summaryrefslogtreecommitdiff
path: root/compat.c
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2018-08-13 02:41:05 +0000
committerDamien Miller <djm@mindrot.org>2018-08-13 12:42:13 +1000
commitc3903c38b0fd168ab3d925c2b129d1a599593426 (patch)
treea0914654d1d42e32084afe2d34144c0fadc2735d /compat.c
parent1b9dd4aa15208100fbc3650f33ea052255578282 (diff)
upstream: revert compat.[ch] section of the following change. It
causes double-free under some circumstances. -- date: 2018/07/31 03:07:24; author: djm; state: Exp; lines: +33 -18; commitid: f7g4UI8eeOXReTPh; fix some memory leaks spotted by Coverity via Jakub Jelen in bz#2366 feedback and ok dtucker@ OpenBSD-Commit-ID: 1e77547f60fdb5e2ffe23e2e4733c54d8d2d1137
Diffstat (limited to 'compat.c')
-rw-r--r--compat.c51
1 files changed, 18 insertions, 33 deletions
diff --git a/compat.c b/compat.c
index 563e13331..0624dc6de 100644
--- a/compat.c
+++ b/compat.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: compat.c,v 1.112 2018/07/31 03:07:24 djm Exp $ */ 1/* $OpenBSD: compat.c,v 1.113 2018/08/13 02:41:05 djm Exp $ */
2/* 2/*
3 * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. 3 * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
4 * 4 *
@@ -184,17 +184,13 @@ proto_spec(const char *spec)
184} 184}
185 185
186char * 186char *
187compat_cipher_proposal(char *cipher_prop, u_int compat) 187compat_cipher_proposal(char *cipher_prop)
188{ 188{
189 char *cp; 189 if (!(datafellows & SSH_BUG_BIGENDIANAES))
190
191 if (!(compat & SSH_BUG_BIGENDIANAES))
192 return cipher_prop; 190 return cipher_prop;
193 debug2("%s: original cipher proposal: %s", __func__, cipher_prop); 191 debug2("%s: original cipher proposal: %s", __func__, cipher_prop);
194 if ((cp = match_filter_blacklist(cipher_prop, "aes*")) == NULL) 192 if ((cipher_prop = match_filter_blacklist(cipher_prop, "aes*")) == NULL)
195 fatal("match_filter_blacklist failed"); 193 fatal("match_filter_blacklist failed");
196 free(cipher_prop);
197 cipher_prop = cp;
198 debug2("%s: compat cipher proposal: %s", __func__, cipher_prop); 194 debug2("%s: compat cipher proposal: %s", __func__, cipher_prop);
199 if (*cipher_prop == '\0') 195 if (*cipher_prop == '\0')
200 fatal("No supported ciphers found"); 196 fatal("No supported ciphers found");
@@ -202,17 +198,13 @@ compat_cipher_proposal(char *cipher_prop, u_int compat)
202} 198}
203 199
204char * 200char *
205compat_pkalg_proposal(char *pkalg_prop, u_int compat) 201compat_pkalg_proposal(char *pkalg_prop)
206{ 202{
207 char *cp; 203 if (!(datafellows & SSH_BUG_RSASIGMD5))
208
209 if (!(compat & SSH_BUG_RSASIGMD5))
210 return pkalg_prop; 204 return pkalg_prop;
211 debug2("%s: original public key proposal: %s", __func__, pkalg_prop); 205 debug2("%s: original public key proposal: %s", __func__, pkalg_prop);
212 if ((cp = match_filter_blacklist(pkalg_prop, "ssh-rsa")) == NULL) 206 if ((pkalg_prop = match_filter_blacklist(pkalg_prop, "ssh-rsa")) == NULL)
213 fatal("match_filter_blacklist failed"); 207 fatal("match_filter_blacklist failed");
214 free(pkalg_prop);
215 pkalg_prop = cp;
216 debug2("%s: compat public key proposal: %s", __func__, pkalg_prop); 208 debug2("%s: compat public key proposal: %s", __func__, pkalg_prop);
217 if (*pkalg_prop == '\0') 209 if (*pkalg_prop == '\0')
218 fatal("No supported PK algorithms found"); 210 fatal("No supported PK algorithms found");
@@ -220,31 +212,24 @@ compat_pkalg_proposal(char *pkalg_prop, u_int compat)
220} 212}
221 213
222char * 214char *
223compat_kex_proposal(char *kex_prop, u_int compat) 215compat_kex_proposal(char *p)
224{ 216{
225 char *cp; 217 if ((datafellows & (SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX)) == 0)
226 218 return p;
227 if ((compat & (SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX)) == 0) 219 debug2("%s: original KEX proposal: %s", __func__, p);
228 return kex_prop; 220 if ((datafellows & SSH_BUG_CURVE25519PAD) != 0)
229 debug2("%s: original KEX proposal: %s", __func__, kex_prop); 221 if ((p = match_filter_blacklist(p,
230 if ((compat & SSH_BUG_CURVE25519PAD) != 0) {
231 if ((cp = match_filter_blacklist(kex_prop,
232 "curve25519-sha256@libssh.org")) == NULL) 222 "curve25519-sha256@libssh.org")) == NULL)
233 fatal("match_filter_blacklist failed"); 223 fatal("match_filter_blacklist failed");
234 free(kex_prop); 224 if ((datafellows & SSH_OLD_DHGEX) != 0) {
235 kex_prop = cp; 225 if ((p = match_filter_blacklist(p,
236 }
237 if ((compat & SSH_OLD_DHGEX) != 0) {
238 if ((cp = match_filter_blacklist(kex_prop,
239 "diffie-hellman-group-exchange-sha256," 226 "diffie-hellman-group-exchange-sha256,"
240 "diffie-hellman-group-exchange-sha1")) == NULL) 227 "diffie-hellman-group-exchange-sha1")) == NULL)
241 fatal("match_filter_blacklist failed"); 228 fatal("match_filter_blacklist failed");
242 free(kex_prop);
243 kex_prop = cp;
244 } 229 }
245 debug2("%s: compat KEX proposal: %s", __func__, kex_prop); 230 debug2("%s: compat KEX proposal: %s", __func__, p);
246 if (*kex_prop == '\0') 231 if (*p == '\0')
247 fatal("No supported key exchange algorithms found"); 232 fatal("No supported key exchange algorithms found");
248 return kex_prop; 233 return p;
249} 234}
250 235