diff options
-rw-r--r-- | ChangeLog | 14 | ||||
-rw-r--r-- | auth-krb4.c | 7 | ||||
-rw-r--r-- | auth2.c | 3 | ||||
-rw-r--r-- | key.c | 4 | ||||
-rw-r--r-- | sshconnect1.c | 4 | ||||
-rw-r--r-- | sshconnect2.c | 8 | ||||
-rw-r--r-- | sshd.c | 6 |
7 files changed, 36 insertions, 10 deletions
@@ -2,6 +2,20 @@ | |||
2 | - (bal) regexp.h typo in configure.in. Should have been regex.h | 2 | - (bal) regexp.h typo in configure.in. Should have been regex.h |
3 | - (bal) SSH_USER_DIR to _PATH_SSH_USER_DIR patch by stevesk@ | 3 | - (bal) SSH_USER_DIR to _PATH_SSH_USER_DIR patch by stevesk@ |
4 | - (bal) SSH_ASKPASS_DEFAULT to _PATH_SSH_ASKPASS_DEFAULT | 4 | - (bal) SSH_ASKPASS_DEFAULT to _PATH_SSH_ASKPASS_DEFAULT |
5 | - (bal) OpenBSD Resync | ||
6 | - markus@cvs.openbsd.org 2001/01/22 8:15:00 | ||
7 | [auth-krb4.c sshconnect1.c] | ||
8 | only AFS needs radix.[ch] | ||
9 | - markus@cvs.openbsd.org 2001/01/22 8:32:53 | ||
10 | [auth2.c] | ||
11 | no need to include; from mouring@etoh.eviladmin.org | ||
12 | - stevesk@cvs.openbsd.org 2001/01/22 16:55:21 | ||
13 | [key.c] | ||
14 | free() -> xfree(); ok markus@ | ||
15 | - stevesk@cvs.openbsd.org 2001/01/22 17:22:28 | ||
16 | [sshconnect2.c sshd.c] | ||
17 | fix memory leaks in SSH2 key exchange; ok markus@ | ||
18 | |||
5 | 19 | ||
6 | 20010122 | 20 | 20010122 |
7 | - (bal) OpenBSD Resync | 21 | - (bal) OpenBSD Resync |
diff --git a/auth-krb4.c b/auth-krb4.c index d68806f95..8bb6e3d6f 100644 --- a/auth-krb4.c +++ b/auth-krb4.c | |||
@@ -23,9 +23,8 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: auth-krb4.c,v 1.22 2001/01/21 19:05:41 markus Exp $"); | 26 | RCSID("$OpenBSD: auth-krb4.c,v 1.23 2001/01/22 08:15:00 markus Exp $"); |
27 | 27 | ||
28 | #ifdef KRB4 | ||
29 | #include "ssh.h" | 28 | #include "ssh.h" |
30 | #include "ssh1.h" | 29 | #include "ssh1.h" |
31 | #include "packet.h" | 30 | #include "packet.h" |
@@ -33,8 +32,12 @@ RCSID("$OpenBSD: auth-krb4.c,v 1.22 2001/01/21 19:05:41 markus Exp $"); | |||
33 | #include "log.h" | 32 | #include "log.h" |
34 | #include "servconf.h" | 33 | #include "servconf.h" |
35 | #include "auth.h" | 34 | #include "auth.h" |
35 | |||
36 | #ifdef AFS | ||
36 | #include "radix.h" | 37 | #include "radix.h" |
38 | #endif | ||
37 | 39 | ||
40 | #ifdef KRB4 | ||
38 | char *ticket = NULL; | 41 | char *ticket = NULL; |
39 | 42 | ||
40 | extern ServerOptions options; | 43 | extern ServerOptions options; |
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: auth2.c,v 1.32 2001/01/21 19:05:44 markus Exp $"); | 26 | RCSID("$OpenBSD: auth2.c,v 1.33 2001/01/22 08:32:53 markus Exp $"); |
27 | 27 | ||
28 | #ifdef HAVE_OSF_SIA | 28 | #ifdef HAVE_OSF_SIA |
29 | # include <sia.h> | 29 | # include <sia.h> |
@@ -51,7 +51,6 @@ RCSID("$OpenBSD: auth2.c,v 1.32 2001/01/21 19:05:44 markus Exp $"); | |||
51 | #include "key.h" | 51 | #include "key.h" |
52 | #include "kex.h" | 52 | #include "kex.h" |
53 | #include "pathnames.h" | 53 | #include "pathnames.h" |
54 | |||
55 | #include "uidswap.h" | 54 | #include "uidswap.h" |
56 | #include "auth-options.h" | 55 | #include "auth-options.h" |
57 | 56 | ||
@@ -32,7 +32,7 @@ | |||
32 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 32 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
33 | */ | 33 | */ |
34 | #include "includes.h" | 34 | #include "includes.h" |
35 | RCSID("$OpenBSD: key.c,v 1.15 2001/01/21 19:05:50 markus Exp $"); | 35 | RCSID("$OpenBSD: key.c,v 1.16 2001/01/22 16:55:21 stevesk Exp $"); |
36 | 36 | ||
37 | #include <openssl/evp.h> | 37 | #include <openssl/evp.h> |
38 | 38 | ||
@@ -258,7 +258,7 @@ write_bignum(FILE *f, BIGNUM *num) | |||
258 | return 0; | 258 | return 0; |
259 | } | 259 | } |
260 | fprintf(f, " %s", buf); | 260 | fprintf(f, " %s", buf); |
261 | free(buf); | 261 | xfree(buf); |
262 | return 1; | 262 | return 1; |
263 | } | 263 | } |
264 | 264 | ||
diff --git a/sshconnect1.c b/sshconnect1.c index d0c0215ca..2c097256a 100644 --- a/sshconnect1.c +++ b/sshconnect1.c | |||
@@ -13,17 +13,17 @@ | |||
13 | */ | 13 | */ |
14 | 14 | ||
15 | #include "includes.h" | 15 | #include "includes.h" |
16 | RCSID("$OpenBSD: sshconnect1.c,v 1.18 2001/01/21 19:06:00 markus Exp $"); | 16 | RCSID("$OpenBSD: sshconnect1.c,v 1.19 2001/01/22 08:15:00 markus Exp $"); |
17 | 17 | ||
18 | #include <openssl/bn.h> | 18 | #include <openssl/bn.h> |
19 | #include <openssl/evp.h> | 19 | #include <openssl/evp.h> |
20 | 20 | ||
21 | #ifdef KRB4 | 21 | #ifdef KRB4 |
22 | #include <krb.h> | 22 | #include <krb.h> |
23 | #include "radix.h" | ||
24 | #endif | 23 | #endif |
25 | #ifdef AFS | 24 | #ifdef AFS |
26 | #include <kafs.h> | 25 | #include <kafs.h> |
26 | #include "radix.h" | ||
27 | #endif | 27 | #endif |
28 | 28 | ||
29 | #include "ssh.h" | 29 | #include "ssh.h" |
diff --git a/sshconnect2.c b/sshconnect2.c index 6f41b987a..1b4422876 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: sshconnect2.c,v 1.37 2001/01/21 19:06:00 markus Exp $"); | 26 | RCSID("$OpenBSD: sshconnect2.c,v 1.38 2001/01/22 17:22:28 stevesk Exp $"); |
27 | 27 | ||
28 | #include <openssl/bn.h> | 28 | #include <openssl/bn.h> |
29 | #include <openssl/md5.h> | 29 | #include <openssl/md5.h> |
@@ -248,6 +248,7 @@ ssh_dh1_client(Kex *kex, char *host, struct sockaddr *hostaddr, | |||
248 | ); | 248 | ); |
249 | xfree(server_host_key_blob); | 249 | xfree(server_host_key_blob); |
250 | DH_free(dh); | 250 | DH_free(dh); |
251 | BN_free(dh_server_pub); | ||
251 | #ifdef DEBUG_KEXDH | 252 | #ifdef DEBUG_KEXDH |
252 | fprintf(stderr, "hash == "); | 253 | fprintf(stderr, "hash == "); |
253 | for (i = 0; i< 20; i++) | 254 | for (i = 0; i< 20; i++) |
@@ -257,8 +258,10 @@ ssh_dh1_client(Kex *kex, char *host, struct sockaddr *hostaddr, | |||
257 | if (key_verify(server_host_key, (u_char *)signature, slen, hash, 20) != 1) | 258 | if (key_verify(server_host_key, (u_char *)signature, slen, hash, 20) != 1) |
258 | fatal("key_verify failed for server_host_key"); | 259 | fatal("key_verify failed for server_host_key"); |
259 | key_free(server_host_key); | 260 | key_free(server_host_key); |
261 | xfree(signature); | ||
260 | 262 | ||
261 | kex_derive_keys(kex, hash, shared_secret); | 263 | kex_derive_keys(kex, hash, shared_secret); |
264 | BN_clear_free(shared_secret); | ||
262 | packet_set_kex(kex); | 265 | packet_set_kex(kex); |
263 | 266 | ||
264 | /* save session id */ | 267 | /* save session id */ |
@@ -420,6 +423,7 @@ ssh_dhgex_client(Kex *kex, char *host, struct sockaddr *hostaddr, | |||
420 | ); | 423 | ); |
421 | xfree(server_host_key_blob); | 424 | xfree(server_host_key_blob); |
422 | DH_free(dh); | 425 | DH_free(dh); |
426 | BN_free(dh_server_pub); | ||
423 | #ifdef DEBUG_KEXDH | 427 | #ifdef DEBUG_KEXDH |
424 | fprintf(stderr, "hash == "); | 428 | fprintf(stderr, "hash == "); |
425 | for (i = 0; i< 20; i++) | 429 | for (i = 0; i< 20; i++) |
@@ -429,8 +433,10 @@ ssh_dhgex_client(Kex *kex, char *host, struct sockaddr *hostaddr, | |||
429 | if (key_verify(server_host_key, (u_char *)signature, slen, hash, 20) != 1) | 433 | if (key_verify(server_host_key, (u_char *)signature, slen, hash, 20) != 1) |
430 | fatal("key_verify failed for server_host_key"); | 434 | fatal("key_verify failed for server_host_key"); |
431 | key_free(server_host_key); | 435 | key_free(server_host_key); |
436 | xfree(signature); | ||
432 | 437 | ||
433 | kex_derive_keys(kex, hash, shared_secret); | 438 | kex_derive_keys(kex, hash, shared_secret); |
439 | BN_clear_free(shared_secret); | ||
434 | packet_set_kex(kex); | 440 | packet_set_kex(kex); |
435 | 441 | ||
436 | /* save session id */ | 442 | /* save session id */ |
@@ -40,7 +40,7 @@ | |||
40 | */ | 40 | */ |
41 | 41 | ||
42 | #include "includes.h" | 42 | #include "includes.h" |
43 | RCSID("$OpenBSD: sshd.c,v 1.155 2001/01/21 19:06:00 markus Exp $"); | 43 | RCSID("$OpenBSD: sshd.c,v 1.156 2001/01/22 17:22:28 stevesk Exp $"); |
44 | 44 | ||
45 | #include <openssl/dh.h> | 45 | #include <openssl/dh.h> |
46 | #include <openssl/bn.h> | 46 | #include <openssl/bn.h> |
@@ -1531,6 +1531,7 @@ ssh_dh1_server(Kex *kex, Buffer *client_kexinit, Buffer *server_kexinit) | |||
1531 | buffer_free(server_kexinit); | 1531 | buffer_free(server_kexinit); |
1532 | xfree(client_kexinit); | 1532 | xfree(client_kexinit); |
1533 | xfree(server_kexinit); | 1533 | xfree(server_kexinit); |
1534 | BN_free(dh_client_pub); | ||
1534 | #ifdef DEBUG_KEXDH | 1535 | #ifdef DEBUG_KEXDH |
1535 | fprintf(stderr, "hash == "); | 1536 | fprintf(stderr, "hash == "); |
1536 | for (i = 0; i< 20; i++) | 1537 | for (i = 0; i< 20; i++) |
@@ -1560,6 +1561,7 @@ ssh_dh1_server(Kex *kex, Buffer *client_kexinit, Buffer *server_kexinit) | |||
1560 | packet_write_wait(); | 1561 | packet_write_wait(); |
1561 | 1562 | ||
1562 | kex_derive_keys(kex, hash, shared_secret); | 1563 | kex_derive_keys(kex, hash, shared_secret); |
1564 | BN_clear_free(shared_secret); | ||
1563 | packet_set_kex(kex); | 1565 | packet_set_kex(kex); |
1564 | 1566 | ||
1565 | /* have keys, free DH */ | 1567 | /* have keys, free DH */ |
@@ -1673,6 +1675,7 @@ ssh_dhgex_server(Kex *kex, Buffer *client_kexinit, Buffer *server_kexinit) | |||
1673 | buffer_free(server_kexinit); | 1675 | buffer_free(server_kexinit); |
1674 | xfree(client_kexinit); | 1676 | xfree(client_kexinit); |
1675 | xfree(server_kexinit); | 1677 | xfree(server_kexinit); |
1678 | BN_free(dh_client_pub); | ||
1676 | #ifdef DEBUG_KEXDH | 1679 | #ifdef DEBUG_KEXDH |
1677 | fprintf(stderr, "hash == "); | 1680 | fprintf(stderr, "hash == "); |
1678 | for (i = 0; i< 20; i++) | 1681 | for (i = 0; i< 20; i++) |
@@ -1702,6 +1705,7 @@ ssh_dhgex_server(Kex *kex, Buffer *client_kexinit, Buffer *server_kexinit) | |||
1702 | packet_write_wait(); | 1705 | packet_write_wait(); |
1703 | 1706 | ||
1704 | kex_derive_keys(kex, hash, shared_secret); | 1707 | kex_derive_keys(kex, hash, shared_secret); |
1708 | BN_clear_free(shared_secret); | ||
1705 | packet_set_kex(kex); | 1709 | packet_set_kex(kex); |
1706 | 1710 | ||
1707 | /* have keys, free DH */ | 1711 | /* have keys, free DH */ |