diff options
author | dtucker@openbsd.org <dtucker@openbsd.org> | 2016-02-15 09:47:49 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2016-02-16 10:44:00 +1100 |
commit | ffb1e7e896139a42ceb78676f637658f44612411 (patch) | |
tree | aba9407fda7b5ee62e4562c79886450f7125f593 | |
parent | ef39e8c0497ff0564990a4f9e8b7338b3ba3507c (diff) |
upstream commit
Add a function to enable security-related malloc_options.
With and ok deraadt@, something similar has been in the snaps for a while.
Upstream-ID: 43a95523b832b7f3b943d2908662191110c380ed
-rw-r--r-- | sftp-server-main.c | 4 | ||||
-rw-r--r-- | sftp-server.c | 3 | ||||
-rw-r--r-- | sftp.c | 3 | ||||
-rw-r--r-- | ssh-add.c | 3 | ||||
-rw-r--r-- | ssh-agent.c | 3 | ||||
-rw-r--r-- | ssh-keygen.c | 3 | ||||
-rw-r--r-- | ssh-keyscan.c | 3 | ||||
-rw-r--r-- | ssh-keysign.c | 3 | ||||
-rw-r--r-- | ssh-pkcs11-helper.c | 3 | ||||
-rw-r--r-- | ssh.c | 3 | ||||
-rw-r--r-- | sshd.c | 4 | ||||
-rw-r--r-- | xmalloc.c | 10 | ||||
-rw-r--r-- | xmalloc.h | 3 |
13 files changed, 35 insertions, 13 deletions
diff --git a/sftp-server-main.c b/sftp-server-main.c index 7e644ab89..c6ccd623e 100644 --- a/sftp-server-main.c +++ b/sftp-server-main.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sftp-server-main.c,v 1.4 2009/02/21 19:32:04 tobias Exp $ */ | 1 | /* $OpenBSD: sftp-server-main.c,v 1.5 2016/02/15 09:47:49 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2008 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2008 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -26,6 +26,7 @@ | |||
26 | #include "log.h" | 26 | #include "log.h" |
27 | #include "sftp.h" | 27 | #include "sftp.h" |
28 | #include "misc.h" | 28 | #include "misc.h" |
29 | #include "xmalloc.h" | ||
29 | 30 | ||
30 | void | 31 | void |
31 | cleanup_exit(int i) | 32 | cleanup_exit(int i) |
@@ -38,6 +39,7 @@ main(int argc, char **argv) | |||
38 | { | 39 | { |
39 | struct passwd *user_pw; | 40 | struct passwd *user_pw; |
40 | 41 | ||
42 | ssh_malloc_init(); /* must be called before any mallocs */ | ||
41 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ | 43 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ |
42 | sanitise_stdfd(); | 44 | sanitise_stdfd(); |
43 | 45 | ||
diff --git a/sftp-server.c b/sftp-server.c index 79ef45b10..e11a1b89b 100644 --- a/sftp-server.c +++ b/sftp-server.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sftp-server.c,v 1.108 2015/11/16 06:13:04 logan Exp $ */ | 1 | /* $OpenBSD: sftp-server.c,v 1.109 2016/02/15 09:47:49 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -1513,6 +1513,7 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) | |||
1513 | extern char *optarg; | 1513 | extern char *optarg; |
1514 | extern char *__progname; | 1514 | extern char *__progname; |
1515 | 1515 | ||
1516 | ssh_malloc_init(); /* must be called before any mallocs */ | ||
1516 | __progname = ssh_get_progname(argv[0]); | 1517 | __progname = ssh_get_progname(argv[0]); |
1517 | log_init(__progname, log_level, log_facility, log_stderr); | 1518 | log_init(__progname, log_level, log_facility, log_stderr); |
1518 | 1519 | ||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sftp.c,v 1.171 2015/08/20 22:32:42 deraadt Exp $ */ | 1 | /* $OpenBSD: sftp.c,v 1.172 2016/02/15 09:47:49 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> | 3 | * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> |
4 | * | 4 | * |
@@ -2248,6 +2248,7 @@ main(int argc, char **argv) | |||
2248 | size_t num_requests = DEFAULT_NUM_REQUESTS; | 2248 | size_t num_requests = DEFAULT_NUM_REQUESTS; |
2249 | long long limit_kbps = 0; | 2249 | long long limit_kbps = 0; |
2250 | 2250 | ||
2251 | ssh_malloc_init(); /* must be called before any mallocs */ | ||
2251 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ | 2252 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ |
2252 | sanitise_stdfd(); | 2253 | sanitise_stdfd(); |
2253 | setlocale(LC_CTYPE, ""); | 2254 | setlocale(LC_CTYPE, ""); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-add.c,v 1.127 2015/12/11 02:31:47 mmcc Exp $ */ | 1 | /* $OpenBSD: ssh-add.c,v 1.128 2016/02/15 09:47:49 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -481,6 +481,7 @@ main(int argc, char **argv) | |||
481 | int r, i, ch, deleting = 0, ret = 0, key_only = 0; | 481 | int r, i, ch, deleting = 0, ret = 0, key_only = 0; |
482 | int xflag = 0, lflag = 0, Dflag = 0; | 482 | int xflag = 0, lflag = 0, Dflag = 0; |
483 | 483 | ||
484 | ssh_malloc_init(); /* must be called before any mallocs */ | ||
484 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ | 485 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ |
485 | sanitise_stdfd(); | 486 | sanitise_stdfd(); |
486 | 487 | ||
diff --git a/ssh-agent.c b/ssh-agent.c index 6c50e0f03..c38906d94 100644 --- a/ssh-agent.c +++ b/ssh-agent.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-agent.c,v 1.211 2015/12/11 17:41:37 doug Exp $ */ | 1 | /* $OpenBSD: ssh-agent.c,v 1.212 2016/02/15 09:47:49 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -1200,6 +1200,7 @@ main(int ac, char **av) | |||
1200 | size_t len; | 1200 | size_t len; |
1201 | mode_t prev_mask; | 1201 | mode_t prev_mask; |
1202 | 1202 | ||
1203 | ssh_malloc_init(); /* must be called before any mallocs */ | ||
1203 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ | 1204 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ |
1204 | sanitise_stdfd(); | 1205 | sanitise_stdfd(); |
1205 | 1206 | ||
diff --git a/ssh-keygen.c b/ssh-keygen.c index c3ec4f882..478520123 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-keygen.c,v 1.287 2015/12/11 03:19:09 djm Exp $ */ | 1 | /* $OpenBSD: ssh-keygen.c,v 1.288 2016/02/15 09:47:49 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -2261,6 +2261,7 @@ main(int argc, char **argv) | |||
2261 | extern int optind; | 2261 | extern int optind; |
2262 | extern char *optarg; | 2262 | extern char *optarg; |
2263 | 2263 | ||
2264 | ssh_malloc_init(); /* must be called before any mallocs */ | ||
2264 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ | 2265 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ |
2265 | sanitise_stdfd(); | 2266 | sanitise_stdfd(); |
2266 | 2267 | ||
diff --git a/ssh-keyscan.c b/ssh-keyscan.c index a23276f53..7fe61e4e1 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-keyscan.c,v 1.104 2015/11/08 23:24:03 jmc Exp $ */ | 1 | /* $OpenBSD: ssh-keyscan.c,v 1.105 2016/02/15 09:47:49 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. | 3 | * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. |
4 | * | 4 | * |
@@ -696,6 +696,7 @@ main(int argc, char **argv) | |||
696 | extern int optind; | 696 | extern int optind; |
697 | extern char *optarg; | 697 | extern char *optarg; |
698 | 698 | ||
699 | ssh_malloc_init(); /* must be called before any mallocs */ | ||
699 | __progname = ssh_get_progname(argv[0]); | 700 | __progname = ssh_get_progname(argv[0]); |
700 | seed_rng(); | 701 | seed_rng(); |
701 | TAILQ_INIT(&tq); | 702 | TAILQ_INIT(&tq); |
diff --git a/ssh-keysign.c b/ssh-keysign.c index 1d49861ae..ac5034de8 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-keysign.c,v 1.51 2015/12/04 16:41:28 markus Exp $ */ | 1 | /* $OpenBSD: ssh-keysign.c,v 1.52 2016/02/15 09:47:49 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2002 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2002 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -182,6 +182,7 @@ main(int argc, char **argv) | |||
182 | u_int32_t rnd[256]; | 182 | u_int32_t rnd[256]; |
183 | #endif | 183 | #endif |
184 | 184 | ||
185 | ssh_malloc_init(); /* must be called before any mallocs */ | ||
185 | if (pledge("stdio rpath getpw dns id", NULL) != 0) | 186 | if (pledge("stdio rpath getpw dns id", NULL) != 0) |
186 | fatal("%s: pledge: %s", __progname, strerror(errno)); | 187 | fatal("%s: pledge: %s", __progname, strerror(errno)); |
187 | 188 | ||
diff --git a/ssh-pkcs11-helper.c b/ssh-pkcs11-helper.c index f2d586395..53f41c555 100644 --- a/ssh-pkcs11-helper.c +++ b/ssh-pkcs11-helper.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-pkcs11-helper.c,v 1.11 2015/08/20 22:32:42 deraadt Exp $ */ | 1 | /* $OpenBSD: ssh-pkcs11-helper.c,v 1.12 2016/02/15 09:47:49 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2010 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2010 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -280,6 +280,7 @@ main(int argc, char **argv) | |||
280 | 280 | ||
281 | extern char *__progname; | 281 | extern char *__progname; |
282 | 282 | ||
283 | ssh_malloc_init(); /* must be called before any mallocs */ | ||
283 | TAILQ_INIT(&pkcs11_keylist); | 284 | TAILQ_INIT(&pkcs11_keylist); |
284 | pkcs11_init(0); | 285 | pkcs11_init(0); |
285 | 286 | ||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh.c,v 1.435 2016/01/14 16:17:40 markus Exp $ */ | 1 | /* $OpenBSD: ssh.c,v 1.436 2016/02/15 09:47:49 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -527,6 +527,7 @@ main(int ac, char **av) | |||
527 | struct ssh_digest_ctx *md; | 527 | struct ssh_digest_ctx *md; |
528 | u_char conn_hash[SSH_DIGEST_MAX_LENGTH]; | 528 | u_char conn_hash[SSH_DIGEST_MAX_LENGTH]; |
529 | 529 | ||
530 | ssh_malloc_init(); /* must be called before any mallocs */ | ||
530 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ | 531 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ |
531 | sanitise_stdfd(); | 532 | sanitise_stdfd(); |
532 | 533 | ||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshd.c,v 1.464 2016/01/29 02:54:45 dtucker Exp $ */ | 1 | /* $OpenBSD: sshd.c,v 1.465 2016/02/15 09:47:49 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -1476,6 +1476,8 @@ main(int ac, char **av) | |||
1476 | Authctxt *authctxt; | 1476 | Authctxt *authctxt; |
1477 | struct connection_info *connection_info = get_connection_info(0, 0); | 1477 | struct connection_info *connection_info = get_connection_info(0, 0); |
1478 | 1478 | ||
1479 | ssh_malloc_init(); /* must be called before any mallocs */ | ||
1480 | |||
1479 | #ifdef HAVE_SECUREWARE | 1481 | #ifdef HAVE_SECUREWARE |
1480 | (void)set_auth_parameters(ac, av); | 1482 | (void)set_auth_parameters(ac, av); |
1481 | #endif | 1483 | #endif |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: xmalloc.c,v 1.32 2015/04/24 01:36:01 deraadt Exp $ */ | 1 | /* $OpenBSD: xmalloc.c,v 1.33 2016/02/15 09:47:49 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -26,6 +26,14 @@ | |||
26 | #include "xmalloc.h" | 26 | #include "xmalloc.h" |
27 | #include "log.h" | 27 | #include "log.h" |
28 | 28 | ||
29 | void | ||
30 | ssh_malloc_init(void) | ||
31 | { | ||
32 | extern char *malloc_options; | ||
33 | |||
34 | malloc_options = "S"; | ||
35 | } | ||
36 | |||
29 | void * | 37 | void * |
30 | xmalloc(size_t size) | 38 | xmalloc(size_t size) |
31 | { | 39 | { |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: xmalloc.h,v 1.15 2015/04/24 01:36:01 deraadt Exp $ */ | 1 | /* $OpenBSD: xmalloc.h,v 1.16 2016/02/15 09:47:49 dtucker Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -16,6 +16,7 @@ | |||
16 | * called by a name other than "ssh" or "Secure Shell". | 16 | * called by a name other than "ssh" or "Secure Shell". |
17 | */ | 17 | */ |
18 | 18 | ||
19 | void ssh_malloc_init(void); | ||
19 | void *xmalloc(size_t); | 20 | void *xmalloc(size_t); |
20 | void *xcalloc(size_t, size_t); | 21 | void *xcalloc(size_t, size_t); |
21 | void *xreallocarray(void *, size_t, size_t); | 22 | void *xreallocarray(void *, size_t, size_t); |