diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2013-06-02 07:31:17 +1000 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2013-06-02 07:31:17 +1000 |
| commit | a627d42e51ffa71e014d7b2d2c07118122fd3ec3 (patch) | |
| tree | 7bda769de81f509e28d800916fa20abd37906d79 /monitor.c | |
| parent | c7aad0058c957afeb26a3f703e8cb0eddeb62365 (diff) | |
- djm@cvs.openbsd.org 2013/05/17 00:13:13
[xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
dns.c packet.c readpass.c authfd.c moduli.c]
bye, bye xfree(); ok markus@
Diffstat (limited to 'monitor.c')
| -rw-r--r-- | monitor.c | 125 |
1 files changed, 60 insertions, 65 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: monitor.c,v 1.123 2013/05/16 04:09:13 dtucker Exp $ */ | 1 | /* $OpenBSD: monitor.c,v 1.124 2013/05/17 00:13:13 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> | 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> |
| 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> | 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> |
| @@ -551,7 +551,7 @@ monitor_read_log(struct monitor *pmonitor) | |||
| 551 | do_log2(level, "%s [preauth]", msg); | 551 | do_log2(level, "%s [preauth]", msg); |
| 552 | 552 | ||
| 553 | buffer_free(&logmsg); | 553 | buffer_free(&logmsg); |
| 554 | xfree(msg); | 554 | free(msg); |
| 555 | 555 | ||
| 556 | return 0; | 556 | return 0; |
| 557 | } | 557 | } |
| @@ -642,12 +642,9 @@ static void | |||
| 642 | monitor_reset_key_state(void) | 642 | monitor_reset_key_state(void) |
| 643 | { | 643 | { |
| 644 | /* reset state */ | 644 | /* reset state */ |
| 645 | if (key_blob != NULL) | 645 | free(key_blob); |
| 646 | xfree(key_blob); | 646 | free(hostbased_cuser); |
| 647 | if (hostbased_cuser != NULL) | 647 | free(hostbased_chost); |
| 648 | xfree(hostbased_cuser); | ||
| 649 | if (hostbased_chost != NULL) | ||
| 650 | xfree(hostbased_chost); | ||
| 651 | key_blob = NULL; | 648 | key_blob = NULL; |
| 652 | key_bloblen = 0; | 649 | key_bloblen = 0; |
| 653 | key_blobtype = MM_NOKEY; | 650 | key_blobtype = MM_NOKEY; |
| @@ -728,8 +725,8 @@ mm_answer_sign(int sock, Buffer *m) | |||
| 728 | buffer_clear(m); | 725 | buffer_clear(m); |
| 729 | buffer_put_string(m, signature, siglen); | 726 | buffer_put_string(m, signature, siglen); |
| 730 | 727 | ||
| 731 | xfree(p); | 728 | free(p); |
| 732 | xfree(signature); | 729 | free(signature); |
| 733 | 730 | ||
| 734 | mm_request_send(sock, MONITOR_ANS_SIGN, m); | 731 | mm_request_send(sock, MONITOR_ANS_SIGN, m); |
| 735 | 732 | ||
| @@ -760,7 +757,7 @@ mm_answer_pwnamallow(int sock, Buffer *m) | |||
| 760 | 757 | ||
| 761 | authctxt->user = xstrdup(username); | 758 | authctxt->user = xstrdup(username); |
| 762 | setproctitle("%s [priv]", pwent ? username : "unknown"); | 759 | setproctitle("%s [priv]", pwent ? username : "unknown"); |
| 763 | xfree(username); | 760 | free(username); |
| 764 | 761 | ||
| 765 | buffer_clear(m); | 762 | buffer_clear(m); |
| 766 | 763 | ||
| @@ -840,9 +837,7 @@ int mm_answer_auth2_read_banner(int sock, Buffer *m) | |||
| 840 | banner = auth2_read_banner(); | 837 | banner = auth2_read_banner(); |
| 841 | buffer_put_cstring(m, banner != NULL ? banner : ""); | 838 | buffer_put_cstring(m, banner != NULL ? banner : ""); |
| 842 | mm_request_send(sock, MONITOR_ANS_AUTH2_READ_BANNER, m); | 839 | mm_request_send(sock, MONITOR_ANS_AUTH2_READ_BANNER, m); |
| 843 | 840 | free(banner); | |
| 844 | if (banner != NULL) | ||
| 845 | xfree(banner); | ||
| 846 | 841 | ||
| 847 | return (0); | 842 | return (0); |
| 848 | } | 843 | } |
| @@ -858,7 +853,7 @@ mm_answer_authserv(int sock, Buffer *m) | |||
| 858 | __func__, authctxt->service, authctxt->style); | 853 | __func__, authctxt->service, authctxt->style); |
| 859 | 854 | ||
| 860 | if (strlen(authctxt->style) == 0) { | 855 | if (strlen(authctxt->style) == 0) { |
| 861 | xfree(authctxt->style); | 856 | free(authctxt->style); |
| 862 | authctxt->style = NULL; | 857 | authctxt->style = NULL; |
| 863 | } | 858 | } |
| 864 | 859 | ||
| @@ -878,7 +873,7 @@ mm_answer_authpassword(int sock, Buffer *m) | |||
| 878 | authenticated = options.password_authentication && | 873 | authenticated = options.password_authentication && |
| 879 | auth_password(authctxt, passwd); | 874 | auth_password(authctxt, passwd); |
| 880 | memset(passwd, 0, strlen(passwd)); | 875 | memset(passwd, 0, strlen(passwd)); |
| 881 | xfree(passwd); | 876 | free(passwd); |
| 882 | 877 | ||
| 883 | buffer_clear(m); | 878 | buffer_clear(m); |
| 884 | buffer_put_int(m, authenticated); | 879 | buffer_put_int(m, authenticated); |
| @@ -918,10 +913,10 @@ mm_answer_bsdauthquery(int sock, Buffer *m) | |||
| 918 | mm_request_send(sock, MONITOR_ANS_BSDAUTHQUERY, m); | 913 | mm_request_send(sock, MONITOR_ANS_BSDAUTHQUERY, m); |
| 919 | 914 | ||
| 920 | if (success) { | 915 | if (success) { |
| 921 | xfree(name); | 916 | free(name); |
| 922 | xfree(infotxt); | 917 | free(infotxt); |
| 923 | xfree(prompts); | 918 | free(prompts); |
| 924 | xfree(echo_on); | 919 | free(echo_on); |
| 925 | } | 920 | } |
| 926 | 921 | ||
| 927 | return (0); | 922 | return (0); |
| @@ -941,7 +936,7 @@ mm_answer_bsdauthrespond(int sock, Buffer *m) | |||
| 941 | auth_userresponse(authctxt->as, response, 0); | 936 | auth_userresponse(authctxt->as, response, 0); |
| 942 | authctxt->as = NULL; | 937 | authctxt->as = NULL; |
| 943 | debug3("%s: <%s> = <%d>", __func__, response, authok); | 938 | debug3("%s: <%s> = <%d>", __func__, response, authok); |
| 944 | xfree(response); | 939 | free(response); |
| 945 | 940 | ||
| 946 | buffer_clear(m); | 941 | buffer_clear(m); |
| 947 | buffer_put_int(m, authok); | 942 | buffer_put_int(m, authok); |
| @@ -1214,9 +1209,9 @@ mm_answer_keyallowed(int sock, Buffer *m) | |||
| 1214 | /* Log failed attempt */ | 1209 | /* Log failed attempt */ |
| 1215 | auth_log(authctxt, 0, 0, auth_method, NULL, | 1210 | auth_log(authctxt, 0, 0, auth_method, NULL, |
| 1216 | compat20 ? " ssh2" : ""); | 1211 | compat20 ? " ssh2" : ""); |
| 1217 | xfree(blob); | 1212 | free(blob); |
| 1218 | xfree(cuser); | 1213 | free(cuser); |
| 1219 | xfree(chost); | 1214 | free(chost); |
| 1220 | } | 1215 | } |
| 1221 | 1216 | ||
| 1222 | debug3("%s: key %p is %s", | 1217 | debug3("%s: key %p is %s", |
| @@ -1259,7 +1254,7 @@ monitor_valid_userblob(u_char *data, u_int datalen) | |||
| 1259 | (len != session_id2_len) || | 1254 | (len != session_id2_len) || |
| 1260 | (timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) | 1255 | (timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) |
| 1261 | fail++; | 1256 | fail++; |
| 1262 | xfree(p); | 1257 | free(p); |
| 1263 | } | 1258 | } |
| 1264 | if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) | 1259 | if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) |
| 1265 | fail++; | 1260 | fail++; |
| @@ -1272,8 +1267,8 @@ monitor_valid_userblob(u_char *data, u_int datalen) | |||
| 1272 | userstyle, p); | 1267 | userstyle, p); |
| 1273 | fail++; | 1268 | fail++; |
| 1274 | } | 1269 | } |
| 1275 | xfree(userstyle); | 1270 | free(userstyle); |
| 1276 | xfree(p); | 1271 | free(p); |
| 1277 | buffer_skip_string(&b); | 1272 | buffer_skip_string(&b); |
| 1278 | if (datafellows & SSH_BUG_PKAUTH) { | 1273 | if (datafellows & SSH_BUG_PKAUTH) { |
| 1279 | if (!buffer_get_char(&b)) | 1274 | if (!buffer_get_char(&b)) |
| @@ -1282,7 +1277,7 @@ monitor_valid_userblob(u_char *data, u_int datalen) | |||
| 1282 | p = buffer_get_cstring(&b, NULL); | 1277 | p = buffer_get_cstring(&b, NULL); |
| 1283 | if (strcmp("publickey", p) != 0) | 1278 | if (strcmp("publickey", p) != 0) |
| 1284 | fail++; | 1279 | fail++; |
| 1285 | xfree(p); | 1280 | free(p); |
| 1286 | if (!buffer_get_char(&b)) | 1281 | if (!buffer_get_char(&b)) |
| 1287 | fail++; | 1282 | fail++; |
| 1288 | buffer_skip_string(&b); | 1283 | buffer_skip_string(&b); |
| @@ -1311,7 +1306,7 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser, | |||
| 1311 | (len != session_id2_len) || | 1306 | (len != session_id2_len) || |
| 1312 | (timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) | 1307 | (timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) |
| 1313 | fail++; | 1308 | fail++; |
| 1314 | xfree(p); | 1309 | free(p); |
| 1315 | 1310 | ||
| 1316 | if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) | 1311 | if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) |
| 1317 | fail++; | 1312 | fail++; |
| @@ -1325,12 +1320,12 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser, | |||
| 1325 | fail++; | 1320 | fail++; |
| 1326 | } | 1321 | } |
| 1327 | free(userstyle); | 1322 | free(userstyle); |
| 1328 | xfree(p); | 1323 | free(p); |
| 1329 | buffer_skip_string(&b); /* service */ | 1324 | buffer_skip_string(&b); /* service */ |
| 1330 | p = buffer_get_cstring(&b, NULL); | 1325 | p = buffer_get_cstring(&b, NULL); |
| 1331 | if (strcmp(p, "hostbased") != 0) | 1326 | if (strcmp(p, "hostbased") != 0) |
| 1332 | fail++; | 1327 | fail++; |
| 1333 | xfree(p); | 1328 | free(p); |
| 1334 | buffer_skip_string(&b); /* pkalg */ | 1329 | buffer_skip_string(&b); /* pkalg */ |
| 1335 | buffer_skip_string(&b); /* pkblob */ | 1330 | buffer_skip_string(&b); /* pkblob */ |
| 1336 | 1331 | ||
| @@ -1340,13 +1335,13 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser, | |||
| 1340 | p[len - 1] = '\0'; | 1335 | p[len - 1] = '\0'; |
| 1341 | if (strcmp(p, chost) != 0) | 1336 | if (strcmp(p, chost) != 0) |
| 1342 | fail++; | 1337 | fail++; |
| 1343 | xfree(p); | 1338 | free(p); |
| 1344 | 1339 | ||
| 1345 | /* verify client user */ | 1340 | /* verify client user */ |
| 1346 | p = buffer_get_string(&b, NULL); | 1341 | p = buffer_get_string(&b, NULL); |
| 1347 | if (strcmp(p, cuser) != 0) | 1342 | if (strcmp(p, cuser) != 0) |
| 1348 | fail++; | 1343 | fail++; |
| 1349 | xfree(p); | 1344 | free(p); |
| 1350 | 1345 | ||
| 1351 | if (buffer_len(&b) != 0) | 1346 | if (buffer_len(&b) != 0) |
| 1352 | fail++; | 1347 | fail++; |
| @@ -1395,9 +1390,9 @@ mm_answer_keyverify(int sock, Buffer *m) | |||
| 1395 | __func__, key, (verified == 1) ? "verified" : "unverified"); | 1390 | __func__, key, (verified == 1) ? "verified" : "unverified"); |
| 1396 | 1391 | ||
| 1397 | key_free(key); | 1392 | key_free(key); |
| 1398 | xfree(blob); | 1393 | free(blob); |
| 1399 | xfree(signature); | 1394 | free(signature); |
| 1400 | xfree(data); | 1395 | free(data); |
| 1401 | 1396 | ||
| 1402 | auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased"; | 1397 | auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased"; |
| 1403 | 1398 | ||
| @@ -1525,7 +1520,7 @@ mm_answer_pty_cleanup(int sock, Buffer *m) | |||
| 1525 | if ((s = session_by_tty(tty)) != NULL) | 1520 | if ((s = session_by_tty(tty)) != NULL) |
| 1526 | mm_session_close(s); | 1521 | mm_session_close(s); |
| 1527 | buffer_clear(m); | 1522 | buffer_clear(m); |
| 1528 | xfree(tty); | 1523 | free(tty); |
| 1529 | return (0); | 1524 | return (0); |
| 1530 | } | 1525 | } |
| 1531 | 1526 | ||
| @@ -1657,7 +1652,7 @@ mm_answer_rsa_challenge(int sock, Buffer *m) | |||
| 1657 | 1652 | ||
| 1658 | monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 1); | 1653 | monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 1); |
| 1659 | 1654 | ||
| 1660 | xfree(blob); | 1655 | free(blob); |
| 1661 | key_free(key); | 1656 | key_free(key); |
| 1662 | return (0); | 1657 | return (0); |
| 1663 | } | 1658 | } |
| @@ -1689,9 +1684,9 @@ mm_answer_rsa_response(int sock, Buffer *m) | |||
| 1689 | fatal("%s: received bad response to challenge", __func__); | 1684 | fatal("%s: received bad response to challenge", __func__); |
| 1690 | success = auth_rsa_verify_response(key, ssh1_challenge, response); | 1685 | success = auth_rsa_verify_response(key, ssh1_challenge, response); |
| 1691 | 1686 | ||
| 1692 | xfree(blob); | 1687 | free(blob); |
| 1693 | key_free(key); | 1688 | key_free(key); |
| 1694 | xfree(response); | 1689 | free(response); |
| 1695 | 1690 | ||
| 1696 | auth_method = key_blobtype == MM_RSAUSERKEY ? "rsa" : "rhosts-rsa"; | 1691 | auth_method = key_blobtype == MM_RSAUSERKEY ? "rsa" : "rhosts-rsa"; |
| 1697 | 1692 | ||
| @@ -1785,20 +1780,20 @@ monitor_apply_keystate(struct monitor *pmonitor) | |||
| 1785 | packet_set_protocol_flags(child_state.ssh1protoflags); | 1780 | packet_set_protocol_flags(child_state.ssh1protoflags); |
| 1786 | packet_set_encryption_key(child_state.ssh1key, | 1781 | packet_set_encryption_key(child_state.ssh1key, |
| 1787 | child_state.ssh1keylen, child_state.ssh1cipher); | 1782 | child_state.ssh1keylen, child_state.ssh1cipher); |
| 1788 | xfree(child_state.ssh1key); | 1783 | free(child_state.ssh1key); |
| 1789 | } | 1784 | } |
| 1790 | 1785 | ||
| 1791 | /* for rc4 and other stateful ciphers */ | 1786 | /* for rc4 and other stateful ciphers */ |
| 1792 | packet_set_keycontext(MODE_OUT, child_state.keyout); | 1787 | packet_set_keycontext(MODE_OUT, child_state.keyout); |
| 1793 | xfree(child_state.keyout); | 1788 | free(child_state.keyout); |
| 1794 | packet_set_keycontext(MODE_IN, child_state.keyin); | 1789 | packet_set_keycontext(MODE_IN, child_state.keyin); |
| 1795 | xfree(child_state.keyin); | 1790 | free(child_state.keyin); |
| 1796 | 1791 | ||
| 1797 | if (!compat20) { | 1792 | if (!compat20) { |
| 1798 | packet_set_iv(MODE_OUT, child_state.ivout); | 1793 | packet_set_iv(MODE_OUT, child_state.ivout); |
| 1799 | xfree(child_state.ivout); | 1794 | free(child_state.ivout); |
| 1800 | packet_set_iv(MODE_IN, child_state.ivin); | 1795 | packet_set_iv(MODE_IN, child_state.ivin); |
| 1801 | xfree(child_state.ivin); | 1796 | free(child_state.ivin); |
| 1802 | } | 1797 | } |
| 1803 | 1798 | ||
| 1804 | memcpy(&incoming_stream, &child_state.incoming, | 1799 | memcpy(&incoming_stream, &child_state.incoming, |
| @@ -1819,13 +1814,13 @@ monitor_apply_keystate(struct monitor *pmonitor) | |||
| 1819 | buffer_clear(packet_get_input()); | 1814 | buffer_clear(packet_get_input()); |
| 1820 | buffer_append(packet_get_input(), child_state.input, child_state.ilen); | 1815 | buffer_append(packet_get_input(), child_state.input, child_state.ilen); |
| 1821 | memset(child_state.input, 0, child_state.ilen); | 1816 | memset(child_state.input, 0, child_state.ilen); |
| 1822 | xfree(child_state.input); | 1817 | free(child_state.input); |
| 1823 | 1818 | ||
| 1824 | buffer_clear(packet_get_output()); | 1819 | buffer_clear(packet_get_output()); |
| 1825 | buffer_append(packet_get_output(), child_state.output, | 1820 | buffer_append(packet_get_output(), child_state.output, |
| 1826 | child_state.olen); | 1821 | child_state.olen); |
| 1827 | memset(child_state.output, 0, child_state.olen); | 1822 | memset(child_state.output, 0, child_state.olen); |
| 1828 | xfree(child_state.output); | 1823 | free(child_state.output); |
| 1829 | 1824 | ||
| 1830 | /* Roaming */ | 1825 | /* Roaming */ |
| 1831 | if (compat20) | 1826 | if (compat20) |
| @@ -1857,11 +1852,11 @@ mm_get_kex(Buffer *m) | |||
| 1857 | blob = buffer_get_string(m, &bloblen); | 1852 | blob = buffer_get_string(m, &bloblen); |
| 1858 | buffer_init(&kex->my); | 1853 | buffer_init(&kex->my); |
| 1859 | buffer_append(&kex->my, blob, bloblen); | 1854 | buffer_append(&kex->my, blob, bloblen); |
| 1860 | xfree(blob); | 1855 | free(blob); |
| 1861 | blob = buffer_get_string(m, &bloblen); | 1856 | blob = buffer_get_string(m, &bloblen); |
| 1862 | buffer_init(&kex->peer); | 1857 | buffer_init(&kex->peer); |
| 1863 | buffer_append(&kex->peer, blob, bloblen); | 1858 | buffer_append(&kex->peer, blob, bloblen); |
| 1864 | xfree(blob); | 1859 | free(blob); |
| 1865 | kex->done = 1; | 1860 | kex->done = 1; |
| 1866 | kex->flags = buffer_get_int(m); | 1861 | kex->flags = buffer_get_int(m); |
| 1867 | kex->client_version_string = buffer_get_string(m, NULL); | 1862 | kex->client_version_string = buffer_get_string(m, NULL); |
| @@ -1904,12 +1899,12 @@ mm_get_keystate(struct monitor *pmonitor) | |||
| 1904 | 1899 | ||
| 1905 | blob = buffer_get_string(&m, &bloblen); | 1900 | blob = buffer_get_string(&m, &bloblen); |
| 1906 | current_keys[MODE_OUT] = mm_newkeys_from_blob(blob, bloblen); | 1901 | current_keys[MODE_OUT] = mm_newkeys_from_blob(blob, bloblen); |
| 1907 | xfree(blob); | 1902 | free(blob); |
| 1908 | 1903 | ||
| 1909 | debug3("%s: Waiting for second key", __func__); | 1904 | debug3("%s: Waiting for second key", __func__); |
| 1910 | blob = buffer_get_string(&m, &bloblen); | 1905 | blob = buffer_get_string(&m, &bloblen); |
| 1911 | current_keys[MODE_IN] = mm_newkeys_from_blob(blob, bloblen); | 1906 | current_keys[MODE_IN] = mm_newkeys_from_blob(blob, bloblen); |
| 1912 | xfree(blob); | 1907 | free(blob); |
| 1913 | 1908 | ||
| 1914 | /* Now get sequence numbers for the packets */ | 1909 | /* Now get sequence numbers for the packets */ |
| 1915 | seqnr = buffer_get_int(&m); | 1910 | seqnr = buffer_get_int(&m); |
| @@ -1934,13 +1929,13 @@ mm_get_keystate(struct monitor *pmonitor) | |||
| 1934 | if (plen != sizeof(child_state.outgoing)) | 1929 | if (plen != sizeof(child_state.outgoing)) |
| 1935 | fatal("%s: bad request size", __func__); | 1930 | fatal("%s: bad request size", __func__); |
| 1936 | memcpy(&child_state.outgoing, p, sizeof(child_state.outgoing)); | 1931 | memcpy(&child_state.outgoing, p, sizeof(child_state.outgoing)); |
| 1937 | xfree(p); | 1932 | free(p); |
| 1938 | 1933 | ||
| 1939 | p = buffer_get_string(&m, &plen); | 1934 | p = buffer_get_string(&m, &plen); |
| 1940 | if (plen != sizeof(child_state.incoming)) | 1935 | if (plen != sizeof(child_state.incoming)) |
| 1941 | fatal("%s: bad request size", __func__); | 1936 | fatal("%s: bad request size", __func__); |
| 1942 | memcpy(&child_state.incoming, p, sizeof(child_state.incoming)); | 1937 | memcpy(&child_state.incoming, p, sizeof(child_state.incoming)); |
| 1943 | xfree(p); | 1938 | free(p); |
| 1944 | 1939 | ||
| 1945 | /* Network I/O buffers */ | 1940 | /* Network I/O buffers */ |
| 1946 | debug3("%s: Getting Network I/O buffers", __func__); | 1941 | debug3("%s: Getting Network I/O buffers", __func__); |
| @@ -2062,7 +2057,7 @@ mm_answer_gss_setup_ctx(int sock, Buffer *m) | |||
| 2062 | 2057 | ||
| 2063 | major = ssh_gssapi_server_ctx(&gsscontext, &goid); | 2058 | major = ssh_gssapi_server_ctx(&gsscontext, &goid); |
| 2064 | 2059 | ||
| 2065 | xfree(goid.elements); | 2060 | free(goid.elements); |
| 2066 | 2061 | ||
| 2067 | buffer_clear(m); | 2062 | buffer_clear(m); |
| 2068 | buffer_put_int(m, major); | 2063 | buffer_put_int(m, major); |
| @@ -2087,7 +2082,7 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m) | |||
| 2087 | in.value = buffer_get_string(m, &len); | 2082 | in.value = buffer_get_string(m, &len); |
| 2088 | in.length = len; | 2083 | in.length = len; |
| 2089 | major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags); | 2084 | major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags); |
| 2090 | xfree(in.value); | 2085 | free(in.value); |
| 2091 | 2086 | ||
| 2092 | buffer_clear(m); | 2087 | buffer_clear(m); |
| 2093 | buffer_put_int(m, major); | 2088 | buffer_put_int(m, major); |
| @@ -2119,8 +2114,8 @@ mm_answer_gss_checkmic(int sock, Buffer *m) | |||
| 2119 | 2114 | ||
| 2120 | ret = ssh_gssapi_checkmic(gsscontext, &gssbuf, &mic); | 2115 | ret = ssh_gssapi_checkmic(gsscontext, &gssbuf, &mic); |
| 2121 | 2116 | ||
| 2122 | xfree(gssbuf.value); | 2117 | free(gssbuf.value); |
| 2123 | xfree(mic.value); | 2118 | free(mic.value); |
| 2124 | 2119 | ||
| 2125 | buffer_clear(m); | 2120 | buffer_clear(m); |
| 2126 | buffer_put_int(m, ret); | 2121 | buffer_put_int(m, ret); |
| @@ -2190,8 +2185,8 @@ mm_answer_jpake_step1(int sock, Buffer *m) | |||
| 2190 | 2185 | ||
| 2191 | bzero(x3_proof, x3_proof_len); | 2186 | bzero(x3_proof, x3_proof_len); |
| 2192 | bzero(x4_proof, x4_proof_len); | 2187 | bzero(x4_proof, x4_proof_len); |
| 2193 | xfree(x3_proof); | 2188 | free(x3_proof); |
| 2194 | xfree(x4_proof); | 2189 | free(x4_proof); |
| 2195 | 2190 | ||
| 2196 | monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_GET_PWDATA, 1); | 2191 | monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_GET_PWDATA, 1); |
| 2197 | monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP1, 0); | 2192 | monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP1, 0); |
| @@ -2220,8 +2215,8 @@ mm_answer_jpake_get_pwdata(int sock, Buffer *m) | |||
| 2220 | 2215 | ||
| 2221 | bzero(hash_scheme, strlen(hash_scheme)); | 2216 | bzero(hash_scheme, strlen(hash_scheme)); |
| 2222 | bzero(salt, strlen(salt)); | 2217 | bzero(salt, strlen(salt)); |
| 2223 | xfree(hash_scheme); | 2218 | free(hash_scheme); |
| 2224 | xfree(salt); | 2219 | free(salt); |
| 2225 | 2220 | ||
| 2226 | monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP2, 1); | 2221 | monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP2, 1); |
| 2227 | 2222 | ||
| @@ -2260,8 +2255,8 @@ mm_answer_jpake_step2(int sock, Buffer *m) | |||
| 2260 | 2255 | ||
| 2261 | bzero(x1_proof, x1_proof_len); | 2256 | bzero(x1_proof, x1_proof_len); |
| 2262 | bzero(x2_proof, x2_proof_len); | 2257 | bzero(x2_proof, x2_proof_len); |
| 2263 | xfree(x1_proof); | 2258 | free(x1_proof); |
| 2264 | xfree(x2_proof); | 2259 | free(x2_proof); |
| 2265 | 2260 | ||
| 2266 | buffer_clear(m); | 2261 | buffer_clear(m); |
| 2267 | 2262 | ||
| @@ -2272,7 +2267,7 @@ mm_answer_jpake_step2(int sock, Buffer *m) | |||
| 2272 | mm_request_send(sock, MONITOR_ANS_JPAKE_STEP2, m); | 2267 | mm_request_send(sock, MONITOR_ANS_JPAKE_STEP2, m); |
| 2273 | 2268 | ||
| 2274 | bzero(x4_s_proof, x4_s_proof_len); | 2269 | bzero(x4_s_proof, x4_s_proof_len); |
| 2275 | xfree(x4_s_proof); | 2270 | free(x4_s_proof); |
| 2276 | 2271 | ||
| 2277 | monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_KEY_CONFIRM, 1); | 2272 | monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_KEY_CONFIRM, 1); |
| 2278 | 2273 | ||
| @@ -2340,7 +2335,7 @@ mm_answer_jpake_check_confirm(int sock, Buffer *m) | |||
| 2340 | JPAKE_DEBUG_CTX((pctx, "check_confirm done in %s", __func__)); | 2335 | JPAKE_DEBUG_CTX((pctx, "check_confirm done in %s", __func__)); |
| 2341 | 2336 | ||
| 2342 | bzero(peer_confirm_hash, peer_confirm_hash_len); | 2337 | bzero(peer_confirm_hash, peer_confirm_hash_len); |
| 2343 | xfree(peer_confirm_hash); | 2338 | free(peer_confirm_hash); |
| 2344 | 2339 | ||
| 2345 | buffer_clear(m); | 2340 | buffer_clear(m); |
| 2346 | buffer_put_int(m, authenticated); | 2341 | buffer_put_int(m, authenticated); |