diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2013-06-02 07:31:17 +1000 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2013-06-02 07:31:17 +1000 |
| commit | a627d42e51ffa71e014d7b2d2c07118122fd3ec3 (patch) | |
| tree | 7bda769de81f509e28d800916fa20abd37906d79 /mux.c | |
| parent | c7aad0058c957afeb26a3f703e8cb0eddeb62365 (diff) | |
- djm@cvs.openbsd.org 2013/05/17 00:13:13
[xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
dns.c packet.c readpass.c authfd.c moduli.c]
bye, bye xfree(); ok markus@
Diffstat (limited to 'mux.c')
| -rw-r--r-- | mux.c | 122 |
1 files changed, 52 insertions, 70 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: mux.c,v 1.40 2013/04/22 01:17:18 dtucker Exp $ */ | 1 | /* $OpenBSD: mux.c,v 1.41 2013/05/17 00:13:13 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org> | 3 | * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org> |
| 4 | * | 4 | * |
| @@ -287,13 +287,12 @@ process_mux_master_hello(u_int rid, Channel *c, Buffer *m, Buffer *r) | |||
| 287 | char *value = buffer_get_string_ret(m, NULL); | 287 | char *value = buffer_get_string_ret(m, NULL); |
| 288 | 288 | ||
| 289 | if (name == NULL || value == NULL) { | 289 | if (name == NULL || value == NULL) { |
| 290 | if (name != NULL) | 290 | free(name); |
| 291 | xfree(name); | ||
| 292 | goto malf; | 291 | goto malf; |
| 293 | } | 292 | } |
| 294 | debug2("Unrecognised slave extension \"%s\"", name); | 293 | debug2("Unrecognised slave extension \"%s\"", name); |
| 295 | xfree(name); | 294 | free(name); |
| 296 | xfree(value); | 295 | free(value); |
| 297 | } | 296 | } |
| 298 | state->hello_rcvd = 1; | 297 | state->hello_rcvd = 1; |
| 299 | return 0; | 298 | return 0; |
| @@ -324,21 +323,17 @@ process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r) | |||
| 324 | (cctx->term = buffer_get_string_ret(m, &len)) == NULL || | 323 | (cctx->term = buffer_get_string_ret(m, &len)) == NULL || |
| 325 | (cmd = buffer_get_string_ret(m, &len)) == NULL) { | 324 | (cmd = buffer_get_string_ret(m, &len)) == NULL) { |
| 326 | malf: | 325 | malf: |
| 327 | if (cmd != NULL) | 326 | free(cmd); |
| 328 | xfree(cmd); | 327 | free(reserved); |
| 329 | if (reserved != NULL) | ||
| 330 | xfree(reserved); | ||
| 331 | for (j = 0; j < env_len; j++) | 328 | for (j = 0; j < env_len; j++) |
| 332 | xfree(cctx->env[j]); | 329 | free(cctx->env[j]); |
| 333 | if (env_len > 0) | 330 | free(cctx->env); |
| 334 | xfree(cctx->env); | 331 | free(cctx->term); |
| 335 | if (cctx->term != NULL) | 332 | free(cctx); |
| 336 | xfree(cctx->term); | ||
| 337 | xfree(cctx); | ||
| 338 | error("%s: malformed message", __func__); | 333 | error("%s: malformed message", __func__); |
| 339 | return -1; | 334 | return -1; |
| 340 | } | 335 | } |
| 341 | xfree(reserved); | 336 | free(reserved); |
| 342 | reserved = NULL; | 337 | reserved = NULL; |
| 343 | 338 | ||
| 344 | while (buffer_len(m) > 0) { | 339 | while (buffer_len(m) > 0) { |
| @@ -346,7 +341,7 @@ process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r) | |||
| 346 | if ((cp = buffer_get_string_ret(m, &len)) == NULL) | 341 | if ((cp = buffer_get_string_ret(m, &len)) == NULL) |
| 347 | goto malf; | 342 | goto malf; |
| 348 | if (!env_permitted(cp)) { | 343 | if (!env_permitted(cp)) { |
| 349 | xfree(cp); | 344 | free(cp); |
| 350 | continue; | 345 | continue; |
| 351 | } | 346 | } |
| 352 | cctx->env = xrealloc(cctx->env, env_len + 2, | 347 | cctx->env = xrealloc(cctx->env, env_len + 2, |
| @@ -367,7 +362,7 @@ process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r) | |||
| 367 | 362 | ||
| 368 | buffer_init(&cctx->cmd); | 363 | buffer_init(&cctx->cmd); |
| 369 | buffer_append(&cctx->cmd, cmd, strlen(cmd)); | 364 | buffer_append(&cctx->cmd, cmd, strlen(cmd)); |
| 370 | xfree(cmd); | 365 | free(cmd); |
| 371 | cmd = NULL; | 366 | cmd = NULL; |
| 372 | 367 | ||
| 373 | /* Gather fds from client */ | 368 | /* Gather fds from client */ |
| @@ -378,12 +373,11 @@ process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r) | |||
| 378 | for (j = 0; j < i; j++) | 373 | for (j = 0; j < i; j++) |
| 379 | close(new_fd[j]); | 374 | close(new_fd[j]); |
| 380 | for (j = 0; j < env_len; j++) | 375 | for (j = 0; j < env_len; j++) |
| 381 | xfree(cctx->env[j]); | 376 | free(cctx->env[j]); |
| 382 | if (env_len > 0) | 377 | free(cctx->env); |
| 383 | xfree(cctx->env); | 378 | free(cctx->term); |
| 384 | xfree(cctx->term); | ||
| 385 | buffer_free(&cctx->cmd); | 379 | buffer_free(&cctx->cmd); |
| 386 | xfree(cctx); | 380 | free(cctx); |
| 387 | 381 | ||
| 388 | /* prepare reply */ | 382 | /* prepare reply */ |
| 389 | buffer_put_int(r, MUX_S_FAILURE); | 383 | buffer_put_int(r, MUX_S_FAILURE); |
| @@ -408,14 +402,14 @@ process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r) | |||
| 408 | close(new_fd[0]); | 402 | close(new_fd[0]); |
| 409 | close(new_fd[1]); | 403 | close(new_fd[1]); |
| 410 | close(new_fd[2]); | 404 | close(new_fd[2]); |
| 411 | xfree(cctx->term); | 405 | free(cctx->term); |
| 412 | if (env_len != 0) { | 406 | if (env_len != 0) { |
| 413 | for (i = 0; i < env_len; i++) | 407 | for (i = 0; i < env_len; i++) |
| 414 | xfree(cctx->env[i]); | 408 | free(cctx->env[i]); |
| 415 | xfree(cctx->env); | 409 | free(cctx->env); |
| 416 | } | 410 | } |
| 417 | buffer_free(&cctx->cmd); | 411 | buffer_free(&cctx->cmd); |
| 418 | xfree(cctx); | 412 | free(cctx); |
| 419 | return 0; | 413 | return 0; |
| 420 | } | 414 | } |
| 421 | 415 | ||
| @@ -620,7 +614,7 @@ mux_confirm_remote_forward(int type, u_int32_t seq, void *ctxt) | |||
| 620 | buffer_put_int(&out, MUX_S_FAILURE); | 614 | buffer_put_int(&out, MUX_S_FAILURE); |
| 621 | buffer_put_int(&out, fctx->rid); | 615 | buffer_put_int(&out, fctx->rid); |
| 622 | buffer_put_cstring(&out, failmsg); | 616 | buffer_put_cstring(&out, failmsg); |
| 623 | xfree(failmsg); | 617 | free(failmsg); |
| 624 | out: | 618 | out: |
| 625 | buffer_put_string(&c->output, buffer_ptr(&out), buffer_len(&out)); | 619 | buffer_put_string(&c->output, buffer_ptr(&out), buffer_len(&out)); |
| 626 | buffer_free(&out); | 620 | buffer_free(&out); |
| @@ -649,11 +643,11 @@ process_mux_open_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) | |||
| 649 | } | 643 | } |
| 650 | 644 | ||
| 651 | if (*fwd.listen_host == '\0') { | 645 | if (*fwd.listen_host == '\0') { |
| 652 | xfree(fwd.listen_host); | 646 | free(fwd.listen_host); |
| 653 | fwd.listen_host = NULL; | 647 | fwd.listen_host = NULL; |
| 654 | } | 648 | } |
| 655 | if (*fwd.connect_host == '\0') { | 649 | if (*fwd.connect_host == '\0') { |
| 656 | xfree(fwd.connect_host); | 650 | free(fwd.connect_host); |
| 657 | fwd.connect_host = NULL; | 651 | fwd.connect_host = NULL; |
| 658 | } | 652 | } |
| 659 | 653 | ||
| @@ -664,10 +658,8 @@ process_mux_open_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) | |||
| 664 | ftype != MUX_FWD_DYNAMIC) { | 658 | ftype != MUX_FWD_DYNAMIC) { |
| 665 | logit("%s: invalid forwarding type %u", __func__, ftype); | 659 | logit("%s: invalid forwarding type %u", __func__, ftype); |
| 666 | invalid: | 660 | invalid: |
| 667 | if (fwd.listen_host) | 661 | free(fwd.listen_host); |
| 668 | xfree(fwd.listen_host); | 662 | free(fwd.connect_host); |
| 669 | if (fwd.connect_host) | ||
| 670 | xfree(fwd.connect_host); | ||
| 671 | buffer_put_int(r, MUX_S_FAILURE); | 663 | buffer_put_int(r, MUX_S_FAILURE); |
| 672 | buffer_put_int(r, rid); | 664 | buffer_put_int(r, rid); |
| 673 | buffer_put_cstring(r, "Invalid forwarding request"); | 665 | buffer_put_cstring(r, "Invalid forwarding request"); |
| @@ -769,13 +761,10 @@ process_mux_open_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) | |||
| 769 | buffer_put_int(r, MUX_S_OK); | 761 | buffer_put_int(r, MUX_S_OK); |
| 770 | buffer_put_int(r, rid); | 762 | buffer_put_int(r, rid); |
| 771 | out: | 763 | out: |
| 772 | if (fwd_desc != NULL) | 764 | free(fwd_desc); |
| 773 | xfree(fwd_desc); | ||
| 774 | if (freefwd) { | 765 | if (freefwd) { |
| 775 | if (fwd.listen_host != NULL) | 766 | free(fwd.listen_host); |
| 776 | xfree(fwd.listen_host); | 767 | free(fwd.connect_host); |
| 777 | if (fwd.connect_host != NULL) | ||
| 778 | xfree(fwd.connect_host); | ||
| 779 | } | 768 | } |
| 780 | return ret; | 769 | return ret; |
| 781 | } | 770 | } |
| @@ -801,11 +790,11 @@ process_mux_close_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) | |||
| 801 | } | 790 | } |
| 802 | 791 | ||
| 803 | if (*fwd.listen_host == '\0') { | 792 | if (*fwd.listen_host == '\0') { |
| 804 | xfree(fwd.listen_host); | 793 | free(fwd.listen_host); |
| 805 | fwd.listen_host = NULL; | 794 | fwd.listen_host = NULL; |
| 806 | } | 795 | } |
| 807 | if (*fwd.connect_host == '\0') { | 796 | if (*fwd.connect_host == '\0') { |
| 808 | xfree(fwd.connect_host); | 797 | free(fwd.connect_host); |
| 809 | fwd.connect_host = NULL; | 798 | fwd.connect_host = NULL; |
| 810 | } | 799 | } |
| 811 | 800 | ||
| @@ -862,10 +851,8 @@ process_mux_close_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) | |||
| 862 | buffer_put_int(r, MUX_S_OK); | 851 | buffer_put_int(r, MUX_S_OK); |
| 863 | buffer_put_int(r, rid); | 852 | buffer_put_int(r, rid); |
| 864 | 853 | ||
| 865 | if (found_fwd->listen_host != NULL) | 854 | free(found_fwd->listen_host); |
| 866 | xfree(found_fwd->listen_host); | 855 | free(found_fwd->connect_host); |
| 867 | if (found_fwd->connect_host != NULL) | ||
| 868 | xfree(found_fwd->connect_host); | ||
| 869 | found_fwd->listen_host = found_fwd->connect_host = NULL; | 856 | found_fwd->listen_host = found_fwd->connect_host = NULL; |
| 870 | found_fwd->listen_port = found_fwd->connect_port = 0; | 857 | found_fwd->listen_port = found_fwd->connect_port = 0; |
| 871 | } else { | 858 | } else { |
| @@ -874,12 +861,9 @@ process_mux_close_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) | |||
| 874 | buffer_put_cstring(r, error_reason); | 861 | buffer_put_cstring(r, error_reason); |
| 875 | } | 862 | } |
| 876 | out: | 863 | out: |
| 877 | if (fwd_desc != NULL) | 864 | free(fwd_desc); |
| 878 | xfree(fwd_desc); | 865 | free(fwd.listen_host); |
| 879 | if (fwd.listen_host != NULL) | 866 | free(fwd.connect_host); |
| 880 | xfree(fwd.listen_host); | ||
| 881 | if (fwd.connect_host != NULL) | ||
| 882 | xfree(fwd.connect_host); | ||
| 883 | 867 | ||
| 884 | return ret; | 868 | return ret; |
| 885 | } | 869 | } |
| @@ -896,14 +880,12 @@ process_mux_stdio_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) | |||
| 896 | if ((reserved = buffer_get_string_ret(m, NULL)) == NULL || | 880 | if ((reserved = buffer_get_string_ret(m, NULL)) == NULL || |
| 897 | (chost = buffer_get_string_ret(m, NULL)) == NULL || | 881 | (chost = buffer_get_string_ret(m, NULL)) == NULL || |
| 898 | buffer_get_int_ret(&cport, m) != 0) { | 882 | buffer_get_int_ret(&cport, m) != 0) { |
| 899 | if (reserved != NULL) | 883 | free(reserved); |
| 900 | xfree(reserved); | 884 | free(chost); |
| 901 | if (chost != NULL) | ||
| 902 | xfree(chost); | ||
| 903 | error("%s: malformed message", __func__); | 885 | error("%s: malformed message", __func__); |
| 904 | return -1; | 886 | return -1; |
| 905 | } | 887 | } |
| 906 | xfree(reserved); | 888 | free(reserved); |
| 907 | 889 | ||
| 908 | debug2("%s: channel %d: request stdio fwd to %s:%u", | 890 | debug2("%s: channel %d: request stdio fwd to %s:%u", |
| 909 | __func__, c->self, chost, cport); | 891 | __func__, c->self, chost, cport); |
| @@ -915,7 +897,7 @@ process_mux_stdio_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) | |||
| 915 | __func__, i); | 897 | __func__, i); |
| 916 | for (j = 0; j < i; j++) | 898 | for (j = 0; j < i; j++) |
| 917 | close(new_fd[j]); | 899 | close(new_fd[j]); |
| 918 | xfree(chost); | 900 | free(chost); |
| 919 | 901 | ||
| 920 | /* prepare reply */ | 902 | /* prepare reply */ |
| 921 | buffer_put_int(r, MUX_S_FAILURE); | 903 | buffer_put_int(r, MUX_S_FAILURE); |
| @@ -939,7 +921,7 @@ process_mux_stdio_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) | |||
| 939 | cleanup: | 921 | cleanup: |
| 940 | close(new_fd[0]); | 922 | close(new_fd[0]); |
| 941 | close(new_fd[1]); | 923 | close(new_fd[1]); |
| 942 | xfree(chost); | 924 | free(chost); |
| 943 | return 0; | 925 | return 0; |
| 944 | } | 926 | } |
| 945 | 927 | ||
| @@ -1001,7 +983,7 @@ process_mux_stop_listening(u_int rid, Channel *c, Buffer *m, Buffer *r) | |||
| 1001 | if (mux_listener_channel != NULL) { | 983 | if (mux_listener_channel != NULL) { |
| 1002 | channel_free(mux_listener_channel); | 984 | channel_free(mux_listener_channel); |
| 1003 | client_stop_mux(); | 985 | client_stop_mux(); |
| 1004 | xfree(options.control_path); | 986 | free(options.control_path); |
| 1005 | options.control_path = NULL; | 987 | options.control_path = NULL; |
| 1006 | mux_listener_channel = NULL; | 988 | mux_listener_channel = NULL; |
| 1007 | muxserver_sock = -1; | 989 | muxserver_sock = -1; |
| @@ -1198,8 +1180,8 @@ muxserver_listen(void) | |||
| 1198 | close(muxserver_sock); | 1180 | close(muxserver_sock); |
| 1199 | muxserver_sock = -1; | 1181 | muxserver_sock = -1; |
| 1200 | } | 1182 | } |
| 1201 | xfree(orig_control_path); | 1183 | free(orig_control_path); |
| 1202 | xfree(options.control_path); | 1184 | free(options.control_path); |
| 1203 | options.control_path = NULL; | 1185 | options.control_path = NULL; |
| 1204 | options.control_master = SSHCTL_MASTER_NO; | 1186 | options.control_master = SSHCTL_MASTER_NO; |
| 1205 | return; | 1187 | return; |
| @@ -1224,7 +1206,7 @@ muxserver_listen(void) | |||
| 1224 | goto disable_mux_master; | 1206 | goto disable_mux_master; |
| 1225 | } | 1207 | } |
| 1226 | unlink(options.control_path); | 1208 | unlink(options.control_path); |
| 1227 | xfree(options.control_path); | 1209 | free(options.control_path); |
| 1228 | options.control_path = orig_control_path; | 1210 | options.control_path = orig_control_path; |
| 1229 | 1211 | ||
| 1230 | set_nonblock(muxserver_sock); | 1212 | set_nonblock(muxserver_sock); |
| @@ -1309,13 +1291,13 @@ mux_session_confirm(int id, int success, void *arg) | |||
| 1309 | cc->mux_pause = 0; /* start processing messages again */ | 1291 | cc->mux_pause = 0; /* start processing messages again */ |
| 1310 | c->open_confirm_ctx = NULL; | 1292 | c->open_confirm_ctx = NULL; |
| 1311 | buffer_free(&cctx->cmd); | 1293 | buffer_free(&cctx->cmd); |
| 1312 | xfree(cctx->term); | 1294 | free(cctx->term); |
| 1313 | if (cctx->env != NULL) { | 1295 | if (cctx->env != NULL) { |
| 1314 | for (i = 0; cctx->env[i] != NULL; i++) | 1296 | for (i = 0; cctx->env[i] != NULL; i++) |
| 1315 | xfree(cctx->env[i]); | 1297 | free(cctx->env[i]); |
| 1316 | xfree(cctx->env); | 1298 | free(cctx->env); |
| 1317 | } | 1299 | } |
| 1318 | xfree(cctx); | 1300 | free(cctx); |
| 1319 | } | 1301 | } |
| 1320 | 1302 | ||
| 1321 | /* ** Multiplexing client support */ | 1303 | /* ** Multiplexing client support */ |
| @@ -1499,8 +1481,8 @@ mux_client_hello_exchange(int fd) | |||
| 1499 | char *value = buffer_get_string(&m, NULL); | 1481 | char *value = buffer_get_string(&m, NULL); |
| 1500 | 1482 | ||
| 1501 | debug2("Unrecognised master extension \"%s\"", name); | 1483 | debug2("Unrecognised master extension \"%s\"", name); |
| 1502 | xfree(name); | 1484 | free(name); |
| 1503 | xfree(value); | 1485 | free(value); |
| 1504 | } | 1486 | } |
| 1505 | buffer_free(&m); | 1487 | buffer_free(&m); |
| 1506 | return 0; | 1488 | return 0; |
| @@ -1609,7 +1591,7 @@ mux_client_forward(int fd, int cancel_flag, u_int ftype, Forward *fwd) | |||
| 1609 | fwd_desc = format_forward(ftype, fwd); | 1591 | fwd_desc = format_forward(ftype, fwd); |
| 1610 | debug("Requesting %s %s", | 1592 | debug("Requesting %s %s", |
| 1611 | cancel_flag ? "cancellation of" : "forwarding of", fwd_desc); | 1593 | cancel_flag ? "cancellation of" : "forwarding of", fwd_desc); |
| 1612 | xfree(fwd_desc); | 1594 | free(fwd_desc); |
| 1613 | 1595 | ||
| 1614 | buffer_init(&m); | 1596 | buffer_init(&m); |
| 1615 | buffer_put_int(&m, cancel_flag ? MUX_C_CLOSE_FWD : MUX_C_OPEN_FWD); | 1597 | buffer_put_int(&m, cancel_flag ? MUX_C_CLOSE_FWD : MUX_C_OPEN_FWD); |