diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2018-08-13 02:41:05 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2018-08-13 12:42:13 +1000 |
| commit | c3903c38b0fd168ab3d925c2b129d1a599593426 (patch) | |
| tree | a0914654d1d42e32084afe2d34144c0fadc2735d /compat.c | |
| parent | 1b9dd4aa15208100fbc3650f33ea052255578282 (diff) | |
upstream: revert compat.[ch] section of the following change. It
causes double-free under some circumstances.
--
date: 2018/07/31 03:07:24; author: djm; state: Exp; lines: +33 -18; commitid: f7g4UI8eeOXReTPh;
fix some memory leaks spotted by Coverity via Jakub Jelen in bz#2366
feedback and ok dtucker@
OpenBSD-Commit-ID: 1e77547f60fdb5e2ffe23e2e4733c54d8d2d1137
Diffstat (limited to 'compat.c')
| -rw-r--r-- | compat.c | 51 |
1 files changed, 18 insertions, 33 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: compat.c,v 1.112 2018/07/31 03:07:24 djm Exp $ */ | 1 | /* $OpenBSD: compat.c,v 1.113 2018/08/13 02:41:05 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. |
| 4 | * | 4 | * |
| @@ -184,17 +184,13 @@ proto_spec(const char *spec) | |||
| 184 | } | 184 | } |
| 185 | 185 | ||
| 186 | char * | 186 | char * |
| 187 | compat_cipher_proposal(char *cipher_prop, u_int compat) | 187 | compat_cipher_proposal(char *cipher_prop) |
| 188 | { | 188 | { |
| 189 | char *cp; | 189 | if (!(datafellows & SSH_BUG_BIGENDIANAES)) |
| 190 | |||
| 191 | if (!(compat & SSH_BUG_BIGENDIANAES)) | ||
| 192 | return cipher_prop; | 190 | return cipher_prop; |
| 193 | debug2("%s: original cipher proposal: %s", __func__, cipher_prop); | 191 | debug2("%s: original cipher proposal: %s", __func__, cipher_prop); |
| 194 | if ((cp = match_filter_blacklist(cipher_prop, "aes*")) == NULL) | 192 | if ((cipher_prop = match_filter_blacklist(cipher_prop, "aes*")) == NULL) |
| 195 | fatal("match_filter_blacklist failed"); | 193 | fatal("match_filter_blacklist failed"); |
| 196 | free(cipher_prop); | ||
| 197 | cipher_prop = cp; | ||
| 198 | debug2("%s: compat cipher proposal: %s", __func__, cipher_prop); | 194 | debug2("%s: compat cipher proposal: %s", __func__, cipher_prop); |
| 199 | if (*cipher_prop == '\0') | 195 | if (*cipher_prop == '\0') |
| 200 | fatal("No supported ciphers found"); | 196 | fatal("No supported ciphers found"); |
| @@ -202,17 +198,13 @@ compat_cipher_proposal(char *cipher_prop, u_int compat) | |||
| 202 | } | 198 | } |
| 203 | 199 | ||
| 204 | char * | 200 | char * |
| 205 | compat_pkalg_proposal(char *pkalg_prop, u_int compat) | 201 | compat_pkalg_proposal(char *pkalg_prop) |
| 206 | { | 202 | { |
| 207 | char *cp; | 203 | if (!(datafellows & SSH_BUG_RSASIGMD5)) |
| 208 | |||
| 209 | if (!(compat & SSH_BUG_RSASIGMD5)) | ||
| 210 | return pkalg_prop; | 204 | return pkalg_prop; |
| 211 | debug2("%s: original public key proposal: %s", __func__, pkalg_prop); | 205 | debug2("%s: original public key proposal: %s", __func__, pkalg_prop); |
| 212 | if ((cp = match_filter_blacklist(pkalg_prop, "ssh-rsa")) == NULL) | 206 | if ((pkalg_prop = match_filter_blacklist(pkalg_prop, "ssh-rsa")) == NULL) |
| 213 | fatal("match_filter_blacklist failed"); | 207 | fatal("match_filter_blacklist failed"); |
| 214 | free(pkalg_prop); | ||
| 215 | pkalg_prop = cp; | ||
| 216 | debug2("%s: compat public key proposal: %s", __func__, pkalg_prop); | 208 | debug2("%s: compat public key proposal: %s", __func__, pkalg_prop); |
| 217 | if (*pkalg_prop == '\0') | 209 | if (*pkalg_prop == '\0') |
| 218 | fatal("No supported PK algorithms found"); | 210 | fatal("No supported PK algorithms found"); |
| @@ -220,31 +212,24 @@ compat_pkalg_proposal(char *pkalg_prop, u_int compat) | |||
| 220 | } | 212 | } |
| 221 | 213 | ||
| 222 | char * | 214 | char * |
| 223 | compat_kex_proposal(char *kex_prop, u_int compat) | 215 | compat_kex_proposal(char *p) |
| 224 | { | 216 | { |
| 225 | char *cp; | 217 | if ((datafellows & (SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX)) == 0) |
| 226 | 218 | return p; | |
| 227 | if ((compat & (SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX)) == 0) | 219 | debug2("%s: original KEX proposal: %s", __func__, p); |
| 228 | return kex_prop; | 220 | if ((datafellows & SSH_BUG_CURVE25519PAD) != 0) |
| 229 | debug2("%s: original KEX proposal: %s", __func__, kex_prop); | 221 | if ((p = match_filter_blacklist(p, |
| 230 | if ((compat & SSH_BUG_CURVE25519PAD) != 0) { | ||
| 231 | if ((cp = match_filter_blacklist(kex_prop, | ||
| 232 | "curve25519-sha256@libssh.org")) == NULL) | 222 | "curve25519-sha256@libssh.org")) == NULL) |
| 233 | fatal("match_filter_blacklist failed"); | 223 | fatal("match_filter_blacklist failed"); |
| 234 | free(kex_prop); | 224 | if ((datafellows & SSH_OLD_DHGEX) != 0) { |
| 235 | kex_prop = cp; | 225 | if ((p = match_filter_blacklist(p, |
| 236 | } | ||
| 237 | if ((compat & SSH_OLD_DHGEX) != 0) { | ||
| 238 | if ((cp = match_filter_blacklist(kex_prop, | ||
| 239 | "diffie-hellman-group-exchange-sha256," | 226 | "diffie-hellman-group-exchange-sha256," |
| 240 | "diffie-hellman-group-exchange-sha1")) == NULL) | 227 | "diffie-hellman-group-exchange-sha1")) == NULL) |
| 241 | fatal("match_filter_blacklist failed"); | 228 | fatal("match_filter_blacklist failed"); |
| 242 | free(kex_prop); | ||
| 243 | kex_prop = cp; | ||
| 244 | } | 229 | } |
| 245 | debug2("%s: compat KEX proposal: %s", __func__, kex_prop); | 230 | debug2("%s: compat KEX proposal: %s", __func__, p); |
| 246 | if (*kex_prop == '\0') | 231 | if (*p == '\0') |
| 247 | fatal("No supported key exchange algorithms found"); | 232 | fatal("No supported key exchange algorithms found"); |
| 248 | return kex_prop; | 233 | return p; |
| 249 | } | 234 | } |
| 250 | 235 | ||