd));
881 xfree(passwd); 876 free(passwd);
882 877
883 buffer_clear(m); 878 buffer_clear(m);
884 buffer_put_int(m, authenticated); 879 buffer_put_int(m, authenticated);
@@ -918,10 +913,10 @@ mm_answer_bsdauthquery(int sock, Buffer *m)
918 mm_request_send(sock, MONITOR_ANS_BSDAUTHQUERY, m); 913 mm_request_send(sock, MONITOR_ANS_BSDAUTHQUERY, m);
919 914
920 if (success) { 915 if (success) {
921 xfree(name); 916 free(name);
922 xfree(infotxt); 917 free(infotxt);
923 xfree(prompts); 918 free(prompts);
924 xfree(echo_on); 919 free(echo_on);
925 } 920 }
926 921
927 return (0); 922 return (0);
@@ -941,7 +936,7 @@ mm_answer_bsdauthrespond(int sock, Buffer *m)
941 auth_userresponse(authctxt->as, response, 0); 936 auth_userresponse(authctxt->as, response, 0);
942 authctxt->as = NULL; 937 authctxt->as = NULL;
943 debug3("%s: <%s> = <%d>", __func__, response, authok); 938 debug3("%s: <%s> = <%d>", __func__, response, authok);
944 xfree(response); 939 free(response);
945 940
946 buffer_clear(m); 941 buffer_clear(m);
947 buffer_put_int(m, authok); 942 buffer_put_int(m, authok);
@@ -1214,9 +1209,9 @@ mm_answer_keyallowed(int sock, Buffer *m)
1214 /* Log failed attempt */ 1209 /* Log failed attempt */
1215 auth_log(authctxt, 0, 0, auth_method, NULL, 1210 auth_log(authctxt, 0, 0, auth_method, NULL,
1216 compat20 ? " ssh2" : ""); 1211 compat20 ? " ssh2" : "");
1217 xfree(blob); 1212 free(blob);
1218 xfree(cuser); 1213 free(cuser);
1219 xfree(chost); 1214 free(chost);
1220 } 1215 }
1221 1216
1222 debug3("%s: key %p is %s", 1217 debug3("%s: key %p is %s",
@@ -1259,7 +1254,7 @@ monitor_valid_userblob(u_char *data, u_int datalen)
1259 (len != session_id2_len) || 1254 (len != session_id2_len) ||
1260 (timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) 1255 (timingsafe_bcmp(p, session_id2, session_id2_len) != 0))
1261 fail++; 1256 fail++;
1262 xfree(p); 1257 free(p);
1263 } 1258 }
1264 if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) 1259 if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
1265 fail++; 1260 fail++;
@@ -1272,8 +1267,8 @@ monitor_valid_userblob(u_char *data, u_int datalen)
1272 userstyle, p); 1267 userstyle, p);
1273 fail++; 1268 fail++;
1274 } 1269 }
1275 xfree(userstyle); 1270 free(userstyle);
1276 xfree(p); 1271 free(p);
1277 buffer_skip_string(&b); 1272 buffer_skip_string(&b);
1278 if (datafellows & SSH_BUG_PKAUTH) { 1273 if (datafellows & SSH_BUG_PKAUTH) {
1279 if (!buffer_get_char(&b)) 1274 if (!buffer_get_char(&b))
@@ -1282,7 +1277,7 @@ monitor_valid_userblob(u_char *data, u_int datalen)
1282 p = buffer_get_cstring(&b, NULL); 1277 p = buffer_get_cstring(&b, NULL);
1283 if (strcmp("publickey", p) != 0) 1278 if (strcmp("publickey", p) != 0)
1284 fail++; 1279 fail++;
1285 xfree(p); 1280 free(p);
1286 if (!buffer_get_char(&b)) 1281 if (!buffer_get_char(&b))
1287 fail++; 1282 fail++;
1288 buffer_skip_string(&b); 1283 buffer_skip_string(&b);
@@ -1311,7 +1306,7 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser,
1311 (len != session_id2_len) || 1306 (len != session_id2_len) ||
1312 (timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) 1307 (timingsafe_bcmp(p, session_id2, session_id2_len) != 0))
1313 fail++; 1308 fail++;
1314 xfree(p); 1309 free(p);
1315 1310
1316 if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) 1311 if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
1317 fail++; 1312 fail++;
@@ -1325,12 +1320,12 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser,
1325 fail++; 1320 fail++;
1326 } 1321 }
1327 free(userstyle); 1322 free(userstyle);
1328 xfree(p); 1323 free(p);
1329 buffer_skip_string(&b); /* service */ 1324 buffer_skip_string(&b); /* service */
1330 p = buffer_get_cstring(&b, NULL); 1325 p = buffer_get_cstring(&b, NULL);
1331 if (strcmp(p, "hostbased") != 0) 1326 if (strcmp(p, "hostbased") != 0)
1332 fail++; 1327 fail++;
1333 xfree(p); 1328 free(p);
1334 buffer_skip_string(&b); /* pkalg */ 1329 buffer_skip_string(&b); /* pkalg */
1335 buffer_skip_string(&b); /* pkblob */ 1330 buffer_skip_string(&b); /* pkblob */
1336 1331
@@ -1340,13 +1335,13 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser,
1340 p[len - 1] = '\0'; 1335 p[len - 1] = '\0';
1341 if (strcmp(p, chost) != 0) 1336 if (strcmp(p, chost) != 0)
1342 fail++; 1337 fail++;
1343 xfree(p); 1338 free(p);
1344 1339
1345 /* verify client user */ 1340 /* verify client user */
1346 p = buffer_get_string(&b, NULL); 1341 p = buffer_get_string(&b, NULL);
1347 if (strcmp(p, cuser) != 0) 1342 if (strcmp(p, cuser) != 0)
1348 fail++; 1343 fail++;
1349 xfree(p); 1344 free(p);
1350 1345
1351 if (buffer_len(&b) != 0) 1346 if (buffer_len(&b) != 0)
1352 fail++; 1347 fail++;
@@ -1395,9 +1390,9 @@ mm_answer_keyverify(int sock, Buffer *m)
1395 __func__, key, (verified == 1) ? "verified" : "unverified"); 1390 __func__, key, (verified == 1) ? "verified" : "unverified");
1396 1391
1397 key_free(key); 1392 key_free(key);
1398 xfree(blob); 1393 free(blob);
1399 xfree(signature); 1394 free(signature);
1400 xfree(data); 1395 free(data);
1401 1396
1402 auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased"; 1397 auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased";
1403 1398
@@ -1525,7 +1520,7 @@ mm_answer_pty_cleanup(int sock, Buffer *m)
1525 if ((s = session_by_tty(tty)) != NULL) 1520 if ((s = session_by_tty(tty)) != NULL)
1526 mm_session_close(s); 1521 mm_session_close(s);
1527 buffer_clear(m); 1522 buffer_clear(m);
1528 xfree(tty); 1523 free(tty);
1529 return (0); 1524 return (0);
1530} 1525}
1531 1526
@@ -1657,7 +1652,7 @@ mm_answer_rsa_challenge(int sock, Buffer *m)
1657 1652
1658 monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 1); 1653 monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 1);
1659 1654
1660 xfree(blob); 1655 free(blob);
1661 key_free(key); 1656 key_free(key);
1662 return (0); 1657 return (0);
1663} 1658}
@@ -1689,9 +1684,9 @@ mm_answer_rsa_response(int sock, Buffer *m)
1689 fatal("%s: received bad response to challenge", __func__); 1684 fatal("%s: received bad response to challenge", __func__);
1690 success = auth_rsa_verify_response(key, ssh1_challenge, response); 1685 success = auth_rsa_verify_response(key, ssh1_challenge, response);
1691 1686
1692 xfree(blob); 1687 free(blob);
1693 key_free(key); 1688 key_free(key);
1694 xfree(response); 1689 free(response);
1695 1690
1696 auth_method = key_blobtype == MM_RSAUSERKEY ? "rsa" : "rhosts-rsa"; 1691 auth_method = key_blobtype == MM_RSAUSERKEY ? "rsa" : "rhosts-rsa";
1697 1692
@@ -1785,20 +1780,20 @@ monitor_apply_keystate(struct monitor *pmonitor)
1785 packet_set_protocol_flags(child_state.ssh1protoflags); 1780 packet_set_protocol_flags(child_state.ssh1protoflags);
1786 packet_set_encryption_key(child_state.ssh1key, 1781 packet_set_encryption_key(child_state.ssh1key,
1787 child_state.ssh1keylen, child_state.ssh1cipher); 1782 child_state.ssh1keylen, child_state.ssh1cipher);
1788 xfree(child_state.ssh1key); 1783 free(child_state.ssh1key);
1789 } 1784 }
1790 1785
1791 /* for rc4 and other stateful ciphers */ 1786 /* for rc4 and other stateful ciphers */
1792 packet_set_keycontext(MODE_OUT, child_state.keyout); 1787 packet_set_keycontext(MODE_OUT, child_state.keyout);
1793 xfree(child_state.keyout); 1788 free(child_state.keyout);
1794 packet_set_keycontext(MODE_IN, child_state.keyin); 1789 packet_set_keycontext(MODE_IN, child_state.keyin);
1795 xfree(child_state.keyin); 1790 free(child_state.keyin);
1796 1791
1797 if (!compat20) { 1792 if (!compat20) {
1798 packet_set_iv(MODE_OUT, child_state.ivout); 1793 packet_set_iv(MODE_OUT, child_state.ivout);
1799 xfree(child_state.ivout); 1794 free(child_state.ivout);
1800 packet_set_iv(MODE_IN, child_state.ivin); 1795 packet_set_iv(MODE_IN, child_state.ivin);
1801 xfree(child_state.ivin); 1796 free(child_state.ivin);
1802 } 1797 }
1803 1798
1804 memcpy(&incoming_stream, &child_state.incoming, 1799 memcpy(&incoming_stream, &child_state.incoming,
@@ -1819,13 +1814,13 @@ monitor_apply_keystate(struct monitor *pmonitor)
1819 buffer_clear(packet_get_input()); 1814 buffer_clear(packet_get_input());
1820 buffer_append(packet_get_input(), child_state.input, child_state.ilen); 1815 buffer_append(packet_get_input(), child_state.input, child_state.ilen);
1821 memset(child_state.input, 0, child_state.ilen); 1816 memset(child_state.input, 0, child_state.ilen);
1822 xfree(child_state.input); 1817 free(child_state.input);
1823 1818
1824 buffer_clear(packet_get_output()); 1819 buffer_clear(packet_get_output());
1825 buffer_append(packet_get_output(), child_state.output, 1820 buffer_append(packet_get_output(), child_state.output,
1826 child_state.olen); 1821 child_state.olen);
1827 memset(child_state.output, 0, child_state.olen); 1822 memset(child_state.output, 0, child_state.olen);
1828 xfree(child_state.output); 1823 free(child_state.output);
1829 1824
1830 /* Roaming */ 1825 /* Roaming */
1831 if (compat20) 1826 if (compat20)
@@ -1857,11 +1852,11 @@ mm_get_kex(Buffer *m)
1857 blob = buffer_get_string(m, &bloblen); 1852 blob = buffer_get_string(m, &bloblen);
1858 buffer_init(&kex->my); 1853 buffer_init(&kex->my);
1859 buffer_append(&kex->my, blob, bloblen); 1854 buffer_append(&kex->my, blob, bloblen);
1860 xfree(blob); 1855 free(blob);
1861 blob = buffer_get_string(m, &bloblen); 1856 blob = buffer_get_string(m, &bloblen);
1862 buffer_init(&kex->peer); 1857 buffer_init(&kex->peer);
1863 buffer_append(&kex->peer, blob, bloblen); 1858 buffer_append(&kex->peer, blob, bloblen);
1864 xfree(blob); 1859 free(blob);
1865 kex->done = 1; 1860 kex->done = 1;
1866 kex->flags = buffer_get_int(m); 1861 kex->flags = buffer_get_int(m);
1867 kex->client_version_string = buffer_get_string(m, NULL); 1862 kex->client_version_string = buffer_get_string(m, NULL);
@@ -1904,12 +1899,12 @@ mm_get_keystate(struct monitor *pmonitor)
1904 1899
1905 blob = buffer_get_string(&m, &bloblen); 1900 blob = buffer_get_string(&m, &bloblen);
1906 current_keys[MODE_OUT] = mm_newkeys_from_blob(blob, bloblen); 1901 current_keys[MODE_OUT] = mm_newkeys_from_blob(blob, bloblen);
1907 xfree(blob); 1902 free(blob);
1908 1903
1909 debug3("%s: Waiting for second key", __func__); 1904 debug3("%s: Waiting for second key", __func__);
1910 blob = buffer_get_string(&m, &bloblen); 1905 blob = buffer_get_string(&m, &bloblen);
1911 current_keys[MODE_IN] = mm_newkeys_from_blob(blob, bloblen); 1906 current_keys[MODE_IN] = mm_newkeys_from_blob(blob, bloblen);
1912 xfree(blob); 1907 free(blob);
1913 1908
1914 /* Now get sequence numbers for the packets */ 1909 /* Now get sequence numbers for the packets */
1915 seqnr = buffer_get_int(&m); 1910 seqnr = buffer_get_int(&m);
@@ -1934,13 +1929,13 @@ mm_get_keystate(struct monitor *pmonitor)
1934 if (plen != sizeof(child_state.outgoing)) 1929 if (plen != sizeof(child_state.outgoing))
1935 fatal("%s: bad request size", __func__); 1930 fatal("%s: bad request size", __func__);
1936 memcpy(&child_state.outgoing, p, sizeof(child_state.outgoing)); 1931 memcpy(&child_state.outgoing, p, sizeof(child_state.outgoing));
1937 xfree(p); 1932 free(p);
1938 1933
1939 p = buffer_get_string(&m, &plen); 1934 p = buffer_get_string(&m, &plen);
1940 if (plen != sizeof(child_state.incoming)) 1935 if (plen != sizeof(child_state.incoming))
1941 fatal("%s: bad request size", __func__); 1936 fatal("%s: bad request size", __func__);
1942 memcpy(&child_state.incoming, p, sizeof(child_state.incoming)); 1937 memcpy(&child_state.incoming, p, sizeof(child_state.incoming));
1943 xfree(p); 1938 free(p);
1944 1939
1945 /* Network I/O buffers */ 1940 /* Network I/O buffers */
1946 debug3("%s: Getting Network I/O buffers", __func__); 1941 debug3("%s: Getting Network I/O buffers", __func__);
@@ -2062,7 +2057,7 @@ mm_answer_gss_setup_ctx(int sock, Buffer *m)
2062 2057
2063 major = ssh_gssapi_server_ctx(&gsscontext, &goid); 2058 major = ssh_gssapi_server_ctx(&gsscontext, &goid);
2064 2059
2065 xfree(goid.elements); 2060 free(goid.elements);
2066 2061
2067 buffer_clear(m); 2062 buffer_clear(m);
2068 buffer_put_int(m, major); 2063 buffer_put_int(m, major);
@@ -2087,7 +2082,7 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m)
2087 in.value = buffer_get_string(m, &len); 2082 in.value = buffer_get_string(m, &len);
2088 in.length = len; 2083 in.length = len;
2089 major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags); 2084 major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags);
2090 xfree(in.value); 2085 free(in.value);
2091 2086
2092 buffer_clear(m); 2087 buffer_clear(m);
2093 buffer_put_int(m, major); 2088 buffer_put_int(m, major);
@@ -2119,8 +2114,8 @@ mm_answer_gss_checkmic(int sock, Buffer *m)
2119 2114
2120 ret = ssh_gssapi_checkmic(gsscontext, &gssbuf, &mic); 2115 ret = ssh_gssapi_checkmic(gsscontext, &gssbuf, &mic);
2121 2116
2122 xfree(gssbuf.value); 2117 free(gssbuf.value);
2123 xfree(mic.value); 2118 free(mic.value);
2124 2119
2125 buffer_clear(m); 2120 buffer_clear(m);
2126 buffer_put_int(m, ret); 2121 buffer_put_int(m, ret);
@@ -2190,8 +2185,8 @@ mm_answer_jpake_step1(int sock, Buffer *m)
2190 2185
2191 bzero(x3_proof, x3_proof_len); 2186 bzero(x3_proof, x3_proof_len);
2192 bzero(x4_proof, x4_proof_len); 2187 bzero(x4_proof, x4_proof_len);
2193 xfree(x3_proof); 2188 free(x3_proof);
2194 xfree(x4_proof); 2189 free(x4_proof);
2195 2190
2196 monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_GET_PWDATA, 1); 2191 monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_GET_PWDATA, 1);
2197 monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP1, 0); 2192 monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP1, 0);
@@ -2220,8 +2215,8 @@ mm_answer_jpake_get_pwdata(int sock, Buffer *m)
2220 2215
2221 bzero(hash_scheme, strlen(hash_scheme)); 2216 bzero(hash_scheme, strlen(hash_scheme));
2222 bzero(salt, strlen(salt)); 2217 bzero(salt, strlen(salt));
2223 xfree(hash_scheme); 2218 free(hash_scheme);
2224 xfree(salt); 2219 free(salt);
2225 2220
2226 monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP2, 1); 2221 monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP2, 1);
2227 2222
@@ -2260,8 +2255,8 @@ mm_answer_jpake_step2(int sock, Buffer *m)
2260 2255
2261 bzero(x1_proof, x1_proof_len); 2256 bzero(x1_proof, x1_proof_len);
2262 bzero(x2_proof, x2_proof_len); 2257 bzero(x2_proof, x2_proof_len);
2263 xfree(x1_proof); 2258 free(x1_proof);
2264 xfree(x2_proof); 2259 free(x2_proof);
2265 2260
2266 buffer_clear(m); 2261 buffer_clear(m);
2267 2262
@@ -2272,7 +2267,7 @@ mm_answer_jpake_step2(int sock, Buffer *m)
2272 mm_request_send(sock, MONITOR_ANS_JPAKE_STEP2, m); 2267 mm_request_send(sock, MONITOR_ANS_JPAKE_STEP2, m);
2273 2268
2274 bzero(x4_s_proof, x4_s_proof_len); 2269 bzero(x4_s_proof, x4_s_proof_len);
2275 xfree(x4_s_proof); 2270 free(x4_s_proof);
2276 2271
2277 monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_KEY_CONFIRM, 1); 2272 monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_KEY_CONFIRM, 1);
2278 2273
@@ -2340,7 +2335,7 @@ mm_answer_jpake_check_confirm(int sock, Buffer *m)
2340 JPAKE_DEBUG_CTX((pctx, "check_confirm done in %s", __func__)); 2335 JPAKE_DEBUG_CTX((pctx, "check_confirm done in %s", __func__));
2341 2336
2342 bzero(peer_confirm_hash, peer_confirm_hash_len); 2337 bzero(peer_confirm_hash, peer_confirm_hash_len);
2343 xfree(peer_confirm_hash); 2338 free(peer_confirm_hash);
2344 2339
2345 buffer_clear(m); 2340 buffer_clear(m);
2346 buffer_put_int(m, authenticated); 2341 buffer_put_int(m, authenticated);
diff --git a/monitor_mm.c b/monitor_mm.c
index faf9f3dcb..ee7bad4b4 100644
--- a/monitor_mm.c
+++ b/monitor_mm.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: monitor_mm.c,v 1.16 2009/06/22 05:39:28 dtucker Exp $ */ 1/* $OpenBSD: monitor_mm.c,v 1.17 2013/05/17 00:13:13 djm Exp $ */
2/* 2/*
3 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
4 * All rights reserved. 4 * All rights reserved.
@@ -35,6 +35,7 @@
35 35
36#include <errno.h> 36#include <errno.h>
37#include <stdarg.h> 37#include <stdarg.h>
38#include <stdlib.h>
38#include <string.h> 39#include <string.h>
39 40
40#include "xmalloc.h" 41#include "xmalloc.h"
@@ -124,7 +125,7 @@ mm_freelist(struct mm_master *mmalloc, struct mmtree *head)
124 next = RB_NEXT(mmtree, head, mms); 125 next = RB_NEXT(mmtree, head, mms);
125 RB_REMOVE(mmtree, head, mms); 126 RB_REMOVE(mmtree, head, mms);
126 if (mmalloc == NULL) 127 if (mmalloc == NULL)
127 xfree(mms); 128 free(mms);
128 else 129 else
129 mm_free(mmalloc, mms); 130 mm_free(mmalloc, mms);
130 } 131 }
@@ -147,7 +148,7 @@ mm_destroy(struct mm_master *mm)
147 __func__); 148 __func__);
148#endif 149#endif
149 if (mm->mmalloc == NULL) 150 if (mm->mmalloc == NULL)
150 xfree(mm); 151 free(mm);
151 else 152 else
152 mm_free(mm->mmalloc, mm); 153 mm_free(mm->mmalloc, mm);
153} 154}
@@ -198,7 +199,7 @@ mm_malloc(struct mm_master *mm, size_t size)
198 if (mms->size == 0) { 199 if (mms->size == 0) {
199 RB_REMOVE(mmtree, &mm->rb_free, mms); 200 RB_REMOVE(mmtree, &mm->rb_free, mms);
200 if (mm->mmalloc == NULL) 201 if (mm->mmalloc == NULL)
201 xfree(mms); 202 free(mms);
202 else 203 else
203 mm_free(mm->mmalloc, mms); 204 mm_free(mm->mmalloc, mms);
204 } 205 }
@@ -254,7 +255,7 @@ mm_free(struct mm_master *mm, void *address)
254 prev->size += mms->size; 255 prev->size += mms->size;
255 RB_REMOVE(mmtree, &mm->rb_free, mms); 256 RB_REMOVE(mmtree, &mm->rb_free, mms);
256 if (mm->mmalloc == NULL) 257 if (mm->mmalloc == NULL)
257 xfree(mms); 258 free(mms);
258 else 259 else
259 mm_free(mm->mmalloc, mms); 260 mm_free(mm->mmalloc, mms);
260 } else 261 } else
@@ -278,7 +279,7 @@ mm_free(struct mm_master *mm, void *address)
278 RB_REMOVE(mmtree, &mm->rb_free, mms); 279 RB_REMOVE(mmtree, &mm->rb_free, mms);
279 280
280 if (mm->mmalloc == NULL) 281 if (mm->mmalloc == NULL)
281 xfree(mms); 282 free(mms);
282 else 283 else
283 mm_free(mm->mmalloc, mms); 284 mm_free(mm->mmalloc, mms);
284} 285}
diff --git a/monitor_wrap.c b/monitor_wrap.c
index 3304f5bf2..b1870fcba 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: monitor_wrap.c,v 1.75 2013/01/08 18:49:04 markus Exp $ */ 1/* $OpenBSD: monitor_wrap.c,v 1.76 2013/05/17 00:13:13 djm Exp $ */
2/* 2/*
3 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
4 * Copyright 2002 Markus Friedl <markus@openbsd.org> 4 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -288,7 +288,7 @@ out:
288#undef M_CP_STRARRAYOPT 288#undef M_CP_STRARRAYOPT
289 289
290 copy_set_server_options(&options, newopts, 1); 290 copy_set_server_options(&options, newopts, 1);
291 xfree(newopts); 291 free(newopts);
292 292
293 buffer_free(&m); 293 buffer_free(&m);
294 294
@@ -314,7 +314,7 @@ mm_auth2_read_banner(void)
314 314
315 /* treat empty banner as missing banner */ 315 /* treat empty banner as missing banner */
316 if (strlen(banner) == 0) { 316 if (strlen(banner) == 0) {
317 xfree(banner); 317 free(banner);
318 banner = NULL; 318 banner = NULL;
319 } 319 }
320 return (banner); 320 return (banner);
@@ -407,7 +407,7 @@ mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key)
407 buffer_put_cstring(&m, user ? user : ""); 407 buffer_put_cstring(&m, user ? user : "");
408 buffer_put_cstring(&m, host ? host : ""); 408 buffer_put_cstring(&m, host ? host : "");
409 buffer_put_string(&m, blob, len); 409 buffer_put_string(&m, blob, len);
410 xfree(blob); 410 free(blob);
411 411
412 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYALLOWED, &m); 412 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYALLOWED, &m);
413 413
@@ -450,7 +450,7 @@ mm_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen)
450 buffer_put_string(&m, blob, len); 450 buffer_put_string(&m, blob, len);
451 buffer_put_string(&m, sig, siglen); 451 buffer_put_string(&m, sig, siglen);
452 buffer_put_string(&m, data, datalen); 452 buffer_put_string(&m, data, datalen);
453 xfree(blob); 453 free(blob);
454 454
455 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYVERIFY, &m); 455 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYVERIFY, &m);
456 456
@@ -619,7 +619,7 @@ mm_send_keystate(struct monitor *monitor)
619 keylen = packet_get_encryption_key(key); 619 keylen = packet_get_encryption_key(key);
620 buffer_put_string(&m, key, keylen); 620 buffer_put_string(&m, key, keylen);
621 memset(key, 0, keylen); 621 memset(key, 0, keylen);
622 xfree(key); 622 free(key);
623 623
624 ivlen = packet_get_keyiv_len(MODE_OUT); 624 ivlen = packet_get_keyiv_len(MODE_OUT);
625 packet_get_keyiv(MODE_OUT, iv, ivlen); 625 packet_get_keyiv(MODE_OUT, iv, ivlen);
@@ -642,13 +642,13 @@ mm_send_keystate(struct monitor *monitor)
642 fatal("%s: conversion of newkeys failed", __func__); 642 fatal("%s: conversion of newkeys failed", __func__);
643 643
644 buffer_put_string(&m, blob, bloblen); 644 buffer_put_string(&m, blob, bloblen);
645 xfree(blob); 645 free(blob);
646 646
647 if (!mm_newkeys_to_blob(MODE_IN, &blob, &bloblen)) 647 if (!mm_newkeys_to_blob(MODE_IN, &blob, &bloblen))
648 fatal("%s: conversion of newkeys failed", __func__); 648 fatal("%s: conversion of newkeys failed", __func__);
649 649
650 buffer_put_string(&m, blob, bloblen); 650 buffer_put_string(&m, blob, bloblen);
651 xfree(blob); 651 free(blob);
652 652
653 packet_get_state(MODE_OUT, &seqnr, &blocks, &packets, &bytes); 653 packet_get_state(MODE_OUT, &seqnr, &blocks, &packets, &bytes);
654 buffer_put_int(&m, seqnr); 654 buffer_put_int(&m, seqnr);
@@ -668,13 +668,13 @@ mm_send_keystate(struct monitor *monitor)
668 p = xmalloc(plen+1); 668 p = xmalloc(plen+1);
669 packet_get_keycontext(MODE_OUT, p); 669 packet_get_keycontext(MODE_OUT, p);
670 buffer_put_string(&m, p, plen); 670 buffer_put_string(&m, p, plen);
671 xfree(p); 671 free(p);
672 672
673 plen = packet_get_keycontext(MODE_IN, NULL); 673 plen = packet_get_keycontext(MODE_IN, NULL);
674 p = xmalloc(plen+1); 674 p = xmalloc(plen+1);
675 packet_get_keycontext(MODE_IN, p); 675 packet_get_keycontext(MODE_IN, p);
676 buffer_put_string(&m, p, plen); 676 buffer_put_string(&m, p, plen);
677 xfree(p); 677 free(p);
678 678
679 /* Compression state */ 679 /* Compression state */
680 debug3("%s: Sending compression state", __func__); 680 debug3("%s: Sending compression state", __func__);
@@ -736,10 +736,10 @@ mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen)
736 buffer_free(&m); 736 buffer_free(&m);
737 737
738 strlcpy(namebuf, p, namebuflen); /* Possible truncation */ 738 strlcpy(namebuf, p, namebuflen); /* Possible truncation */
739 xfree(p); 739 free(p);
740 740
741 buffer_append(&loginmsg, msg, strlen(msg)); 741 buffer_append(&loginmsg, msg, strlen(msg));
742 xfree(msg); 742 free(msg);
743 743
744 if ((*ptyfd = mm_receive_fd(pmonitor->m_recvfd)) == -1 || 744 if ((*ptyfd = mm_receive_fd(pmonitor->m_recvfd)) == -1 ||
745 (*ttyfd = mm_receive_fd(pmonitor->m_recvfd)) == -1) 745 (*ttyfd = mm_receive_fd(pmonitor->m_recvfd)) == -1)
@@ -1109,7 +1109,7 @@ mm_auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
1109 if ((key = key_from_blob(blob, blen)) == NULL) 1109 if ((key = key_from_blob(blob, blen)) == NULL)
1110 fatal("%s: key_from_blob failed", __func__); 1110 fatal("%s: key_from_blob failed", __func__);
1111 *rkey = key; 1111 *rkey = key;
1112 xfree(blob); 1112 free(blob);
1113 } 1113 }
1114 buffer_free(&m); 1114 buffer_free(&m);
1115 1115
@@ -1136,7 +1136,7 @@ mm_auth_rsa_generate_challenge(Key *key)
1136 1136
1137 buffer_init(&m); 1137 buffer_init(&m);
1138 buffer_put_string(&m, blob, blen); 1138 buffer_put_string(&m, blob, blen);
1139 xfree(blob); 1139 free(blob);
1140 1140
1141 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSACHALLENGE, &m); 1141 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSACHALLENGE, &m);
1142 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSACHALLENGE, &m); 1142 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSACHALLENGE, &m);
@@ -1165,7 +1165,7 @@ mm_auth_rsa_verify_response(Key *key, BIGNUM *p, u_char response[16])
1165 buffer_init(&m); 1165 buffer_init(&m);
1166 buffer_put_string(&m, blob, blen); 1166 buffer_put_string(&m, blob, blen);
1167 buffer_put_string(&m, response, 16); 1167 buffer_put_string(&m, response, 16);
1168 xfree(blob); 1168 free(blob);
1169 1169
1170 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSARESPONSE, &m); 1170 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSARESPONSE, &m);
1171 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSARESPONSE, &m); 1171 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSARESPONSE, &m);
diff --git a/mux.c b/mux.c
index a6bcbbaca..6c55db981 100644
--- a/mux.c
+++ b/mux.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: mux.c,v 1.40 2013/04/22 01:17:18 dtucker Exp $ */ 1/* $OpenBSD: mux.c,v 1.41 2013/05/17 00:13:13 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org> 3 * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
4 * 4 *
@@ -287,13 +287,12 @@ process_mux_master_hello(u_int rid, Channel *c, Buffer *m, Buffer *r)
287 char *value = buffer_get_string_ret(m, NULL); 287 char *value = buffer_get_string_ret(m, NULL);
288 288
289 if (name == NULL || value == NULL) { 289 if (name == NULL || value == NULL) {
290 if (name != NULL) 290 free(name);
291 xfree(name);
292 goto malf; 291 goto malf;
293 } 292 }
294 debug2("Unrecognised slave extension \"%s\"", name); 293 debug2("Unrecognised slave extension \"%s\"", name);
295 xfree(name); 294 free(name);
296 xfree(value); 295 free(value);
297 } 296 }
298 state->hello_rcvd = 1; 297 state->hello_rcvd = 1;
299 return 0; 298 return 0;
@@ -324,21 +323,17 @@ process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r)
324 (cctx->term = buffer_get_string_ret(m, &len)) == NULL || 323 (cctx->term = buffer_get_string_ret(m, &len)) == NULL ||
325 (cmd = buffer_get_string_ret(m, &len)) == NULL) { 324 (cmd = buffer_get_string_ret(m, &len)) == NULL) {
326 malf: 325 malf:
327 if (cmd != NULL) 326 free(cmd);
328 xfree(cmd); 327 free(reserved);
329 if (reserved != NULL)
330 xfree(reserved);
331 for (j = 0; j < env_len; j++) 328 for (j = 0; j < env_len; j++)
332 xfree(cctx->env[j]); 329 free(cctx->env[j]);
333 if (env_len > 0) 330 free(cctx->env);
334 xfree(cctx->env); 331 free(cctx->term);
335 if (cctx->term != NULL) 332 free(cctx);
336 xfree(cctx->term);
337 xfree(cctx);
338 error("%s: malformed message", __func__); 333 error("%s: malformed message", __func__);
339 return -1; 334 return -1;
340 } 335 }
341 xfree(reserved); 336 free(reserved);
342 reserved = NULL; 337 reserved = NULL;
343 338
344 while (buffer_len(m) > 0) { 339 while (buffer_len(m) > 0) {
@@ -346,7 +341,7 @@ process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r)
346 if ((cp = buffer_get_string_ret(m, &len)) == NULL) 341 if ((cp = buffer_get_string_ret(m, &len)) == NULL)
347 goto malf; 342 goto malf;
348 if (!env_permitted(cp)) { 343 if (!env_permitted(cp)) {
349 xfree(cp); 344 free(cp);
350 continue; 345 continue;
351 } 346 }
352 cctx->env = xrealloc(cctx->env, env_len + 2, 347 cctx->env = xrealloc(cctx->env, env_len + 2,
@@ -367,7 +362,7 @@ process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r)
367 362
368 buffer_init(&cctx->cmd); 363 buffer_init(&cctx->cmd);
369 buffer_append(&cctx->cmd, cmd, strlen(cmd)); 364 buffer_append(&cctx->cmd, cmd, strlen(cmd));
370 xfree(cmd); 365 free(cmd);
371 cmd = NULL; 366 cmd = NULL;
372 367
373 /* Gather fds from client */ 368 /* Gather fds from client */
@@ -378,12 +373,11 @@ process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r)
378 for (j = 0; j < i; j++) 373 for (j = 0; j < i; j++)
379 close(new_fd[j]); 374 close(new_fd[j]);
380 for (j = 0; j < env_len; j++) 375 for (j = 0; j < env_len; j++)
381 xfree(cctx->env[j]); 376 free(cctx->env[j]);
382 if (env_len > 0) 377 free(cctx->env);
383 xfree(cctx->env); 378 free(cctx->term);
384 xfree(cctx->term);
385 buffer_free(&cctx->cmd); 379 buffer_free(&cctx->cmd);
386 xfree(cctx); 380 free(cctx);
387 381
388 /* prepare reply */ 382 /* prepare reply */
389 buffer_put_int(r, MUX_S_FAILURE); 383 buffer_put_int(r, MUX_S_FAILURE);
@@ -408,14 +402,14 @@ process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r)
408 close(new_fd[0]); 402 close(new_fd[0]);
409 close(new_fd[1]); 403 close(new_fd[1]);
410 close(new_fd[2]); 404 close(new_fd[2]);
411 xfree(cctx->term); 405 free(cctx->term);
412 if (env_len != 0) { 406 if (env_len != 0) {
413 for (i = 0; i < env_len; i++) 407 for (i = 0; i < env_len; i++)
414 xfree(cctx->env[i]); 408 free(cctx->env[i]);
415 xfree(cctx->env); 409 free(cctx->env);
416 } 410 }
417 buffer_free(&cctx->cmd); 411 buffer_free(&cctx->cmd);
418 xfree(cctx); 412 free(cctx);
419 return 0; 413 return 0;
420 } 414 }
421 415
@@ -620,7 +614,7 @@ mux_confirm_remote_forward(int type, u_int32_t seq, void *ctxt)
620 buffer_put_int(&out, MUX_S_FAILURE); 614 buffer_put_int(&out, MUX_S_FAILURE);
621 buffer_put_int(&out, fctx->rid); 615 buffer_put_int(&out, fctx->rid);
622 buffer_put_cstring(&out, failmsg); 616 buffer_put_cstring(&out, failmsg);
623 xfree(failmsg); 617 free(failmsg);
624 out: 618 out:
625 buffer_put_string(&c->output, buffer_ptr(&out), buffer_len(&out)); 619 buffer_put_string(&c->output, buffer_ptr(&out), buffer_len(&out));
626 buffer_free(&out); 620 buffer_free(&out);
@@ -649,11 +643,11 @@ process_mux_open_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
649 } 643 }
650 644
651 if (*fwd.listen_host == '\0') { 645 if (*fwd.listen_host == '\0') {
652 xfree(fwd.listen_host); 646 free(fwd.listen_host);
653 fwd.listen_host = NULL; 647 fwd.listen_host = NULL;
654 } 648 }
655 if (*fwd.connect_host == '\0') { 649 if (*fwd.connect_host == '\0') {
656 xfree(fwd.connect_host); 650 free(fwd.connect_host);
657 fwd.connect_host = NULL; 651 fwd.connect_host = NULL;
658 } 652 }
659 653
@@ -664,10 +658,8 @@ process_mux_open_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
664 ftype != MUX_FWD_DYNAMIC) { 658 ftype != MUX_FWD_DYNAMIC) {
665 logit("%s: invalid forwarding type %u", __func__, ftype); 659 logit("%s: invalid forwarding type %u", __func__, ftype);
666 invalid: 660 invalid:
667 if (fwd.listen_host) 661 free(fwd.listen_host);
668 xfree(fwd.listen_host); 662 free(fwd.connect_host);
669 if (fwd.connect_host)
670 xfree(fwd.connect_host);
671 buffer_put_int(r, MUX_S_FAILURE); 663 buffer_put_int(r, MUX_S_FAILURE);
672 buffer_put_int(r, rid); 664 buffer_put_int(r, rid);
673 buffer_put_cstring(r, "Invalid forwarding request"); 665 buffer_put_cstring(r, "Invalid forwarding request");
@@ -769,13 +761,10 @@ process_mux_open_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
769 buffer_put_int(r, MUX_S_OK); 761 buffer_put_int(r, MUX_S_OK);
770 buffer_put_int(r, rid); 762 buffer_put_int(r, rid);
771 out: 763 out:
772 if (fwd_desc != NULL) 764 free(fwd_desc);
773 xfree(fwd_desc);
774 if (freefwd) { 765 if (freefwd) {
775 if (fwd.listen_host != NULL) 766 free(fwd.listen_host);
776 xfree(fwd.listen_host); 767 free(fwd.connect_host);
777 if (fwd.connect_host != NULL)
778 xfree(fwd.connect_host);
779 } 768 }
780 return ret; 769 return ret;
781} 770}
@@ -801,11 +790,11 @@ process_mux_close_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
801 } 790 }
802 791
803 if (*fwd.listen_host == '\0') { 792 if (*fwd.listen_host == '\0') {
804 xfree(fwd.listen_host); 793 free(fwd.listen_host);
805 fwd.listen_host = NULL; 794 fwd.listen_host = NULL;
806 } 795 }
807 if (*fwd.connect_host == '\0') { 796 if (*fwd.connect_host == '\0') {
808 xfree(fwd.connect_host); 797 free(fwd.connect_host);
809 fwd.connect_host = NULL; 798 fwd.connect_host = NULL;
810 } 799 }
811 800
@@ -862,10 +851,8 @@ process_mux_close_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
862 buffer_put_int(r, MUX_S_OK); 851 buffer_put_int(r, MUX_S_OK);
863 buffer_put_int(r, rid); 852 buffer_put_int(r, rid);
864 853
865 if (found_fwd->listen_host != NULL) 854 free(found_fwd->listen_host);
866 xfree(found_fwd->listen_host); 855 free(found_fwd->connect_host);
867 if (found_fwd->connect_host != NULL)
868 xfree(found_fwd->connect_host);
869 found_fwd->listen_host = found_fwd->connect_host = NULL; 856 found_fwd->listen_host = found_fwd->connect_host = NULL;
870 found_fwd->listen_port = found_fwd->connect_port = 0; 857 found_fwd->listen_port = found_fwd->connect_port = 0;
871 } else { 858 } else {
@@ -874,12 +861,9 @@ process_mux_close_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
874 buffer_put_cstring(r, error_reason); 861 buffer_put_cstring(r, error_reason);
875 } 862 }
876 out: 863 out:
877 if (fwd_desc != NULL) 864 free(fwd_desc);
878 xfree(fwd_desc); 865 free(fwd.listen_host);
879 if (fwd.listen_host != NULL) 866 free(fwd.connect_host);
880 xfree(fwd.listen_host);
881 if (fwd.connect_host != NULL)
882 xfree(fwd.connect_host);
883 867
884 return ret; 868 return ret;
885} 869}
@@ -896,14 +880,12 @@ process_mux_stdio_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
896 if ((reserved = buffer_get_string_ret(m, NULL)) == NULL || 880 if ((reserved = buffer_get_string_ret(m, NULL)) == NULL ||
897 (chost = buffer_get_string_ret(m, NULL)) == NULL || 881 (chost = buffer_get_string_ret(m, NULL)) == NULL ||
898 buffer_get_int_ret(&cport, m) != 0) { 882 buffer_get_int_ret(&cport, m) != 0) {
899 if (reserved != NULL) 883 free(reserved);
900 xfree(reserved); 884 free(chost);
901 if (chost != NULL)
902 xfree(chost);
903 error("%s: malformed message", __func__); 885 error("%s: malformed message", __func__);
904 return -1; 886 return -1;
905 } 887 }
906 xfree(reserved); 888 free(reserved);
907 889
908 debug2("%s: channel %d: request stdio fwd to %s:%u", 890 debug2("%s: channel %d: request stdio fwd to %s:%u",
909 __func__, c->self, chost, cport); 891 __func__, c->self, chost, cport);
@@ -915,7 +897,7 @@ process_mux_stdio_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
915 __func__, i); 897 __func__, i);
916 for (j = 0; j < i; j++) 898 for (j = 0; j < i; j++)
917 close(new_fd[j]); 899 close(new_fd[j]);
918 xfree(chost); 900 free(chost);
919 901
920 /* prepare reply */ 902 /* prepare reply */
921 buffer_put_int(r, MUX_S_FAILURE); 903 buffer_put_int(r, MUX_S_FAILURE);
@@ -939,7 +921,7 @@ process_mux_stdio_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
939 cleanup: 921 cleanup:
940 close(new_fd[0]); 922 close(new_fd[0]);
941 close(new_fd[1]); 923 close(new_fd[1]);
942 xfree(chost); 924 free(chost);
943 return 0; 925 return 0;
944 } 926 }
945 927
@@ -1001,7 +983,7 @@ process_mux_stop_listening(u_int rid, Channel *c, Buffer *m, Buffer *r)
1001 if (mux_listener_channel != NULL) { 983 if (mux_listener_channel != NULL) {
1002 channel_free(mux_listener_channel); 984 channel_free(mux_listener_channel);
1003 client_stop_mux(); 985 client_stop_mux();
1004 xfree(options.control_path); 986 free(options.control_path);
1005 options.control_path = NULL; 987 options.control_path = NULL;
1006 mux_listener_channel = NULL; 988 mux_listener_channel = NULL;
1007 muxserver_sock = -1; 989 muxserver_sock = -1;
@@ -1198,8 +1180,8 @@ muxserver_listen(void)
1198 close(muxserver_sock); 1180 close(muxserver_sock);
1199 muxserver_sock = -1; 1181 muxserver_sock = -1;
1200 } 1182 }
1201 xfree(orig_control_path); 1183 free(orig_control_path);
1202 xfree(options.control_path); 1184 free(options.control_path);
1203 options.control_path = NULL; 1185 options.control_path = NULL;
1204 options.control_master = SSHCTL_MASTER_NO; 1186 options.control_master = SSHCTL_MASTER_NO;
1205 return; 1187 return;
@@ -1224,7 +1206,7 @@ muxserver_listen(void)
1224 goto disable_mux_master; 1206 goto disable_mux_master;
1225 } 1207 }
1226 unlink(options.control_path); 1208 unlink(options.control_path);
1227 xfree(options.control_path); 1209 free(options.control_path);
1228 options.control_path = orig_control_path; 1210 options.control_path = orig_control_path;
1229 1211
1230 set_nonblock(muxserver_sock); 1212 set_nonblock(muxserver_sock);
@@ -1309,13 +1291,13 @@ mux_session_confirm(int id, int success, void *arg)
1309 cc->mux_pause = 0; /* start processing messages again */ 1291 cc->mux_pause = 0; /* start processing messages again */
1310 c->open_confirm_ctx = NULL; 1292 c->open_confirm_ctx = NULL;
1311 buffer_free(&cctx->cmd); 1293 buffer_free(&cctx->cmd);
1312 xfree(cctx->term); 1294 free(cctx->term);
1313 if (cctx->env != NULL) { 1295 if (cctx->env != NULL) {
1314 for (i = 0; cctx->env[i] != NULL; i++) 1296 for (i = 0; cctx->env[i] != NULL; i++)
1315 xfree(cctx->env[i]); 1297 free(cctx->env[i]);
1316 xfree(cctx->env); 1298 free(cctx->env);
1317 } 1299 }
1318 xfree(cctx); 1300 free(cctx);
1319} 1301}
1320 1302
1321/* ** Multiplexing client support */ 1303/* ** Multiplexing client support */
@@ -1499,8 +1481,8 @@ mux_client_hello_exchange(int fd)
1499 char *value = buffer_get_string(&m, NULL); 1481 char *value = buffer_get_string(&m, NULL);
1500 1482
1501 debug2("Unrecognised master extension \"%s\"", name); 1483 debug2("Unrecognised master extension \"%s\"", name);
1502 xfree(name); 1484 free(name);
1503 xfree(value); 1485 free(value);
1504 } 1486 }
1505 buffer_free(&m); 1487 buffer_free(&m);
1506 return 0; 1488 return 0;
@@ -1609,7 +1591,7 @@ mux_client_forward(int fd, int cancel_flag, u_int ftype, Forward *fwd)
1609 fwd_desc = format_forward(ftype, fwd); 1591 fwd_desc = format_forward(ftype, fwd);
1610 debug("Requesting %s %s", 1592 debug("Requesting %s %s",
1611 cancel_flag ? "cancellation of" : "forwarding of", fwd_desc); 1593 cancel_flag ? "cancellation of" : "forwarding of", fwd_desc);
1612 xfree(fwd_desc); 1594 free(fwd_desc);
1613 1595
1614 buffer_init(&m); 1596 buffer_init(&m);
1615 buffer_put_int(&m, cancel_flag ? MUX_C_CLOSE_FWD : MUX_C_OPEN_FWD); 1597 buffer_put_int(&m, cancel_flag ? MUX_C_CLOSE_FWD : MUX_C_OPEN_FWD);
diff --git a/packet.c b/packet.c
index a64bbae3c..84ebd81d5 100644
--- a/packet.c
+++ b/packet.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: packet.c,v 1.185 2013/05/16 04:09:13 dtucker Exp $ */ 1/* $OpenBSD: packet.c,v 1.186 2013/05/17 00:13:13 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -766,13 +766,13 @@ set_newkeys(int mode)
766 memset(enc->iv, 0, enc->iv_len); 766 memset(enc->iv, 0, enc->iv_len);
767 memset(enc->key, 0, enc->key_len); 767 memset(enc->key, 0, enc->key_len);
768 memset(mac->key, 0, mac->key_len); 768 memset(mac->key, 0, mac->key_len);
769 xfree(enc->name); 769 free(enc->name);
770 xfree(enc->iv); 770 free(enc->iv);
771 xfree(enc->key); 771 free(enc->key);
772 xfree(mac->name); 772 free(mac->name);
773 xfree(mac->key); 773 free(mac->key);
774 xfree(comp->name); 774 free(comp->name);
775 xfree(active_state->newkeys[mode]); 775 free(active_state->newkeys[mode]);
776 } 776 }
777 active_state->newkeys[mode] = kex_get_newkeys(mode); 777 active_state->newkeys[mode] = kex_get_newkeys(mode);
778 if (active_state->newkeys[mode] == NULL) 778 if (active_state->newkeys[mode] == NULL)
@@ -1023,7 +1023,7 @@ packet_send2(void)
1023 memcpy(&active_state->outgoing_packet, &p->payload, 1023 memcpy(&active_state->outgoing_packet, &p->payload,
1024 sizeof(Buffer)); 1024 sizeof(Buffer));
1025 TAILQ_REMOVE(&active_state->outgoing, p, next); 1025 TAILQ_REMOVE(&active_state->outgoing, p, next);
1026 xfree(p); 1026 free(p);
1027 packet_send2_wrapped(); 1027 packet_send2_wrapped();
1028 } 1028 }
1029 } 1029 }
@@ -1073,7 +1073,7 @@ packet_read_seqnr(u_int32_t *seqnr_p)
1073 packet_check_eom(); 1073 packet_check_eom();
1074 /* If we got a packet, return it. */ 1074 /* If we got a packet, return it. */
1075 if (type != SSH_MSG_NONE) { 1075 if (type != SSH_MSG_NONE) {
1076 xfree(setp); 1076 free(setp);
1077 return type; 1077 return type;
1078 } 1078 }
1079 /* 1079 /*
@@ -1460,9 +1460,9 @@ packet_read_poll_seqnr(u_int32_t *seqnr_p)
1460 packet_get_char(); 1460 packet_get_char();
1461 msg = packet_get_string(NULL); 1461 msg = packet_get_string(NULL);
1462 debug("Remote: %.900s", msg); 1462 debug("Remote: %.900s", msg);
1463 xfree(msg); 1463 free(msg);
1464 msg = packet_get_string(NULL); 1464 msg = packet_get_string(NULL);
1465 xfree(msg); 1465 free(msg);
1466 break; 1466 break;
1467 case SSH2_MSG_DISCONNECT: 1467 case SSH2_MSG_DISCONNECT:
1468 reason = packet_get_int(); 1468 reason = packet_get_int();
@@ -1473,7 +1473,7 @@ packet_read_poll_seqnr(u_int32_t *seqnr_p)
1473 SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_ERROR, 1473 SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_ERROR,
1474 "Received disconnect from %s: %u: %.400s", 1474 "Received disconnect from %s: %u: %.400s",
1475 get_remote_ipaddr(), reason, msg); 1475 get_remote_ipaddr(), reason, msg);
1476 xfree(msg); 1476 free(msg);
1477 cleanup_exit(255); 1477 cleanup_exit(255);
1478 break; 1478 break;
1479 case SSH2_MSG_UNIMPLEMENTED: 1479 case SSH2_MSG_UNIMPLEMENTED:
@@ -1492,7 +1492,7 @@ packet_read_poll_seqnr(u_int32_t *seqnr_p)
1492 case SSH_MSG_DEBUG: 1492 case SSH_MSG_DEBUG:
1493 msg = packet_get_string(NULL); 1493 msg = packet_get_string(NULL);
1494 debug("Remote: %.900s", msg); 1494 debug("Remote: %.900s", msg);
1495 xfree(msg); 1495 free(msg);
1496 break; 1496 break;
1497 case SSH_MSG_DISCONNECT: 1497 case SSH_MSG_DISCONNECT:
1498 msg = packet_get_string(NULL); 1498 msg = packet_get_string(NULL);
@@ -1780,7 +1780,7 @@ packet_write_wait(void)
1780 } 1780 }
1781 packet_write_poll(); 1781 packet_write_poll();
1782 } 1782 }
1783 xfree(setp); 1783 free(setp);
1784} 1784}
1785 1785
1786/* Returns true if there is buffered data to write to the connection. */ 1786/* Returns true if there is buffered data to write to the connection. */
diff --git a/readconf.c b/readconf.c
index 30c1e83bd..45cf910fe 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: readconf.c,v 1.201 2013/05/16 10:43:34 dtucker Exp $ */ 1/* $OpenBSD: readconf.c,v 1.202 2013/05/17 00:13:14 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -308,22 +308,20 @@ clear_forwardings(Options *options)
308 int i; 308 int i;
309 309
310 for (i = 0; i < options->num_local_forwards; i++) { 310 for (i = 0; i < options->num_local_forwards; i++) {
311 if (options->local_forwards[i].listen_host != NULL) 311 free(options->local_forwards[i].listen_host);
312 xfree(options->local_forwards[i].listen_host); 312 free(options->local_forwards[i].connect_host);
313 xfree(options->local_forwards[i].connect_host);
314 } 313 }
315 if (options->num_local_forwards > 0) { 314 if (options->num_local_forwards > 0) {
316 xfree(options->local_forwards); 315 free(options->local_forwards);
317 options->local_forwards = NULL; 316 options->local_forwards = NULL;
318 } 317 }
319 options->num_local_forwards = 0; 318 options->num_local_forwards = 0;
320 for (i = 0; i < options->num_remote_forwards; i++) { 319 for (i = 0; i < options->num_remote_forwards; i++) {
321 if (options->remote_forwards[i].listen_host != NULL) 320 free(options->remote_forwards[i].listen_host);
322 xfree(options->remote_forwards[i].listen_host); 321 free(options->remote_forwards[i].connect_host);
323 xfree(options->remote_forwards[i].connect_host);
324 } 322 }
325 if (options->num_remote_forwards > 0) { 323 if (options->num_remote_forwards > 0) {
326 xfree(options->remote_forwards); 324 free(options->remote_forwards);
327 options->remote_forwards = NULL; 325 options->remote_forwards = NULL;
328 } 326 }
329 options->num_remote_forwards = 0; 327 options->num_remote_forwards = 0;
@@ -1456,7 +1454,7 @@ parse_forward(Forward *fwd, const char *fwdspec, int dynamicfwd, int remotefwd)
1456 i = 0; /* failure */ 1454 i = 0; /* failure */
1457 } 1455 }
1458 1456
1459 xfree(p); 1457 free(p);
1460 1458
1461 if (dynamicfwd) { 1459 if (dynamicfwd) {
1462 if (!(i == 1 || i == 2)) 1460 if (!(i == 1 || i == 2))
@@ -1482,13 +1480,9 @@ parse_forward(Forward *fwd, const char *fwdspec, int dynamicfwd, int remotefwd)
1482 return (i); 1480 return (i);
1483 1481
1484 fail_free: 1482 fail_free:
1485 if (fwd->connect_host != NULL) { 1483 free(fwd->connect_host);
1486 xfree(fwd->connect_host); 1484 fwd->connect_host = NULL;
1487 fwd->connect_host = NULL; 1485 free(fwd->listen_host);
1488 } 1486 fwd->listen_host = NULL;
1489 if (fwd->listen_host != NULL) {
1490 xfree(fwd->listen_host);
1491 fwd->listen_host = NULL;
1492 }
1493 return (0); 1487 return (0);
1494} 1488}
diff --git a/readpass.c b/readpass.c
index 599c8ef9a..e37d31158 100644
--- a/readpass.c
+++ b/readpass.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: readpass.c,v 1.48 2010/12/15 00:49:27 djm Exp $ */ 1/* $OpenBSD: readpass.c,v 1.49 2013/05/17 00:13:14 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 * 4 *
@@ -186,7 +186,7 @@ ask_permission(const char *fmt, ...)
186 if (*p == '\0' || *p == '\n' || 186 if (*p == '\0' || *p == '\n' ||
187 strcasecmp(p, "yes") == 0) 187 strcasecmp(p, "yes") == 0)
188 allowed = 1; 188 allowed = 1;
189 xfree(p); 189 free(p);
190 } 190 }
191 191
192 return (allowed); 192 return (allowed);
diff --git a/roaming_client.c b/roaming_client.c
index 48009d781..81c496827 100644
--- a/roaming_client.c
+++ b/roaming_client.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: roaming_client.c,v 1.4 2011/12/07 05:44:38 djm Exp $ */ 1/* $OpenBSD: roaming_client.c,v 1.5 2013/05/17 00:13:14 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2004-2009 AppGate Network Security AB 3 * Copyright (c) 2004-2009 AppGate Network Security AB
4 * 4 *
@@ -187,10 +187,10 @@ roaming_resume(void)
187 debug("server doesn't allow resume"); 187 debug("server doesn't allow resume");
188 goto fail; 188 goto fail;
189 } 189 }
190 xfree(str); 190 free(str);
191 for (i = 1; i < PROPOSAL_MAX; i++) { 191 for (i = 1; i < PROPOSAL_MAX; i++) {
192 /* kex algorithm taken care of so start with i=1 and not 0 */ 192 /* kex algorithm taken care of so start with i=1 and not 0 */
193 xfree(packet_get_string(&len)); 193 free(packet_get_string(&len));
194 } 194 }
195 i = packet_get_char(); /* first_kex_packet_follows */ 195 i = packet_get_char(); /* first_kex_packet_follows */
196 if (i && (c = strchr(kexlist, ','))) 196 if (i && (c = strchr(kexlist, ',')))
@@ -226,8 +226,7 @@ roaming_resume(void)
226 return 0; 226 return 0;
227 227
228fail: 228fail:
229 if (kexlist) 229 free(kexlist);
230 xfree(kexlist);
231 if (packet_get_connection_in() == packet_get_connection_out()) 230 if (packet_get_connection_in() == packet_get_connection_out())
232 close(packet_get_connection_in()); 231 close(packet_get_connection_in());
233 else { 232 else {
diff --git a/rsa.c b/rsa.c
index bec1d190b..a9ee6b0ed 100644
--- a/rsa.c
+++ b/rsa.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: rsa.c,v 1.29 2006/11/06 21:25:28 markus Exp $ */ 1/* $OpenBSD: rsa.c,v 1.30 2013/05/17 00:13:14 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -96,8 +96,8 @@ rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *key)
96 96
97 memset(outbuf, 0, olen); 97 memset(outbuf, 0, olen);
98 memset(inbuf, 0, ilen); 98 memset(inbuf, 0, ilen);
99 xfree(outbuf); 99 free(outbuf);
100 xfree(inbuf); 100 free(inbuf);
101} 101}
102 102
103int 103int
@@ -122,8 +122,8 @@ rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *key)
122 } 122 }
123 memset(outbuf, 0, olen); 123 memset(outbuf, 0, olen);
124 memset(inbuf, 0, ilen); 124 memset(inbuf, 0, ilen);
125 xfree(outbuf); 125 free(outbuf);
126 xfree(inbuf); 126 free(inbuf);
127 return len; 127 return len;
128} 128}
129 129
diff --git a/schnorr.c b/schnorr.c
index 05c2e7758..9549dcf0e 100644
--- a/schnorr.c
+++ b/schnorr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: schnorr.c,v 1.6 2013/05/16 09:08:41 dtucker Exp $ */ 1/* $OpenBSD: schnorr.c,v 1.7 2013/05/17 00:13:14 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2008 Damien Miller. All rights reserved. 3 * Copyright (c) 2008 Damien Miller. All rights reserved.
4 * 4 *
@@ -102,7 +102,7 @@ schnorr_hash(const BIGNUM *p, const BIGNUM *q, const BIGNUM *g,
102 out: 102 out:
103 buffer_free(&b); 103 buffer_free(&b);
104 bzero(digest, digest_len); 104 bzero(digest, digest_len);
105 xfree(digest); 105 free(digest);
106 digest_len = 0; 106 digest_len = 0;
107 if (success == 0) 107 if (success == 0)
108 return h; 108 return h;
@@ -573,7 +573,7 @@ modp_group_free(struct modp_group *grp)
573 if (grp->q != NULL) 573 if (grp->q != NULL)
574 BN_clear_free(grp->q); 574 BN_clear_free(grp->q);
575 bzero(grp, sizeof(*grp)); 575 bzero(grp, sizeof(*grp));
576 xfree(grp); 576 free(grp);
577} 577}
578 578
579/* main() function for self-test */ 579/* main() function for self-test */
@@ -608,7 +608,7 @@ schnorr_selftest_one(const BIGNUM *grp_p, const BIGNUM *grp_q,
608 if (schnorr_verify_buf(grp_p, grp_q, grp_g, g_x, "junk", 4, 608 if (schnorr_verify_buf(grp_p, grp_q, grp_g, g_x, "junk", 4,
609 sig, siglen) != 0) 609 sig, siglen) != 0)
610 fatal("%s: verify should have failed (bit error)", __func__); 610 fatal("%s: verify should have failed (bit error)", __func__);
611 xfree(sig); 611 free(sig);
612 BN_free(g_x); 612 BN_free(g_x);
613 BN_CTX_free(bn_ctx); 613 BN_CTX_free(bn_ctx);
614} 614}
diff --git a/scp.c b/scp.c
index ae3d38802..32e9d00b2 100644
--- a/scp.c
+++ b/scp.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: scp.c,v 1.172 2013/05/16 09:08:41 dtucker Exp $ */ 1/* $OpenBSD: scp.c,v 1.173 2013/05/17 00:13:14 djm Exp $ */
2/* 2/*
3 * scp - secure remote copy. This is basically patched BSD rcp which 3 * scp - secure remote copy. This is basically patched BSD rcp which
4 * uses ssh to do the data transfer (instead of using rcmd). 4 * uses ssh to do the data transfer (instead of using rcmd).
@@ -578,7 +578,7 @@ toremote(char *targ, int argc, char **argv)
578 } 578 }
579 579
580 if (tuser != NULL && !okname(tuser)) { 580 if (tuser != NULL && !okname(tuser)) {
581 xfree(arg); 581 free(arg);
582 return; 582 return;
583 } 583 }
584 584
@@ -605,13 +605,13 @@ toremote(char *targ, int argc, char **argv)
605 *src == '-' ? "-- " : "", src); 605 *src == '-' ? "-- " : "", src);
606 if (do_cmd(host, suser, bp, &remin, &remout) < 0) 606 if (do_cmd(host, suser, bp, &remin, &remout) < 0)
607 exit(1); 607 exit(1);
608 (void) xfree(bp); 608 free(bp);
609 host = cleanhostname(thost); 609 host = cleanhostname(thost);
610 xasprintf(&bp, "%s -t %s%s", cmd, 610 xasprintf(&bp, "%s -t %s%s", cmd,
611 *targ == '-' ? "-- " : "", targ); 611 *targ == '-' ? "-- " : "", targ);
612 if (do_cmd2(host, tuser, bp, remin, remout) < 0) 612 if (do_cmd2(host, tuser, bp, remin, remout) < 0)
613 exit(1); 613 exit(1);
614 (void) xfree(bp); 614 free(bp);
615 (void) close(remin); 615 (void) close(remin);
616 (void) close(remout); 616 (void) close(remout);
617 remin = remout = -1; 617 remin = remout = -1;
@@ -662,12 +662,12 @@ toremote(char *targ, int argc, char **argv)
662 exit(1); 662 exit(1);
663 if (response() < 0) 663 if (response() < 0)
664 exit(1); 664 exit(1);
665 (void) xfree(bp); 665 free(bp);
666 } 666 }
667 source(1, argv + i); 667 source(1, argv + i);
668 } 668 }
669 } 669 }
670 xfree(arg); 670 free(arg);
671} 671}
672 672
673void 673void
@@ -711,11 +711,11 @@ tolocal(int argc, char **argv)
711 xasprintf(&bp, "%s -f %s%s", 711 xasprintf(&bp, "%s -f %s%s",
712 cmd, *src == '-' ? "-- " : "", src); 712 cmd, *src == '-' ? "-- " : "", src);
713 if (do_cmd(host, suser, bp, &remin, &remout) < 0) { 713 if (do_cmd(host, suser, bp, &remin, &remout) < 0) {
714 (void) xfree(bp); 714 free(bp);
715 ++errs; 715 ++errs;
716 continue; 716 continue;
717 } 717 }
718 xfree(bp); 718 free(bp);
719 sink(1, argv + argc - 1); 719 sink(1, argv + argc - 1);
720 (void) close(remin); 720 (void) close(remin);
721 remin = remout = -1; 721 remin = remout = -1;
@@ -1023,8 +1023,7 @@ sink(int argc, char **argv)
1023 1023
1024 need = strlen(targ) + strlen(cp) + 250; 1024 need = strlen(targ) + strlen(cp) + 250;
1025 if (need > cursize) { 1025 if (need > cursize) {
1026 if (namebuf) 1026 free(namebuf);
1027 xfree(namebuf);
1028 namebuf = xmalloc(need); 1027 namebuf = xmalloc(need);
1029 cursize = need; 1028 cursize = need;
1030 } 1029 }
@@ -1063,8 +1062,7 @@ sink(int argc, char **argv)
1063 } 1062 }
1064 if (mod_flag) 1063 if (mod_flag)
1065 (void) chmod(vect[0], mode); 1064 (void) chmod(vect[0], mode);
1066 if (vect[0]) 1065 free(vect[0]);
1067 xfree(vect[0]);
1068 continue; 1066 continue;
1069 } 1067 }
1070 omode = mode; 1068 omode = mode;
diff --git a/servconf.c b/servconf.c
index 90f6d4653..36b8efecf 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
1 1
2/* $OpenBSD: servconf.c,v 1.238 2013/05/16 10:44:06 dtucker Exp $ */ 2/* $OpenBSD: servconf.c,v 1.239 2013/05/17 00:13:14 djm Exp $ */
3/* 3/*
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * All rights reserved 5 * All rights reserved
@@ -520,7 +520,7 @@ derelativise_path(const char *path)
520 if (getcwd(cwd, sizeof(cwd)) == NULL) 520 if (getcwd(cwd, sizeof(cwd)) == NULL)
521 fatal("%s: getcwd: %s", __func__, strerror(errno)); 521 fatal("%s: getcwd: %s", __func__, strerror(errno));
522 xasprintf(&ret, "%s/%s", cwd, expanded); 522 xasprintf(&ret, "%s/%s", cwd, expanded);
523 xfree(expanded); 523 free(expanded);
524 return ret; 524 return ret;
525} 525}
526 526
@@ -1713,8 +1713,7 @@ int server_match_spec_complete(struct connection_info *ci)
1713} while (0) 1713} while (0)
1714#define M_CP_STROPT(n) do {\ 1714#define M_CP_STROPT(n) do {\
1715 if (src->n != NULL) { \ 1715 if (src->n != NULL) { \
1716 if (dst->n != NULL) \ 1716 free(dst->n); \
1717 xfree(dst->n); \
1718 dst->n = src->n; \ 1717 dst->n = src->n; \
1719 } \ 1718 } \
1720} while(0) 1719} while(0)
@@ -1798,7 +1797,7 @@ parse_server_config(ServerOptions *options, const char *filename, Buffer *conf,
1798 linenum++, &active, connectinfo) != 0) 1797 linenum++, &active, connectinfo) != 0)
1799 bad_options++; 1798 bad_options++;
1800 } 1799 }
1801 xfree(obuf); 1800 free(obuf);
1802 if (bad_options > 0) 1801 if (bad_options > 0)
1803 fatal("%s: terminating, %d bad configuration options", 1802 fatal("%s: terminating, %d bad configuration options",
1804 filename, bad_options); 1803 filename, bad_options);
diff --git a/serverloop.c b/serverloop.c
index a61d4ad32..7c250b22f 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: serverloop.c,v 1.166 2013/05/16 09:08:41 dtucker Exp $ */ 1/* $OpenBSD: serverloop.c,v 1.167 2013/05/17 00:13:14 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -694,7 +694,7 @@ server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg)
694 /* Display list of open channels. */ 694 /* Display list of open channels. */
695 cp = channel_open_message(); 695 cp = channel_open_message();
696 buffer_append(&stderr_buffer, cp, strlen(cp)); 696 buffer_append(&stderr_buffer, cp, strlen(cp));
697 xfree(cp); 697 free(cp);
698 } 698 }
699 } 699 }
700 max_fd = MAX(connection_in, connection_out); 700 max_fd = MAX(connection_in, connection_out);
@@ -722,10 +722,8 @@ server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg)
722 /* Process output to the client and to program stdin. */ 722 /* Process output to the client and to program stdin. */
723 process_output(writeset); 723 process_output(writeset);
724 } 724 }
725 if (readset) 725 free(readset);
726 xfree(readset); 726 free(writeset);
727 if (writeset)
728 xfree(writeset);
729 727
730 /* Cleanup and termination code. */ 728 /* Cleanup and termination code. */
731 729
@@ -885,10 +883,8 @@ server_loop2(Authctxt *authctxt)
885 } 883 }
886 collect_children(); 884 collect_children();
887 885
888 if (readset) 886 free(readset);
889 xfree(readset); 887 free(writeset);
890 if (writeset)
891 xfree(writeset);
892 888
893 /* free all channels, no more reads and writes */ 889 /* free all channels, no more reads and writes */
894 channel_free_all(); 890 channel_free_all();
@@ -923,7 +919,7 @@ server_input_stdin_data(int type, u_int32_t seq, void *ctxt)
923 packet_check_eom(); 919 packet_check_eom();
924 buffer_append(&stdin_buffer, data, data_len); 920 buffer_append(&stdin_buffer, data, data_len);
925 memset(data, 0, data_len); 921 memset(data, 0, data_len);
926 xfree(data); 922 free(data);
927} 923}
928 924
929static void 925static void
@@ -980,8 +976,8 @@ server_request_direct_tcpip(void)
980 originator, originator_port, target, target_port); 976 originator, originator_port, target, target_port);
981 } 977 }
982 978
983 xfree(originator); 979 free(originator);
984 xfree(target); 980 free(target);
985 981
986 return c; 982 return c;
987} 983}
@@ -1110,7 +1106,7 @@ server_input_channel_open(int type, u_int32_t seq, void *ctxt)
1110 } 1106 }
1111 packet_send(); 1107 packet_send();
1112 } 1108 }
1113 xfree(ctype); 1109 free(ctype);
1114} 1110}
1115 1111
1116static void 1112static void
@@ -1155,7 +1151,7 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
1155 listen_address, listen_port, 1151 listen_address, listen_port,
1156 &allocated_listen_port, options.gateway_ports); 1152 &allocated_listen_port, options.gateway_ports);
1157 } 1153 }
1158 xfree(listen_address); 1154 free(listen_address);
1159 } else if (strcmp(rtype, "cancel-tcpip-forward") == 0) { 1155 } else if (strcmp(rtype, "cancel-tcpip-forward") == 0) {
1160 char *cancel_address; 1156 char *cancel_address;
1161 u_short cancel_port; 1157 u_short cancel_port;
@@ -1167,7 +1163,7 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
1167 1163
1168 success = channel_cancel_rport_listener(cancel_address, 1164 success = channel_cancel_rport_listener(cancel_address,
1169 cancel_port); 1165 cancel_port);
1170 xfree(cancel_address); 1166 free(cancel_address);
1171 } else if (strcmp(rtype, "no-more-sessions@openssh.com") == 0) { 1167 } else if (strcmp(rtype, "no-more-sessions@openssh.com") == 0) {
1172 no_more_sessions = 1; 1168 no_more_sessions = 1;
1173 success = 1; 1169 success = 1;
@@ -1180,7 +1176,7 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
1180 packet_send(); 1176 packet_send();
1181 packet_write_wait(); 1177 packet_write_wait();
1182 } 1178 }
1183 xfree(rtype); 1179 free(rtype);
1184} 1180}
1185 1181
1186static void 1182static void
@@ -1212,7 +1208,7 @@ server_input_channel_req(int type, u_int32_t seq, void *ctxt)
1212 packet_put_int(c->remote_id); 1208 packet_put_int(c->remote_id);
1213 packet_send(); 1209 packet_send();
1214 } 1210 }
1215 xfree(rtype); 1211 free(rtype);
1216} 1212}
1217 1213
1218static void 1214static void
diff --git a/session.c b/session.c
index 4c4461ded..f47cc1788 100644
--- a/session.c
+++ b/session.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: session.c,v 1.264 2013/04/19 01:03:01 djm Exp $ */ 1/* $OpenBSD: session.c,v 1.265 2013/05/17 00:13:14 djm Exp $ */
2/* 2/*
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved 4 * All rights reserved
@@ -199,7 +199,7 @@ auth_input_request_forwarding(struct passwd * pw)
199 packet_send_debug("Agent forwarding disabled: " 199 packet_send_debug("Agent forwarding disabled: "
200 "mkdtemp() failed: %.100s", strerror(errno)); 200 "mkdtemp() failed: %.100s", strerror(errno));
201 restore_uid(); 201 restore_uid();
202 xfree(auth_sock_dir); 202 free(auth_sock_dir);
203 auth_sock_dir = NULL; 203 auth_sock_dir = NULL;
204 goto authsock_err; 204 goto authsock_err;
205 } 205 }
@@ -244,11 +244,10 @@ auth_input_request_forwarding(struct passwd * pw)
244 return 1; 244 return 1;
245 245
246 authsock_err: 246 authsock_err:
247 if (auth_sock_name != NULL) 247 free(auth_sock_name);
248 xfree(auth_sock_name);
249 if (auth_sock_dir != NULL) { 248 if (auth_sock_dir != NULL) {
250 rmdir(auth_sock_dir); 249 rmdir(auth_sock_dir);
251 xfree(auth_sock_dir); 250 free(auth_sock_dir);
252 } 251 }
253 if (sock != -1) 252 if (sock != -1)
254 close(sock); 253 close(sock);
@@ -364,8 +363,8 @@ do_authenticated1(Authctxt *authctxt)
364 packet_check_eom(); 363 packet_check_eom();
365 success = session_setup_x11fwd(s); 364 success = session_setup_x11fwd(s);
366 if (!success) { 365 if (!success) {
367 xfree(s->auth_proto); 366 free(s->auth_proto);
368 xfree(s->auth_data); 367 free(s->auth_data);
369 s->auth_proto = NULL; 368 s->auth_proto = NULL;
370 s->auth_data = NULL; 369 s->auth_data = NULL;
371 } 370 }
@@ -412,7 +411,7 @@ do_authenticated1(Authctxt *authctxt)
412 if (do_exec(s, command) != 0) 411 if (do_exec(s, command) != 0)
413 packet_disconnect( 412 packet_disconnect(
414 "command execution failed"); 413 "command execution failed");
415 xfree(command); 414 free(command);
416 } else { 415 } else {
417 if (do_exec(s, NULL) != 0) 416 if (do_exec(s, NULL) != 0)
418 packet_disconnect( 417 packet_disconnect(
@@ -977,7 +976,7 @@ child_set_env(char ***envp, u_int *envsizep, const char *name,
977 break; 976 break;
978 if (env[i]) { 977 if (env[i]) {
979 /* Reuse the slot. */ 978 /* Reuse the slot. */
980 xfree(env[i]); 979 free(env[i]);
981 } else { 980 } else {
982 /* New variable. Expand if necessary. */ 981 /* New variable. Expand if necessary. */
983 envsize = *envsizep; 982 envsize = *envsizep;
@@ -1219,8 +1218,8 @@ do_setup_env(Session *s, const char *shell)
1219 child_set_env(&env, &envsize, str, str + i + 1); 1218 child_set_env(&env, &envsize, str, str + i + 1);
1220 } 1219 }
1221 custom_environment = ce->next; 1220 custom_environment = ce->next;
1222 xfree(ce->s); 1221 free(ce->s);
1223 xfree(ce); 1222 free(ce);
1224 } 1223 }
1225 } 1224 }
1226 1225
@@ -1232,7 +1231,7 @@ do_setup_env(Session *s, const char *shell)
1232 laddr = get_local_ipaddr(packet_get_connection_in()); 1231 laddr = get_local_ipaddr(packet_get_connection_in());
1233 snprintf(buf, sizeof buf, "%.50s %d %.50s %d", 1232 snprintf(buf, sizeof buf, "%.50s %d %.50s %d",
1234 get_remote_ipaddr(), get_remote_port(), laddr, get_local_port()); 1233 get_remote_ipaddr(), get_remote_port(), laddr, get_local_port());
1235 xfree(laddr); 1234 free(laddr);
1236 child_set_env(&env, &envsize, "SSH_CONNECTION", buf); 1235 child_set_env(&env, &envsize, "SSH_CONNECTION", buf);
1237 1236
1238 if (s->ttyfd != -1) 1237 if (s->ttyfd != -1)
@@ -1403,7 +1402,7 @@ do_nologin(struct passwd *pw)
1403#endif 1402#endif
1404 if (stat(nl, &sb) == -1) { 1403 if (stat(nl, &sb) == -1) {
1405 if (nl != def_nl) 1404 if (nl != def_nl)
1406 xfree(nl); 1405 free(nl);
1407 return; 1406 return;
1408 } 1407 }
1409 1408
@@ -2054,7 +2053,7 @@ session_pty_req(Session *s)
2054 s->ypixel = packet_get_int(); 2053 s->ypixel = packet_get_int();
2055 2054
2056 if (strcmp(s->term, "") == 0) { 2055 if (strcmp(s->term, "") == 0) {
2057 xfree(s->term); 2056 free(s->term);
2058 s->term = NULL; 2057 s->term = NULL;
2059 } 2058 }
2060 2059
@@ -2062,8 +2061,7 @@ session_pty_req(Session *s)
2062 debug("Allocating pty."); 2061 debug("Allocating pty.");
2063 if (!PRIVSEP(pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, 2062 if (!PRIVSEP(pty_allocate(&s->ptyfd, &s->ttyfd, s->tty,
2064 sizeof(s->tty)))) { 2063 sizeof(s->tty)))) {
2065 if (s->term) 2064 free(s->term);
2066 xfree(s->term);
2067 s->term = NULL; 2065 s->term = NULL;
2068 s->ptyfd = -1; 2066 s->ptyfd = -1;
2069 s->ttyfd = -1; 2067 s->ttyfd = -1;
@@ -2124,7 +2122,7 @@ session_subsystem_req(Session *s)
2124 logit("subsystem request for %.100s failed, subsystem not found", 2122 logit("subsystem request for %.100s failed, subsystem not found",
2125 subsys); 2123 subsys);
2126 2124
2127 xfree(subsys); 2125 free(subsys);
2128 return success; 2126 return success;
2129} 2127}
2130 2128
@@ -2146,8 +2144,8 @@ session_x11_req(Session *s)
2146 2144
2147 success = session_setup_x11fwd(s); 2145 success = session_setup_x11fwd(s);
2148 if (!success) { 2146 if (!success) {
2149 xfree(s->auth_proto); 2147 free(s->auth_proto);
2150 xfree(s->auth_data); 2148 free(s->auth_data);
2151 s->auth_proto = NULL; 2149 s->auth_proto = NULL;
2152 s->auth_data = NULL; 2150 s->auth_data = NULL;
2153 } 2151 }
@@ -2169,7 +2167,7 @@ session_exec_req(Session *s)
2169 char *command = packet_get_string(&len); 2167 char *command = packet_get_string(&len);
2170 packet_check_eom(); 2168 packet_check_eom();
2171 success = do_exec(s, command) == 0; 2169 success = do_exec(s, command) == 0;
2172 xfree(command); 2170 free(command);
2173 return success; 2171 return success;
2174} 2172}
2175 2173
@@ -2215,8 +2213,8 @@ session_env_req(Session *s)
2215 debug2("Ignoring env request %s: disallowed name", name); 2213 debug2("Ignoring env request %s: disallowed name", name);
2216 2214
2217 fail: 2215 fail:
2218 xfree(name); 2216 free(name);
2219 xfree(val); 2217 free(val);
2220 return (0); 2218 return (0);
2221} 2219}
2222 2220
@@ -2398,24 +2396,16 @@ session_close_single_x11(int id, void *arg)
2398 if (s->x11_chanids[i] != id) 2396 if (s->x11_chanids[i] != id)
2399 session_close_x11(s->x11_chanids[i]); 2397 session_close_x11(s->x11_chanids[i]);
2400 } 2398 }
2401 xfree(s->x11_chanids); 2399 free(s->x11_chanids);
2402 s->x11_chanids = NULL; 2400 s->x11_chanids = NULL;
2403 if (s->display) { 2401 free(s->display);
2404 xfree(s->display); 2402 s->display = NULL;
2405 s->display = NULL; 2403 free(s->auth_proto);
2406 } 2404 s->auth_proto = NULL;
2407 if (s->auth_proto) { 2405 free(s->auth_data);
2408 xfree(s->auth_proto); 2406 s->auth_data = NULL;
2409 s->auth_proto = NULL; 2407 free(s->auth_display);
2410 } 2408 s->auth_display = NULL;
2411 if (s->auth_data) {
2412 xfree(s->auth_data);
2413 s->auth_data = NULL;
2414 }
2415 if (s->auth_display) {
2416 xfree(s->auth_display);
2417 s->auth_display = NULL;
2418 }
2419} 2409}
2420 2410
2421static void 2411static void
@@ -2477,24 +2467,18 @@ session_close(Session *s)
2477 debug("session_close: session %d pid %ld", s->self, (long)s->pid); 2467 debug("session_close: session %d pid %ld", s->self, (long)s->pid);
2478 if (s->ttyfd != -1) 2468 if (s->ttyfd != -1)
2479 session_pty_cleanup(s); 2469 session_pty_cleanup(s);
2480 if (s->term) 2470 free(s->term);
2481 xfree(s->term); 2471 free(s->display);
2482 if (s->display) 2472 free(s->x11_chanids);
2483 xfree(s->display); 2473 free(s->auth_display);
2484 if (s->x11_chanids) 2474 free(s->auth_data);
2485 xfree(s->x11_chanids); 2475 free(s->auth_proto);
2486 if (s->auth_display)
2487 xfree(s->auth_display);
2488 if (s->auth_data)
2489 xfree(s->auth_data);
2490 if (s->auth_proto)
2491 xfree(s->auth_proto);
2492 if (s->env != NULL) { 2476 if (s->env != NULL) {
2493 for (i = 0; i < s->num_env; i++) { 2477 for (i = 0; i < s->num_env; i++) {
2494 xfree(s->env[i].name); 2478 free(s->env[i].name);
2495 xfree(s->env[i].val); 2479 free(s->env[i].val);
2496 } 2480 }
2497 xfree(s->env); 2481 free(s->env);
2498 } 2482 }
2499 session_proctitle(s); 2483 session_proctitle(s);
2500 session_unused(s->self); 2484 session_unused(s->self);
diff --git a/sftp-client.c b/sftp-client.c
index 85f2bd444..038e1c347 100644
--- a/sftp-client.c
+++ b/sftp-client.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sftp-client.c,v 1.97 2012/07/02 12:13:26 dtucker Exp $ */ 1/* $OpenBSD: sftp-client.c,v 1.98 2013/05/17 00:13:14 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> 3 * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
4 * 4 *
@@ -394,8 +394,8 @@ do_init(int fd_in, int fd_out, u_int transfer_buflen, u_int num_requests,
394 } else { 394 } else {
395 debug2("Unrecognised server extension \"%s\"", name); 395 debug2("Unrecognised server extension \"%s\"", name);
396 } 396 }
397 xfree(name); 397 free(name);
398 xfree(value); 398 free(value);
399 } 399 }
400 400
401 buffer_free(&msg); 401 buffer_free(&msg);
@@ -509,7 +509,7 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag,
509 error("Couldn't read directory: %s", 509 error("Couldn't read directory: %s",
510 fx2txt(status)); 510 fx2txt(status));
511 do_close(conn, handle, handle_len); 511 do_close(conn, handle, handle_len);
512 xfree(handle); 512 free(handle);
513 buffer_free(&msg); 513 buffer_free(&msg);
514 return(status); 514 return(status);
515 } 515 }
@@ -552,14 +552,14 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag,
552 (*dir)[++ents] = NULL; 552 (*dir)[++ents] = NULL;
553 } 553 }
554 next: 554 next:
555 xfree(filename); 555 free(filename);
556 xfree(longname); 556 free(longname);
557 } 557 }
558 } 558 }
559 559
560 buffer_free(&msg); 560 buffer_free(&msg);
561 do_close(conn, handle, handle_len); 561 do_close(conn, handle, handle_len);
562 xfree(handle); 562 free(handle);
563 563
564 /* Don't return partial matches on interrupt */ 564 /* Don't return partial matches on interrupt */
565 if (interrupted && dir != NULL && *dir != NULL) { 565 if (interrupted && dir != NULL && *dir != NULL) {
@@ -582,11 +582,11 @@ void free_sftp_dirents(SFTP_DIRENT **s)
582 int i; 582 int i;
583 583
584 for (i = 0; s[i]; i++) { 584 for (i = 0; s[i]; i++) {
585 xfree(s[i]->filename); 585 free(s[i]->filename);
586 xfree(s[i]->longname); 586 free(s[i]->longname);
587 xfree(s[i]); 587 free(s[i]);
588 } 588 }
589 xfree(s); 589 free(s);
590} 590}
591 591
592int 592int
@@ -760,7 +760,7 @@ do_realpath(struct sftp_conn *conn, char *path)
760 debug3("SSH_FXP_REALPATH %s -> %s size %lu", path, filename, 760 debug3("SSH_FXP_REALPATH %s -> %s size %lu", path, filename,
761 (unsigned long)a->size); 761 (unsigned long)a->size);
762 762
763 xfree(longname); 763 free(longname);
764 764
765 buffer_free(&msg); 765 buffer_free(&msg);
766 766
@@ -907,7 +907,7 @@ do_readlink(struct sftp_conn *conn, char *path)
907 907
908 debug3("SSH_FXP_READLINK %s -> %s", path, filename); 908 debug3("SSH_FXP_READLINK %s -> %s", path, filename);
909 909
910 xfree(longname); 910 free(longname);
911 911
912 buffer_free(&msg); 912 buffer_free(&msg);
913 913
@@ -1057,7 +1057,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
1057 local_path, strerror(errno)); 1057 local_path, strerror(errno));
1058 do_close(conn, handle, handle_len); 1058 do_close(conn, handle, handle_len);
1059 buffer_free(&msg); 1059 buffer_free(&msg);
1060 xfree(handle); 1060 free(handle);
1061 return(-1); 1061 return(-1);
1062 } 1062 }
1063 1063
@@ -1121,7 +1121,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
1121 read_error = 1; 1121 read_error = 1;
1122 max_req = 0; 1122 max_req = 0;
1123 TAILQ_REMOVE(&requests, req, tq); 1123 TAILQ_REMOVE(&requests, req, tq);
1124 xfree(req); 1124 free(req);
1125 num_req--; 1125 num_req--;
1126 break; 1126 break;
1127 case SSH2_FXP_DATA: 1127 case SSH2_FXP_DATA:
@@ -1140,11 +1140,11 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
1140 max_req = 0; 1140 max_req = 0;
1141 } 1141 }
1142 progress_counter += len; 1142 progress_counter += len;
1143 xfree(data); 1143 free(data);
1144 1144
1145 if (len == req->len) { 1145 if (len == req->len) {
1146 TAILQ_REMOVE(&requests, req, tq); 1146 TAILQ_REMOVE(&requests, req, tq);
1147 xfree(req); 1147 free(req);
1148 num_req--; 1148 num_req--;
1149 } else { 1149 } else {
1150 /* Resend the request for the missing data */ 1150 /* Resend the request for the missing data */
@@ -1220,7 +1220,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
1220 } 1220 }
1221 close(local_fd); 1221 close(local_fd);
1222 buffer_free(&msg); 1222 buffer_free(&msg);
1223 xfree(handle); 1223 free(handle);
1224 1224
1225 return(status); 1225 return(status);
1226} 1226}
@@ -1292,8 +1292,8 @@ download_dir_internal(struct sftp_conn *conn, char *src, char *dst,
1292 } else 1292 } else
1293 logit("%s: not a regular file\n", new_src); 1293 logit("%s: not a regular file\n", new_src);
1294 1294
1295 xfree(new_dst); 1295 free(new_dst);
1296 xfree(new_src); 1296 free(new_src);
1297 } 1297 }
1298 1298
1299 if (pflag) { 1299 if (pflag) {
@@ -1329,7 +1329,7 @@ download_dir(struct sftp_conn *conn, char *src, char *dst,
1329 1329
1330 ret = download_dir_internal(conn, src_canon, dst, 1330 ret = download_dir_internal(conn, src_canon, dst,
1331 dirattrib, pflag, printflag, 0); 1331 dirattrib, pflag, printflag, 0);
1332 xfree(src_canon); 1332 free(src_canon);
1333 return ret; 1333 return ret;
1334} 1334}
1335 1335
@@ -1481,7 +1481,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
1481 debug3("In write loop, ack for %u %u bytes at %lld", 1481 debug3("In write loop, ack for %u %u bytes at %lld",
1482 ack->id, ack->len, (long long)ack->offset); 1482 ack->id, ack->len, (long long)ack->offset);
1483 ++ackid; 1483 ++ackid;
1484 xfree(ack); 1484 free(ack);
1485 } 1485 }
1486 offset += len; 1486 offset += len;
1487 if (offset < 0) 1487 if (offset < 0)
@@ -1491,7 +1491,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
1491 1491
1492 if (showprogress) 1492 if (showprogress)
1493 stop_progress_meter(); 1493 stop_progress_meter();
1494 xfree(data); 1494 free(data);
1495 1495
1496 if (status != SSH2_FX_OK) { 1496 if (status != SSH2_FX_OK) {
1497 error("Couldn't write to remote file \"%s\": %s", 1497 error("Couldn't write to remote file \"%s\": %s",
@@ -1511,7 +1511,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
1511 1511
1512 if (do_close(conn, handle, handle_len) != SSH2_FX_OK) 1512 if (do_close(conn, handle, handle_len) != SSH2_FX_OK)
1513 status = -1; 1513 status = -1;
1514 xfree(handle); 1514 free(handle);
1515 1515
1516 return status; 1516 return status;
1517} 1517}
@@ -1597,8 +1597,8 @@ upload_dir_internal(struct sftp_conn *conn, char *src, char *dst,
1597 } 1597 }
1598 } else 1598 } else
1599 logit("%s: not a regular file\n", filename); 1599 logit("%s: not a regular file\n", filename);
1600 xfree(new_dst); 1600 free(new_dst);
1601 xfree(new_src); 1601 free(new_src);
1602 } 1602 }
1603 1603
1604 do_setstat(conn, dst, &a); 1604 do_setstat(conn, dst, &a);
@@ -1620,7 +1620,7 @@ upload_dir(struct sftp_conn *conn, char *src, char *dst, int printflag,
1620 } 1620 }
1621 1621
1622 ret = upload_dir_internal(conn, src, dst_canon, pflag, printflag, 0); 1622 ret = upload_dir_internal(conn, src, dst_canon, pflag, printflag, 0);
1623 xfree(dst_canon); 1623 free(dst_canon);
1624 return ret; 1624 return ret;
1625} 1625}
1626 1626
diff --git a/sftp-common.c b/sftp-common.c
index a042875c6..413efc209 100644
--- a/sftp-common.c
+++ b/sftp-common.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sftp-common.c,v 1.23 2010/01/15 09:24:23 markus Exp $ */ 1/* $OpenBSD: sftp-common.c,v 1.24 2013/05/17 00:13:14 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 * Copyright (c) 2001 Damien Miller. All rights reserved. 4 * Copyright (c) 2001 Damien Miller. All rights reserved.
@@ -128,8 +128,8 @@ decode_attrib(Buffer *b)
128 type = buffer_get_string(b, NULL); 128 type = buffer_get_string(b, NULL);
129 data = buffer_get_string(b, NULL); 129 data = buffer_get_string(b, NULL);
130 debug3("Got file attribute \"%s\"", type); 130 debug3("Got file attribute \"%s\"", type);
131 xfree(type); 131 free(type);
132 xfree(data); 132 free(data);
133 } 133 }
134 } 134 }
135 return &a; 135 return &a;
diff --git a/sftp-glob.c b/sftp-glob.c
index 06bf157ca..79b7bdb2f 100644
--- a/sftp-glob.c
+++ b/sftp-glob.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sftp-glob.c,v 1.23 2011/10/04 14:17:32 djm Exp $ */ 1/* $OpenBSD: sftp-glob.c,v 1.24 2013/05/17 00:13:14 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> 3 * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
4 * 4 *
@@ -51,7 +51,7 @@ fudge_opendir(const char *path)
51 r = xmalloc(sizeof(*r)); 51 r = xmalloc(sizeof(*r));
52 52
53 if (do_readdir(cur.conn, (char *)path, &r->dir)) { 53 if (do_readdir(cur.conn, (char *)path, &r->dir)) {
54 xfree(r); 54 free(r);
55 return(NULL); 55 return(NULL);
56 } 56 }
57 57
@@ -103,7 +103,7 @@ static void
103fudge_closedir(struct SFTP_OPENDIR *od) 103fudge_closedir(struct SFTP_OPENDIR *od)
104{ 104{
105 free_sftp_dirents(od->dir); 105 free_sftp_dirents(od->dir);
106 xfree(od); 106 free(od);
107} 107}
108 108
109static int 109static int
diff --git a/sftp-server.c b/sftp-server.c
index cce074a56..285f21aaf 100644
--- a/sftp-server.c
+++ b/sftp-server.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sftp-server.c,v 1.96 2013/01/04 19:26:38 jmc Exp $ */ 1/* $OpenBSD: sftp-server.c,v 1.97 2013/05/17 00:13:14 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000-2004 Markus Friedl. All rights reserved.
4 * 4 *
@@ -319,11 +319,11 @@ handle_close(int handle)
319 319
320 if (handle_is_ok(handle, HANDLE_FILE)) { 320 if (handle_is_ok(handle, HANDLE_FILE)) {
321 ret = close(handles[handle].fd); 321 ret = close(handles[handle].fd);
322 xfree(handles[handle].name); 322 free(handles[handle].name);
323 handle_unused(handle); 323 handle_unused(handle);
324 } else if (handle_is_ok(handle, HANDLE_DIR)) { 324 } else if (handle_is_ok(handle, HANDLE_DIR)) {
325 ret = closedir(handles[handle].dirp); 325 ret = closedir(handles[handle].dirp);
326 xfree(handles[handle].name); 326 free(handles[handle].name);
327 handle_unused(handle); 327 handle_unused(handle);
328 } else { 328 } else {
329 errno = ENOENT; 329 errno = ENOENT;
@@ -367,7 +367,7 @@ get_handle(void)
367 handle = get_string(&hlen); 367 handle = get_string(&hlen);
368 if (hlen < 256) 368 if (hlen < 256)
369 val = handle_from_string(handle, hlen); 369 val = handle_from_string(handle, hlen);
370 xfree(handle); 370 free(handle);
371 return val; 371 return val;
372} 372}
373 373
@@ -450,7 +450,7 @@ send_handle(u_int32_t id, int handle)
450 handle_to_string(handle, &string, &hlen); 450 handle_to_string(handle, &string, &hlen);
451 debug("request %u: sent handle handle %d", id, handle); 451 debug("request %u: sent handle handle %d", id, handle);
452 send_data_or_handle(SSH2_FXP_HANDLE, id, string, hlen); 452 send_data_or_handle(SSH2_FXP_HANDLE, id, string, hlen);
453 xfree(string); 453 free(string);
454} 454}
455 455
456static void 456static void
@@ -578,7 +578,7 @@ process_open(void)
578 } 578 }
579 if (status != SSH2_FX_OK) 579 if (status != SSH2_FX_OK)
580 send_status(id, status); 580 send_status(id, status);
581 xfree(name); 581 free(name);
582} 582}
583 583
584static void 584static void
@@ -679,7 +679,7 @@ process_write(void)
679 } 679 }
680 } 680 }
681 send_status(id, status); 681 send_status(id, status);
682 xfree(data); 682 free(data);
683} 683}
684 684
685static void 685static void
@@ -705,7 +705,7 @@ process_do_stat(int do_lstat)
705 } 705 }
706 if (status != SSH2_FX_OK) 706 if (status != SSH2_FX_OK)
707 send_status(id, status); 707 send_status(id, status);
708 xfree(name); 708 free(name);
709} 709}
710 710
711static void 711static void
@@ -807,7 +807,7 @@ process_setstat(void)
807 status = errno_to_portable(errno); 807 status = errno_to_portable(errno);
808 } 808 }
809 send_status(id, status); 809 send_status(id, status);
810 xfree(name); 810 free(name);
811} 811}
812 812
813static void 813static void
@@ -904,7 +904,7 @@ process_opendir(void)
904 } 904 }
905 if (status != SSH2_FX_OK) 905 if (status != SSH2_FX_OK)
906 send_status(id, status); 906 send_status(id, status);
907 xfree(path); 907 free(path);
908} 908}
909 909
910static void 910static void
@@ -953,13 +953,13 @@ process_readdir(void)
953 if (count > 0) { 953 if (count > 0) {
954 send_names(id, count, stats); 954 send_names(id, count, stats);
955 for (i = 0; i < count; i++) { 955 for (i = 0; i < count; i++) {
956 xfree(stats[i].name); 956 free(stats[i].name);
957 xfree(stats[i].long_name); 957 free(stats[i].long_name);
958 } 958 }
959 } else { 959 } else {
960 send_status(id, SSH2_FX_EOF); 960 send_status(id, SSH2_FX_EOF);
961 } 961 }
962 xfree(stats); 962 free(stats);
963 } 963 }
964} 964}
965 965
@@ -982,7 +982,7 @@ process_remove(void)
982 status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; 982 status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
983 } 983 }
984 send_status(id, status); 984 send_status(id, status);
985 xfree(name); 985 free(name);
986} 986}
987 987
988static void 988static void
@@ -1007,7 +1007,7 @@ process_mkdir(void)
1007 status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; 1007 status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
1008 } 1008 }
1009 send_status(id, status); 1009 send_status(id, status);
1010 xfree(name); 1010 free(name);
1011} 1011}
1012 1012
1013static void 1013static void
@@ -1028,7 +1028,7 @@ process_rmdir(void)
1028 status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; 1028 status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
1029 } 1029 }
1030 send_status(id, status); 1030 send_status(id, status);
1031 xfree(name); 1031 free(name);
1032} 1032}
1033 1033
1034static void 1034static void
@@ -1041,7 +1041,7 @@ process_realpath(void)
1041 id = get_int(); 1041 id = get_int();
1042 path = get_string(NULL); 1042 path = get_string(NULL);
1043 if (path[0] == '\0') { 1043 if (path[0] == '\0') {
1044 xfree(path); 1044 free(path);
1045 path = xstrdup("."); 1045 path = xstrdup(".");
1046 } 1046 }
1047 debug3("request %u: realpath", id); 1047 debug3("request %u: realpath", id);
@@ -1054,7 +1054,7 @@ process_realpath(void)
1054 s.name = s.long_name = resolvedname; 1054 s.name = s.long_name = resolvedname;
1055 send_names(id, 1, &s); 1055 send_names(id, 1, &s);
1056 } 1056 }
1057 xfree(path); 1057 free(path);
1058} 1058}
1059 1059
1060static void 1060static void
@@ -1115,8 +1115,8 @@ process_rename(void)
1115 status = SSH2_FX_OK; 1115 status = SSH2_FX_OK;
1116 } 1116 }
1117 send_status(id, status); 1117 send_status(id, status);
1118 xfree(oldpath); 1118 free(oldpath);
1119 xfree(newpath); 1119 free(newpath);
1120} 1120}
1121 1121
1122static void 1122static void
@@ -1141,7 +1141,7 @@ process_readlink(void)
1141 s.name = s.long_name = buf; 1141 s.name = s.long_name = buf;
1142 send_names(id, 1, &s); 1142 send_names(id, 1, &s);
1143 } 1143 }
1144 xfree(path); 1144 free(path);
1145} 1145}
1146 1146
1147static void 1147static void
@@ -1164,8 +1164,8 @@ process_symlink(void)
1164 status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; 1164 status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
1165 } 1165 }
1166 send_status(id, status); 1166 send_status(id, status);
1167 xfree(oldpath); 1167 free(oldpath);
1168 xfree(newpath); 1168 free(newpath);
1169} 1169}
1170 1170
1171static void 1171static void
@@ -1185,8 +1185,8 @@ process_extended_posix_rename(u_int32_t id)
1185 status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; 1185 status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
1186 } 1186 }
1187 send_status(id, status); 1187 send_status(id, status);
1188 xfree(oldpath); 1188 free(oldpath);
1189 xfree(newpath); 1189 free(newpath);
1190} 1190}
1191 1191
1192static void 1192static void
@@ -1203,7 +1203,7 @@ process_extended_statvfs(u_int32_t id)
1203 send_status(id, errno_to_portable(errno)); 1203 send_status(id, errno_to_portable(errno));
1204 else 1204 else
1205 send_statvfs(id, &st); 1205 send_statvfs(id, &st);
1206 xfree(path); 1206 free(path);
1207} 1207}
1208 1208
1209static void 1209static void
@@ -1242,8 +1242,8 @@ process_extended_hardlink(u_int32_t id)
1242 status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; 1242 status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
1243 } 1243 }
1244 send_status(id, status); 1244 send_status(id, status);
1245 xfree(oldpath); 1245 free(oldpath);
1246 xfree(newpath); 1246 free(newpath);
1247} 1247}
1248 1248
1249static void 1249static void
@@ -1264,7 +1264,7 @@ process_extended(void)
1264 process_extended_hardlink(id); 1264 process_extended_hardlink(id);
1265 else 1265 else
1266 send_status(id, SSH2_FX_OP_UNSUPPORTED); /* MUST */ 1266 send_status(id, SSH2_FX_OP_UNSUPPORTED); /* MUST */
1267 xfree(request); 1267 free(request);
1268} 1268}
1269 1269
1270/* stolen from ssh-agent */ 1270/* stolen from ssh-agent */
diff --git a/sftp.c b/sftp.c
index 12c4958d9..a723fa643 100644
--- a/sftp.c
+++ b/sftp.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sftp.c,v 1.144 2013/05/16 09:08:41 dtucker Exp $ */ 1/* $OpenBSD: sftp.c,v 1.145 2013/05/17 00:13:14 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> 3 * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
4 * 4 *
@@ -309,7 +309,7 @@ local_do_ls(const char *args)
309 /* XXX: quoting - rip quoting code from ftp? */ 309 /* XXX: quoting - rip quoting code from ftp? */
310 snprintf(buf, len, _PATH_LS " %s", args); 310 snprintf(buf, len, _PATH_LS " %s", args);
311 local_do_shell(buf); 311 local_do_shell(buf);
312 xfree(buf); 312 free(buf);
313 } 313 }
314} 314}
315 315
@@ -340,7 +340,7 @@ make_absolute(char *p, char *pwd)
340 /* Derelativise */ 340 /* Derelativise */
341 if (p && p[0] != '/') { 341 if (p && p[0] != '/') {
342 abs_str = path_append(pwd, p); 342 abs_str = path_append(pwd, p);
343 xfree(p); 343 free(p);
344 return(abs_str); 344 return(abs_str);
345 } else 345 } else
346 return(p); 346 return(p);
@@ -550,7 +550,7 @@ process_get(struct sftp_conn *conn, char *src, char *dst, char *pwd,
550 tmp = xstrdup(g.gl_pathv[i]); 550 tmp = xstrdup(g.gl_pathv[i]);
551 if ((filename = basename(tmp)) == NULL) { 551 if ((filename = basename(tmp)) == NULL) {
552 error("basename %s: %s", tmp, strerror(errno)); 552 error("basename %s: %s", tmp, strerror(errno));
553 xfree(tmp); 553 free(tmp);
554 err = -1; 554 err = -1;
555 goto out; 555 goto out;
556 } 556 }
@@ -566,7 +566,7 @@ process_get(struct sftp_conn *conn, char *src, char *dst, char *pwd,
566 } else { 566 } else {
567 abs_dst = xstrdup(filename); 567 abs_dst = xstrdup(filename);
568 } 568 }
569 xfree(tmp); 569 free(tmp);
570 570
571 if (!quiet) 571 if (!quiet)
572 printf("Fetching %s to %s\n", g.gl_pathv[i], abs_dst); 572 printf("Fetching %s to %s\n", g.gl_pathv[i], abs_dst);
@@ -579,12 +579,12 @@ process_get(struct sftp_conn *conn, char *src, char *dst, char *pwd,
579 pflag || global_pflag) == -1) 579 pflag || global_pflag) == -1)
580 err = -1; 580 err = -1;
581 } 581 }
582 xfree(abs_dst); 582 free(abs_dst);
583 abs_dst = NULL; 583 abs_dst = NULL;
584 } 584 }
585 585
586out: 586out:
587 xfree(abs_src); 587 free(abs_src);
588 globfree(&g); 588 globfree(&g);
589 return(err); 589 return(err);
590} 590}
@@ -636,7 +636,7 @@ process_put(struct sftp_conn *conn, char *src, char *dst, char *pwd,
636 tmp = xstrdup(g.gl_pathv[i]); 636 tmp = xstrdup(g.gl_pathv[i]);
637 if ((filename = basename(tmp)) == NULL) { 637 if ((filename = basename(tmp)) == NULL) {
638 error("basename %s: %s", tmp, strerror(errno)); 638 error("basename %s: %s", tmp, strerror(errno));
639 xfree(tmp); 639 free(tmp);
640 err = -1; 640 err = -1;
641 goto out; 641 goto out;
642 } 642 }
@@ -652,7 +652,7 @@ process_put(struct sftp_conn *conn, char *src, char *dst, char *pwd,
652 } else { 652 } else {
653 abs_dst = make_absolute(xstrdup(filename), pwd); 653 abs_dst = make_absolute(xstrdup(filename), pwd);
654 } 654 }
655 xfree(tmp); 655 free(tmp);
656 656
657 if (!quiet) 657 if (!quiet)
658 printf("Uploading %s to %s\n", g.gl_pathv[i], abs_dst); 658 printf("Uploading %s to %s\n", g.gl_pathv[i], abs_dst);
@@ -668,10 +668,8 @@ process_put(struct sftp_conn *conn, char *src, char *dst, char *pwd,
668 } 668 }
669 669
670out: 670out:
671 if (abs_dst) 671 free(abs_dst);
672 xfree(abs_dst); 672 free(tmp_dst);
673 if (tmp_dst)
674 xfree(tmp_dst);
675 globfree(&g); 673 globfree(&g);
676 return(err); 674 return(err);
677} 675}
@@ -719,7 +717,7 @@ do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag)
719 /* Add any subpath that also needs to be counted */ 717 /* Add any subpath that also needs to be counted */
720 tmp = path_strip(path, strip_path); 718 tmp = path_strip(path, strip_path);
721 m += strlen(tmp); 719 m += strlen(tmp);
722 xfree(tmp); 720 free(tmp);
723 721
724 if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) != -1) 722 if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) != -1)
725 width = ws.ws_col; 723 width = ws.ws_col;
@@ -745,7 +743,7 @@ do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag)
745 743
746 tmp = path_append(path, d[n]->filename); 744 tmp = path_append(path, d[n]->filename);
747 fname = path_strip(tmp, strip_path); 745 fname = path_strip(tmp, strip_path);
748 xfree(tmp); 746 free(tmp);
749 747
750 if (lflag & LS_LONG_VIEW) { 748 if (lflag & LS_LONG_VIEW) {
751 if (lflag & (LS_NUMERIC_VIEW|LS_SI_UNITS)) { 749 if (lflag & (LS_NUMERIC_VIEW|LS_SI_UNITS)) {
@@ -757,7 +755,7 @@ do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag)
757 lname = ls_file(fname, &sb, 1, 755 lname = ls_file(fname, &sb, 1,
758 (lflag & LS_SI_UNITS)); 756 (lflag & LS_SI_UNITS));
759 printf("%s\n", lname); 757 printf("%s\n", lname);
760 xfree(lname); 758 free(lname);
761 } else 759 } else
762 printf("%s\n", d[n]->longname); 760 printf("%s\n", d[n]->longname);
763 } else { 761 } else {
@@ -769,7 +767,7 @@ do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag)
769 c++; 767 c++;
770 } 768 }
771 769
772 xfree(fname); 770 free(fname);
773 } 771 }
774 772
775 if (!(lflag & LS_LONG_VIEW) && (c != 1)) 773 if (!(lflag & LS_LONG_VIEW) && (c != 1))
@@ -839,7 +837,7 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path,
839 lname = ls_file(fname, g.gl_statv[i], 1, 837 lname = ls_file(fname, g.gl_statv[i], 1,
840 (lflag & LS_SI_UNITS)); 838 (lflag & LS_SI_UNITS));
841 printf("%s\n", lname); 839 printf("%s\n", lname);
842 xfree(lname); 840 free(lname);
843 } else { 841 } else {
844 printf("%-*s", colspace, fname); 842 printf("%-*s", colspace, fname);
845 if (c >= columns) { 843 if (c >= columns) {
@@ -848,7 +846,7 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path,
848 } else 846 } else
849 c++; 847 c++;
850 } 848 }
851 xfree(fname); 849 free(fname);
852 } 850 }
853 851
854 if (!(lflag & LS_LONG_VIEW) && (c != 1)) 852 if (!(lflag & LS_LONG_VIEW) && (c != 1))
@@ -1365,24 +1363,24 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd,
1365 break; 1363 break;
1366 } 1364 }
1367 if ((aa = do_stat(conn, tmp, 0)) == NULL) { 1365 if ((aa = do_stat(conn, tmp, 0)) == NULL) {
1368 xfree(tmp); 1366 free(tmp);
1369 err = 1; 1367 err = 1;
1370 break; 1368 break;
1371 } 1369 }
1372 if (!(aa->flags & SSH2_FILEXFER_ATTR_PERMISSIONS)) { 1370 if (!(aa->flags & SSH2_FILEXFER_ATTR_PERMISSIONS)) {
1373 error("Can't change directory: Can't check target"); 1371 error("Can't change directory: Can't check target");
1374 xfree(tmp); 1372 free(tmp);
1375 err = 1; 1373 err = 1;
1376 break; 1374 break;
1377 } 1375 }
1378 if (!S_ISDIR(aa->perm)) { 1376 if (!S_ISDIR(aa->perm)) {
1379 error("Can't change directory: \"%s\" is not " 1377 error("Can't change directory: \"%s\" is not "
1380 "a directory", tmp); 1378 "a directory", tmp);
1381 xfree(tmp); 1379 free(tmp);
1382 err = 1; 1380 err = 1;
1383 break; 1381 break;
1384 } 1382 }
1385 xfree(*pwd); 1383 free(*pwd);
1386 *pwd = tmp; 1384 *pwd = tmp;
1387 break; 1385 break;
1388 case I_LS: 1386 case I_LS:
@@ -1515,10 +1513,8 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd,
1515 1513
1516 if (g.gl_pathc) 1514 if (g.gl_pathc)
1517 globfree(&g); 1515 globfree(&g);
1518 if (path1) 1516 free(path1);
1519 xfree(path1); 1517 free(path2);
1520 if (path2)
1521 xfree(path2);
1522 1518
1523 /* If an unignored error occurs in batch mode we should abort. */ 1519 /* If an unignored error occurs in batch mode we should abort. */
1524 if (err_abort && err != 0) 1520 if (err_abort && err != 0)
@@ -1628,8 +1624,8 @@ complete_cmd_parse(EditLine *el, char *cmd, int lastarg, char quote,
1628 complete_display(list, 0); 1624 complete_display(list, 0);
1629 1625
1630 for (y = 0; list[y] != NULL; y++) 1626 for (y = 0; list[y] != NULL; y++)
1631 xfree(list[y]); 1627 free(list[y]);
1632 xfree(list); 1628 free(list);
1633 return count; 1629 return count;
1634 } 1630 }
1635 1631
@@ -1642,7 +1638,7 @@ complete_cmd_parse(EditLine *el, char *cmd, int lastarg, char quote,
1642 list[count] = NULL; 1638 list[count] = NULL;
1643 1639
1644 if (count == 0) { 1640 if (count == 0) {
1645 xfree(list); 1641 free(list);
1646 return 0; 1642 return 0;
1647 } 1643 }
1648 1644
@@ -1652,8 +1648,8 @@ complete_cmd_parse(EditLine *el, char *cmd, int lastarg, char quote,
1652 complete_display(list, 0); 1648 complete_display(list, 0);
1653 1649
1654 for (y = 0; list[y]; y++) 1650 for (y = 0; list[y]; y++)
1655 xfree(list[y]); 1651 free(list[y]);
1656 xfree(list); 1652 free(list);
1657 1653
1658 if (tmp != NULL) { 1654 if (tmp != NULL) {
1659 tmplen = strlen(tmp); 1655 tmplen = strlen(tmp);
@@ -1674,7 +1670,7 @@ complete_cmd_parse(EditLine *el, char *cmd, int lastarg, char quote,
1674 if (y > 0 && el_insertstr(el, argterm) == -1) 1670 if (y > 0 && el_insertstr(el, argterm) == -1)
1675 fatal("el_insertstr failed."); 1671 fatal("el_insertstr failed.");
1676 } 1672 }
1677 xfree(tmp); 1673 free(tmp);
1678 } 1674 }
1679 1675
1680 return count; 1676 return count;
@@ -1738,7 +1734,7 @@ complete_match(EditLine *el, struct sftp_conn *conn, char *remote_path,
1738 if (tmp[tmplen] == '/') 1734 if (tmp[tmplen] == '/')
1739 pwdlen = tmplen + 1; /* track last seen '/' */ 1735 pwdlen = tmplen + 1; /* track last seen '/' */
1740 } 1736 }
1741 xfree(tmp); 1737 free(tmp);
1742 1738
1743 if (g.gl_matchc == 0) 1739 if (g.gl_matchc == 0)
1744 goto out; 1740 goto out;
@@ -1753,7 +1749,7 @@ complete_match(EditLine *el, struct sftp_conn *conn, char *remote_path,
1753 1749
1754 tmp2 = complete_ambiguous(file, g.gl_pathv, g.gl_matchc); 1750 tmp2 = complete_ambiguous(file, g.gl_pathv, g.gl_matchc);
1755 tmp = path_strip(tmp2, isabs ? NULL : remote_path); 1751 tmp = path_strip(tmp2, isabs ? NULL : remote_path);
1756 xfree(tmp2); 1752 free(tmp2);
1757 1753
1758 if (tmp == NULL) 1754 if (tmp == NULL)
1759 goto out; 1755 goto out;
@@ -1815,7 +1811,7 @@ complete_match(EditLine *el, struct sftp_conn *conn, char *remote_path,
1815 if (i > 0 && el_insertstr(el, ins) == -1) 1811 if (i > 0 && el_insertstr(el, ins) == -1)
1816 fatal("el_insertstr failed."); 1812 fatal("el_insertstr failed.");
1817 } 1813 }
1818 xfree(tmp); 1814 free(tmp);
1819 1815
1820 out: 1816 out:
1821 globfree(&g); 1817 globfree(&g);
@@ -1841,7 +1837,7 @@ complete(EditLine *el, int ch)
1841 memcpy(line, lf->buffer, cursor); 1837 memcpy(line, lf->buffer, cursor);
1842 line[cursor] = '\0'; 1838 line[cursor] = '\0';
1843 argv = makeargv(line, &carg, 1, &quote, &terminated); 1839 argv = makeargv(line, &carg, 1, &quote, &terminated);
1844 xfree(line); 1840 free(line);
1845 1841
1846 /* Get all the arguments on the line */ 1842 /* Get all the arguments on the line */
1847 len = lf->lastchar - lf->buffer; 1843 len = lf->lastchar - lf->buffer;
@@ -1853,7 +1849,7 @@ complete(EditLine *el, int ch)
1853 /* Ensure cursor is at EOL or a argument boundary */ 1849 /* Ensure cursor is at EOL or a argument boundary */
1854 if (line[cursor] != ' ' && line[cursor] != '\0' && 1850 if (line[cursor] != ' ' && line[cursor] != '\0' &&
1855 line[cursor] != '\n') { 1851 line[cursor] != '\n') {
1856 xfree(line); 1852 free(line);
1857 return ret; 1853 return ret;
1858 } 1854 }
1859 1855
@@ -1881,7 +1877,7 @@ complete(EditLine *el, int ch)
1881 ret = CC_REDISPLAY; 1877 ret = CC_REDISPLAY;
1882 } 1878 }
1883 1879
1884 xfree(line); 1880 free(line);
1885 return ret; 1881 return ret;
1886} 1882}
1887#endif /* USE_LIBEDIT */ 1883#endif /* USE_LIBEDIT */
@@ -1938,9 +1934,9 @@ interactive_loop(struct sftp_conn *conn, char *file1, char *file2)
1938 snprintf(cmd, sizeof cmd, "cd \"%s\"", dir); 1934 snprintf(cmd, sizeof cmd, "cd \"%s\"", dir);
1939 if (parse_dispatch_command(conn, cmd, 1935 if (parse_dispatch_command(conn, cmd,
1940 &remote_path, 1) != 0) { 1936 &remote_path, 1) != 0) {
1941 xfree(dir); 1937 free(dir);
1942 xfree(remote_path); 1938 free(remote_path);
1943 xfree(conn); 1939 free(conn);
1944 return (-1); 1940 return (-1);
1945 } 1941 }
1946 } else { 1942 } else {
@@ -1953,12 +1949,12 @@ interactive_loop(struct sftp_conn *conn, char *file1, char *file2)
1953 1949
1954 err = parse_dispatch_command(conn, cmd, 1950 err = parse_dispatch_command(conn, cmd,
1955 &remote_path, 1); 1951 &remote_path, 1);
1956 xfree(dir); 1952 free(dir);
1957 xfree(remote_path); 1953 free(remote_path);
1958 xfree(conn); 1954 free(conn);
1959 return (err); 1955 return (err);
1960 } 1956 }
1961 xfree(dir); 1957 free(dir);
1962 } 1958 }
1963 1959
1964 setlinebuf(stdout); 1960 setlinebuf(stdout);
@@ -2016,8 +2012,8 @@ interactive_loop(struct sftp_conn *conn, char *file1, char *file2)
2016 if (err != 0) 2012 if (err != 0)
2017 break; 2013 break;
2018 } 2014 }
2019 xfree(remote_path); 2015 free(remote_path);
2020 xfree(conn); 2016 free(conn);
2021 2017
2022#ifdef USE_LIBEDIT 2018#ifdef USE_LIBEDIT
2023 if (el != NULL) 2019 if (el != NULL)
diff --git a/ssh-add.c b/ssh-add.c
index 008084704..5e8166f66 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-add.c,v 1.105 2012/12/05 15:42:52 markus Exp $ */ 1/* $OpenBSD: ssh-add.c,v 1.106 2013/05/17 00:13:14 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -90,7 +90,7 @@ clear_pass(void)
90{ 90{
91 if (pass) { 91 if (pass) {
92 memset(pass, 0, strlen(pass)); 92 memset(pass, 0, strlen(pass));
93 xfree(pass); 93 free(pass);
94 pass = NULL; 94 pass = NULL;
95 } 95 }
96} 96}
@@ -215,7 +215,7 @@ add_file(AuthenticationConnection *ac, const char *filename, int key_only)
215 pass = read_passphrase(msg, RP_ALLOW_STDIN); 215 pass = read_passphrase(msg, RP_ALLOW_STDIN);
216 if (strcmp(pass, "") == 0) { 216 if (strcmp(pass, "") == 0) {
217 clear_pass(); 217 clear_pass();
218 xfree(comment); 218 free(comment);
219 buffer_free(&keyblob); 219 buffer_free(&keyblob);
220 return -1; 220 return -1;
221 } 221 }
@@ -282,8 +282,8 @@ add_file(AuthenticationConnection *ac, const char *filename, int key_only)
282 fprintf(stderr, "The user must confirm each use of the key\n"); 282 fprintf(stderr, "The user must confirm each use of the key\n");
283 out: 283 out:
284 if (certpath != NULL) 284 if (certpath != NULL)
285 xfree(certpath); 285 free(certpath);
286 xfree(comment); 286 free(comment);
287 key_free(private); 287 key_free(private);
288 288
289 return ret; 289 return ret;
@@ -308,7 +308,7 @@ update_card(AuthenticationConnection *ac, int add, const char *id)
308 add ? "add" : "remove", id); 308 add ? "add" : "remove", id);
309 ret = -1; 309 ret = -1;
310 } 310 }
311 xfree(pin); 311 free(pin);
312 return ret; 312 return ret;
313} 313}
314 314
@@ -330,14 +330,14 @@ list_identities(AuthenticationConnection *ac, int do_fp)
330 SSH_FP_HEX); 330 SSH_FP_HEX);
331 printf("%d %s %s (%s)\n", 331 printf("%d %s %s (%s)\n",
332 key_size(key), fp, comment, key_type(key)); 332 key_size(key), fp, comment, key_type(key));
333 xfree(fp); 333 free(fp);
334 } else { 334 } else {
335 if (!key_write(key, stdout)) 335 if (!key_write(key, stdout))
336 fprintf(stderr, "key_write failed"); 336 fprintf(stderr, "key_write failed");
337 fprintf(stdout, " %s\n", comment); 337 fprintf(stdout, " %s\n", comment);
338 } 338 }
339 key_free(key); 339 key_free(key);
340 xfree(comment); 340 free(comment);
341 } 341 }
342 } 342 }
343 if (!had_identities) { 343 if (!had_identities) {
@@ -363,7 +363,7 @@ lock_agent(AuthenticationConnection *ac, int lock)
363 passok = 0; 363 passok = 0;
364 } 364 }
365 memset(p2, 0, strlen(p2)); 365 memset(p2, 0, strlen(p2));
366 xfree(p2); 366 free(p2);
367 } 367 }
368 if (passok && ssh_lock_agent(ac, lock, p1)) { 368 if (passok && ssh_lock_agent(ac, lock, p1)) {
369 fprintf(stderr, "Agent %slocked.\n", lock ? "" : "un"); 369 fprintf(stderr, "Agent %slocked.\n", lock ? "" : "un");
@@ -371,7 +371,7 @@ lock_agent(AuthenticationConnection *ac, int lock)
371 } else 371 } else
372 fprintf(stderr, "Failed to %slock agent.\n", lock ? "" : "un"); 372 fprintf(stderr, "Failed to %slock agent.\n", lock ? "" : "un");
373 memset(p1, 0, strlen(p1)); 373 memset(p1, 0, strlen(p1));
374 xfree(p1); 374 free(p1);
375 return (ret); 375 return (ret);
376} 376}
377 377
diff --git a/ssh-agent.c b/ssh-agent.c
index b9498e6ef..3f94851eb 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-agent.c,v 1.172 2011/06/03 01:37:40 dtucker Exp $ */ 1/* $OpenBSD: ssh-agent.c,v 1.173 2013/05/17 00:13:14 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -172,10 +172,9 @@ static void
172free_identity(Identity *id) 172free_identity(Identity *id)
173{ 173{
174 key_free(id->key); 174 key_free(id->key);
175 if (id->provider != NULL) 175 free(id->provider);
176 xfree(id->provider); 176 free(id->comment);
177 xfree(id->comment); 177 free(id);
178 xfree(id);
179} 178}
180 179
181/* return matching private key for given public key */ 180/* return matching private key for given public key */
@@ -203,7 +202,7 @@ confirm_key(Identity *id)
203 if (ask_permission("Allow use of key %s?\nKey fingerprint %s.", 202 if (ask_permission("Allow use of key %s?\nKey fingerprint %s.",
204 id->comment, p)) 203 id->comment, p))
205 ret = 0; 204 ret = 0;
206 xfree(p); 205 free(p);
207 206
208 return (ret); 207 return (ret);
209} 208}
@@ -230,7 +229,7 @@ process_request_identities(SocketEntry *e, int version)
230 u_int blen; 229 u_int blen;
231 key_to_blob(id->key, &blob, &blen); 230 key_to_blob(id->key, &blob, &blen);
232 buffer_put_string(&msg, blob, blen); 231 buffer_put_string(&msg, blob, blen);
233 xfree(blob); 232 free(blob);
234 } 233 }
235 buffer_put_cstring(&msg, id->comment); 234 buffer_put_cstring(&msg, id->comment);
236 } 235 }
@@ -348,10 +347,9 @@ process_sign_request2(SocketEntry *e)
348 buffer_append(&e->output, buffer_ptr(&msg), 347 buffer_append(&e->output, buffer_ptr(&msg),
349 buffer_len(&msg)); 348 buffer_len(&msg));
350 buffer_free(&msg); 349 buffer_free(&msg);
351 xfree(data); 350 free(data);
352 xfree(blob); 351 free(blob);
353 if (signature != NULL) 352 free(signature);
354 xfree(signature);
355 datafellows = odatafellows; 353 datafellows = odatafellows;
356} 354}
357 355
@@ -378,7 +376,7 @@ process_remove_identity(SocketEntry *e, int version)
378 case 2: 376 case 2:
379 blob = buffer_get_string(&e->request, &blen); 377 blob = buffer_get_string(&e->request, &blen);
380 key = key_from_blob(blob, blen); 378 key = key_from_blob(blob, blen);
381 xfree(blob); 379 free(blob);
382 break; 380 break;
383 } 381 }
384 if (key != NULL) { 382 if (key != NULL) {
@@ -509,7 +507,7 @@ process_add_identity(SocketEntry *e, int version)
509 cert = buffer_get_string(&e->request, &len); 507 cert = buffer_get_string(&e->request, &len);
510 if ((k = key_from_blob(cert, len)) == NULL) 508 if ((k = key_from_blob(cert, len)) == NULL)
511 fatal("Certificate parse failed"); 509 fatal("Certificate parse failed");
512 xfree(cert); 510 free(cert);
513 key_add_private(k); 511 key_add_private(k);
514 buffer_get_bignum2(&e->request, k->dsa->priv_key); 512 buffer_get_bignum2(&e->request, k->dsa->priv_key);
515 break; 513 break;
@@ -520,7 +518,7 @@ process_add_identity(SocketEntry *e, int version)
520 curve = buffer_get_string(&e->request, NULL); 518 curve = buffer_get_string(&e->request, NULL);
521 if (k->ecdsa_nid != key_curve_name_to_nid(curve)) 519 if (k->ecdsa_nid != key_curve_name_to_nid(curve))
522 fatal("%s: curve names mismatch", __func__); 520 fatal("%s: curve names mismatch", __func__);
523 xfree(curve); 521 free(curve);
524 k->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid); 522 k->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid);
525 if (k->ecdsa == NULL) 523 if (k->ecdsa == NULL)
526 fatal("%s: EC_KEY_new_by_curve_name failed", 524 fatal("%s: EC_KEY_new_by_curve_name failed",
@@ -551,7 +549,7 @@ process_add_identity(SocketEntry *e, int version)
551 cert = buffer_get_string(&e->request, &len); 549 cert = buffer_get_string(&e->request, &len);
552 if ((k = key_from_blob(cert, len)) == NULL) 550 if ((k = key_from_blob(cert, len)) == NULL)
553 fatal("Certificate parse failed"); 551 fatal("Certificate parse failed");
554 xfree(cert); 552 free(cert);
555 key_add_private(k); 553 key_add_private(k);
556 if ((exponent = BN_new()) == NULL) 554 if ((exponent = BN_new()) == NULL)
557 fatal("%s: BN_new failed", __func__); 555 fatal("%s: BN_new failed", __func__);
@@ -583,7 +581,7 @@ process_add_identity(SocketEntry *e, int version)
583 cert = buffer_get_string(&e->request, &len); 581 cert = buffer_get_string(&e->request, &len);
584 if ((k = key_from_blob(cert, len)) == NULL) 582 if ((k = key_from_blob(cert, len)) == NULL)
585 fatal("Certificate parse failed"); 583 fatal("Certificate parse failed");
586 xfree(cert); 584 free(cert);
587 key_add_private(k); 585 key_add_private(k);
588 buffer_get_bignum2(&e->request, k->rsa->d); 586 buffer_get_bignum2(&e->request, k->rsa->d);
589 buffer_get_bignum2(&e->request, k->rsa->iqmp); 587 buffer_get_bignum2(&e->request, k->rsa->iqmp);
@@ -591,11 +589,11 @@ process_add_identity(SocketEntry *e, int version)
591 buffer_get_bignum2(&e->request, k->rsa->q); 589 buffer_get_bignum2(&e->request, k->rsa->q);
592 break; 590 break;
593 default: 591 default:
594 xfree(type_name); 592 free(type_name);
595 buffer_clear(&e->request); 593 buffer_clear(&e->request);
596 goto send; 594 goto send;
597 } 595 }
598 xfree(type_name); 596 free(type_name);
599 break; 597 break;
600 } 598 }
601 /* enable blinding */ 599 /* enable blinding */
@@ -613,7 +611,7 @@ process_add_identity(SocketEntry *e, int version)
613 } 611 }
614 comment = buffer_get_string(&e->request, NULL); 612 comment = buffer_get_string(&e->request, NULL);
615 if (k == NULL) { 613 if (k == NULL) {
616 xfree(comment); 614 free(comment);
617 goto send; 615 goto send;
618 } 616 }
619 while (buffer_len(&e->request)) { 617 while (buffer_len(&e->request)) {
@@ -627,7 +625,7 @@ process_add_identity(SocketEntry *e, int version)
627 default: 625 default:
628 error("process_add_identity: " 626 error("process_add_identity: "
629 "Unknown constraint type %d", type); 627 "Unknown constraint type %d", type);
630 xfree(comment); 628 free(comment);
631 key_free(k); 629 key_free(k);
632 goto send; 630 goto send;
633 } 631 }
@@ -643,7 +641,7 @@ process_add_identity(SocketEntry *e, int version)
643 tab->nentries++; 641 tab->nentries++;
644 } else { 642 } else {
645 key_free(k); 643 key_free(k);
646 xfree(id->comment); 644 free(id->comment);
647 } 645 }
648 id->comment = comment; 646 id->comment = comment;
649 id->death = death; 647 id->death = death;
@@ -665,7 +663,7 @@ process_lock_agent(SocketEntry *e, int lock)
665 if (locked && !lock && strcmp(passwd, lock_passwd) == 0) { 663 if (locked && !lock && strcmp(passwd, lock_passwd) == 0) {
666 locked = 0; 664 locked = 0;
667 memset(lock_passwd, 0, strlen(lock_passwd)); 665 memset(lock_passwd, 0, strlen(lock_passwd));
668 xfree(lock_passwd); 666 free(lock_passwd);
669 lock_passwd = NULL; 667 lock_passwd = NULL;
670 success = 1; 668 success = 1;
671 } else if (!locked && lock) { 669 } else if (!locked && lock) {
@@ -674,7 +672,7 @@ process_lock_agent(SocketEntry *e, int lock)
674 success = 1; 672 success = 1;
675 } 673 }
676 memset(passwd, 0, strlen(passwd)); 674 memset(passwd, 0, strlen(passwd));
677 xfree(passwd); 675 free(passwd);
678 676
679 buffer_put_int(&e->output, 1); 677 buffer_put_int(&e->output, 1);
680 buffer_put_char(&e->output, 678 buffer_put_char(&e->output,
@@ -747,12 +745,9 @@ process_add_smartcard_key(SocketEntry *e)
747 keys[i] = NULL; 745 keys[i] = NULL;
748 } 746 }
749send: 747send:
750 if (pin) 748 free(pin);
751 xfree(pin); 749 free(provider);
752 if (provider) 750 free(keys);
753 xfree(provider);
754 if (keys)
755 xfree(keys);
756 buffer_put_int(&e->output, 1); 751 buffer_put_int(&e->output, 1);
757 buffer_put_char(&e->output, 752 buffer_put_char(&e->output,
758 success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE); 753 success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE);
@@ -768,7 +763,7 @@ process_remove_smartcard_key(SocketEntry *e)
768 763
769 provider = buffer_get_string(&e->request, NULL); 764 provider = buffer_get_string(&e->request, NULL);
770 pin = buffer_get_string(&e->request, NULL); 765 pin = buffer_get_string(&e->request, NULL);
771 xfree(pin); 766 free(pin);
772 767
773 for (version = 1; version < 3; version++) { 768 for (version = 1; version < 3; version++) {
774 tab = idtab_lookup(version); 769 tab = idtab_lookup(version);
@@ -786,7 +781,7 @@ process_remove_smartcard_key(SocketEntry *e)
786 else 781 else
787 error("process_remove_smartcard_key:" 782 error("process_remove_smartcard_key:"
788 " pkcs11_del_provider failed"); 783 " pkcs11_del_provider failed");
789 xfree(provider); 784 free(provider);
790 buffer_put_int(&e->output, 1); 785 buffer_put_int(&e->output, 1);
791 buffer_put_char(&e->output, 786 buffer_put_char(&e->output,
792 success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE); 787 success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE);
@@ -951,10 +946,8 @@ prepare_select(fd_set **fdrp, fd_set **fdwp, int *fdl, u_int *nallocp,
951 946
952 sz = howmany(n+1, NFDBITS) * sizeof(fd_mask); 947 sz = howmany(n+1, NFDBITS) * sizeof(fd_mask);
953 if (*fdrp == NULL || sz > *nallocp) { 948 if (*fdrp == NULL || sz > *nallocp) {
954 if (*fdrp) 949 free(*fdrp);
955 xfree(*fdrp); 950 free(*fdwp);
956 if (*fdwp)
957 xfree(*fdwp);
958 *fdrp = xmalloc(sz); 951 *fdrp = xmalloc(sz);
959 *fdwp = xmalloc(sz); 952 *fdwp = xmalloc(sz);
960 *nallocp = sz; 953 *nallocp = sz;
diff --git a/ssh-dss.c b/ssh-dss.c
index ede5e21e5..322ec9fd8 100644
--- a/ssh-dss.c
+++ b/ssh-dss.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-dss.c,v 1.27 2010/08/31 09:58:37 djm Exp $ */ 1/* $OpenBSD: ssh-dss.c,v 1.28 2013/05/17 00:13:14 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -137,17 +137,17 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen,
137 if (strcmp("ssh-dss", ktype) != 0) { 137 if (strcmp("ssh-dss", ktype) != 0) {
138 error("ssh_dss_verify: cannot handle type %s", ktype); 138 error("ssh_dss_verify: cannot handle type %s", ktype);
139 buffer_free(&b); 139 buffer_free(&b);
140 xfree(ktype); 140 free(ktype);
141 return -1; 141 return -1;
142 } 142 }
143 xfree(ktype); 143 free(ktype);
144 sigblob = buffer_get_string(&b, &len); 144 sigblob = buffer_get_string(&b, &len);
145 rlen = buffer_len(&b); 145 rlen = buffer_len(&b);
146 buffer_free(&b); 146 buffer_free(&b);
147 if (rlen != 0) { 147 if (rlen != 0) {
148 error("ssh_dss_verify: " 148 error("ssh_dss_verify: "
149 "remaining bytes in signature %d", rlen); 149 "remaining bytes in signature %d", rlen);
150 xfree(sigblob); 150 free(sigblob);
151 return -1; 151 return -1;
152 } 152 }
153 } 153 }
@@ -169,7 +169,7 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen,
169 169
170 /* clean up */ 170 /* clean up */
171 memset(sigblob, 0, len); 171 memset(sigblob, 0, len);
172 xfree(sigblob); 172 free(sigblob);
173 173
174 /* sha1 the data */ 174 /* sha1 the data */
175 EVP_DigestInit(&md, evp_md); 175 EVP_DigestInit(&md, evp_md);
diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c
index 085468ee7..766338941 100644
--- a/ssh-ecdsa.c
+++ b/ssh-ecdsa.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-ecdsa.c,v 1.5 2012/01/08 13:17:11 miod Exp $ */ 1/* $OpenBSD: ssh-ecdsa.c,v 1.6 2013/05/17 00:13:14 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * Copyright (c) 2010 Damien Miller. All rights reserved. 4 * Copyright (c) 2010 Damien Miller. All rights reserved.
@@ -119,16 +119,16 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen,
119 if (strcmp(key_ssh_name_plain(key), ktype) != 0) { 119 if (strcmp(key_ssh_name_plain(key), ktype) != 0) {
120 error("%s: cannot handle type %s", __func__, ktype); 120 error("%s: cannot handle type %s", __func__, ktype);
121 buffer_free(&b); 121 buffer_free(&b);
122 xfree(ktype); 122 free(ktype);
123 return -1; 123 return -1;
124 } 124 }
125 xfree(ktype); 125 free(ktype);
126 sigblob = buffer_get_string(&b, &len); 126 sigblob = buffer_get_string(&b, &len);
127 rlen = buffer_len(&b); 127 rlen = buffer_len(&b);
128 buffer_free(&b); 128 buffer_free(&b);
129 if (rlen != 0) { 129 if (rlen != 0) {
130 error("%s: remaining bytes in signature %d", __func__, rlen); 130 error("%s: remaining bytes in signature %d", __func__, rlen);
131 xfree(sigblob); 131 free(sigblob);
132 return -1; 132 return -1;
133 } 133 }
134 134
@@ -149,7 +149,7 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen,
149 149
150 /* clean up */ 150 /* clean up */
151 memset(sigblob, 0, len); 151 memset(sigblob, 0, len);
152 xfree(sigblob); 152 free(sigblob);
153 153
154 /* hash the data */ 154 /* hash the data */
155 EVP_DigestInit(&md, evp_md); 155 EVP_DigestInit(&md, evp_md);
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 8acbcc493..f24387475 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-keygen.c,v 1.226 2013/04/19 01:01:00 djm Exp $ */ 1/* $OpenBSD: ssh-keygen.c,v 1.227 2013/05/17 00:13:14 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -252,7 +252,7 @@ load_identity(char *filename)
252 RP_ALLOW_STDIN); 252 RP_ALLOW_STDIN);
253 prv = key_load_private(filename, pass, NULL); 253 prv = key_load_private(filename, pass, NULL);
254 memset(pass, 0, strlen(pass)); 254 memset(pass, 0, strlen(pass));
255 xfree(pass); 255 free(pass);
256 } 256 }
257 return prv; 257 return prv;
258} 258}
@@ -288,7 +288,7 @@ do_convert_to_ssh2(struct passwd *pw, Key *k)
288 dump_base64(stdout, blob, len); 288 dump_base64(stdout, blob, len);
289 fprintf(stdout, "%s\n", SSH_COM_PUBLIC_END); 289 fprintf(stdout, "%s\n", SSH_COM_PUBLIC_END);
290 key_free(k); 290 key_free(k);
291 xfree(blob); 291 free(blob);
292 exit(0); 292 exit(0);
293} 293}
294 294
@@ -415,12 +415,12 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen)
415 debug("ignore (%d %d %d %d)", i1, i2, i3, i4); 415 debug("ignore (%d %d %d %d)", i1, i2, i3, i4);
416 if (strcmp(cipher, "none") != 0) { 416 if (strcmp(cipher, "none") != 0) {
417 error("unsupported cipher %s", cipher); 417 error("unsupported cipher %s", cipher);
418 xfree(cipher); 418 free(cipher);
419 buffer_free(&b); 419 buffer_free(&b);
420 xfree(type); 420 free(type);
421 return NULL; 421 return NULL;
422 } 422 }
423 xfree(cipher); 423 free(cipher);
424 424
425 if (strstr(type, "dsa")) { 425 if (strstr(type, "dsa")) {
426 ktype = KEY_DSA; 426 ktype = KEY_DSA;
@@ -428,11 +428,11 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen)
428 ktype = KEY_RSA; 428 ktype = KEY_RSA;
429 } else { 429 } else {
430 buffer_free(&b); 430 buffer_free(&b);
431 xfree(type); 431 free(type);
432 return NULL; 432 return NULL;
433 } 433 }
434 key = key_new_private(ktype); 434 key = key_new_private(ktype);
435 xfree(type); 435 free(type);
436 436
437 switch (key->type) { 437 switch (key->type) {
438 case KEY_DSA: 438 case KEY_DSA:
@@ -475,7 +475,7 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen)
475 /* try the key */ 475 /* try the key */
476 key_sign(key, &sig, &slen, data, sizeof(data)); 476 key_sign(key, &sig, &slen, data, sizeof(data));
477 key_verify(key, sig, slen, data, sizeof(data)); 477 key_verify(key, sig, slen, data, sizeof(data));
478 xfree(sig); 478 free(sig);
479 return key; 479 return key;
480} 480}
481 481
@@ -746,15 +746,15 @@ do_download(struct passwd *pw)
746 fp, key_type(keys[i])); 746 fp, key_type(keys[i]));
747 if (log_level >= SYSLOG_LEVEL_VERBOSE) 747 if (log_level >= SYSLOG_LEVEL_VERBOSE)
748 printf("%s\n", ra); 748 printf("%s\n", ra);
749 xfree(ra); 749 free(ra);
750 xfree(fp); 750 free(fp);
751 } else { 751 } else {
752 key_write(keys[i], stdout); 752 key_write(keys[i], stdout);
753 fprintf(stdout, "\n"); 753 fprintf(stdout, "\n");
754 } 754 }
755 key_free(keys[i]); 755 key_free(keys[i]);
756 } 756 }
757 xfree(keys); 757 free(keys);
758 pkcs11_terminate(); 758 pkcs11_terminate();
759 exit(0); 759 exit(0);
760#else 760#else
@@ -791,13 +791,13 @@ do_fingerprint(struct passwd *pw)
791 if (log_level >= SYSLOG_LEVEL_VERBOSE) 791 if (log_level >= SYSLOG_LEVEL_VERBOSE)
792 printf("%s\n", ra); 792 printf("%s\n", ra);
793 key_free(public); 793 key_free(public);
794 xfree(comment); 794 free(comment);
795 xfree(ra); 795 free(ra);
796 xfree(fp); 796 free(fp);
797 exit(0); 797 exit(0);
798 } 798 }
799 if (comment) { 799 if (comment) {
800 xfree(comment); 800 free(comment);
801 comment = NULL; 801 comment = NULL;
802 } 802 }
803 803
@@ -856,8 +856,8 @@ do_fingerprint(struct passwd *pw)
856 comment ? comment : "no comment", key_type(public)); 856 comment ? comment : "no comment", key_type(public));
857 if (log_level >= SYSLOG_LEVEL_VERBOSE) 857 if (log_level >= SYSLOG_LEVEL_VERBOSE)
858 printf("%s\n", ra); 858 printf("%s\n", ra);
859 xfree(ra); 859 free(ra);
860 xfree(fp); 860 free(fp);
861 key_free(public); 861 key_free(public);
862 invalid = 0; 862 invalid = 0;
863 } 863 }
@@ -980,8 +980,8 @@ printhost(FILE *f, const char *name, Key *public, int ca, int hash)
980 key_type(public)); 980 key_type(public));
981 if (log_level >= SYSLOG_LEVEL_VERBOSE) 981 if (log_level >= SYSLOG_LEVEL_VERBOSE)
982 printf("%s\n", ra); 982 printf("%s\n", ra);
983 xfree(ra); 983 free(ra);
984 xfree(fp); 984 free(fp);
985 } else { 985 } else {
986 if (hash && (name = host_hash(name, NULL, 0)) == NULL) 986 if (hash && (name = host_hash(name, NULL, 0)) == NULL)
987 fatal("hash_host failed"); 987 fatal("hash_host failed");
@@ -1007,7 +1007,7 @@ do_known_hosts(struct passwd *pw, const char *name)
1007 if (strlcpy(identity_file, cp, sizeof(identity_file)) >= 1007 if (strlcpy(identity_file, cp, sizeof(identity_file)) >=
1008 sizeof(identity_file)) 1008 sizeof(identity_file))
1009 fatal("Specified known hosts path too long"); 1009 fatal("Specified known hosts path too long");
1010 xfree(cp); 1010 free(cp);
1011 have_identity = 1; 1011 have_identity = 1;
1012 } 1012 }
1013 if ((in = fopen(identity_file, "r")) == NULL) 1013 if ((in = fopen(identity_file, "r")) == NULL)
@@ -1238,7 +1238,7 @@ do_change_passphrase(struct passwd *pw)
1238 private = key_load_private(identity_file, old_passphrase, 1238 private = key_load_private(identity_file, old_passphrase,
1239 &comment); 1239 &comment);
1240 memset(old_passphrase, 0, strlen(old_passphrase)); 1240 memset(old_passphrase, 0, strlen(old_passphrase));
1241 xfree(old_passphrase); 1241 free(old_passphrase);
1242 if (private == NULL) { 1242 if (private == NULL) {
1243 printf("Bad passphrase.\n"); 1243 printf("Bad passphrase.\n");
1244 exit(1); 1244 exit(1);
@@ -1261,30 +1261,30 @@ do_change_passphrase(struct passwd *pw)
1261 if (strcmp(passphrase1, passphrase2) != 0) { 1261 if (strcmp(passphrase1, passphrase2) != 0) {
1262 memset(passphrase1, 0, strlen(passphrase1)); 1262 memset(passphrase1, 0, strlen(passphrase1));
1263 memset(passphrase2, 0, strlen(passphrase2)); 1263 memset(passphrase2, 0, strlen(passphrase2));
1264 xfree(passphrase1); 1264 free(passphrase1);
1265 xfree(passphrase2); 1265 free(passphrase2);
1266 printf("Pass phrases do not match. Try again.\n"); 1266 printf("Pass phrases do not match. Try again.\n");
1267 exit(1); 1267 exit(1);
1268 } 1268 }
1269 /* Destroy the other copy. */ 1269 /* Destroy the other copy. */
1270 memset(passphrase2, 0, strlen(passphrase2)); 1270 memset(passphrase2, 0, strlen(passphrase2));
1271 xfree(passphrase2); 1271 free(passphrase2);
1272 } 1272 }
1273 1273
1274 /* Save the file using the new passphrase. */ 1274 /* Save the file using the new passphrase. */
1275 if (!key_save_private(private, identity_file, passphrase1, comment)) { 1275 if (!key_save_private(private, identity_file, passphrase1, comment)) {
1276 printf("Saving the key failed: %s.\n", identity_file); 1276 printf("Saving the key failed: %s.\n", identity_file);
1277 memset(passphrase1, 0, strlen(passphrase1)); 1277 memset(passphrase1, 0, strlen(passphrase1));
1278 xfree(passphrase1); 1278 free(passphrase1);
1279 key_free(private); 1279 key_free(private);
1280 xfree(comment); 1280 free(comment);
1281 exit(1); 1281 exit(1);
1282 } 1282 }
1283 /* Destroy the passphrase and the copy of the key in memory. */ 1283 /* Destroy the passphrase and the copy of the key in memory. */
1284 memset(passphrase1, 0, strlen(passphrase1)); 1284 memset(passphrase1, 0, strlen(passphrase1));
1285 xfree(passphrase1); 1285 free(passphrase1);
1286 key_free(private); /* Destroys contents */ 1286 key_free(private); /* Destroys contents */
1287 xfree(comment); 1287 free(comment);
1288 1288
1289 printf("Your identification has been saved with the new passphrase.\n"); 1289 printf("Your identification has been saved with the new passphrase.\n");
1290 exit(0); 1290 exit(0);
@@ -1312,11 +1312,11 @@ do_print_resource_record(struct passwd *pw, char *fname, char *hname)
1312 if (public != NULL) { 1312 if (public != NULL) {
1313 export_dns_rr(hname, public, stdout, print_generic); 1313 export_dns_rr(hname, public, stdout, print_generic);
1314 key_free(public); 1314 key_free(public);
1315 xfree(comment); 1315 free(comment);
1316 return 1; 1316 return 1;
1317 } 1317 }
1318 if (comment) 1318 if (comment)
1319 xfree(comment); 1319 free(comment);
1320 1320
1321 printf("failed to read v2 public key from %s.\n", fname); 1321 printf("failed to read v2 public key from %s.\n", fname);
1322 exit(1); 1322 exit(1);
@@ -1354,7 +1354,7 @@ do_change_comment(struct passwd *pw)
1354 private = key_load_private(identity_file, passphrase, &comment); 1354 private = key_load_private(identity_file, passphrase, &comment);
1355 if (private == NULL) { 1355 if (private == NULL) {
1356 memset(passphrase, 0, strlen(passphrase)); 1356 memset(passphrase, 0, strlen(passphrase));
1357 xfree(passphrase); 1357 free(passphrase);
1358 printf("Bad passphrase.\n"); 1358 printf("Bad passphrase.\n");
1359 exit(1); 1359 exit(1);
1360 } 1360 }
@@ -1385,13 +1385,13 @@ do_change_comment(struct passwd *pw)
1385 if (!key_save_private(private, identity_file, passphrase, new_comment)) { 1385 if (!key_save_private(private, identity_file, passphrase, new_comment)) {
1386 printf("Saving the key failed: %s.\n", identity_file); 1386 printf("Saving the key failed: %s.\n", identity_file);
1387 memset(passphrase, 0, strlen(passphrase)); 1387 memset(passphrase, 0, strlen(passphrase));
1388 xfree(passphrase); 1388 free(passphrase);
1389 key_free(private); 1389 key_free(private);
1390 xfree(comment); 1390 free(comment);
1391 exit(1); 1391 exit(1);
1392 } 1392 }
1393 memset(passphrase, 0, strlen(passphrase)); 1393 memset(passphrase, 0, strlen(passphrase));
1394 xfree(passphrase); 1394 free(passphrase);
1395 public = key_from_private(private); 1395 public = key_from_private(private);
1396 key_free(private); 1396 key_free(private);
1397 1397
@@ -1412,7 +1412,7 @@ do_change_comment(struct passwd *pw)
1412 fprintf(f, " %s\n", new_comment); 1412 fprintf(f, " %s\n", new_comment);
1413 fclose(f); 1413 fclose(f);
1414 1414
1415 xfree(comment); 1415 free(comment);
1416 1416
1417 printf("The comment in your key file has been changed.\n"); 1417 printf("The comment in your key file has been changed.\n");
1418 exit(0); 1418 exit(0);
@@ -1529,7 +1529,7 @@ load_pkcs11_key(char *path)
1529 } 1529 }
1530 key_free(keys[i]); 1530 key_free(keys[i]);
1531 } 1531 }
1532 xfree(keys); 1532 free(keys);
1533 key_free(public); 1533 key_free(public);
1534 return private; 1534 return private;
1535#else 1535#else
@@ -1573,7 +1573,7 @@ do_ca_sign(struct passwd *pw, int argc, char **argv)
1573 fatal("No PKCS#11 key matching %s found", ca_key_path); 1573 fatal("No PKCS#11 key matching %s found", ca_key_path);
1574 } else if ((ca = load_identity(tmp)) == NULL) 1574 } else if ((ca = load_identity(tmp)) == NULL)
1575 fatal("Couldn't load CA key \"%s\"", tmp); 1575 fatal("Couldn't load CA key \"%s\"", tmp);
1576 xfree(tmp); 1576 free(tmp);
1577 1577
1578 for (i = 0; i < argc; i++) { 1578 for (i = 0; i < argc; i++) {
1579 /* Split list of principals */ 1579 /* Split list of principals */
@@ -1586,7 +1586,7 @@ do_ca_sign(struct passwd *pw, int argc, char **argv)
1586 if (*(plist[n] = xstrdup(cp)) == '\0') 1586 if (*(plist[n] = xstrdup(cp)) == '\0')
1587 fatal("Empty principal name"); 1587 fatal("Empty principal name");
1588 } 1588 }
1589 xfree(otmp); 1589 free(otmp);
1590 } 1590 }
1591 1591
1592 tmp = tilde_expand_filename(argv[i], pw->pw_uid); 1592 tmp = tilde_expand_filename(argv[i], pw->pw_uid);
@@ -1624,7 +1624,7 @@ do_ca_sign(struct passwd *pw, int argc, char **argv)
1624 if ((cp = strrchr(tmp, '.')) != NULL && strcmp(cp, ".pub") == 0) 1624 if ((cp = strrchr(tmp, '.')) != NULL && strcmp(cp, ".pub") == 0)
1625 *cp = '\0'; 1625 *cp = '\0';
1626 xasprintf(&out, "%s-cert.pub", tmp); 1626 xasprintf(&out, "%s-cert.pub", tmp);
1627 xfree(tmp); 1627 free(tmp);
1628 1628
1629 if ((fd = open(out, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1) 1629 if ((fd = open(out, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1)
1630 fatal("Could not open \"%s\" for writing: %s", out, 1630 fatal("Could not open \"%s\" for writing: %s", out,
@@ -1647,7 +1647,7 @@ do_ca_sign(struct passwd *pw, int argc, char **argv)
1647 } 1647 }
1648 1648
1649 key_free(public); 1649 key_free(public);
1650 xfree(out); 1650 free(out);
1651 } 1651 }
1652 pkcs11_terminate(); 1652 pkcs11_terminate();
1653 exit(0); 1653 exit(0);
@@ -1744,7 +1744,7 @@ parse_cert_times(char *timespec)
1744 1744
1745 if (cert_valid_to <= cert_valid_from) 1745 if (cert_valid_to <= cert_valid_from)
1746 fatal("Empty certificate validity interval"); 1746 fatal("Empty certificate validity interval");
1747 xfree(from); 1747 free(from);
1748} 1748}
1749 1749
1750static void 1750static void
@@ -1822,13 +1822,13 @@ show_options(const Buffer *optbuf, int v00, int in_critical)
1822 strcmp(name, "source-address") == 0)) { 1822 strcmp(name, "source-address") == 0)) {
1823 data = buffer_get_string(&option, NULL); 1823 data = buffer_get_string(&option, NULL);
1824 printf(" %s\n", data); 1824 printf(" %s\n", data);
1825 xfree(data); 1825 free(data);
1826 } else { 1826 } else {
1827 printf(" UNKNOWN OPTION (len %u)\n", 1827 printf(" UNKNOWN OPTION (len %u)\n",
1828 buffer_len(&option)); 1828 buffer_len(&option));
1829 buffer_clear(&option); 1829 buffer_clear(&option);
1830 } 1830 }
1831 xfree(name); 1831 free(name);
1832 if (buffer_len(&option) != 0) 1832 if (buffer_len(&option) != 0)
1833 fatal("Option corrupt: extra data at end"); 1833 fatal("Option corrupt: extra data at end");
1834 } 1834 }
@@ -2064,7 +2064,7 @@ do_gen_krl(struct passwd *pw, int updating, int argc, char **argv)
2064 tmp = tilde_expand_filename(ca_key_path, pw->pw_uid); 2064 tmp = tilde_expand_filename(ca_key_path, pw->pw_uid);
2065 if ((ca = key_load_public(tmp, NULL)) == NULL) 2065 if ((ca = key_load_public(tmp, NULL)) == NULL)
2066 fatal("Cannot load CA public key %s", tmp); 2066 fatal("Cannot load CA public key %s", tmp);
2067 xfree(tmp); 2067 free(tmp);
2068 } 2068 }
2069 2069
2070 if (updating) 2070 if (updating)
@@ -2602,14 +2602,14 @@ passphrase_again:
2602 */ 2602 */
2603 memset(passphrase1, 0, strlen(passphrase1)); 2603 memset(passphrase1, 0, strlen(passphrase1));
2604 memset(passphrase2, 0, strlen(passphrase2)); 2604 memset(passphrase2, 0, strlen(passphrase2));
2605 xfree(passphrase1); 2605 free(passphrase1);
2606 xfree(passphrase2); 2606 free(passphrase2);
2607 printf("Passphrases do not match. Try again.\n"); 2607 printf("Passphrases do not match. Try again.\n");
2608 goto passphrase_again; 2608 goto passphrase_again;
2609 } 2609 }
2610 /* Clear the other copy of the passphrase. */ 2610 /* Clear the other copy of the passphrase. */
2611 memset(passphrase2, 0, strlen(passphrase2)); 2611 memset(passphrase2, 0, strlen(passphrase2));
2612 xfree(passphrase2); 2612 free(passphrase2);
2613 } 2613 }
2614 2614
2615 if (identity_comment) { 2615 if (identity_comment) {
@@ -2623,12 +2623,12 @@ passphrase_again:
2623 if (!key_save_private(private, identity_file, passphrase1, comment)) { 2623 if (!key_save_private(private, identity_file, passphrase1, comment)) {
2624 printf("Saving the key failed: %s.\n", identity_file); 2624 printf("Saving the key failed: %s.\n", identity_file);
2625 memset(passphrase1, 0, strlen(passphrase1)); 2625 memset(passphrase1, 0, strlen(passphrase1));
2626 xfree(passphrase1); 2626 free(passphrase1);
2627 exit(1); 2627 exit(1);
2628 } 2628 }
2629 /* Clear the passphrase. */ 2629 /* Clear the passphrase. */
2630 memset(passphrase1, 0, strlen(passphrase1)); 2630 memset(passphrase1, 0, strlen(passphrase1));
2631 xfree(passphrase1); 2631 free(passphrase1);
2632 2632
2633 /* Clear the private key and the random number generator. */ 2633 /* Clear the private key and the random number generator. */
2634 key_free(private); 2634 key_free(private);
@@ -2663,8 +2663,8 @@ passphrase_again:
2663 printf("%s %s\n", fp, comment); 2663 printf("%s %s\n", fp, comment);
2664 printf("The key's randomart image is:\n"); 2664 printf("The key's randomart image is:\n");
2665 printf("%s\n", ra); 2665 printf("%s\n", ra);
2666 xfree(ra); 2666 free(ra);
2667 xfree(fp); 2667 free(fp);
2668 } 2668 }
2669 2669
2670 key_free(public); 2670 key_free(public);
diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index c9de130f4..8b807c10a 100644
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-keyscan.c,v 1.86 2012/04/11 13:34:17 djm Exp $ */ 1/* $OpenBSD: ssh-keyscan.c,v 1.87 2013/05/17 00:13:14 djm Exp $ */
2/* 2/*
3 * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. 3 * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
4 * 4 *
@@ -263,7 +263,7 @@ keygrab_ssh2(con *c)
263 exit(1); 263 exit(1);
264 } 264 }
265 nonfatal_fatal = 0; 265 nonfatal_fatal = 0;
266 xfree(c->c_kex); 266 free(c->c_kex);
267 c->c_kex = NULL; 267 c->c_kex = NULL;
268 packet_close(); 268 packet_close();
269 269
@@ -329,7 +329,7 @@ conalloc(char *iname, char *oname, int keytype)
329 do { 329 do {
330 name = xstrsep(&namelist, ","); 330 name = xstrsep(&namelist, ",");
331 if (!name) { 331 if (!name) {
332 xfree(namebase); 332 free(namebase);
333 return (-1); 333 return (-1);
334 } 334 }
335 } while ((s = tcpconnect(name)) < 0); 335 } while ((s = tcpconnect(name)) < 0);
@@ -363,10 +363,10 @@ confree(int s)
363 if (s >= maxfd || fdcon[s].c_status == CS_UNUSED) 363 if (s >= maxfd || fdcon[s].c_status == CS_UNUSED)
364 fatal("confree: attempt to free bad fdno %d", s); 364 fatal("confree: attempt to free bad fdno %d", s);
365 close(s); 365 close(s);
366 xfree(fdcon[s].c_namebase); 366 free(fdcon[s].c_namebase);
367 xfree(fdcon[s].c_output_name); 367 free(fdcon[s].c_output_name);
368 if (fdcon[s].c_status == CS_KEYS) 368 if (fdcon[s].c_status == CS_KEYS)
369 xfree(fdcon[s].c_data); 369 free(fdcon[s].c_data);
370 fdcon[s].c_status = CS_UNUSED; 370 fdcon[s].c_status = CS_UNUSED;
371 fdcon[s].c_keytype = 0; 371 fdcon[s].c_keytype = 0;
372 TAILQ_REMOVE(&tq, &fdcon[s], c_link); 372 TAILQ_REMOVE(&tq, &fdcon[s], c_link);
@@ -553,8 +553,8 @@ conloop(void)
553 } else if (FD_ISSET(i, r)) 553 } else if (FD_ISSET(i, r))
554 conread(i); 554 conread(i);
555 } 555 }
556 xfree(r); 556 free(r);
557 xfree(e); 557 free(e);
558 558
559 c = TAILQ_FIRST(&tq); 559 c = TAILQ_FIRST(&tq);
560 while (c && (c->c_tv.tv_sec < now.tv_sec || 560 while (c && (c->c_tv.tv_sec < now.tv_sec ||
diff --git a/ssh-keysign.c b/ssh-keysign.c
index 1deb7e141..9a6653c7c 100644
--- a/ssh-keysign.c
+++ b/ssh-keysign.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-keysign.c,v 1.36 2011/02/16 00:31:14 djm Exp $ */ 1/* $OpenBSD: ssh-keysign.c,v 1.37 2013/05/17 00:13:14 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2002 Markus Friedl. All rights reserved. 3 * Copyright (c) 2002 Markus Friedl. All rights reserved.
4 * 4 *
@@ -78,7 +78,7 @@ valid_request(struct passwd *pw, char *host, Key **ret, u_char *data,
78 p = buffer_get_string(&b, &len); 78 p = buffer_get_string(&b, &len);
79 if (len != 20 && len != 32) 79 if (len != 20 && len != 32)
80 fail++; 80 fail++;
81 xfree(p); 81 free(p);
82 82
83 if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) 83 if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
84 fail++; 84 fail++;
@@ -90,13 +90,13 @@ valid_request(struct passwd *pw, char *host, Key **ret, u_char *data,
90 p = buffer_get_string(&b, NULL); 90 p = buffer_get_string(&b, NULL);
91 if (strcmp("ssh-connection", p) != 0) 91 if (strcmp("ssh-connection", p) != 0)
92 fail++; 92 fail++;
93 xfree(p); 93 free(p);
94 94
95 /* method */ 95 /* method */
96 p = buffer_get_string(&b, NULL); 96 p = buffer_get_string(&b, NULL);
97 if (strcmp("hostbased", p) != 0) 97 if (strcmp("hostbased", p) != 0)
98 fail++; 98 fail++;
99 xfree(p); 99 free(p);
100 100
101 /* pubkey */ 101 /* pubkey */
102 pkalg = buffer_get_string(&b, NULL); 102 pkalg = buffer_get_string(&b, NULL);
@@ -109,8 +109,8 @@ valid_request(struct passwd *pw, char *host, Key **ret, u_char *data,
109 fail++; 109 fail++;
110 else if (key->type != pktype) 110 else if (key->type != pktype)
111 fail++; 111 fail++;
112 xfree(pkalg); 112 free(pkalg);
113 xfree(pkblob); 113 free(pkblob);
114 114
115 /* client host name, handle trailing dot */ 115 /* client host name, handle trailing dot */
116 p = buffer_get_string(&b, &len); 116 p = buffer_get_string(&b, &len);
@@ -121,14 +121,14 @@ valid_request(struct passwd *pw, char *host, Key **ret, u_char *data,
121 fail++; 121 fail++;
122 else if (strncasecmp(host, p, len - 1) != 0) 122 else if (strncasecmp(host, p, len - 1) != 0)
123 fail++; 123 fail++;
124 xfree(p); 124 free(p);
125 125
126 /* local user */ 126 /* local user */
127 p = buffer_get_string(&b, NULL); 127 p = buffer_get_string(&b, NULL);
128 128
129 if (strcmp(pw->pw_name, p) != 0) 129 if (strcmp(pw->pw_name, p) != 0)
130 fail++; 130 fail++;
131 xfree(p); 131 free(p);
132 132
133 /* end of message */ 133 /* end of message */
134 if (buffer_len(&b) != 0) 134 if (buffer_len(&b) != 0)
@@ -233,7 +233,7 @@ main(int argc, char **argv)
233 data = buffer_get_string(&b, &dlen); 233 data = buffer_get_string(&b, &dlen);
234 if (valid_request(pw, host, &key, data, dlen) < 0) 234 if (valid_request(pw, host, &key, data, dlen) < 0)
235 fatal("not a valid request"); 235 fatal("not a valid request");
236 xfree(host); 236 free(host);
237 237
238 found = 0; 238 found = 0;
239 for (i = 0; i < NUM_KEYTYPES; i++) { 239 for (i = 0; i < NUM_KEYTYPES; i++) {
@@ -248,7 +248,7 @@ main(int argc, char **argv)
248 248
249 if (key_sign(keys[i], &signature, &slen, data, dlen) != 0) 249 if (key_sign(keys[i], &signature, &slen, data, dlen) != 0)
250 fatal("key_sign failed"); 250 fatal("key_sign failed");
251 xfree(data); 251 free(data);
252 252
253 /* send reply */ 253 /* send reply */
254 buffer_clear(&b); 254 buffer_clear(&b);
diff --git a/ssh-pkcs11-client.c b/ssh-pkcs11-client.c
index 82b11daf5..6c9f9d2c1 100644
--- a/ssh-pkcs11-client.c
+++ b/ssh-pkcs11-client.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-pkcs11-client.c,v 1.3 2012/01/16 20:34:09 miod Exp $ */ 1/* $OpenBSD: ssh-pkcs11-client.c,v 1.4 2013/05/17 00:13:14 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2010 Markus Friedl. All rights reserved. 3 * Copyright (c) 2010 Markus Friedl. All rights reserved.
4 * 4 *
@@ -121,7 +121,7 @@ pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa,
121 buffer_put_string(&msg, blob, blen); 121 buffer_put_string(&msg, blob, blen);
122 buffer_put_string(&msg, from, flen); 122 buffer_put_string(&msg, from, flen);
123 buffer_put_int(&msg, 0); 123 buffer_put_int(&msg, 0);
124 xfree(blob); 124 free(blob);
125 send_msg(&msg); 125 send_msg(&msg);
126 buffer_clear(&msg); 126 buffer_clear(&msg);
127 127
@@ -131,7 +131,7 @@ pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa,
131 memcpy(to, signature, slen); 131 memcpy(to, signature, slen);
132 ret = slen; 132 ret = slen;
133 } 133 }
134 xfree(signature); 134 free(signature);
135 } 135 }
136 buffer_free(&msg); 136 buffer_free(&msg);
137 return (ret); 137 return (ret);
@@ -205,11 +205,11 @@ pkcs11_add_provider(char *name, char *pin, Key ***keysp)
205 *keysp = xcalloc(nkeys, sizeof(Key *)); 205 *keysp = xcalloc(nkeys, sizeof(Key *));
206 for (i = 0; i < nkeys; i++) { 206 for (i = 0; i < nkeys; i++) {
207 blob = buffer_get_string(&msg, &blen); 207 blob = buffer_get_string(&msg, &blen);
208 xfree(buffer_get_string(&msg, NULL)); 208 free(buffer_get_string(&msg, NULL));
209 k = key_from_blob(blob, blen); 209 k = key_from_blob(blob, blen);
210 wrap_key(k->rsa); 210 wrap_key(k->rsa);
211 (*keysp)[i] = k; 211 (*keysp)[i] = k;
212 xfree(blob); 212 free(blob);
213 } 213 }
214 } else { 214 } else {
215 nkeys = -1; 215 nkeys = -1;
diff --git a/ssh-pkcs11-helper.c b/ssh-pkcs11-helper.c
index 5c09f1221..39b2e7c56 100644
--- a/ssh-pkcs11-helper.c
+++ b/ssh-pkcs11-helper.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-pkcs11-helper.c,v 1.5 2013/05/10 10:13:50 dtucker Exp $ */ 1/* $OpenBSD: ssh-pkcs11-helper.c,v 1.6 2013/05/17 00:13:14 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2010 Markus Friedl. All rights reserved. 3 * Copyright (c) 2010 Markus Friedl. All rights reserved.
4 * 4 *
@@ -79,7 +79,7 @@ del_keys_by_name(char *name)
79 nxt = TAILQ_NEXT(ki, next); 79 nxt = TAILQ_NEXT(ki, next);
80 if (!strcmp(ki->providername, name)) { 80 if (!strcmp(ki->providername, name)) {
81 TAILQ_REMOVE(&pkcs11_keylist, ki, next); 81 TAILQ_REMOVE(&pkcs11_keylist, ki, next);
82 xfree(ki->providername); 82 free(ki->providername);
83 key_free(ki->key); 83 key_free(ki->key);
84 free(ki); 84 free(ki);
85 } 85 }
@@ -130,15 +130,15 @@ process_add(void)
130 key_to_blob(keys[i], &blob, &blen); 130 key_to_blob(keys[i], &blob, &blen);
131 buffer_put_string(&msg, blob, blen); 131 buffer_put_string(&msg, blob, blen);
132 buffer_put_cstring(&msg, name); 132 buffer_put_cstring(&msg, name);
133 xfree(blob); 133 free(blob);
134 add_key(keys[i], name); 134 add_key(keys[i], name);
135 } 135 }
136 xfree(keys); 136 free(keys);
137 } else { 137 } else {
138 buffer_put_char(&msg, SSH_AGENT_FAILURE); 138 buffer_put_char(&msg, SSH_AGENT_FAILURE);
139 } 139 }
140 xfree(pin); 140 free(pin);
141 xfree(name); 141 free(name);
142 send_msg(&msg); 142 send_msg(&msg);
143 buffer_free(&msg); 143 buffer_free(&msg);
144} 144}
@@ -157,8 +157,8 @@ process_del(void)
157 buffer_put_char(&msg, SSH_AGENT_SUCCESS); 157 buffer_put_char(&msg, SSH_AGENT_SUCCESS);
158 else 158 else
159 buffer_put_char(&msg, SSH_AGENT_FAILURE); 159 buffer_put_char(&msg, SSH_AGENT_FAILURE);
160 xfree(pin); 160 free(pin);
161 xfree(name); 161 free(name);
162 send_msg(&msg); 162 send_msg(&msg);
163 buffer_free(&msg); 163 buffer_free(&msg);
164} 164}
@@ -195,10 +195,9 @@ process_sign(void)
195 } else { 195 } else {
196 buffer_put_char(&msg, SSH_AGENT_FAILURE); 196 buffer_put_char(&msg, SSH_AGENT_FAILURE);
197 } 197 }
198 xfree(data); 198 free(data);
199 xfree(blob); 199 free(blob);
200 if (signature != NULL) 200 free(signature);
201 xfree(signature);
202 send_msg(&msg); 201 send_msg(&msg);
203 buffer_free(&msg); 202 buffer_free(&msg);
204} 203}
diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c
index 1f4c1c8e4..a17326baa 100644
--- a/ssh-pkcs11.c
+++ b/ssh-pkcs11.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-pkcs11.c,v 1.6 2010/06/08 21:32:19 markus Exp $ */ 1/* $OpenBSD: ssh-pkcs11.c,v 1.7 2013/05/17 00:13:14 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2010 Markus Friedl. All rights reserved. 3 * Copyright (c) 2010 Markus Friedl. All rights reserved.
4 * 4 *
@@ -120,9 +120,9 @@ pkcs11_provider_unref(struct pkcs11_provider *p)
120 if (--p->refcount <= 0) { 120 if (--p->refcount <= 0) {
121 if (p->valid) 121 if (p->valid)
122 error("pkcs11_provider_unref: %p still valid", p); 122 error("pkcs11_provider_unref: %p still valid", p);
123 xfree(p->slotlist); 123 free(p->slotlist);
124 xfree(p->slotinfo); 124 free(p->slotinfo);
125 xfree(p); 125 free(p);
126 } 126 }
127} 127}
128 128
@@ -180,9 +180,8 @@ pkcs11_rsa_finish(RSA *rsa)
180 rv = k11->orig_finish(rsa); 180 rv = k11->orig_finish(rsa);
181 if (k11->provider) 181 if (k11->provider)
182 pkcs11_provider_unref(k11->provider); 182 pkcs11_provider_unref(k11->provider);
183 if (k11->keyid) 183 free(k11->keyid);
184 xfree(k11->keyid); 184 free(k11);
185 xfree(k11);
186 } 185 }
187 return (rv); 186 return (rv);
188} 187}
@@ -266,11 +265,11 @@ pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa,
266 return (-1); /* bail out */ 265 return (-1); /* bail out */
267 if ((rv = f->C_Login(si->session, CKU_USER, pin, strlen(pin))) 266 if ((rv = f->C_Login(si->session, CKU_USER, pin, strlen(pin)))
268 != CKR_OK) { 267 != CKR_OK) {
269 xfree(pin); 268 free(pin);
270 error("C_Login failed: %lu", rv); 269 error("C_Login failed: %lu", rv);
271 return (-1); 270 return (-1);
272 } 271 }
273 xfree(pin); 272 free(pin);
274 si->logged_in = 1; 273 si->logged_in = 1;
275 } 274 }
276 key_filter[1].pValue = k11->keyid; 275 key_filter[1].pValue = k11->keyid;
@@ -470,7 +469,7 @@ pkcs11_fetch_keys(struct pkcs11_provider *p, CK_ULONG slotidx, Key ***keysp,
470 } 469 }
471 } 470 }
472 for (i = 0; i < 3; i++) 471 for (i = 0; i < 3; i++)
473 xfree(attribs[i].pValue); 472 free(attribs[i].pValue);
474 } 473 }
475 if ((rv = f->C_FindObjectsFinal(session)) != CKR_OK) 474 if ((rv = f->C_FindObjectsFinal(session)) != CKR_OK)
476 error("C_FindObjectsFinal failed: %lu", rv); 475 error("C_FindObjectsFinal failed: %lu", rv);
@@ -579,11 +578,9 @@ fail:
579 if (need_finalize && (rv = f->C_Finalize(NULL)) != CKR_OK) 578 if (need_finalize && (rv = f->C_Finalize(NULL)) != CKR_OK)
580 error("C_Finalize failed: %lu", rv); 579 error("C_Finalize failed: %lu", rv);
581 if (p) { 580 if (p) {
582 if (p->slotlist) 581 free(p->slotlist);
583 xfree(p->slotlist); 582 free(p->slotinfo);
584 if (p->slotinfo) 583 free(p);
585 xfree(p->slotinfo);
586 xfree(p);
587 } 584 }
588 if (handle) 585 if (handle)
589 dlclose(handle); 586 dlclose(handle);
diff --git a/ssh-rsa.c b/ssh-rsa.c
index c6355fa09..30f96abc2 100644
--- a/ssh-rsa.c
+++ b/ssh-rsa.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-rsa.c,v 1.45 2010/08/31 09:58:37 djm Exp $ */ 1/* $OpenBSD: ssh-rsa.c,v 1.46 2013/05/17 00:13:14 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000, 2003 Markus Friedl <markus@openbsd.org> 3 * Copyright (c) 2000, 2003 Markus Friedl <markus@openbsd.org>
4 * 4 *
@@ -72,7 +72,7 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp,
72 72
73 error("ssh_rsa_sign: RSA_sign failed: %s", 73 error("ssh_rsa_sign: RSA_sign failed: %s",
74 ERR_error_string(ecode, NULL)); 74 ERR_error_string(ecode, NULL));
75 xfree(sig); 75 free(sig);
76 return -1; 76 return -1;
77 } 77 }
78 if (len < slen) { 78 if (len < slen) {
@@ -82,7 +82,7 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp,
82 memset(sig, 0, diff); 82 memset(sig, 0, diff);
83 } else if (len > slen) { 83 } else if (len > slen) {
84 error("ssh_rsa_sign: slen %u slen2 %u", slen, len); 84 error("ssh_rsa_sign: slen %u slen2 %u", slen, len);
85 xfree(sig); 85 free(sig);
86 return -1; 86 return -1;
87 } 87 }
88 /* encode signature */ 88 /* encode signature */
@@ -98,7 +98,7 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp,
98 } 98 }
99 buffer_free(&b); 99 buffer_free(&b);
100 memset(sig, 's', slen); 100 memset(sig, 's', slen);
101 xfree(sig); 101 free(sig);
102 102
103 return 0; 103 return 0;
104} 104}
@@ -131,23 +131,23 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen,
131 if (strcmp("ssh-rsa", ktype) != 0) { 131 if (strcmp("ssh-rsa", ktype) != 0) {
132 error("ssh_rsa_verify: cannot handle type %s", ktype); 132 error("ssh_rsa_verify: cannot handle type %s", ktype);
133 buffer_free(&b); 133 buffer_free(&b);
134 xfree(ktype); 134 free(ktype);
135 return -1; 135 return -1;
136 } 136 }
137 xfree(ktype); 137 free(ktype);
138 sigblob = buffer_get_string(&b, &len); 138 sigblob = buffer_get_string(&b, &len);
139 rlen = buffer_len(&b); 139 rlen = buffer_len(&b);
140 buffer_free(&b); 140 buffer_free(&b);
141 if (rlen != 0) { 141 if (rlen != 0) {
142 error("ssh_rsa_verify: remaining bytes in signature %d", rlen); 142 error("ssh_rsa_verify: remaining bytes in signature %d", rlen);
143 xfree(sigblob); 143 free(sigblob);
144 return -1; 144 return -1;
145 } 145 }
146 /* RSA_verify expects a signature of RSA_size */ 146 /* RSA_verify expects a signature of RSA_size */
147 modlen = RSA_size(key->rsa); 147 modlen = RSA_size(key->rsa);
148 if (len > modlen) { 148 if (len > modlen) {
149 error("ssh_rsa_verify: len %u > modlen %u", len, modlen); 149 error("ssh_rsa_verify: len %u > modlen %u", len, modlen);
150 xfree(sigblob); 150 free(sigblob);
151 return -1; 151 return -1;
152 } else if (len < modlen) { 152 } else if (len < modlen) {
153 u_int diff = modlen - len; 153 u_int diff = modlen - len;
@@ -161,7 +161,7 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen,
161 nid = (datafellows & SSH_BUG_RSASIGMD5) ? NID_md5 : NID_sha1; 161 nid = (datafellows & SSH_BUG_RSASIGMD5) ? NID_md5 : NID_sha1;
162 if ((evp_md = EVP_get_digestbynid(nid)) == NULL) { 162 if ((evp_md = EVP_get_digestbynid(nid)) == NULL) {
163 error("ssh_rsa_verify: EVP_get_digestbynid %d failed", nid); 163 error("ssh_rsa_verify: EVP_get_digestbynid %d failed", nid);
164 xfree(sigblob); 164 free(sigblob);
165 return -1; 165 return -1;
166 } 166 }
167 EVP_DigestInit(&md, evp_md); 167 EVP_DigestInit(&md, evp_md);
@@ -171,7 +171,7 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen,
171 ret = openssh_RSA_verify(nid, digest, dlen, sigblob, len, key->rsa); 171 ret = openssh_RSA_verify(nid, digest, dlen, sigblob, len, key->rsa);
172 memset(digest, 'd', sizeof(digest)); 172 memset(digest, 'd', sizeof(digest));
173 memset(sigblob, 's', len); 173 memset(sigblob, 's', len);
174 xfree(sigblob); 174 free(sigblob);
175 debug("ssh_rsa_verify: signature %scorrect", (ret==0) ? "in" : ""); 175 debug("ssh_rsa_verify: signature %scorrect", (ret==0) ? "in" : "");
176 return ret; 176 return ret;
177} 177}
@@ -262,7 +262,6 @@ openssh_RSA_verify(int type, u_char *hash, u_int hashlen,
262 } 262 }
263 ret = 1; 263 ret = 1;
264done: 264done:
265 if (decrypted) 265 free(decrypted);
266 xfree(decrypted);
267 return ret; 266 return ret;
268} 267}
diff --git a/ssh.c b/ssh.c
index 534e7c6cf..0e96c9219 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh.c,v 1.377 2013/04/19 11:10:18 djm Exp $ */ 1/* $OpenBSD: ssh.c,v 1.378 2013/05/17 00:13:14 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -226,7 +226,7 @@ tilde_expand_paths(char **paths, u_int num_paths)
226 226
227 for (i = 0; i < num_paths; i++) { 227 for (i = 0; i < num_paths; i++) {
228 cp = tilde_expand_filename(paths[i], original_real_uid); 228 cp = tilde_expand_filename(paths[i], original_real_uid);
229 xfree(paths[i]); 229 free(paths[i]);
230 paths[i] = cp; 230 paths[i] = cp;
231 } 231 }
232} 232}
@@ -473,7 +473,7 @@ main(int ac, char **av)
473 if (parse_forward(&fwd, optarg, 1, 0)) { 473 if (parse_forward(&fwd, optarg, 1, 0)) {
474 stdio_forward_host = fwd.listen_host; 474 stdio_forward_host = fwd.listen_host;
475 stdio_forward_port = fwd.listen_port; 475 stdio_forward_port = fwd.listen_port;
476 xfree(fwd.connect_host); 476 free(fwd.connect_host);
477 } else { 477 } else {
478 fprintf(stderr, 478 fprintf(stderr,
479 "Bad stdio forwarding specification '%s'\n", 479 "Bad stdio forwarding specification '%s'\n",
@@ -601,7 +601,7 @@ main(int ac, char **av)
601 line, "command-line", 0, &dummy, SSHCONF_USERCONF) 601 line, "command-line", 0, &dummy, SSHCONF_USERCONF)
602 != 0) 602 != 0)
603 exit(255); 603 exit(255);
604 xfree(line); 604 free(line);
605 break; 605 break;
606 case 's': 606 case 's':
607 subsystem_flag = 1; 607 subsystem_flag = 1;
@@ -688,7 +688,7 @@ main(int ac, char **av)
688 fatal("Can't specify both -y and -E"); 688 fatal("Can't specify both -y and -E");
689 if (logfile != NULL) { 689 if (logfile != NULL) {
690 log_redirect_stderr_to(logfile); 690 log_redirect_stderr_to(logfile);
691 xfree(logfile); 691 free(logfile);
692 } 692 }
693 log_init(argv0, 693 log_init(argv0,
694 options.log_level == -1 ? SYSLOG_LEVEL_INFO : options.log_level, 694 options.log_level == -1 ? SYSLOG_LEVEL_INFO : options.log_level,
@@ -778,7 +778,7 @@ main(int ac, char **av)
778 "p", portstr, "u", pw->pw_name, "L", shorthost, 778 "p", portstr, "u", pw->pw_name, "L", shorthost,
779 (char *)NULL); 779 (char *)NULL);
780 debug3("expanded LocalCommand: %s", options.local_command); 780 debug3("expanded LocalCommand: %s", options.local_command);
781 xfree(cp); 781 free(cp);
782 } 782 }
783 783
784 /* force lowercase for hostkey matching */ 784 /* force lowercase for hostkey matching */
@@ -790,24 +790,24 @@ main(int ac, char **av)
790 790
791 if (options.proxy_command != NULL && 791 if (options.proxy_command != NULL &&
792 strcmp(options.proxy_command, "none") == 0) { 792 strcmp(options.proxy_command, "none") == 0) {
793 xfree(options.proxy_command); 793 free(options.proxy_command);
794 options.proxy_command = NULL; 794 options.proxy_command = NULL;
795 } 795 }
796 if (options.control_path != NULL && 796 if (options.control_path != NULL &&
797 strcmp(options.control_path, "none") == 0) { 797 strcmp(options.control_path, "none") == 0) {
798 xfree(options.control_path); 798 free(options.control_path);
799 options.control_path = NULL; 799 options.control_path = NULL;
800 } 800 }
801 801
802 if (options.control_path != NULL) { 802 if (options.control_path != NULL) {
803 cp = tilde_expand_filename(options.control_path, 803 cp = tilde_expand_filename(options.control_path,
804 original_real_uid); 804 original_real_uid);
805 xfree(options.control_path); 805 free(options.control_path);
806 options.control_path = percent_expand(cp, "h", host, 806 options.control_path = percent_expand(cp, "h", host,
807 "l", thishost, "n", host_arg, "r", options.user, 807 "l", thishost, "n", host_arg, "r", options.user,
808 "p", portstr, "u", pw->pw_name, "L", shorthost, 808 "p", portstr, "u", pw->pw_name, "L", shorthost,
809 (char *)NULL); 809 (char *)NULL);
810 xfree(cp); 810 free(cp);
811 } 811 }
812 if (muxclient_command != 0 && options.control_path == NULL) 812 if (muxclient_command != 0 && options.control_path == NULL)
813 fatal("No ControlPath specified for \"-O\" command"); 813 fatal("No ControlPath specified for \"-O\" command");
@@ -958,13 +958,11 @@ main(int ac, char **av)
958 sensitive_data.keys[i] = NULL; 958 sensitive_data.keys[i] = NULL;
959 } 959 }
960 } 960 }
961 xfree(sensitive_data.keys); 961 free(sensitive_data.keys);
962 } 962 }
963 for (i = 0; i < options.num_identity_files; i++) { 963 for (i = 0; i < options.num_identity_files; i++) {
964 if (options.identity_files[i]) { 964 free(options.identity_files[i]);
965 xfree(options.identity_files[i]); 965 options.identity_files[i] = NULL;
966 options.identity_files[i] = NULL;
967 }
968 if (options.identity_keys[i]) { 966 if (options.identity_keys[i]) {
969 key_free(options.identity_keys[i]); 967 key_free(options.identity_keys[i]);
970 options.identity_keys[i] = NULL; 968 options.identity_keys[i] = NULL;
@@ -1554,7 +1552,7 @@ load_public_identity_files(void)
1554 xstrdup(options.pkcs11_provider); /* XXX */ 1552 xstrdup(options.pkcs11_provider); /* XXX */
1555 n_ids++; 1553 n_ids++;
1556 } 1554 }
1557 xfree(keys); 1555 free(keys);
1558 } 1556 }
1559#endif /* ENABLE_PKCS11 */ 1557#endif /* ENABLE_PKCS11 */
1560 if ((pw = getpwuid(original_real_uid)) == NULL) 1558 if ((pw = getpwuid(original_real_uid)) == NULL)
@@ -1567,7 +1565,7 @@ load_public_identity_files(void)
1567 for (i = 0; i < options.num_identity_files; i++) { 1565 for (i = 0; i < options.num_identity_files; i++) {
1568 if (n_ids >= SSH_MAX_IDENTITY_FILES || 1566 if (n_ids >= SSH_MAX_IDENTITY_FILES ||
1569 strcasecmp(options.identity_files[i], "none") == 0) { 1567 strcasecmp(options.identity_files[i], "none") == 0) {
1570 xfree(options.identity_files[i]); 1568 free(options.identity_files[i]);
1571 continue; 1569 continue;
1572 } 1570 }
1573 cp = tilde_expand_filename(options.identity_files[i], 1571 cp = tilde_expand_filename(options.identity_files[i],
@@ -1575,11 +1573,11 @@ load_public_identity_files(void)
1575 filename = percent_expand(cp, "d", pwdir, 1573 filename = percent_expand(cp, "d", pwdir,
1576 "u", pwname, "l", thishost, "h", host, 1574 "u", pwname, "l", thishost, "h", host,
1577 "r", options.user, (char *)NULL); 1575 "r", options.user, (char *)NULL);
1578 xfree(cp); 1576 free(cp);
1579 public = key_load_public(filename, NULL); 1577 public = key_load_public(filename, NULL);
1580 debug("identity file %s type %d", filename, 1578 debug("identity file %s type %d", filename,
1581 public ? public->type : -1); 1579 public ? public->type : -1);
1582 xfree(options.identity_files[i]); 1580 free(options.identity_files[i]);
1583 identity_files[n_ids] = filename; 1581 identity_files[n_ids] = filename;
1584 identity_keys[n_ids] = public; 1582 identity_keys[n_ids] = public;
1585 1583
@@ -1592,14 +1590,14 @@ load_public_identity_files(void)
1592 debug("identity file %s type %d", cp, 1590 debug("identity file %s type %d", cp,
1593 public ? public->type : -1); 1591 public ? public->type : -1);
1594 if (public == NULL) { 1592 if (public == NULL) {
1595 xfree(cp); 1593 free(cp);
1596 continue; 1594 continue;
1597 } 1595 }
1598 if (!key_is_cert(public)) { 1596 if (!key_is_cert(public)) {
1599 debug("%s: key %s type %s is not a certificate", 1597 debug("%s: key %s type %s is not a certificate",
1600 __func__, cp, key_type(public)); 1598 __func__, cp, key_type(public));
1601 key_free(public); 1599 key_free(public);
1602 xfree(cp); 1600 free(cp);
1603 continue; 1601 continue;
1604 } 1602 }
1605 identity_keys[n_ids] = public; 1603 identity_keys[n_ids] = public;
@@ -1612,9 +1610,9 @@ load_public_identity_files(void)
1612 memcpy(options.identity_keys, identity_keys, sizeof(identity_keys)); 1610 memcpy(options.identity_keys, identity_keys, sizeof(identity_keys));
1613 1611
1614 bzero(pwname, strlen(pwname)); 1612 bzero(pwname, strlen(pwname));
1615 xfree(pwname); 1613 free(pwname);
1616 bzero(pwdir, strlen(pwdir)); 1614 bzero(pwdir, strlen(pwdir));
1617 xfree(pwdir); 1615 free(pwdir);
1618} 1616}
1619 1617
1620static void 1618static void
diff --git a/sshconnect.c b/sshconnect.c
index cf0711285..483eb85ac 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect.c,v 1.237 2013/02/22 19:13:56 markus Exp $ */ 1/* $OpenBSD: sshconnect.c,v 1.238 2013/05/17 00:13:14 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -112,7 +112,7 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command)
112 xasprintf(&tmp, "exec %s", proxy_command); 112 xasprintf(&tmp, "exec %s", proxy_command);
113 command_string = percent_expand(tmp, "h", host, "p", strport, 113 command_string = percent_expand(tmp, "h", host, "p", strport,
114 "r", options.user, (char *)NULL); 114 "r", options.user, (char *)NULL);
115 xfree(tmp); 115 free(tmp);
116 116
117 /* Create pipes for communicating with the proxy. */ 117 /* Create pipes for communicating with the proxy. */
118 if (pipe(pin) < 0 || pipe(pout) < 0) 118 if (pipe(pin) < 0 || pipe(pout) < 0)
@@ -166,7 +166,7 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command)
166 close(pout[1]); 166 close(pout[1]);
167 167
168 /* Free the command name. */ 168 /* Free the command name. */
169 xfree(command_string); 169 free(command_string);
170 170
171 /* Set the connection file descriptors. */ 171 /* Set the connection file descriptors. */
172 packet_set_connection(pout[0], pin[1]); 172 packet_set_connection(pout[0], pin[1]);
@@ -315,7 +315,7 @@ timeout_connect(int sockfd, const struct sockaddr *serv_addr,
315 fatal("Bogus return (%d) from select()", rc); 315 fatal("Bogus return (%d) from select()", rc);
316 } 316 }
317 317
318 xfree(fdset); 318 free(fdset);
319 319
320 done: 320 done:
321 if (result == 0 && *timeoutp > 0) { 321 if (result == 0 && *timeoutp > 0) {
@@ -534,7 +534,7 @@ ssh_exchange_identification(int timeout_ms)
534 debug("ssh_exchange_identification: %s", buf); 534 debug("ssh_exchange_identification: %s", buf);
535 } 535 }
536 server_version_string = xstrdup(buf); 536 server_version_string = xstrdup(buf);
537 xfree(fdset); 537 free(fdset);
538 538
539 /* 539 /*
540 * Check that the versions match. In future this might accept 540 * Check that the versions match. In future this might accept
@@ -610,8 +610,7 @@ confirm(const char *prompt)
610 ret = 0; 610 ret = 0;
611 if (p && strncasecmp(p, "yes", 3) == 0) 611 if (p && strncasecmp(p, "yes", 3) == 0)
612 ret = 1; 612 ret = 1;
613 if (p) 613 free(p);
614 xfree(p);
615 if (ret != -1) 614 if (ret != -1)
616 return ret; 615 return ret;
617 } 616 }
@@ -835,8 +834,8 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
835 ra = key_fingerprint(host_key, SSH_FP_MD5, 834 ra = key_fingerprint(host_key, SSH_FP_MD5,
836 SSH_FP_RANDOMART); 835 SSH_FP_RANDOMART);
837 logit("Host key fingerprint is %s\n%s\n", fp, ra); 836 logit("Host key fingerprint is %s\n%s\n", fp, ra);
838 xfree(ra); 837 free(ra);
839 xfree(fp); 838 free(fp);
840 } 839 }
841 break; 840 break;
842 case HOST_NEW: 841 case HOST_NEW:
@@ -896,8 +895,8 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
896 options.visual_host_key ? "\n" : "", 895 options.visual_host_key ? "\n" : "",
897 options.visual_host_key ? ra : "", 896 options.visual_host_key ? ra : "",
898 msg2); 897 msg2);
899 xfree(ra); 898 free(ra);
900 xfree(fp); 899 free(fp);
901 if (!confirm(msg)) 900 if (!confirm(msg))
902 goto fail; 901 goto fail;
903 } 902 }
@@ -1098,8 +1097,8 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
1098 } 1097 }
1099 } 1098 }
1100 1099
1101 xfree(ip); 1100 free(ip);
1102 xfree(host); 1101 free(host);
1103 if (host_hostkeys != NULL) 1102 if (host_hostkeys != NULL)
1104 free_hostkeys(host_hostkeys); 1103 free_hostkeys(host_hostkeys);
1105 if (ip_hostkeys != NULL) 1104 if (ip_hostkeys != NULL)
@@ -1121,8 +1120,8 @@ fail:
1121 } 1120 }
1122 if (raw_key != NULL) 1121 if (raw_key != NULL)
1123 key_free(raw_key); 1122 key_free(raw_key);
1124 xfree(ip); 1123 free(ip);
1125 xfree(host); 1124 free(host);
1126 if (host_hostkeys != NULL) 1125 if (host_hostkeys != NULL)
1127 free_hostkeys(host_hostkeys); 1126 free_hostkeys(host_hostkeys);
1128 if (ip_hostkeys != NULL) 1127 if (ip_hostkeys != NULL)
@@ -1139,7 +1138,7 @@ verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key)
1139 1138
1140 fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); 1139 fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
1141 debug("Server host key: %s %s", key_type(host_key), fp); 1140 debug("Server host key: %s %s", key_type(host_key), fp);
1142 xfree(fp); 1141 free(fp);
1143 1142
1144 /* XXX certs are not yet supported for DNS */ 1143 /* XXX certs are not yet supported for DNS */
1145 if (!key_is_cert(host_key) && options.verify_host_key_dns && 1144 if (!key_is_cert(host_key) && options.verify_host_key_dns &&
@@ -1204,7 +1203,7 @@ ssh_login(Sensitive *sensitive, const char *orighost,
1204 ssh_kex(host, hostaddr); 1203 ssh_kex(host, hostaddr);
1205 ssh_userauth1(local_user, server_user, host, sensitive); 1204 ssh_userauth1(local_user, server_user, host, sensitive);
1206 } 1205 }
1207 xfree(local_user); 1206 free(local_user);
1208} 1207}
1209 1208
1210void 1209void
@@ -1222,7 +1221,7 @@ ssh_put_password(char *password)
1222 strlcpy(padded, password, size); 1221 strlcpy(padded, password, size);
1223 packet_put_string(padded, size); 1222 packet_put_string(padded, size);
1224 memset(padded, 0, size); 1223 memset(padded, 0, size);
1225 xfree(padded); 1224 free(padded);
1226} 1225}
1227 1226
1228/* print all known host keys for a given host, but skip keys of given type */ 1227/* print all known host keys for a given host, but skip keys of given type */
@@ -1249,8 +1248,8 @@ show_other_keys(struct hostkeys *hostkeys, Key *key)
1249 key_type(found->key), fp); 1248 key_type(found->key), fp);
1250 if (options.visual_host_key) 1249 if (options.visual_host_key)
1251 logit("%s", ra); 1250 logit("%s", ra);
1252 xfree(ra); 1251 free(ra);
1253 xfree(fp); 1252 free(fp);
1254 ret = 1; 1253 ret = 1;
1255 } 1254 }
1256 return ret; 1255 return ret;
@@ -1273,7 +1272,7 @@ warn_changed_key(Key *host_key)
1273 key_type(host_key), fp); 1272 key_type(host_key), fp);
1274 error("Please contact your system administrator."); 1273 error("Please contact your system administrator.");
1275 1274
1276 xfree(fp); 1275 free(fp);
1277} 1276}
1278 1277
1279/* 1278/*
diff --git a/sshconnect1.c b/sshconnect1.c
index fd07bbf74..d285e23c0 100644
--- a/sshconnect1.c
+++ b/sshconnect1.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect1.c,v 1.70 2006/11/06 21:25:28 markus Exp $ */ 1/* $OpenBSD: sshconnect1.c,v 1.71 2013/05/17 00:13:14 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -84,7 +84,7 @@ try_agent_authentication(void)
84 84
85 /* Try this identity. */ 85 /* Try this identity. */
86 debug("Trying RSA authentication via agent with '%.100s'", comment); 86 debug("Trying RSA authentication via agent with '%.100s'", comment);
87 xfree(comment); 87 free(comment);
88 88
89 /* Tell the server that we are willing to authenticate using this key. */ 89 /* Tell the server that we are willing to authenticate using this key. */
90 packet_start(SSH_CMSG_AUTH_RSA); 90 packet_start(SSH_CMSG_AUTH_RSA);
@@ -231,7 +231,7 @@ try_rsa_authentication(int idx)
231 */ 231 */
232 if (type == SSH_SMSG_FAILURE) { 232 if (type == SSH_SMSG_FAILURE) {
233 debug("Server refused our key."); 233 debug("Server refused our key.");
234 xfree(comment); 234 free(comment);
235 return 0; 235 return 0;
236 } 236 }
237 /* Otherwise, the server should respond with a challenge. */ 237 /* Otherwise, the server should respond with a challenge. */
@@ -270,14 +270,14 @@ try_rsa_authentication(int idx)
270 quit = 1; 270 quit = 1;
271 } 271 }
272 memset(passphrase, 0, strlen(passphrase)); 272 memset(passphrase, 0, strlen(passphrase));
273 xfree(passphrase); 273 free(passphrase);
274 if (private != NULL || quit) 274 if (private != NULL || quit)
275 break; 275 break;
276 debug2("bad passphrase given, try again..."); 276 debug2("bad passphrase given, try again...");
277 } 277 }
278 } 278 }
279 /* We no longer need the comment. */ 279 /* We no longer need the comment. */
280 xfree(comment); 280 free(comment);
281 281
282 if (private == NULL) { 282 if (private == NULL) {
283 if (!options.batch_mode && perm_ok) 283 if (!options.batch_mode && perm_ok)
@@ -412,7 +412,7 @@ try_challenge_response_authentication(void)
412 packet_check_eom(); 412 packet_check_eom();
413 snprintf(prompt, sizeof prompt, "%s%s", challenge, 413 snprintf(prompt, sizeof prompt, "%s%s", challenge,
414 strchr(challenge, '\n') ? "" : "\nResponse: "); 414 strchr(challenge, '\n') ? "" : "\nResponse: ");
415 xfree(challenge); 415 free(challenge);
416 if (i != 0) 416 if (i != 0)
417 error("Permission denied, please try again."); 417 error("Permission denied, please try again.");
418 if (options.cipher == SSH_CIPHER_NONE) 418 if (options.cipher == SSH_CIPHER_NONE)
@@ -420,13 +420,13 @@ try_challenge_response_authentication(void)
420 "Response will be transmitted in clear text."); 420 "Response will be transmitted in clear text.");
421 response = read_passphrase(prompt, 0); 421 response = read_passphrase(prompt, 0);
422 if (strcmp(response, "") == 0) { 422 if (strcmp(response, "") == 0) {
423 xfree(response); 423 free(response);
424 break; 424 break;
425 } 425 }
426 packet_start(SSH_CMSG_AUTH_TIS_RESPONSE); 426 packet_start(SSH_CMSG_AUTH_TIS_RESPONSE);
427 ssh_put_password(response); 427 ssh_put_password(response);
428 memset(response, 0, strlen(response)); 428 memset(response, 0, strlen(response));
429 xfree(response); 429 free(response);
430 packet_send(); 430 packet_send();
431 packet_write_wait(); 431 packet_write_wait();
432 type = packet_read(); 432 type = packet_read();
@@ -459,7 +459,7 @@ try_password_authentication(char *prompt)
459 packet_start(SSH_CMSG_AUTH_PASSWORD); 459 packet_start(SSH_CMSG_AUTH_PASSWORD);
460 ssh_put_password(password); 460 ssh_put_password(password);
461 memset(password, 0, strlen(password)); 461 memset(password, 0, strlen(password));
462 xfree(password); 462 free(password);
463 packet_send(); 463 packet_send();
464 packet_write_wait(); 464 packet_write_wait();
465 465
diff --git a/sshconnect2.c b/sshconnect2.c
index 7b83c591b..19ed3459f 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect2.c,v 1.196 2013/05/16 02:00:34 dtucker Exp $ */ 1/* $OpenBSD: sshconnect2.c,v 1.197 2013/05/17 00:13:14 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * Copyright (c) 2008 Damien Miller. All rights reserved. 4 * Copyright (c) 2008 Damien Miller. All rights reserved.
@@ -146,10 +146,10 @@ order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port)
146 if (*first != '\0') 146 if (*first != '\0')
147 debug3("%s: prefer hostkeyalgs: %s", __func__, first); 147 debug3("%s: prefer hostkeyalgs: %s", __func__, first);
148 148
149 xfree(first); 149 free(first);
150 xfree(last); 150 free(last);
151 xfree(hostname); 151 free(hostname);
152 xfree(oavail); 152 free(oavail);
153 free_hostkeys(hostkeys); 153 free_hostkeys(hostkeys);
154 154
155 return ret; 155 return ret;
@@ -384,7 +384,7 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host,
384 if (packet_remaining() > 0) { 384 if (packet_remaining() > 0) {
385 char *reply = packet_get_string(NULL); 385 char *reply = packet_get_string(NULL);
386 debug2("service_accept: %s", reply); 386 debug2("service_accept: %s", reply);
387 xfree(reply); 387 free(reply);
388 } else { 388 } else {
389 debug2("buggy server: service_accept w/o service"); 389 debug2("buggy server: service_accept w/o service");
390 } 390 }
@@ -431,15 +431,12 @@ userauth(Authctxt *authctxt, char *authlist)
431 if (authctxt->method != NULL && authctxt->method->cleanup != NULL) 431 if (authctxt->method != NULL && authctxt->method->cleanup != NULL)
432 authctxt->method->cleanup(authctxt); 432 authctxt->method->cleanup(authctxt);
433 433
434 if (authctxt->methoddata) { 434 free(authctxt->methoddata);
435 xfree(authctxt->methoddata); 435 authctxt->methoddata = NULL;
436 authctxt->methoddata = NULL;
437 }
438 if (authlist == NULL) { 436 if (authlist == NULL) {
439 authlist = authctxt->authlist; 437 authlist = authctxt->authlist;
440 } else { 438 } else {
441 if (authctxt->authlist) 439 free(authctxt->authlist);
442 xfree(authctxt->authlist);
443 authctxt->authlist = authlist; 440 authctxt->authlist = authlist;
444 } 441 }
445 for (;;) { 442 for (;;) {
@@ -487,10 +484,10 @@ input_userauth_banner(int type, u_int32_t seq, void *ctxt)
487 msg = xmalloc(len * 4 + 1); /* max expansion from strnvis() */ 484 msg = xmalloc(len * 4 + 1); /* max expansion from strnvis() */
488 strnvis(msg, raw, len * 4 + 1, VIS_SAFE|VIS_OCTAL|VIS_NOSLASH); 485 strnvis(msg, raw, len * 4 + 1, VIS_SAFE|VIS_OCTAL|VIS_NOSLASH);
489 fprintf(stderr, "%s", msg); 486 fprintf(stderr, "%s", msg);
490 xfree(msg); 487 free(msg);
491 } 488 }
492 xfree(raw); 489 free(raw);
493 xfree(lang); 490 free(lang);
494} 491}
495 492
496/* ARGSUSED */ 493/* ARGSUSED */
@@ -501,16 +498,12 @@ input_userauth_success(int type, u_int32_t seq, void *ctxt)
501 498
502 if (authctxt == NULL) 499 if (authctxt == NULL)
503 fatal("input_userauth_success: no authentication context"); 500 fatal("input_userauth_success: no authentication context");
504 if (authctxt->authlist) { 501 free(authctxt->authlist);
505 xfree(authctxt->authlist); 502 authctxt->authlist = NULL;
506 authctxt->authlist = NULL;
507 }
508 if (authctxt->method != NULL && authctxt->method->cleanup != NULL) 503 if (authctxt->method != NULL && authctxt->method->cleanup != NULL)
509 authctxt->method->cleanup(authctxt); 504 authctxt->method->cleanup(authctxt);
510 if (authctxt->methoddata) { 505 free(authctxt->methoddata);
511 xfree(authctxt->methoddata); 506 authctxt->methoddata = NULL;
512 authctxt->methoddata = NULL;
513 }
514 authctxt->success = 1; /* break out */ 507 authctxt->success = 1; /* break out */
515} 508}
516 509
@@ -599,7 +592,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt)
599 } 592 }
600 fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); 593 fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
601 debug2("input_userauth_pk_ok: fp %s", fp); 594 debug2("input_userauth_pk_ok: fp %s", fp);
602 xfree(fp); 595 free(fp);
603 596
604 /* 597 /*
605 * search keys in the reverse order, because last candidate has been 598 * search keys in the reverse order, because last candidate has been
@@ -615,8 +608,8 @@ input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt)
615done: 608done:
616 if (key != NULL) 609 if (key != NULL)
617 key_free(key); 610 key_free(key);
618 xfree(pkalg); 611 free(pkalg);
619 xfree(pkblob); 612 free(pkblob);
620 613
621 /* try another method if we did not send a packet */ 614 /* try another method if we did not send a packet */
622 if (sent == 0) 615 if (sent == 0)
@@ -754,7 +747,7 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt)
754 if (oidlen <= 2 || 747 if (oidlen <= 2 ||
755 oidv[0] != SSH_GSS_OIDTYPE || 748 oidv[0] != SSH_GSS_OIDTYPE ||
756 oidv[1] != oidlen - 2) { 749 oidv[1] != oidlen - 2) {
757 xfree(oidv); 750 free(oidv);
758 debug("Badly encoded mechanism OID received"); 751 debug("Badly encoded mechanism OID received");
759 userauth(authctxt, NULL); 752 userauth(authctxt, NULL);
760 return; 753 return;
@@ -765,7 +758,7 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt)
765 758
766 packet_check_eom(); 759 packet_check_eom();
767 760
768 xfree(oidv); 761 free(oidv);
769 762
770 if (GSS_ERROR(process_gssapi_token(ctxt, GSS_C_NO_BUFFER))) { 763 if (GSS_ERROR(process_gssapi_token(ctxt, GSS_C_NO_BUFFER))) {
771 /* Start again with next method on list */ 764 /* Start again with next method on list */
@@ -794,7 +787,7 @@ input_gssapi_token(int type, u_int32_t plen, void *ctxt)
794 787
795 status = process_gssapi_token(ctxt, &recv_tok); 788 status = process_gssapi_token(ctxt, &recv_tok);
796 789
797 xfree(recv_tok.value); 790 free(recv_tok.value);
798 791
799 if (GSS_ERROR(status)) { 792 if (GSS_ERROR(status)) {
800 /* Start again with the next method in the list */ 793 /* Start again with the next method in the list */
@@ -827,7 +820,7 @@ input_gssapi_errtok(int type, u_int32_t plen, void *ctxt)
827 (void)ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds, 820 (void)ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds,
828 &recv_tok, &send_tok, NULL); 821 &recv_tok, &send_tok, NULL);
829 822
830 xfree(recv_tok.value); 823 free(recv_tok.value);
831 gss_release_buffer(&ms, &send_tok); 824 gss_release_buffer(&ms, &send_tok);
832 825
833 /* Server will be returning a failed packet after this one */ 826 /* Server will be returning a failed packet after this one */
@@ -848,8 +841,8 @@ input_gssapi_error(int type, u_int32_t plen, void *ctxt)
848 packet_check_eom(); 841 packet_check_eom();
849 842
850 debug("Server GSSAPI Error:\n%s", msg); 843 debug("Server GSSAPI Error:\n%s", msg);
851 xfree(msg); 844 free(msg);
852 xfree(lang); 845 free(lang);
853} 846}
854#endif /* GSSAPI */ 847#endif /* GSSAPI */
855 848
@@ -890,7 +883,7 @@ userauth_passwd(Authctxt *authctxt)
890 packet_put_char(0); 883 packet_put_char(0);
891 packet_put_cstring(password); 884 packet_put_cstring(password);
892 memset(password, 0, strlen(password)); 885 memset(password, 0, strlen(password));
893 xfree(password); 886 free(password);
894 packet_add_padding(64); 887 packet_add_padding(64);
895 packet_send(); 888 packet_send();
896 889
@@ -923,8 +916,8 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt)
923 lang = packet_get_string(NULL); 916 lang = packet_get_string(NULL);
924 if (strlen(info) > 0) 917 if (strlen(info) > 0)
925 logit("%s", info); 918 logit("%s", info);
926 xfree(info); 919 free(info);
927 xfree(lang); 920 free(lang);
928 packet_start(SSH2_MSG_USERAUTH_REQUEST); 921 packet_start(SSH2_MSG_USERAUTH_REQUEST);
929 packet_put_cstring(authctxt->server_user); 922 packet_put_cstring(authctxt->server_user);
930 packet_put_cstring(authctxt->service); 923 packet_put_cstring(authctxt->service);
@@ -936,7 +929,7 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt)
936 password = read_passphrase(prompt, 0); 929 password = read_passphrase(prompt, 0);
937 packet_put_cstring(password); 930 packet_put_cstring(password);
938 memset(password, 0, strlen(password)); 931 memset(password, 0, strlen(password));
939 xfree(password); 932 free(password);
940 password = NULL; 933 password = NULL;
941 while (password == NULL) { 934 while (password == NULL) {
942 snprintf(prompt, sizeof(prompt), 935 snprintf(prompt, sizeof(prompt),
@@ -953,16 +946,16 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt)
953 retype = read_passphrase(prompt, 0); 946 retype = read_passphrase(prompt, 0);
954 if (strcmp(password, retype) != 0) { 947 if (strcmp(password, retype) != 0) {
955 memset(password, 0, strlen(password)); 948 memset(password, 0, strlen(password));
956 xfree(password); 949 free(password);
957 logit("Mismatch; try again, EOF to quit."); 950 logit("Mismatch; try again, EOF to quit.");
958 password = NULL; 951 password = NULL;
959 } 952 }
960 memset(retype, 0, strlen(retype)); 953 memset(retype, 0, strlen(retype));
961 xfree(retype); 954 free(retype);
962 } 955 }
963 packet_put_cstring(password); 956 packet_put_cstring(password);
964 memset(password, 0, strlen(password)); 957 memset(password, 0, strlen(password));
965 xfree(password); 958 free(password);
966 packet_add_padding(64); 959 packet_add_padding(64);
967 packet_send(); 960 packet_send();
968 961
@@ -1017,13 +1010,13 @@ jpake_password_to_secret(Authctxt *authctxt, const char *crypt_scheme,
1017 1010
1018 bzero(password, strlen(password)); 1011 bzero(password, strlen(password));
1019 bzero(crypted, strlen(crypted)); 1012 bzero(crypted, strlen(crypted));
1020 xfree(password); 1013 free(password);
1021 xfree(crypted); 1014 free(crypted);
1022 1015
1023 if ((ret = BN_bin2bn(secret, secret_len, NULL)) == NULL) 1016 if ((ret = BN_bin2bn(secret, secret_len, NULL)) == NULL)
1024 fatal("%s: BN_bin2bn (secret)", __func__); 1017 fatal("%s: BN_bin2bn (secret)", __func__);
1025 bzero(secret, secret_len); 1018 bzero(secret, secret_len);
1026 xfree(secret); 1019 free(secret);
1027 1020
1028 return ret; 1021 return ret;
1029} 1022}
@@ -1061,8 +1054,8 @@ input_userauth_jpake_server_step1(int type, u_int32_t seq, void *ctxt)
1061 pctx->s = jpake_password_to_secret(authctxt, crypt_scheme, salt); 1054 pctx->s = jpake_password_to_secret(authctxt, crypt_scheme, salt);
1062 bzero(crypt_scheme, strlen(crypt_scheme)); 1055 bzero(crypt_scheme, strlen(crypt_scheme));
1063 bzero(salt, strlen(salt)); 1056 bzero(salt, strlen(salt));
1064 xfree(crypt_scheme); 1057 free(crypt_scheme);
1065 xfree(salt); 1058 free(salt);
1066 JPAKE_DEBUG_BN((pctx->s, "%s: s = ", __func__)); 1059 JPAKE_DEBUG_BN((pctx->s, "%s: s = ", __func__));
1067 1060
1068 /* Calculate step 2 values */ 1061 /* Calculate step 2 values */
@@ -1077,8 +1070,8 @@ input_userauth_jpake_server_step1(int type, u_int32_t seq, void *ctxt)
1077 1070
1078 bzero(x3_proof, x3_proof_len); 1071 bzero(x3_proof, x3_proof_len);
1079 bzero(x4_proof, x4_proof_len); 1072 bzero(x4_proof, x4_proof_len);
1080 xfree(x3_proof); 1073 free(x3_proof);
1081 xfree(x4_proof); 1074 free(x4_proof);
1082 1075
1083 JPAKE_DEBUG_CTX((pctx, "step 2 sending in %s", __func__)); 1076 JPAKE_DEBUG_CTX((pctx, "step 2 sending in %s", __func__));
1084 1077
@@ -1089,7 +1082,7 @@ input_userauth_jpake_server_step1(int type, u_int32_t seq, void *ctxt)
1089 packet_send(); 1082 packet_send();
1090 1083
1091 bzero(x2_s_proof, x2_s_proof_len); 1084 bzero(x2_s_proof, x2_s_proof_len);
1092 xfree(x2_s_proof); 1085 free(x2_s_proof);
1093 1086
1094 /* Expect step 2 packet from peer */ 1087 /* Expect step 2 packet from peer */
1095 dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP2, 1088 dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP2,
@@ -1129,7 +1122,7 @@ input_userauth_jpake_server_step2(int type, u_int32_t seq, void *ctxt)
1129 &pctx->h_k_cid_sessid, &pctx->h_k_cid_sessid_len); 1122 &pctx->h_k_cid_sessid, &pctx->h_k_cid_sessid_len);
1130 1123
1131 bzero(x4_s_proof, x4_s_proof_len); 1124 bzero(x4_s_proof, x4_s_proof_len);
1132 xfree(x4_s_proof); 1125 free(x4_s_proof);
1133 1126
1134 JPAKE_DEBUG_CTX((pctx, "confirm sending in %s", __func__)); 1127 JPAKE_DEBUG_CTX((pctx, "confirm sending in %s", __func__));
1135 1128
@@ -1211,7 +1204,7 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
1211 1204
1212 fp = key_fingerprint(id->key, SSH_FP_MD5, SSH_FP_HEX); 1205 fp = key_fingerprint(id->key, SSH_FP_MD5, SSH_FP_HEX);
1213 debug3("sign_and_send_pubkey: %s %s", key_type(id->key), fp); 1206 debug3("sign_and_send_pubkey: %s %s", key_type(id->key), fp);
1214 xfree(fp); 1207 free(fp);
1215 1208
1216 if (key_to_blob(id->key, &blob, &bloblen) == 0) { 1209 if (key_to_blob(id->key, &blob, &bloblen) == 0) {
1217 /* we cannot handle this key */ 1210 /* we cannot handle this key */
@@ -1246,7 +1239,7 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
1246 ret = identity_sign(id, &signature, &slen, 1239 ret = identity_sign(id, &signature, &slen,
1247 buffer_ptr(&b), buffer_len(&b)); 1240 buffer_ptr(&b), buffer_len(&b));
1248 if (ret == -1) { 1241 if (ret == -1) {
1249 xfree(blob); 1242 free(blob);
1250 buffer_free(&b); 1243 buffer_free(&b);
1251 return 0; 1244 return 0;
1252 } 1245 }
@@ -1266,11 +1259,11 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
1266 buffer_put_cstring(&b, key_ssh_name(id->key)); 1259 buffer_put_cstring(&b, key_ssh_name(id->key));
1267 buffer_put_string(&b, blob, bloblen); 1260 buffer_put_string(&b, blob, bloblen);
1268 } 1261 }
1269 xfree(blob); 1262 free(blob);
1270 1263
1271 /* append signature */ 1264 /* append signature */
1272 buffer_put_string(&b, signature, slen); 1265 buffer_put_string(&b, signature, slen);
1273 xfree(signature); 1266 free(signature);
1274 1267
1275 /* skip session id and packet type */ 1268 /* skip session id and packet type */
1276 if (buffer_len(&b) < skip + 1) 1269 if (buffer_len(&b) < skip + 1)
@@ -1310,7 +1303,7 @@ send_pubkey_test(Authctxt *authctxt, Identity *id)
1310 if (!(datafellows & SSH_BUG_PKAUTH)) 1303 if (!(datafellows & SSH_BUG_PKAUTH))
1311 packet_put_cstring(key_ssh_name(id->key)); 1304 packet_put_cstring(key_ssh_name(id->key));
1312 packet_put_string(blob, bloblen); 1305 packet_put_string(blob, bloblen);
1313 xfree(blob); 1306 free(blob);
1314 packet_send(); 1307 packet_send();
1315 return 1; 1308 return 1;
1316} 1309}
@@ -1347,7 +1340,7 @@ load_identity_file(char *filename, int userprovided)
1347 quit = 1; 1340 quit = 1;
1348 } 1341 }
1349 memset(passphrase, 0, strlen(passphrase)); 1342 memset(passphrase, 0, strlen(passphrase));
1350 xfree(passphrase); 1343 free(passphrase);
1351 if (private != NULL || quit) 1344 if (private != NULL || quit)
1352 break; 1345 break;
1353 debug2("bad passphrase given, try again..."); 1346 debug2("bad passphrase given, try again...");
@@ -1424,7 +1417,7 @@ pubkey_prepare(Authctxt *authctxt)
1424 /* agent keys from the config file are preferred */ 1417 /* agent keys from the config file are preferred */
1425 if (key_equal(key, id->key)) { 1418 if (key_equal(key, id->key)) {
1426 key_free(key); 1419 key_free(key);
1427 xfree(comment); 1420 free(comment);
1428 TAILQ_REMOVE(&files, id, next); 1421 TAILQ_REMOVE(&files, id, next);
1429 TAILQ_INSERT_TAIL(preferred, id, next); 1422 TAILQ_INSERT_TAIL(preferred, id, next);
1430 id->ac = ac; 1423 id->ac = ac;
@@ -1470,9 +1463,8 @@ pubkey_cleanup(Authctxt *authctxt)
1470 TAILQ_REMOVE(&authctxt->keys, id, next); 1463 TAILQ_REMOVE(&authctxt->keys, id, next);
1471 if (id->key) 1464 if (id->key)
1472 key_free(id->key); 1465 key_free(id->key);
1473 if (id->filename) 1466 free(id->filename);
1474 xfree(id->filename); 1467 free(id);
1475 xfree(id);
1476 } 1468 }
1477} 1469}
1478 1470
@@ -1570,9 +1562,9 @@ input_userauth_info_req(int type, u_int32_t seq, void *ctxt)
1570 logit("%s", name); 1562 logit("%s", name);
1571 if (strlen(inst) > 0) 1563 if (strlen(inst) > 0)
1572 logit("%s", inst); 1564 logit("%s", inst);
1573 xfree(name); 1565 free(name);
1574 xfree(inst); 1566 free(inst);
1575 xfree(lang); 1567 free(lang);
1576 1568
1577 num_prompts = packet_get_int(); 1569 num_prompts = packet_get_int();
1578 /* 1570 /*
@@ -1593,8 +1585,8 @@ input_userauth_info_req(int type, u_int32_t seq, void *ctxt)
1593 1585
1594 packet_put_cstring(response); 1586 packet_put_cstring(response);
1595 memset(response, 0, strlen(response)); 1587 memset(response, 0, strlen(response));
1596 xfree(response); 1588 free(response);
1597 xfree(prompt); 1589 free(prompt);
1598 } 1590 }
1599 packet_check_eom(); /* done with parsing incoming message. */ 1591 packet_check_eom(); /* done with parsing incoming message. */
1600 1592
@@ -1714,12 +1706,12 @@ userauth_hostbased(Authctxt *authctxt)
1714 if (p == NULL) { 1706 if (p == NULL) {
1715 error("userauth_hostbased: cannot get local ipaddr/name"); 1707 error("userauth_hostbased: cannot get local ipaddr/name");
1716 key_free(private); 1708 key_free(private);
1717 xfree(blob); 1709 free(blob);
1718 return 0; 1710 return 0;
1719 } 1711 }
1720 xasprintf(&chost, "%s.", p); 1712 xasprintf(&chost, "%s.", p);
1721 debug2("userauth_hostbased: chost %s", chost); 1713 debug2("userauth_hostbased: chost %s", chost);
1722 xfree(p); 1714 free(p);
1723 1715
1724 service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" : 1716 service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" :
1725 authctxt->service; 1717 authctxt->service;
@@ -1748,9 +1740,9 @@ userauth_hostbased(Authctxt *authctxt)
1748 buffer_free(&b); 1740 buffer_free(&b);
1749 if (ok != 0) { 1741 if (ok != 0) {
1750 error("key_sign failed"); 1742 error("key_sign failed");
1751 xfree(chost); 1743 free(chost);
1752 xfree(pkalg); 1744 free(pkalg);
1753 xfree(blob); 1745 free(blob);
1754 return 0; 1746 return 0;
1755 } 1747 }
1756 packet_start(SSH2_MSG_USERAUTH_REQUEST); 1748 packet_start(SSH2_MSG_USERAUTH_REQUEST);
@@ -1763,10 +1755,10 @@ userauth_hostbased(Authctxt *authctxt)
1763 packet_put_cstring(authctxt->local_user); 1755 packet_put_cstring(authctxt->local_user);
1764 packet_put_string(signature, slen); 1756 packet_put_string(signature, slen);
1765 memset(signature, 's', slen); 1757 memset(signature, 's', slen);
1766 xfree(signature); 1758 free(signature);
1767 xfree(chost); 1759 free(chost);
1768 xfree(pkalg); 1760 free(pkalg);
1769 xfree(blob); 1761 free(blob);
1770 1762
1771 packet_send(); 1763 packet_send();
1772 return 1; 1764 return 1;
@@ -1821,8 +1813,8 @@ userauth_jpake(Authctxt *authctxt)
1821 1813
1822 bzero(x1_proof, x1_proof_len); 1814 bzero(x1_proof, x1_proof_len);
1823 bzero(x2_proof, x2_proof_len); 1815 bzero(x2_proof, x2_proof_len);
1824 xfree(x1_proof); 1816 free(x1_proof);
1825 xfree(x2_proof); 1817 free(x2_proof);
1826 1818
1827 /* Expect step 1 packet from peer */ 1819 /* Expect step 1 packet from peer */
1828 dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP1, 1820 dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP1,
@@ -1899,8 +1891,7 @@ authmethod_get(char *authlist)
1899 1891
1900 if (supported == NULL || strcmp(authlist, supported) != 0) { 1892 if (supported == NULL || strcmp(authlist, supported) != 0) {
1901 debug3("start over, passed a different list %s", authlist); 1893 debug3("start over, passed a different list %s", authlist);
1902 if (supported != NULL) 1894 free(supported);
1903 xfree(supported);
1904 supported = xstrdup(authlist); 1895 supported = xstrdup(authlist);
1905 preferred = options.preferred_authentications; 1896 preferred = options.preferred_authentications;
1906 debug3("preferred %s", preferred); 1897 debug3("preferred %s", preferred);
@@ -1921,7 +1912,7 @@ authmethod_get(char *authlist)
1921 authmethod_is_enabled(current)) { 1912 authmethod_is_enabled(current)) {
1922 debug3("authmethod_is_enabled %s", name); 1913 debug3("authmethod_is_enabled %s", name);
1923 debug("Next authentication method: %s", name); 1914 debug("Next authentication method: %s", name);
1924 xfree(name); 1915 free(name);
1925 return current; 1916 return current;
1926 } 1917 }
1927 } 1918 }
diff --git a/sshd.c b/sshd.c
index df9d0d61e..069e95ff9 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshd.c,v 1.401 2013/05/16 09:08:41 dtucker Exp $ */ 1/* $OpenBSD: sshd.c,v 1.402 2013/05/17 00:13:14 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -973,7 +973,7 @@ recv_rexec_state(int fd, Buffer *conf)
973 cp = buffer_get_string(&m, &len); 973 cp = buffer_get_string(&m, &len);
974 if (conf != NULL) 974 if (conf != NULL)
975 buffer_append(conf, cp, len + 1); 975 buffer_append(conf, cp, len + 1);
976 xfree(cp); 976 free(cp);
977 977
978 if (buffer_get_int(&m)) { 978 if (buffer_get_int(&m)) {
979 if (sensitive_data.server_key != NULL) 979 if (sensitive_data.server_key != NULL)
@@ -1135,7 +1135,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
1135 if (received_sighup) 1135 if (received_sighup)
1136 sighup_restart(); 1136 sighup_restart();
1137 if (fdset != NULL) 1137 if (fdset != NULL)
1138 xfree(fdset); 1138 free(fdset);
1139 fdset = (fd_set *)xcalloc(howmany(maxfd + 1, NFDBITS), 1139 fdset = (fd_set *)xcalloc(howmany(maxfd + 1, NFDBITS),
1140 sizeof(fd_mask)); 1140 sizeof(fd_mask));
1141 1141
@@ -1484,7 +1484,7 @@ main(int ac, char **av)
1484 if (process_server_config_line(&options, line, 1484 if (process_server_config_line(&options, line,
1485 "command-line", 0, NULL, NULL) != 0) 1485 "command-line", 0, NULL, NULL) != 0)
1486 exit(1); 1486 exit(1);
1487 xfree(line); 1487 free(line);
1488 break; 1488 break;
1489 case '?': 1489 case '?':
1490 default: 1490 default:
@@ -1506,7 +1506,7 @@ main(int ac, char **av)
1506 /* If requested, redirect the logs to the specified logfile. */ 1506 /* If requested, redirect the logs to the specified logfile. */
1507 if (logfile != NULL) { 1507 if (logfile != NULL) {
1508 log_redirect_stderr_to(logfile); 1508 log_redirect_stderr_to(logfile);
1509 xfree(logfile); 1509 free(logfile);
1510 } 1510 }
1511 /* 1511 /*
1512 * Force logging to stderr until we have loaded the private host 1512 * Force logging to stderr until we have loaded the private host
@@ -2307,7 +2307,7 @@ do_ssh1_kex(void)
2307 MD5_Update(&md, sensitive_data.ssh1_cookie, SSH_SESSION_KEY_LENGTH); 2307 MD5_Update(&md, sensitive_data.ssh1_cookie, SSH_SESSION_KEY_LENGTH);
2308 MD5_Final(session_key + 16, &md); 2308 MD5_Final(session_key + 16, &md);
2309 memset(buf, 0, bytes); 2309 memset(buf, 0, bytes);
2310 xfree(buf); 2310 free(buf);
2311 for (i = 0; i < 16; i++) 2311 for (i = 0; i < 16; i++)
2312 session_id[i] = session_key[i] ^ session_key[i + 16]; 2312 session_id[i] = session_key[i] ^ session_key[i + 16];
2313 } 2313 }
diff --git a/umac.c b/umac.c
index 0567c37f9..fb66b8097 100644
--- a/umac.c
+++ b/umac.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: umac.c,v 1.4 2011/10/19 10:39:48 djm Exp $ */ 1/* $OpenBSD: umac.c,v 1.5 2013/05/17 00:13:14 djm Exp $ */
2/* ----------------------------------------------------------------------- 2/* -----------------------------------------------------------------------
3 * 3 *
4 * umac.c -- C Implementation UMAC Message Authentication 4 * umac.c -- C Implementation UMAC Message Authentication
@@ -1209,7 +1209,7 @@ int umac_delete(struct umac_ctx *ctx)
1209 if (ctx) { 1209 if (ctx) {
1210 if (ALLOC_BOUNDARY) 1210 if (ALLOC_BOUNDARY)
1211 ctx = (struct umac_ctx *)ctx->free_ptr; 1211 ctx = (struct umac_ctx *)ctx->free_ptr;
1212 xfree(ctx); 1212 free(ctx);
1213 } 1213 }
1214 return (1); 1214 return (1);
1215} 1215}
diff --git a/uuencode.c b/uuencode.c
index 09d80d2fc..294c74304 100644
--- a/uuencode.c
+++ b/uuencode.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: uuencode.c,v 1.26 2010/08/31 11:54:45 djm Exp $ */ 1/* $OpenBSD: uuencode.c,v 1.27 2013/05/17 00:13:14 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -29,6 +29,7 @@
29#include <netinet/in.h> 29#include <netinet/in.h>
30#include <resolv.h> 30#include <resolv.h>
31#include <stdio.h> 31#include <stdio.h>
32#include <stdlib.h>
32 33
33#include "xmalloc.h" 34#include "xmalloc.h"
34#include "uuencode.h" 35#include "uuencode.h"
@@ -67,7 +68,7 @@ uudecode(const char *src, u_char *target, size_t targsize)
67 /* and remove trailing whitespace because __b64_pton needs this */ 68 /* and remove trailing whitespace because __b64_pton needs this */
68 *p = '\0'; 69 *p = '\0';
69 len = __b64_pton(encoded, target, targsize); 70 len = __b64_pton(encoded, target, targsize);
70 xfree(encoded); 71 free(encoded);
71 return len; 72 return len;
72} 73}
73 74
@@ -90,5 +91,5 @@ dump_base64(FILE *fp, const u_char *data, u_int len)
90 } 91 }
91 if (i % 70 != 69) 92 if (i % 70 != 69)
92 fprintf(fp, "\n"); 93 fprintf(fp, "\n");
93 xfree(buf); 94 free(buf);
94} 95}
diff --git a/xmalloc.c b/xmalloc.c
index 9985b4cc2..92f781fd0 100644
--- a/xmalloc.c
+++ b/xmalloc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: xmalloc.c,v 1.27 2006/08/03 03:34:42 deraadt Exp $ */ 1/* $OpenBSD: xmalloc.c,v 1.28 2013/05/17 00:13:14 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -73,14 +73,6 @@ xrealloc(void *ptr, size_t nmemb, size_t size)
73 return new_ptr; 73 return new_ptr;
74} 74}
75 75
76void
77xfree(void *ptr)
78{
79 if (ptr == NULL)
80 fatal("xfree: NULL pointer given as argument");
81 free(ptr);
82}
83
84char * 76char *
85xstrdup(const char *str) 77xstrdup(const char *str)
86{ 78{
diff --git a/xmalloc.h b/xmalloc.h
index fb217a45c..261dfd612 100644
--- a/xmalloc.h
+++ b/xmalloc.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: xmalloc.h,v 1.13 2006/08/03 03:34:42 deraadt Exp $ */ 1/* $OpenBSD: xmalloc.h,v 1.14 2013/05/17 00:13:14 djm Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -19,7 +19,6 @@
19void *xmalloc(size_t); 19void *xmalloc(size_t);
20void *xcalloc(size_t, size_t); 20void *xcalloc(size_t, size_t);
21void *xrealloc(void *, size_t, size_t); 21void *xrealloc(void *, size_t, size_t);
22void xfree(void *);
23char *xstrdup(const char *); 22char *xstrdup(const char *);
24int xasprintf(char **, const char *, ...) 23int xasprintf(char **, const char *, ...)
25 __attribute__((__format__ (printf, 2, 3))) 24 __attribute__((__format__ (printf, 2, 3)))
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-02 21:57:56 +0000