- djm@cvs.openbsd.org 2013/05/17 00:13:13

[xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c dns.c packet.c readpass.c authfd.c moduli.c] bye, bye xfree(); ok markus@
author: Darren Tucker <dtucker@zip.com.au> 2013-06-02 07:31:17 +1000
committer: Darren Tucker <dtucker@zip.com.au> 2013-06-02 07:31:17 +1000
commit: a627d42e51ffa71e014d7b2d2c07118122fd3ec3 (patch)
tree: 7bda769de81f509e28d800916fa20abd37906d79 /sshconnect2.c
parent: c7aad0058c957afeb26a3f703e8cb0eddeb62365 (diff)
1 files changed, 68 insertions, 77 deletions
diff --git a/sshconnect2.c b/sshconnect2.c
index 7b83c591b..19ed3459f 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.196 2013/05/16 02:00:34 dtucker Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.197 2013/05/17 00:13:14 djm Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -146,10 +146,10 @@ order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port)
        if (*first != '\0')
                debug3("%s: prefer hostkeyalgs: %s", __func__, first);
-        xfree(first);
+        free(first);
-        xfree(last);
+        free(last);
-        xfree(hostname);
+        free(hostname);
-        xfree(oavail);
+        free(oavail);
        free_hostkeys(hostkeys);
        return ret;
@@ -384,7 +384,7 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host,
        if (packet_remaining() > 0) {
                char *reply = packet_get_string(NULL);
                debug2("service_accept: %s", reply);
-                xfree(reply);
+                free(reply);
        } else {
                debug2("buggy server: service_accept w/o service");
        }
@@ -431,15 +431,12 @@ userauth(Authctxt *authctxt, char *authlist)
        if (authctxt->method != NULL && authctxt->method->cleanup != NULL)
                authctxt->method->cleanup(authctxt);
-        if (authctxt->methoddata) {
+        free(authctxt->methoddata);
-                xfree(authctxt->methoddata);
+        authctxt->methoddata = NULL;
-                authctxt->methoddata = NULL;
-        }
        if (authlist == NULL) {
                authlist = authctxt->authlist;
        } else {
-                if (authctxt->authlist)
+                free(authctxt->authlist);
-                        xfree(authctxt->authlist);
                authctxt->authlist = authlist;
        }
        for (;;) {
@@ -487,10 +484,10 @@ input_userauth_banner(int type, u_int32_t seq, void *ctxt)
                msg = xmalloc(len * 4 + 1); /* max expansion from strnvis() */
                strnvis(msg, raw, len * 4 + 1, VIS_SAFE|VIS_OCTAL|VIS_NOSLASH);
                fprintf(stderr, "%s", msg);
-                xfree(msg);
+                free(msg);
        }
-        xfree(raw);
+        free(raw);
-        xfree(lang);
+        free(lang);
 }
 /* ARGSUSED */
@@ -501,16 +498,12 @@ input_userauth_success(int type, u_int32_t seq, void *ctxt)
        if (authctxt == NULL)
                fatal("input_userauth_success: no authentication context");
-        if (authctxt->authlist) {
+        free(authctxt->authlist);
-                xfree(authctxt->authlist);
+        authctxt->authlist = NULL;
-                authctxt->authlist = NULL;
-        }
        if (authctxt->method != NULL && authctxt->method->cleanup != NULL)
                authctxt->method->cleanup(authctxt);
-        if (authctxt->methoddata) {
+        free(authctxt->methoddata);
-                xfree(authctxt->methoddata);
+        authctxt->methoddata = NULL;
-                authctxt->methoddata = NULL;
-        }
        authctxt->success = 1;                  /* break out */
 }
@@ -599,7 +592,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt)
        }
        fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
        debug2("input_userauth_pk_ok: fp %s", fp);
-        xfree(fp);
+        free(fp);
        /*
         * search keys in the reverse order, because last candidate has been
@@ -615,8 +608,8 @@ input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt)
 done:
        if (key != NULL)
                key_free(key);
-        xfree(pkalg);
+        free(pkalg);
-        xfree(pkblob);
+        free(pkblob);
        /* try another method if we did not send a packet */
        if (sent == 0)
@@ -754,7 +747,7 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt)
        if (oidlen <= 2 ||
            oidv[0] != SSH_GSS_OIDTYPE ||
            oidv[1] != oidlen - 2) {
-                xfree(oidv);
+                free(oidv);
                debug("Badly encoded mechanism OID received");
                userauth(authctxt, NULL);
                return;
@@ -765,7 +758,7 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt)
        packet_check_eom();
-        xfree(oidv);
+        free(oidv);
        if (GSS_ERROR(process_gssapi_token(ctxt, GSS_C_NO_BUFFER))) {
                /* Start again with next method on list */
@@ -794,7 +787,7 @@ input_gssapi_token(int type, u_int32_t plen, void *ctxt)
        status = process_gssapi_token(ctxt, &recv_tok);
-        xfree(recv_tok.value);
+        free(recv_tok.value);
        if (GSS_ERROR(status)) {
                /* Start again with the next method in the list */
@@ -827,7 +820,7 @@ input_gssapi_errtok(int type, u_int32_t plen, void *ctxt)
        (void)ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds,
            &recv_tok, &send_tok, NULL);
-        xfree(recv_tok.value);
+        free(recv_tok.value);
        gss_release_buffer(&ms, &send_tok);
        /* Server will be returning a failed packet after this one */
@@ -848,8 +841,8 @@ input_gssapi_error(int type, u_int32_t plen, void *ctxt)
        packet_check_eom();
        debug("Server GSSAPI Error:\n%s", msg);
-        xfree(msg);
+        free(msg);
-        xfree(lang);
+        free(lang);
 }
 #endif /* GSSAPI */
@@ -890,7 +883,7 @@ userauth_passwd(Authctxt *authctxt)
        packet_put_char(0);
        packet_put_cstring(password);
        memset(password, 0, strlen(password));
-        xfree(password);
+        free(password);
        packet_add_padding(64);
        packet_send();
@@ -923,8 +916,8 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt)
        lang = packet_get_string(NULL);
        if (strlen(info) > 0)
                logit("%s", info);
-        xfree(info);
+        free(info);
-        xfree(lang);
+        free(lang);
        packet_start(SSH2_MSG_USERAUTH_REQUEST);
        packet_put_cstring(authctxt->server_user);
        packet_put_cstring(authctxt->service);
@@ -936,7 +929,7 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt)
        password = read_passphrase(prompt, 0);
        packet_put_cstring(password);
        memset(password, 0, strlen(password));
-        xfree(password);
+        free(password);
        password = NULL;
        while (password == NULL) {
                snprintf(prompt, sizeof(prompt),
@@ -953,16 +946,16 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt)
                retype = read_passphrase(prompt, 0);
                if (strcmp(password, retype) != 0) {
                        memset(password, 0, strlen(password));
-                        xfree(password);
+                        free(password);
                        logit("Mismatch; try again, EOF to quit.");
                        password = NULL;
                }
                memset(retype, 0, strlen(retype));
-                xfree(retype);
+                free(retype);
        }
        packet_put_cstring(password);
        memset(password, 0, strlen(password));
-        xfree(password);
+        free(password);
        packet_add_padding(64);
        packet_send();
@@ -1017,13 +1010,13 @@ jpake_password_to_secret(Authctxt *authctxt, const char *crypt_scheme,
        bzero(password, strlen(password));
        bzero(crypted, strlen(crypted));
-        xfree(password);
+        free(password);
-        xfree(crypted);
+        free(crypted);
        if ((ret = BN_bin2bn(secret, secret_len, NULL)) == NULL)
                fatal("%s: BN_bin2bn (secret)", __func__);
        bzero(secret, secret_len);
-        xfree(secret);
+        free(secret);
        return ret;
 }
@@ -1061,8 +1054,8 @@ input_userauth_jpake_server_step1(int type, u_int32_t seq, void *ctxt)
        pctx->s = jpake_password_to_secret(authctxt, crypt_scheme, salt);
        bzero(crypt_scheme, strlen(crypt_scheme));
        bzero(salt, strlen(salt));
-        xfree(crypt_scheme);
+        free(crypt_scheme);
-        xfree(salt);
+        free(salt);
        JPAKE_DEBUG_BN((pctx->s, "%s: s = ", __func__));
        /* Calculate step 2 values */
@@ -1077,8 +1070,8 @@ input_userauth_jpake_server_step1(int type, u_int32_t seq, void *ctxt)
        bzero(x3_proof, x3_proof_len);
        bzero(x4_proof, x4_proof_len);
-        xfree(x3_proof);
+        free(x3_proof);
-        xfree(x4_proof);
+        free(x4_proof);
        JPAKE_DEBUG_CTX((pctx, "step 2 sending in %s", __func__));
@@ -1089,7 +1082,7 @@ input_userauth_jpake_server_step1(int type, u_int32_t seq, void *ctxt)
        packet_send();
        bzero(x2_s_proof, x2_s_proof_len);
-        xfree(x2_s_proof);
+        free(x2_s_proof);
        /* Expect step 2 packet from peer */
        dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP2,
@@ -1129,7 +1122,7 @@ input_userauth_jpake_server_step2(int type, u_int32_t seq, void *ctxt)
            &pctx->h_k_cid_sessid, &pctx->h_k_cid_sessid_len);
        bzero(x4_s_proof, x4_s_proof_len);
-        xfree(x4_s_proof);
+        free(x4_s_proof);
        JPAKE_DEBUG_CTX((pctx, "confirm sending in %s", __func__));
@@ -1211,7 +1204,7 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
        fp = key_fingerprint(id->key, SSH_FP_MD5, SSH_FP_HEX);
        debug3("sign_and_send_pubkey: %s %s", key_type(id->key), fp);
-        xfree(fp);
+        free(fp);
        if (key_to_blob(id->key, &blob, &bloblen) == 0) {
                /* we cannot handle this key */
@@ -1246,7 +1239,7 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
        ret = identity_sign(id, &signature, &slen,
            buffer_ptr(&b), buffer_len(&b));
        if (ret == -1) {
-                xfree(blob);
+                free(blob);
                buffer_free(&b);
                return 0;
        }
@@ -1266,11 +1259,11 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
                        buffer_put_cstring(&b, key_ssh_name(id->key));
                buffer_put_string(&b, blob, bloblen);
        }
-        xfree(blob);
+        free(blob);
        /* append signature */
        buffer_put_string(&b, signature, slen);
-        xfree(signature);
+        free(signature);
        /* skip session id and packet type */
        if (buffer_len(&b) < skip + 1)
@@ -1310,7 +1303,7 @@ send_pubkey_test(Authctxt *authctxt, Identity *id)
        if (!(datafellows & SSH_BUG_PKAUTH))
                packet_put_cstring(key_ssh_name(id->key));
        packet_put_string(blob, bloblen);
-        xfree(blob);
+        free(blob);
        packet_send();
        return 1;
 }
@@ -1347,7 +1340,7 @@ load_identity_file(char *filename, int userprovided)
                                quit = 1;
                        }
                        memset(passphrase, 0, strlen(passphrase));
-                        xfree(passphrase);
+                        free(passphrase);
                        if (private != NULL || quit)
                                break;
                        debug2("bad passphrase given, try again...");
@@ -1424,7 +1417,7 @@ pubkey_prepare(Authctxt *authctxt)
                                /* agent keys from the config file are preferred */
                                if (key_equal(key, id->key)) {
                                        key_free(key);
-                                        xfree(comment);
+                                        free(comment);
                                        TAILQ_REMOVE(&files, id, next);
                                        TAILQ_INSERT_TAIL(preferred, id, next);
                                        id->ac = ac;
@@ -1470,9 +1463,8 @@ pubkey_cleanup(Authctxt *authctxt)
                TAILQ_REMOVE(&authctxt->keys, id, next);
                if (id->key)
                        key_free(id->key);
-                if (id->filename)
+                free(id->filename);
-                        xfree(id->filename);
+                free(id);
-                xfree(id);
        }
 }
@@ -1570,9 +1562,9 @@ input_userauth_info_req(int type, u_int32_t seq, void *ctxt)
                logit("%s", name);
        if (strlen(inst) > 0)
                logit("%s", inst);
-        xfree(name);
+        free(name);
-        xfree(inst);
+        free(inst);
-        xfree(lang);
+        free(lang);
        num_prompts = packet_get_int();
        /*
@@ -1593,8 +1585,8 @@ input_userauth_info_req(int type, u_int32_t seq, void *ctxt)
                packet_put_cstring(response);
                memset(response, 0, strlen(response));
-                xfree(response);
+                free(response);
-                xfree(prompt);
+                free(prompt);
        }
        packet_check_eom(); /* done with parsing incoming message. */
@@ -1714,12 +1706,12 @@ userauth_hostbased(Authctxt *authctxt)
        if (p == NULL) {
                error("userauth_hostbased: cannot get local ipaddr/name");
                key_free(private);
-                xfree(blob);
+                free(blob);
                return 0;
        }
        xasprintf(&chost, "%s.", p);
        debug2("userauth_hostbased: chost %s", chost);
-        xfree(p);
+        free(p);
        service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" :
            authctxt->service;
@@ -1748,9 +1740,9 @@ userauth_hostbased(Authctxt *authctxt)
        buffer_free(&b);
        if (ok != 0) {
                error("key_sign failed");
-                xfree(chost);
+                free(chost);
-                xfree(pkalg);
+                free(pkalg);
-                xfree(blob);
+                free(blob);
                return 0;
        }
        packet_start(SSH2_MSG_USERAUTH_REQUEST);
@@ -1763,10 +1755,10 @@ userauth_hostbased(Authctxt *authctxt)
        packet_put_cstring(authctxt->local_user);
        packet_put_string(signature, slen);
        memset(signature, 's', slen);
-        xfree(signature);
+        free(signature);
-        xfree(chost);
+        free(chost);
-        xfree(pkalg);
+        free(pkalg);
-        xfree(blob);
+        free(blob);
        packet_send();
        return 1;
@@ -1821,8 +1813,8 @@ userauth_jpake(Authctxt *authctxt)
        bzero(x1_proof, x1_proof_len);
        bzero(x2_proof, x2_proof_len);
-        xfree(x1_proof);
+        free(x1_proof);
-        xfree(x2_proof);
+        free(x2_proof);
        /* Expect step 1 packet from peer */
        dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP1,
@@ -1899,8 +1891,7 @@ authmethod_get(char *authlist)
        if (supported == NULL || strcmp(authlist, supported) != 0) {
                debug3("start over, passed a different list %s", authlist);
-                if (supported != NULL)
+                free(supported);
-                        xfree(supported);
                supported = xstrdup(authlist);
                preferred = options.preferred_authentications;
                debug3("preferred %s", preferred);
@@ -1921,7 +1912,7 @@ authmethod_get(char *authlist)
                    authmethod_is_enabled(current)) {
                        debug3("authmethod_is_enabled %s", name);
                        debug("Next authentication method: %s", name);
-                        xfree(name);
+                        free(name);
                        return current;
                }
        }
author	Darren Tucker <dtucker@zip.com.au>	2013-06-02 07:31:17 +1000
committer	Darren Tucker <dtucker@zip.com.au>	2013-06-02 07:31:17 +1000
commit	a627d42e51ffa71e014d7b2d2c07118122fd3ec3 (patch)
tree	7bda769de81f509e28d800916fa20abd37906d79 /sshconnect2.c
parent	c7aad0058c957afeb26a3f703e8cb0eddeb62365 (diff)