diff options
| -rw-r--r-- | ChangeLog | 9 | ||||
| -rw-r--r-- | auth-pam.c | 14 | ||||
| -rw-r--r-- | groupaccess.c | 4 | ||||
| -rw-r--r-- | monitor.c | 2 | ||||
| -rw-r--r-- | monitor_wrap.c | 7 | ||||
| -rw-r--r-- | openbsd-compat/bsd-cygwin_util.c | 2 | ||||
| -rw-r--r-- | openbsd-compat/setproctitle.c | 2 | ||||
| -rw-r--r-- | scard-opensc.c | 4 | ||||
| -rw-r--r-- | session.c | 2 | ||||
| -rw-r--r-- | ssh-rand-helper.c | 3 | ||||
| -rw-r--r-- | sshd.c | 2 |
11 files changed, 31 insertions, 20 deletions
| @@ -1,3 +1,10 @@ | |||
| 1 | 20060504 | ||
| 2 | - (dtucker) [auth-pam.c groupaccess.c monitor.c monitor_wrap.c scard-opensc.c | ||
| 3 | session.c ssh-rand-helper.c sshd.c openbsd-compat/bsd-cygwin_util.c | ||
| 4 | openbsd-compat/setproctitle.c] Convert malloc(foo*bar) -> calloc(foo,bar) | ||
| 5 | in Portable-only code; since calloc zeros, remove now-redundant memsets. | ||
| 6 | Also add a couple of sanity checks. With & ok djm@ | ||
| 7 | |||
| 1 | 20060503 | 8 | 20060503 |
| 2 | - (dtucker) [packet.c] Remove in_systm.h since it's also in includes.h | 9 | - (dtucker) [packet.c] Remove in_systm.h since it's also in includes.h |
| 3 | and double including it on IRIX 5.3 causes problems. From Georg Schwarz, | 10 | and double including it on IRIX 5.3 causes problems. From Georg Schwarz, |
| @@ -4587,4 +4594,4 @@ | |||
| 4587 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM | 4594 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM |
| 4588 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | 4595 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu |
| 4589 | 4596 | ||
| 4590 | $Id: ChangeLog,v 1.4319 2006/05/03 09:01:09 dtucker Exp $ | 4597 | $Id: ChangeLog,v 1.4320 2006/05/04 06:24:34 dtucker Exp $ |
diff --git a/auth-pam.c b/auth-pam.c index c12f413e7..5ddc8bec3 100644 --- a/auth-pam.c +++ b/auth-pam.c | |||
| @@ -288,7 +288,10 @@ import_environments(Buffer *b) | |||
| 288 | 288 | ||
| 289 | /* Import environment from subprocess */ | 289 | /* Import environment from subprocess */ |
| 290 | num_env = buffer_get_int(b); | 290 | num_env = buffer_get_int(b); |
| 291 | sshpam_env = xmalloc((num_env + 1) * sizeof(*sshpam_env)); | 291 | if (num_env > 1024) |
| 292 | fatal("%s: received %u environment variables, expected <= 1024", | ||
| 293 | __func__, num_env); | ||
| 294 | sshpam_env = xcalloc(num_env + 1, sizeof(*sshpam_env)); | ||
| 292 | debug3("PAM: num env strings %d", num_env); | 295 | debug3("PAM: num env strings %d", num_env); |
| 293 | for(i = 0; i < num_env; i++) | 296 | for(i = 0; i < num_env; i++) |
| 294 | sshpam_env[i] = buffer_get_string(b, NULL); | 297 | sshpam_env[i] = buffer_get_string(b, NULL); |
| @@ -335,9 +338,8 @@ sshpam_thread_conv(int n, sshpam_const struct pam_message **msg, | |||
| 335 | if (n <= 0 || n > PAM_MAX_NUM_MSG) | 338 | if (n <= 0 || n > PAM_MAX_NUM_MSG) |
| 336 | return (PAM_CONV_ERR); | 339 | return (PAM_CONV_ERR); |
| 337 | 340 | ||
| 338 | if ((reply = malloc(n * sizeof(*reply))) == NULL) | 341 | if ((reply = calloc(n, sizeof(*reply))) == NULL) |
| 339 | return (PAM_CONV_ERR); | 342 | return (PAM_CONV_ERR); |
| 340 | memset(reply, 0, n * sizeof(*reply)); | ||
| 341 | 343 | ||
| 342 | buffer_init(&buffer); | 344 | buffer_init(&buffer); |
| 343 | for (i = 0; i < n; ++i) { | 345 | for (i = 0; i < n; ++i) { |
| @@ -533,9 +535,8 @@ sshpam_store_conv(int n, sshpam_const struct pam_message **msg, | |||
| 533 | if (n <= 0 || n > PAM_MAX_NUM_MSG) | 535 | if (n <= 0 || n > PAM_MAX_NUM_MSG) |
| 534 | return (PAM_CONV_ERR); | 536 | return (PAM_CONV_ERR); |
| 535 | 537 | ||
| 536 | if ((reply = malloc(n * sizeof(*reply))) == NULL) | 538 | if ((reply = calloc(n, sizeof(*reply))) == NULL) |
| 537 | return (PAM_CONV_ERR); | 539 | return (PAM_CONV_ERR); |
| 538 | memset(reply, 0, n * sizeof(*reply)); | ||
| 539 | 540 | ||
| 540 | for (i = 0; i < n; ++i) { | 541 | for (i = 0; i < n; ++i) { |
| 541 | switch (PAM_MSG_MEMBER(msg, i, msg_style)) { | 542 | switch (PAM_MSG_MEMBER(msg, i, msg_style)) { |
| @@ -935,9 +936,8 @@ sshpam_tty_conv(int n, sshpam_const struct pam_message **msg, | |||
| 935 | if (n <= 0 || n > PAM_MAX_NUM_MSG || !isatty(STDIN_FILENO)) | 936 | if (n <= 0 || n > PAM_MAX_NUM_MSG || !isatty(STDIN_FILENO)) |
| 936 | return (PAM_CONV_ERR); | 937 | return (PAM_CONV_ERR); |
| 937 | 938 | ||
| 938 | if ((reply = malloc(n * sizeof(*reply))) == NULL) | 939 | if ((reply = calloc(n, sizeof(*reply))) == NULL) |
| 939 | return (PAM_CONV_ERR); | 940 | return (PAM_CONV_ERR); |
| 940 | memset(reply, 0, n * sizeof(*reply)); | ||
| 941 | 941 | ||
| 942 | for (i = 0; i < n; ++i) { | 942 | for (i = 0; i < n; ++i) { |
| 943 | switch (PAM_MSG_MEMBER(msg, i, msg_style)) { | 943 | switch (PAM_MSG_MEMBER(msg, i, msg_style)) { |
diff --git a/groupaccess.c b/groupaccess.c index 83c573def..2a85cb375 100644 --- a/groupaccess.c +++ b/groupaccess.c | |||
| @@ -52,8 +52,8 @@ ga_init(const char *user, gid_t base) | |||
| 52 | ngroups = MAX(NGROUPS_MAX, sysconf(_SC_NGROUPS_MAX)); | 52 | ngroups = MAX(NGROUPS_MAX, sysconf(_SC_NGROUPS_MAX)); |
| 53 | #endif | 53 | #endif |
| 54 | 54 | ||
| 55 | groups_bygid = xmalloc(ngroups * sizeof(*groups_bygid)); | 55 | groups_bygid = xcalloc(ngroups, sizeof(*groups_bygid)); |
| 56 | groups_byname = xmalloc(ngroups * sizeof(*groups_byname)); | 56 | groups_byname = xcalloc(ngroups, sizeof(*groups_byname)); |
| 57 | 57 | ||
| 58 | if (getgrouplist(user, base, groups_bygid, &ngroups) == -1) | 58 | if (getgrouplist(user, base, groups_bygid, &ngroups) == -1) |
| 59 | logit("getgrouplist: groups list too small"); | 59 | logit("getgrouplist: groups list too small"); |
| @@ -924,7 +924,7 @@ mm_answer_pam_respond(int sock, Buffer *m) | |||
| 924 | sshpam_authok = NULL; | 924 | sshpam_authok = NULL; |
| 925 | num = buffer_get_int(m); | 925 | num = buffer_get_int(m); |
| 926 | if (num > 0) { | 926 | if (num > 0) { |
| 927 | resp = xmalloc(num * sizeof(char *)); | 927 | resp = xcalloc(num, sizeof(char *)); |
| 928 | for (i = 0; i < num; ++i) | 928 | for (i = 0; i < num; ++i) |
| 929 | resp[i] = buffer_get_string(m, NULL); | 929 | resp[i] = buffer_get_string(m, NULL); |
| 930 | ret = (sshpam_device.respond)(sshpam_ctxt, num, resp); | 930 | ret = (sshpam_device.respond)(sshpam_ctxt, num, resp); |
diff --git a/monitor_wrap.c b/monitor_wrap.c index 8cfc8cc08..332652895 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c | |||
| @@ -776,8 +776,11 @@ mm_sshpam_query(void *ctx, char **name, char **info, | |||
| 776 | *name = buffer_get_string(&m, NULL); | 776 | *name = buffer_get_string(&m, NULL); |
| 777 | *info = buffer_get_string(&m, NULL); | 777 | *info = buffer_get_string(&m, NULL); |
| 778 | *num = buffer_get_int(&m); | 778 | *num = buffer_get_int(&m); |
| 779 | *prompts = xmalloc((*num + 1) * sizeof(char *)); | 779 | if (*num > PAM_MAX_NUM_MSG) |
| 780 | *echo_on = xmalloc((*num + 1) * sizeof(u_int)); | 780 | fatal("%s: recieved %u PAM messages, expected <= %u", |
| 781 | __func__, *num, PAM_MAX_NUM_MSG); | ||
| 782 | *prompts = xcalloc((*num + 1), sizeof(char *)); | ||
| 783 | *echo_on = xcalloc((*num + 1), sizeof(u_int)); | ||
| 781 | for (i = 0; i < *num; ++i) { | 784 | for (i = 0; i < *num; ++i) { |
| 782 | (*prompts)[i] = buffer_get_string(&m, NULL); | 785 | (*prompts)[i] = buffer_get_string(&m, NULL); |
| 783 | (*echo_on)[i] = buffer_get_int(&m); | 786 | (*echo_on)[i] = buffer_get_int(&m); |
diff --git a/openbsd-compat/bsd-cygwin_util.c b/openbsd-compat/bsd-cygwin_util.c index 8f3acee26..b408dde2d 100644 --- a/openbsd-compat/bsd-cygwin_util.c +++ b/openbsd-compat/bsd-cygwin_util.c | |||
| @@ -268,7 +268,7 @@ fetch_windows_environment(void) | |||
| 268 | char **e, **p; | 268 | char **e, **p; |
| 269 | unsigned int i, idx = 0; | 269 | unsigned int i, idx = 0; |
| 270 | 270 | ||
| 271 | p = xmalloc((WENV_SIZ + 1) * sizeof(char *)); | 271 | p = xcalloc(WENV_SIZ + 1, sizeof(char *)); |
| 272 | for (e = environ; *e != NULL; ++e) { | 272 | for (e = environ; *e != NULL; ++e) { |
| 273 | for (i = 0; i < WENV_SIZ; ++i) { | 273 | for (i = 0; i < WENV_SIZ; ++i) { |
| 274 | if (!strncmp(*e, wenv_arr[i].name, wenv_arr[i].namelen)) | 274 | if (!strncmp(*e, wenv_arr[i].name, wenv_arr[i].namelen)) |
diff --git a/openbsd-compat/setproctitle.c b/openbsd-compat/setproctitle.c index 6e2b19bb4..95b662e4d 100644 --- a/openbsd-compat/setproctitle.c +++ b/openbsd-compat/setproctitle.c | |||
| @@ -80,7 +80,7 @@ compat_init_setproctitle(int argc, char *argv[]) | |||
| 80 | /* Fail if we can't allocate room for the new environment */ | 80 | /* Fail if we can't allocate room for the new environment */ |
| 81 | for (i = 0; envp[i] != NULL; i++) | 81 | for (i = 0; envp[i] != NULL; i++) |
| 82 | ; | 82 | ; |
| 83 | if ((environ = malloc(sizeof(*environ) * (i + 1))) == NULL) { | 83 | if ((environ = calloc(i + 1, sizeof(*environ))) == NULL) { |
| 84 | environ = envp; /* put it back */ | 84 | environ = envp; /* put it back */ |
| 85 | return; | 85 | return; |
| 86 | } | 86 | } |
diff --git a/scard-opensc.c b/scard-opensc.c index dd2c28df2..7a496dff8 100644 --- a/scard-opensc.c +++ b/scard-opensc.c | |||
| @@ -455,7 +455,9 @@ sc_get_keys(const char *id, const char *pin) | |||
| 455 | } | 455 | } |
| 456 | key_count = r; | 456 | key_count = r; |
| 457 | } | 457 | } |
| 458 | keys = xmalloc(sizeof(Key *) * (key_count*2+1)); | 458 | if (key_count > 1024) |
| 459 | fatal("Too many keys (%u), expected <= 1024", key_count); | ||
| 460 | keys = xcalloc(key_count * 2 + 1, sizeof(Key *)); | ||
| 459 | for (i = 0; i < key_count; i++) { | 461 | for (i = 0; i < key_count; i++) { |
| 460 | sc_pkcs15_object_t *tmp_obj = NULL; | 462 | sc_pkcs15_object_t *tmp_obj = NULL; |
| 461 | cert_id = ((sc_pkcs15_cert_info_t *)(certs[i]->data))->id; | 463 | cert_id = ((sc_pkcs15_cert_info_t *)(certs[i]->data))->id; |
| @@ -984,7 +984,7 @@ do_setup_env(Session *s, const char *shell) | |||
| 984 | 984 | ||
| 985 | /* Initialize the environment. */ | 985 | /* Initialize the environment. */ |
| 986 | envsize = 100; | 986 | envsize = 100; |
| 987 | env = xmalloc(envsize * sizeof(char *)); | 987 | env = xcalloc(envsize, sizeof(char *)); |
| 988 | env[0] = NULL; | 988 | env[0] = NULL; |
| 989 | 989 | ||
| 990 | #ifdef HAVE_CYGWIN | 990 | #ifdef HAVE_CYGWIN |
diff --git a/ssh-rand-helper.c b/ssh-rand-helper.c index 662f70080..3a4a165fa 100644 --- a/ssh-rand-helper.c +++ b/ssh-rand-helper.c | |||
| @@ -674,8 +674,7 @@ prng_read_commands(char *cmdfilename) | |||
| 674 | } | 674 | } |
| 675 | 675 | ||
| 676 | num_cmds = 64; | 676 | num_cmds = 64; |
| 677 | entcmd = xmalloc(num_cmds * sizeof(entropy_cmd_t)); | 677 | entcmd = xcalloc(num_cmds, sizeof(entropy_cmd_t)); |
| 678 | memset(entcmd, '\0', num_cmds * sizeof(entropy_cmd_t)); | ||
| 679 | 678 | ||
| 680 | /* Read in file */ | 679 | /* Read in file */ |
| 681 | cur_cmd = linenum = 0; | 680 | cur_cmd = linenum = 0; |
| @@ -921,7 +921,7 @@ main(int ac, char **av) | |||
| 921 | /* Save argv. Duplicate so setproctitle emulation doesn't clobber it */ | 921 | /* Save argv. Duplicate so setproctitle emulation doesn't clobber it */ |
| 922 | saved_argc = ac; | 922 | saved_argc = ac; |
| 923 | rexec_argc = ac; | 923 | rexec_argc = ac; |
| 924 | saved_argv = xmalloc(sizeof(*saved_argv) * (ac + 1)); | 924 | saved_argv = xcalloc(ac + 1, sizeof(*saved_argv)); |
| 925 | for (i = 0; i < ac; i++) | 925 | for (i = 0; i < ac; i++) |
| 926 | saved_argv[i] = xstrdup(av[i]); | 926 | saved_argv[i] = xstrdup(av[i]); |
| 927 | saved_argv[i] = NULL; | 927 | saved_argv[i] = NULL; |