summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordtucker@openbsd.org <dtucker@openbsd.org>2016-02-15 09:47:49 +0000
committerDamien Miller <djm@mindrot.org>2016-02-16 10:44:00 +1100
commitffb1e7e896139a42ceb78676f637658f44612411 (patch)
treeaba9407fda7b5ee62e4562c79886450f7125f593
parentef39e8c0497ff0564990a4f9e8b7338b3ba3507c (diff)
upstream commit
Add a function to enable security-related malloc_options. With and ok deraadt@, something similar has been in the snaps for a while. Upstream-ID: 43a95523b832b7f3b943d2908662191110c380ed
Diffstat
-rw-r--r--sftp-server-main.c4
-rw-r--r--sftp-server.c3
-rw-r--r--sftp.c3
-rw-r--r--ssh-add.c3
-rw-r--r--ssh-agent.c3
-rw-r--r--ssh-keygen.c3
-rw-r--r--ssh-keyscan.c3
-rw-r--r--ssh-keysign.c3
-rw-r--r--ssh-pkcs11-helper.c3
-rw-r--r--ssh.c3
-rw-r--r--sshd.c4
-rw-r--r--xmalloc.c10
-rw-r--r--xmalloc.h3
13 files changed, 35 insertions, 13 deletions
diff --git a/sftp-server-main.c b/sftp-server-main.c
index 7e644ab89..c6ccd623e 100644
--- a/sftp-server-main.c
+++ b/sftp-server-main.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sftp-server-main.c,v 1.4 2009/02/21 19:32:04 tobias Exp $ */ 1/* $OpenBSD: sftp-server-main.c,v 1.5 2016/02/15 09:47:49 dtucker Exp $ */
2/* 2/*
3 * Copyright (c) 2008 Markus Friedl. All rights reserved. 3 * Copyright (c) 2008 Markus Friedl. All rights reserved.
4 * 4 *
@@ -26,6 +26,7 @@
26#include "log.h" 26#include "log.h"
27#include "sftp.h" 27#include "sftp.h"
28#include "misc.h" 28#include "misc.h"
29#include "xmalloc.h"
29 30
30void 31void
31cleanup_exit(int i) 32cleanup_exit(int i)
@@ -38,6 +39,7 @@ main(int argc, char **argv)
38{ 39{
39 struct passwd *user_pw; 40 struct passwd *user_pw;
40 41
42 ssh_malloc_init(); /* must be called before any mallocs */
41 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ 43 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
42 sanitise_stdfd(); 44 sanitise_stdfd();
43 45
diff --git a/sftp-server.c b/sftp-server.c
index 79ef45b10..e11a1b89b 100644
--- a/sftp-server.c
+++ b/sftp-server.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sftp-server.c,v 1.108 2015/11/16 06:13:04 logan Exp $ */ 1/* $OpenBSD: sftp-server.c,v 1.109 2016/02/15 09:47:49 dtucker Exp $ */
2/* 2/*
3 * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000-2004 Markus Friedl. All rights reserved.
4 * 4 *
@@ -1513,6 +1513,7 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw)
1513 extern char *optarg; 1513 extern char *optarg;
1514 extern char *__progname; 1514 extern char *__progname;
1515 1515
1516 ssh_malloc_init(); /* must be called before any mallocs */
1516 __progname = ssh_get_progname(argv[0]); 1517 __progname = ssh_get_progname(argv[0]);
1517 log_init(__progname, log_level, log_facility, log_stderr); 1518 log_init(__progname, log_level, log_facility, log_stderr);
1518 1519
diff --git a/sftp.c b/sftp.c
index 788601a8d..2077219fa 100644
--- a/sftp.c
+++ b/sftp.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sftp.c,v 1.171 2015/08/20 22:32:42 deraadt Exp $ */ 1/* $OpenBSD: sftp.c,v 1.172 2016/02/15 09:47:49 dtucker Exp $ */
2/* 2/*
3 * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> 3 * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
4 * 4 *
@@ -2248,6 +2248,7 @@ main(int argc, char **argv)
2248 size_t num_requests = DEFAULT_NUM_REQUESTS; 2248 size_t num_requests = DEFAULT_NUM_REQUESTS;
2249 long long limit_kbps = 0; 2249 long long limit_kbps = 0;
2250 2250
2251 ssh_malloc_init(); /* must be called before any mallocs */
2251 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ 2252 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
2252 sanitise_stdfd(); 2253 sanitise_stdfd();
2253 setlocale(LC_CTYPE, ""); 2254 setlocale(LC_CTYPE, "");
diff --git a/ssh-add.c b/ssh-add.c
index b95841afa..fb9a53e64 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-add.c,v 1.127 2015/12/11 02:31:47 mmcc Exp $ */ 1/* $OpenBSD: ssh-add.c,v 1.128 2016/02/15 09:47:49 dtucker Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -481,6 +481,7 @@ main(int argc, char **argv)
481 int r, i, ch, deleting = 0, ret = 0, key_only = 0; 481 int r, i, ch, deleting = 0, ret = 0, key_only = 0;
482 int xflag = 0, lflag = 0, Dflag = 0; 482 int xflag = 0, lflag = 0, Dflag = 0;
483 483
484 ssh_malloc_init(); /* must be called before any mallocs */
484 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ 485 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
485 sanitise_stdfd(); 486 sanitise_stdfd();
486 487
diff --git a/ssh-agent.c b/ssh-agent.c
index 6c50e0f03..c38906d94 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-agent.c,v 1.211 2015/12/11 17:41:37 doug Exp $ */ 1/* $OpenBSD: ssh-agent.c,v 1.212 2016/02/15 09:47:49 dtucker Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1200,6 +1200,7 @@ main(int ac, char **av)
1200 size_t len; 1200 size_t len;
1201 mode_t prev_mask; 1201 mode_t prev_mask;
1202 1202
1203 ssh_malloc_init(); /* must be called before any mallocs */
1203 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ 1204 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
1204 sanitise_stdfd(); 1205 sanitise_stdfd();
1205 1206
diff --git a/ssh-keygen.c b/ssh-keygen.c
index c3ec4f882..478520123 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-keygen.c,v 1.287 2015/12/11 03:19:09 djm Exp $ */ 1/* $OpenBSD: ssh-keygen.c,v 1.288 2016/02/15 09:47:49 dtucker Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2261,6 +2261,7 @@ main(int argc, char **argv)
2261 extern int optind; 2261 extern int optind;
2262 extern char *optarg; 2262 extern char *optarg;
2263 2263
2264 ssh_malloc_init(); /* must be called before any mallocs */
2264 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ 2265 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
2265 sanitise_stdfd(); 2266 sanitise_stdfd();
2266 2267
diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index a23276f53..7fe61e4e1 100644
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-keyscan.c,v 1.104 2015/11/08 23:24:03 jmc Exp $ */ 1/* $OpenBSD: ssh-keyscan.c,v 1.105 2016/02/15 09:47:49 dtucker Exp $ */
2/* 2/*
3 * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. 3 * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
4 * 4 *
@@ -696,6 +696,7 @@ main(int argc, char **argv)
696 extern int optind; 696 extern int optind;
697 extern char *optarg; 697 extern char *optarg;
698 698
699 ssh_malloc_init(); /* must be called before any mallocs */
699 __progname = ssh_get_progname(argv[0]); 700 __progname = ssh_get_progname(argv[0]);
700 seed_rng(); 701 seed_rng();
701 TAILQ_INIT(&tq); 702 TAILQ_INIT(&tq);
diff --git a/ssh-keysign.c b/ssh-keysign.c
index 1d49861ae..ac5034de8 100644
--- a/ssh-keysign.c
+++ b/ssh-keysign.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-keysign.c,v 1.51 2015/12/04 16:41:28 markus Exp $ */ 1/* $OpenBSD: ssh-keysign.c,v 1.52 2016/02/15 09:47:49 dtucker Exp $ */
2/* 2/*
3 * Copyright (c) 2002 Markus Friedl. All rights reserved. 3 * Copyright (c) 2002 Markus Friedl. All rights reserved.
4 * 4 *
@@ -182,6 +182,7 @@ main(int argc, char **argv)
182 u_int32_t rnd[256]; 182 u_int32_t rnd[256];
183#endif 183#endif
184 184
185 ssh_malloc_init(); /* must be called before any mallocs */
185 if (pledge("stdio rpath getpw dns id", NULL) != 0) 186 if (pledge("stdio rpath getpw dns id", NULL) != 0)
186 fatal("%s: pledge: %s", __progname, strerror(errno)); 187 fatal("%s: pledge: %s", __progname, strerror(errno));
187 188
diff --git a/ssh-pkcs11-helper.c b/ssh-pkcs11-helper.c
index f2d586395..53f41c555 100644
--- a/ssh-pkcs11-helper.c
+++ b/ssh-pkcs11-helper.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-pkcs11-helper.c,v 1.11 2015/08/20 22:32:42 deraadt Exp $ */ 1/* $OpenBSD: ssh-pkcs11-helper.c,v 1.12 2016/02/15 09:47:49 dtucker Exp $ */
2/* 2/*
3 * Copyright (c) 2010 Markus Friedl. All rights reserved. 3 * Copyright (c) 2010 Markus Friedl. All rights reserved.
4 * 4 *
@@ -280,6 +280,7 @@ main(int argc, char **argv)
280 280
281 extern char *__progname; 281 extern char *__progname;
282 282
283 ssh_malloc_init(); /* must be called before any mallocs */
283 TAILQ_INIT(&pkcs11_keylist); 284 TAILQ_INIT(&pkcs11_keylist);
284 pkcs11_init(0); 285 pkcs11_init(0);
285 286
diff --git a/ssh.c b/ssh.c
index 993ea1721..f9ff91f04 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh.c,v 1.435 2016/01/14 16:17:40 markus Exp $ */ 1/* $OpenBSD: ssh.c,v 1.436 2016/02/15 09:47:49 dtucker Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -527,6 +527,7 @@ main(int ac, char **av)
527 struct ssh_digest_ctx *md; 527 struct ssh_digest_ctx *md;
528 u_char conn_hash[SSH_DIGEST_MAX_LENGTH]; 528 u_char conn_hash[SSH_DIGEST_MAX_LENGTH];
529 529
530 ssh_malloc_init(); /* must be called before any mallocs */
530 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ 531 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
531 sanitise_stdfd(); 532 sanitise_stdfd();
532 533
diff --git a/sshd.c b/sshd.c
index 253004db4..430569c46 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshd.c,v 1.464 2016/01/29 02:54:45 dtucker Exp $ */ 1/* $OpenBSD: sshd.c,v 1.465 2016/02/15 09:47:49 dtucker Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1476,6 +1476,8 @@ main(int ac, char **av)
1476 Authctxt *authctxt; 1476 Authctxt *authctxt;
1477 struct connection_info *connection_info = get_connection_info(0, 0); 1477 struct connection_info *connection_info = get_connection_info(0, 0);
1478 1478
1479 ssh_malloc_init(); /* must be called before any mallocs */
1480
1479#ifdef HAVE_SECUREWARE 1481#ifdef HAVE_SECUREWARE
1480 (void)set_auth_parameters(ac, av); 1482 (void)set_auth_parameters(ac, av);
1481#endif 1483#endif
diff --git a/xmalloc.c b/xmalloc.c
index 98cbf8776..dea9dd9fe 100644
--- a/xmalloc.c
+++ b/xmalloc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: xmalloc.c,v 1.32 2015/04/24 01:36:01 deraadt Exp $ */ 1/* $OpenBSD: xmalloc.c,v 1.33 2016/02/15 09:47:49 dtucker Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -26,6 +26,14 @@
26#include "xmalloc.h" 26#include "xmalloc.h"
27#include "log.h" 27#include "log.h"
28 28
29void
30ssh_malloc_init(void)
31{
32 extern char *malloc_options;
33
34 malloc_options = "S";
35}
36
29void * 37void *
30xmalloc(size_t size) 38xmalloc(size_t size)
31{ 39{
diff --git a/xmalloc.h b/xmalloc.h
index 2bec77ba8..e49928932 100644
--- a/xmalloc.h
+++ b/xmalloc.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: xmalloc.h,v 1.15 2015/04/24 01:36:01 deraadt Exp $ */ 1/* $OpenBSD: xmalloc.h,v 1.16 2016/02/15 09:47:49 dtucker Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -16,6 +16,7 @@
16 * called by a name other than "ssh" or "Secure Shell". 16 * called by a name other than "ssh" or "Secure Shell".
17 */ 17 */
18 18
19void ssh_malloc_init(void);
19void *xmalloc(size_t); 20void *xmalloc(size_t);
20void *xcalloc(size_t, size_t); 21void *xcalloc(size_t, size_t);
21void *xreallocarray(void *, size_t, size_t); 22void *xreallocarray(void *, size_t, size_t);
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-29 07:31:57 +0000