summaryrefslogtreecommitdiff
path: root/sshconnect2.c
diff options
context:
space:
mode:
Diffstat (limited to 'sshconnect2.c')
-rw-r--r--sshconnect2.c173
1 files changed, 86 insertions, 87 deletions
diff --git a/sshconnect2.c b/sshconnect2.c
index 1aa8523e1..8c20eed93 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect2.c,v 1.192 2013/02/17 23:16:57 dtucker Exp $ */ 1/* $OpenBSD: sshconnect2.c,v 1.198 2013/06/05 12:52:38 dtucker Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * Copyright (c) 2008 Damien Miller. All rights reserved. 4 * Copyright (c) 2008 Damien Miller. All rights reserved.
@@ -146,10 +146,10 @@ order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port)
146 if (*first != '\0') 146 if (*first != '\0')
147 debug3("%s: prefer hostkeyalgs: %s", __func__, first); 147 debug3("%s: prefer hostkeyalgs: %s", __func__, first);
148 148
149 xfree(first); 149 free(first);
150 xfree(last); 150 free(last);
151 xfree(hostname); 151 free(hostname);
152 xfree(oavail); 152 free(oavail);
153 free_hostkeys(hostkeys); 153 free_hostkeys(hostkeys);
154 154
155 return ret; 155 return ret;
@@ -233,8 +233,9 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
233 } 233 }
234#endif 234#endif
235 235
236 if (options.rekey_limit) 236 if (options.rekey_limit || options.rekey_interval)
237 packet_set_rekey_limit((u_int32_t)options.rekey_limit); 237 packet_set_rekey_limits((u_int32_t)options.rekey_limit,
238 (time_t)options.rekey_interval);
238 239
239 /* start key exchange */ 240 /* start key exchange */
240 kex = kex_setup(myproposal); 241 kex = kex_setup(myproposal);
@@ -445,7 +446,7 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host,
445 if (packet_remaining() > 0) { 446 if (packet_remaining() > 0) {
446 char *reply = packet_get_string(NULL); 447 char *reply = packet_get_string(NULL);
447 debug2("service_accept: %s", reply); 448 debug2("service_accept: %s", reply);
448 xfree(reply); 449 free(reply);
449 } else { 450 } else {
450 debug2("buggy server: service_accept w/o service"); 451 debug2("buggy server: service_accept w/o service");
451 } 452 }
@@ -492,15 +493,12 @@ userauth(Authctxt *authctxt, char *authlist)
492 if (authctxt->method != NULL && authctxt->method->cleanup != NULL) 493 if (authctxt->method != NULL && authctxt->method->cleanup != NULL)
493 authctxt->method->cleanup(authctxt); 494 authctxt->method->cleanup(authctxt);
494 495
495 if (authctxt->methoddata) { 496 free(authctxt->methoddata);
496 xfree(authctxt->methoddata); 497 authctxt->methoddata = NULL;
497 authctxt->methoddata = NULL;
498 }
499 if (authlist == NULL) { 498 if (authlist == NULL) {
500 authlist = authctxt->authlist; 499 authlist = authctxt->authlist;
501 } else { 500 } else {
502 if (authctxt->authlist) 501 free(authctxt->authlist);
503 xfree(authctxt->authlist);
504 authctxt->authlist = authlist; 502 authctxt->authlist = authlist;
505 } 503 }
506 for (;;) { 504 for (;;) {
@@ -548,10 +546,10 @@ input_userauth_banner(int type, u_int32_t seq, void *ctxt)
548 msg = xmalloc(len * 4 + 1); /* max expansion from strnvis() */ 546 msg = xmalloc(len * 4 + 1); /* max expansion from strnvis() */
549 strnvis(msg, raw, len * 4 + 1, VIS_SAFE|VIS_OCTAL|VIS_NOSLASH); 547 strnvis(msg, raw, len * 4 + 1, VIS_SAFE|VIS_OCTAL|VIS_NOSLASH);
550 fprintf(stderr, "%s", msg); 548 fprintf(stderr, "%s", msg);
551 xfree(msg); 549 free(msg);
552 } 550 }
553 xfree(raw); 551 free(raw);
554 xfree(lang); 552 free(lang);
555} 553}
556 554
557/* ARGSUSED */ 555/* ARGSUSED */
@@ -562,16 +560,12 @@ input_userauth_success(int type, u_int32_t seq, void *ctxt)
562 560
563 if (authctxt == NULL) 561 if (authctxt == NULL)
564 fatal("input_userauth_success: no authentication context"); 562 fatal("input_userauth_success: no authentication context");
565 if (authctxt->authlist) { 563 free(authctxt->authlist);
566 xfree(authctxt->authlist); 564 authctxt->authlist = NULL;
567 authctxt->authlist = NULL;
568 }
569 if (authctxt->method != NULL && authctxt->method->cleanup != NULL) 565 if (authctxt->method != NULL && authctxt->method->cleanup != NULL)
570 authctxt->method->cleanup(authctxt); 566 authctxt->method->cleanup(authctxt);
571 if (authctxt->methoddata) { 567 free(authctxt->methoddata);
572 xfree(authctxt->methoddata); 568 authctxt->methoddata = NULL;
573 authctxt->methoddata = NULL;
574 }
575 authctxt->success = 1; /* break out */ 569 authctxt->success = 1; /* break out */
576} 570}
577 571
@@ -602,8 +596,12 @@ input_userauth_failure(int type, u_int32_t seq, void *ctxt)
602 partial = packet_get_char(); 596 partial = packet_get_char();
603 packet_check_eom(); 597 packet_check_eom();
604 598
605 if (partial != 0) 599 if (partial != 0) {
606 logit("Authenticated with partial success."); 600 logit("Authenticated with partial success.");
601 /* reset state */
602 pubkey_cleanup(authctxt);
603 pubkey_prepare(authctxt);
604 }
607 debug("Authentications that can continue: %s", authlist); 605 debug("Authentications that can continue: %s", authlist);
608 606
609 userauth(authctxt, authlist); 607 userauth(authctxt, authlist);
@@ -656,7 +654,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt)
656 } 654 }
657 fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); 655 fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
658 debug2("input_userauth_pk_ok: fp %s", fp); 656 debug2("input_userauth_pk_ok: fp %s", fp);
659 xfree(fp); 657 free(fp);
660 658
661 /* 659 /*
662 * search keys in the reverse order, because last candidate has been 660 * search keys in the reverse order, because last candidate has been
@@ -672,8 +670,8 @@ input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt)
672done: 670done:
673 if (key != NULL) 671 if (key != NULL)
674 key_free(key); 672 key_free(key);
675 xfree(pkalg); 673 free(pkalg);
676 xfree(pkblob); 674 free(pkblob);
677 675
678 /* try another method if we did not send a packet */ 676 /* try another method if we did not send a packet */
679 if (sent == 0) 677 if (sent == 0)
@@ -823,7 +821,7 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt)
823 if (oidlen <= 2 || 821 if (oidlen <= 2 ||
824 oidv[0] != SSH_GSS_OIDTYPE || 822 oidv[0] != SSH_GSS_OIDTYPE ||
825 oidv[1] != oidlen - 2) { 823 oidv[1] != oidlen - 2) {
826 xfree(oidv); 824 free(oidv);
827 debug("Badly encoded mechanism OID received"); 825 debug("Badly encoded mechanism OID received");
828 userauth(authctxt, NULL); 826 userauth(authctxt, NULL);
829 return; 827 return;
@@ -834,7 +832,7 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt)
834 832
835 packet_check_eom(); 833 packet_check_eom();
836 834
837 xfree(oidv); 835 free(oidv);
838 836
839 if (GSS_ERROR(process_gssapi_token(ctxt, GSS_C_NO_BUFFER))) { 837 if (GSS_ERROR(process_gssapi_token(ctxt, GSS_C_NO_BUFFER))) {
840 /* Start again with next method on list */ 838 /* Start again with next method on list */
@@ -863,7 +861,7 @@ input_gssapi_token(int type, u_int32_t plen, void *ctxt)
863 861
864 status = process_gssapi_token(ctxt, &recv_tok); 862 status = process_gssapi_token(ctxt, &recv_tok);
865 863
866 xfree(recv_tok.value); 864 free(recv_tok.value);
867 865
868 if (GSS_ERROR(status)) { 866 if (GSS_ERROR(status)) {
869 /* Start again with the next method in the list */ 867 /* Start again with the next method in the list */
@@ -880,7 +878,7 @@ input_gssapi_errtok(int type, u_int32_t plen, void *ctxt)
880 Gssctxt *gssctxt; 878 Gssctxt *gssctxt;
881 gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; 879 gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
882 gss_buffer_desc recv_tok; 880 gss_buffer_desc recv_tok;
883 OM_uint32 status, ms; 881 OM_uint32 ms;
884 u_int len; 882 u_int len;
885 883
886 if (authctxt == NULL) 884 if (authctxt == NULL)
@@ -893,10 +891,10 @@ input_gssapi_errtok(int type, u_int32_t plen, void *ctxt)
893 packet_check_eom(); 891 packet_check_eom();
894 892
895 /* Stick it into GSSAPI and see what it says */ 893 /* Stick it into GSSAPI and see what it says */
896 status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds, 894 (void)ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds,
897 &recv_tok, &send_tok, NULL); 895 &recv_tok, &send_tok, NULL);
898 896
899 xfree(recv_tok.value); 897 free(recv_tok.value);
900 gss_release_buffer(&ms, &send_tok); 898 gss_release_buffer(&ms, &send_tok);
901 899
902 /* Server will be returning a failed packet after this one */ 900 /* Server will be returning a failed packet after this one */
@@ -906,20 +904,19 @@ input_gssapi_errtok(int type, u_int32_t plen, void *ctxt)
906void 904void
907input_gssapi_error(int type, u_int32_t plen, void *ctxt) 905input_gssapi_error(int type, u_int32_t plen, void *ctxt)
908{ 906{
909 OM_uint32 maj, min;
910 char *msg; 907 char *msg;
911 char *lang; 908 char *lang;
912 909
913 maj=packet_get_int(); 910 /* maj */(void)packet_get_int();
914 min=packet_get_int(); 911 /* min */(void)packet_get_int();
915 msg=packet_get_string(NULL); 912 msg=packet_get_string(NULL);
916 lang=packet_get_string(NULL); 913 lang=packet_get_string(NULL);
917 914
918 packet_check_eom(); 915 packet_check_eom();
919 916
920 debug("Server GSSAPI Error:\n%s", msg); 917 debug("Server GSSAPI Error:\n%s", msg);
921 xfree(msg); 918 free(msg);
922 xfree(lang); 919 free(lang);
923} 920}
924 921
925int 922int
@@ -1002,7 +999,7 @@ userauth_passwd(Authctxt *authctxt)
1002 packet_put_char(0); 999 packet_put_char(0);
1003 packet_put_cstring(password); 1000 packet_put_cstring(password);
1004 memset(password, 0, strlen(password)); 1001 memset(password, 0, strlen(password));
1005 xfree(password); 1002 free(password);
1006 packet_add_padding(64); 1003 packet_add_padding(64);
1007 packet_send(); 1004 packet_send();
1008 1005
@@ -1035,8 +1032,8 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt)
1035 lang = packet_get_string(NULL); 1032 lang = packet_get_string(NULL);
1036 if (strlen(info) > 0) 1033 if (strlen(info) > 0)
1037 logit("%s", info); 1034 logit("%s", info);
1038 xfree(info); 1035 free(info);
1039 xfree(lang); 1036 free(lang);
1040 packet_start(SSH2_MSG_USERAUTH_REQUEST); 1037 packet_start(SSH2_MSG_USERAUTH_REQUEST);
1041 packet_put_cstring(authctxt->server_user); 1038 packet_put_cstring(authctxt->server_user);
1042 packet_put_cstring(authctxt->service); 1039 packet_put_cstring(authctxt->service);
@@ -1048,7 +1045,7 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt)
1048 password = read_passphrase(prompt, 0); 1045 password = read_passphrase(prompt, 0);
1049 packet_put_cstring(password); 1046 packet_put_cstring(password);
1050 memset(password, 0, strlen(password)); 1047 memset(password, 0, strlen(password));
1051 xfree(password); 1048 free(password);
1052 password = NULL; 1049 password = NULL;
1053 while (password == NULL) { 1050 while (password == NULL) {
1054 snprintf(prompt, sizeof(prompt), 1051 snprintf(prompt, sizeof(prompt),
@@ -1065,16 +1062,16 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt)
1065 retype = read_passphrase(prompt, 0); 1062 retype = read_passphrase(prompt, 0);
1066 if (strcmp(password, retype) != 0) { 1063 if (strcmp(password, retype) != 0) {
1067 memset(password, 0, strlen(password)); 1064 memset(password, 0, strlen(password));
1068 xfree(password); 1065 free(password);
1069 logit("Mismatch; try again, EOF to quit."); 1066 logit("Mismatch; try again, EOF to quit.");
1070 password = NULL; 1067 password = NULL;
1071 } 1068 }
1072 memset(retype, 0, strlen(retype)); 1069 memset(retype, 0, strlen(retype));
1073 xfree(retype); 1070 free(retype);
1074 } 1071 }
1075 packet_put_cstring(password); 1072 packet_put_cstring(password);
1076 memset(password, 0, strlen(password)); 1073 memset(password, 0, strlen(password));
1077 xfree(password); 1074 free(password);
1078 packet_add_padding(64); 1075 packet_add_padding(64);
1079 packet_send(); 1076 packet_send();
1080 1077
@@ -1129,13 +1126,13 @@ jpake_password_to_secret(Authctxt *authctxt, const char *crypt_scheme,
1129 1126
1130 bzero(password, strlen(password)); 1127 bzero(password, strlen(password));
1131 bzero(crypted, strlen(crypted)); 1128 bzero(crypted, strlen(crypted));
1132 xfree(password); 1129 free(password);
1133 xfree(crypted); 1130 free(crypted);
1134 1131
1135 if ((ret = BN_bin2bn(secret, secret_len, NULL)) == NULL) 1132 if ((ret = BN_bin2bn(secret, secret_len, NULL)) == NULL)
1136 fatal("%s: BN_bin2bn (secret)", __func__); 1133 fatal("%s: BN_bin2bn (secret)", __func__);
1137 bzero(secret, secret_len); 1134 bzero(secret, secret_len);
1138 xfree(secret); 1135 free(secret);
1139 1136
1140 return ret; 1137 return ret;
1141} 1138}
@@ -1173,8 +1170,8 @@ input_userauth_jpake_server_step1(int type, u_int32_t seq, void *ctxt)
1173 pctx->s = jpake_password_to_secret(authctxt, crypt_scheme, salt); 1170 pctx->s = jpake_password_to_secret(authctxt, crypt_scheme, salt);
1174 bzero(crypt_scheme, strlen(crypt_scheme)); 1171 bzero(crypt_scheme, strlen(crypt_scheme));
1175 bzero(salt, strlen(salt)); 1172 bzero(salt, strlen(salt));
1176 xfree(crypt_scheme); 1173 free(crypt_scheme);
1177 xfree(salt); 1174 free(salt);
1178 JPAKE_DEBUG_BN((pctx->s, "%s: s = ", __func__)); 1175 JPAKE_DEBUG_BN((pctx->s, "%s: s = ", __func__));
1179 1176
1180 /* Calculate step 2 values */ 1177 /* Calculate step 2 values */
@@ -1189,8 +1186,8 @@ input_userauth_jpake_server_step1(int type, u_int32_t seq, void *ctxt)
1189 1186
1190 bzero(x3_proof, x3_proof_len); 1187 bzero(x3_proof, x3_proof_len);
1191 bzero(x4_proof, x4_proof_len); 1188 bzero(x4_proof, x4_proof_len);
1192 xfree(x3_proof); 1189 free(x3_proof);
1193 xfree(x4_proof); 1190 free(x4_proof);
1194 1191
1195 JPAKE_DEBUG_CTX((pctx, "step 2 sending in %s", __func__)); 1192 JPAKE_DEBUG_CTX((pctx, "step 2 sending in %s", __func__));
1196 1193
@@ -1201,7 +1198,7 @@ input_userauth_jpake_server_step1(int type, u_int32_t seq, void *ctxt)
1201 packet_send(); 1198 packet_send();
1202 1199
1203 bzero(x2_s_proof, x2_s_proof_len); 1200 bzero(x2_s_proof, x2_s_proof_len);
1204 xfree(x2_s_proof); 1201 free(x2_s_proof);
1205 1202
1206 /* Expect step 2 packet from peer */ 1203 /* Expect step 2 packet from peer */
1207 dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP2, 1204 dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP2,
@@ -1241,7 +1238,7 @@ input_userauth_jpake_server_step2(int type, u_int32_t seq, void *ctxt)
1241 &pctx->h_k_cid_sessid, &pctx->h_k_cid_sessid_len); 1238 &pctx->h_k_cid_sessid, &pctx->h_k_cid_sessid_len);
1242 1239
1243 bzero(x4_s_proof, x4_s_proof_len); 1240 bzero(x4_s_proof, x4_s_proof_len);
1244 xfree(x4_s_proof); 1241 free(x4_s_proof);
1245 1242
1246 JPAKE_DEBUG_CTX((pctx, "confirm sending in %s", __func__)); 1243 JPAKE_DEBUG_CTX((pctx, "confirm sending in %s", __func__));
1247 1244
@@ -1323,7 +1320,7 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
1323 1320
1324 fp = key_fingerprint(id->key, SSH_FP_MD5, SSH_FP_HEX); 1321 fp = key_fingerprint(id->key, SSH_FP_MD5, SSH_FP_HEX);
1325 debug3("sign_and_send_pubkey: %s %s", key_type(id->key), fp); 1322 debug3("sign_and_send_pubkey: %s %s", key_type(id->key), fp);
1326 xfree(fp); 1323 free(fp);
1327 1324
1328 if (key_to_blob(id->key, &blob, &bloblen) == 0) { 1325 if (key_to_blob(id->key, &blob, &bloblen) == 0) {
1329 /* we cannot handle this key */ 1326 /* we cannot handle this key */
@@ -1358,7 +1355,7 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
1358 ret = identity_sign(id, &signature, &slen, 1355 ret = identity_sign(id, &signature, &slen,
1359 buffer_ptr(&b), buffer_len(&b)); 1356 buffer_ptr(&b), buffer_len(&b));
1360 if (ret == -1) { 1357 if (ret == -1) {
1361 xfree(blob); 1358 free(blob);
1362 buffer_free(&b); 1359 buffer_free(&b);
1363 return 0; 1360 return 0;
1364 } 1361 }
@@ -1378,11 +1375,11 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
1378 buffer_put_cstring(&b, key_ssh_name(id->key)); 1375 buffer_put_cstring(&b, key_ssh_name(id->key));
1379 buffer_put_string(&b, blob, bloblen); 1376 buffer_put_string(&b, blob, bloblen);
1380 } 1377 }
1381 xfree(blob); 1378 free(blob);
1382 1379
1383 /* append signature */ 1380 /* append signature */
1384 buffer_put_string(&b, signature, slen); 1381 buffer_put_string(&b, signature, slen);
1385 xfree(signature); 1382 free(signature);
1386 1383
1387 /* skip session id and packet type */ 1384 /* skip session id and packet type */
1388 if (buffer_len(&b) < skip + 1) 1385 if (buffer_len(&b) < skip + 1)
@@ -1422,7 +1419,7 @@ send_pubkey_test(Authctxt *authctxt, Identity *id)
1422 if (!(datafellows & SSH_BUG_PKAUTH)) 1419 if (!(datafellows & SSH_BUG_PKAUTH))
1423 packet_put_cstring(key_ssh_name(id->key)); 1420 packet_put_cstring(key_ssh_name(id->key));
1424 packet_put_string(blob, bloblen); 1421 packet_put_string(blob, bloblen);
1425 xfree(blob); 1422 free(blob);
1426 packet_send(); 1423 packet_send();
1427 return 1; 1424 return 1;
1428} 1425}
@@ -1441,8 +1438,11 @@ load_identity_file(char *filename, int userprovided)
1441 return NULL; 1438 return NULL;
1442 } 1439 }
1443 private = key_load_private_type(KEY_UNSPEC, filename, "", NULL, &perm_ok); 1440 private = key_load_private_type(KEY_UNSPEC, filename, "", NULL, &perm_ok);
1444 if (!perm_ok) 1441 if (!perm_ok) {
1442 if (private != NULL)
1443 key_free(private);
1445 return NULL; 1444 return NULL;
1445 }
1446 if (private == NULL) { 1446 if (private == NULL) {
1447 if (options.batch_mode) 1447 if (options.batch_mode)
1448 return NULL; 1448 return NULL;
@@ -1459,7 +1459,7 @@ load_identity_file(char *filename, int userprovided)
1459 quit = 1; 1459 quit = 1;
1460 } 1460 }
1461 memset(passphrase, 0, strlen(passphrase)); 1461 memset(passphrase, 0, strlen(passphrase));
1462 xfree(passphrase); 1462 free(passphrase);
1463 if (private != NULL || quit) 1463 if (private != NULL || quit)
1464 break; 1464 break;
1465 debug2("bad passphrase given, try again..."); 1465 debug2("bad passphrase given, try again...");
@@ -1522,7 +1522,7 @@ pubkey_prepare(Authctxt *authctxt)
1522 /* If IdentitiesOnly set and key not found then don't use it */ 1522 /* If IdentitiesOnly set and key not found then don't use it */
1523 if (!found && options.identities_only) { 1523 if (!found && options.identities_only) {
1524 TAILQ_REMOVE(&files, id, next); 1524 TAILQ_REMOVE(&files, id, next);
1525 bzero(id, sizeof(id)); 1525 bzero(id, sizeof(*id));
1526 free(id); 1526 free(id);
1527 } 1527 }
1528 } 1528 }
@@ -1536,7 +1536,7 @@ pubkey_prepare(Authctxt *authctxt)
1536 /* agent keys from the config file are preferred */ 1536 /* agent keys from the config file are preferred */
1537 if (key_equal(key, id->key)) { 1537 if (key_equal(key, id->key)) {
1538 key_free(key); 1538 key_free(key);
1539 xfree(comment); 1539 free(comment);
1540 TAILQ_REMOVE(&files, id, next); 1540 TAILQ_REMOVE(&files, id, next);
1541 TAILQ_INSERT_TAIL(preferred, id, next); 1541 TAILQ_INSERT_TAIL(preferred, id, next);
1542 id->ac = ac; 1542 id->ac = ac;
@@ -1582,9 +1582,8 @@ pubkey_cleanup(Authctxt *authctxt)
1582 TAILQ_REMOVE(&authctxt->keys, id, next); 1582 TAILQ_REMOVE(&authctxt->keys, id, next);
1583 if (id->key) 1583 if (id->key)
1584 key_free(id->key); 1584 key_free(id->key);
1585 if (id->filename) 1585 free(id->filename);
1586 xfree(id->filename); 1586 free(id);
1587 xfree(id);
1588 } 1587 }
1589} 1588}
1590 1589
@@ -1682,9 +1681,9 @@ input_userauth_info_req(int type, u_int32_t seq, void *ctxt)
1682 logit("%s", name); 1681 logit("%s", name);
1683 if (strlen(inst) > 0) 1682 if (strlen(inst) > 0)
1684 logit("%s", inst); 1683 logit("%s", inst);
1685 xfree(name); 1684 free(name);
1686 xfree(inst); 1685 free(inst);
1687 xfree(lang); 1686 free(lang);
1688 1687
1689 num_prompts = packet_get_int(); 1688 num_prompts = packet_get_int();
1690 /* 1689 /*
@@ -1705,8 +1704,8 @@ input_userauth_info_req(int type, u_int32_t seq, void *ctxt)
1705 1704
1706 packet_put_cstring(response); 1705 packet_put_cstring(response);
1707 memset(response, 0, strlen(response)); 1706 memset(response, 0, strlen(response));
1708 xfree(response); 1707 free(response);
1709 xfree(prompt); 1708 free(prompt);
1710 } 1709 }
1711 packet_check_eom(); /* done with parsing incoming message. */ 1710 packet_check_eom(); /* done with parsing incoming message. */
1712 1711
@@ -1826,12 +1825,12 @@ userauth_hostbased(Authctxt *authctxt)
1826 if (p == NULL) { 1825 if (p == NULL) {
1827 error("userauth_hostbased: cannot get local ipaddr/name"); 1826 error("userauth_hostbased: cannot get local ipaddr/name");
1828 key_free(private); 1827 key_free(private);
1829 xfree(blob); 1828 free(blob);
1830 return 0; 1829 return 0;
1831 } 1830 }
1832 xasprintf(&chost, "%s.", p); 1831 xasprintf(&chost, "%s.", p);
1833 debug2("userauth_hostbased: chost %s", chost); 1832 debug2("userauth_hostbased: chost %s", chost);
1834 xfree(p); 1833 free(p);
1835 1834
1836 service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" : 1835 service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" :
1837 authctxt->service; 1836 authctxt->service;
@@ -1860,9 +1859,9 @@ userauth_hostbased(Authctxt *authctxt)
1860 buffer_free(&b); 1859 buffer_free(&b);
1861 if (ok != 0) { 1860 if (ok != 0) {
1862 error("key_sign failed"); 1861 error("key_sign failed");
1863 xfree(chost); 1862 free(chost);
1864 xfree(pkalg); 1863 free(pkalg);
1865 xfree(blob); 1864 free(blob);
1866 return 0; 1865 return 0;
1867 } 1866 }
1868 packet_start(SSH2_MSG_USERAUTH_REQUEST); 1867 packet_start(SSH2_MSG_USERAUTH_REQUEST);
@@ -1875,10 +1874,10 @@ userauth_hostbased(Authctxt *authctxt)
1875 packet_put_cstring(authctxt->local_user); 1874 packet_put_cstring(authctxt->local_user);
1876 packet_put_string(signature, slen); 1875 packet_put_string(signature, slen);
1877 memset(signature, 's', slen); 1876 memset(signature, 's', slen);
1878 xfree(signature); 1877 free(signature);
1879 xfree(chost); 1878 free(chost);
1880 xfree(pkalg); 1879 free(pkalg);
1881 xfree(blob); 1880 free(blob);
1882 1881
1883 packet_send(); 1882 packet_send();
1884 return 1; 1883 return 1;
@@ -1933,8 +1932,8 @@ userauth_jpake(Authctxt *authctxt)
1933 1932
1934 bzero(x1_proof, x1_proof_len); 1933 bzero(x1_proof, x1_proof_len);
1935 bzero(x2_proof, x2_proof_len); 1934 bzero(x2_proof, x2_proof_len);
1936 xfree(x1_proof); 1935 free(x1_proof);
1937 xfree(x2_proof); 1936 free(x2_proof);
1938 1937
1939 /* Expect step 1 packet from peer */ 1938 /* Expect step 1 packet from peer */
1940 dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP1, 1939 dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP1,
@@ -2011,8 +2010,7 @@ authmethod_get(char *authlist)
2011 2010
2012 if (supported == NULL || strcmp(authlist, supported) != 0) { 2011 if (supported == NULL || strcmp(authlist, supported) != 0) {
2013 debug3("start over, passed a different list %s", authlist); 2012 debug3("start over, passed a different list %s", authlist);
2014 if (supported != NULL) 2013 free(supported);
2015 xfree(supported);
2016 supported = xstrdup(authlist); 2014 supported = xstrdup(authlist);
2017 preferred = options.preferred_authentications; 2015 preferred = options.preferred_authentications;
2018 debug3("preferred %s", preferred); 2016 debug3("preferred %s", preferred);
@@ -2033,9 +2031,10 @@ authmethod_get(char *authlist)
2033 authmethod_is_enabled(current)) { 2031 authmethod_is_enabled(current)) {
2034 debug3("authmethod_is_enabled %s", name); 2032 debug3("authmethod_is_enabled %s", name);
2035 debug("Next authentication method: %s", name); 2033 debug("Next authentication method: %s", name);
2036 xfree(name); 2034 free(name);
2037 return current; 2035 return current;
2038 } 2036 }
2037 free(name);
2039 } 2038 }
2040} 2039}
2041 2040