From 17e7ed0e754577ae61cdd5e3f03b33fba2a09337 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 17 Jun 2005 12:54:33 +1000 Subject: - (djm) OpenBSD CVS Sync - djm@cvs.openbsd.org 2005/06/16 03:38:36 [channels.c channels.h clientloop.c clientloop.h ssh.c] move x11_get_proto from ssh.c to clientloop.c, to make muliplexed xfwd easier later; ok deraadt@ --- channels.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'channels.c') diff --git a/channels.c b/channels.c index 3f6db60c6..440043b9c 100644 --- a/channels.c +++ b/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.214 2005/03/14 11:46:56 markus Exp $"); +RCSID("$OpenBSD: channels.c,v 1.215 2005/06/16 03:38:36 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -2952,7 +2952,7 @@ deny_input_open(int type, u_int32_t seq, void *ctxt) * This should be called in the client only. */ void -x11_request_forwarding_with_spoofing(int client_session_id, +x11_request_forwarding_with_spoofing(int client_session_id, const char *disp, const char *proto, const char *data) { u_int data_len = (u_int) strlen(data) / 2; @@ -2962,9 +2962,9 @@ x11_request_forwarding_with_spoofing(int client_session_id, const char *cp; u_int32_t rnd = 0; - cp = getenv("DISPLAY"); - if (cp) - cp = strchr(cp, ':'); + cp = disp; + if (disp) + cp = strchr(disp, ':'); if (cp) cp = strchr(cp, '.'); if (cp) -- cgit v1.2.3 From 677257fe07dd2b9a58817e1d42fc2c25bb618a4d Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 17 Jun 2005 12:55:03 +1000 Subject: - markus@cvs.openbsd.org 2005/06/16 08:00:00 [canohost.c channels.c sshd.c] don't exit if getpeername fails for forwarded ports; bugzilla #1054; ok djm --- ChangeLog | 7 +++++-- canohost.c | 4 ++-- channels.c | 6 +++--- sshd.c | 7 +++++-- 4 files changed, 15 insertions(+), 9 deletions(-) (limited to 'channels.c') diff --git a/ChangeLog b/ChangeLog index 248f2b8b3..02eb57908 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,7 +4,10 @@ [channels.c channels.h clientloop.c clientloop.h ssh.c] move x11_get_proto from ssh.c to clientloop.c, to make muliplexed xfwd easier later; ok deraadt@ - + - markus@cvs.openbsd.org 2005/06/16 08:00:00 + [canohost.c channels.c sshd.c] + don't exit if getpeername fails for forwarded ports; bugzilla #1054; + ok djm 20050616 - (djm) OpenBSD CVS Sync @@ -2722,4 +2725,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3821 2005/06/17 02:54:33 djm Exp $ +$Id: ChangeLog,v 1.3822 2005/06/17 02:55:03 djm Exp $ diff --git a/canohost.c b/canohost.c index 94d666432..c3ab45556 100644 --- a/canohost.c +++ b/canohost.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: canohost.c,v 1.42 2005/02/18 03:05:53 djm Exp $"); +RCSID("$OpenBSD: canohost.c,v 1.43 2005/06/16 08:00:00 markus Exp $"); #include "packet.h" #include "xmalloc.h" @@ -346,7 +346,7 @@ get_sock_port(int sock, int local) } else { if (getpeername(sock, (struct sockaddr *)&from, &fromlen) < 0) { debug("getpeername failed: %.100s", strerror(errno)); - cleanup_exit(255); + return -1; } } diff --git a/channels.c b/channels.c index 440043b9c..66b15f5b5 100644 --- a/channels.c +++ b/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.215 2005/06/16 03:38:36 djm Exp $"); +RCSID("$OpenBSD: channels.c,v 1.216 2005/06/16 08:00:00 markus Exp $"); #include "ssh.h" #include "ssh1.h" @@ -1178,7 +1178,7 @@ port_open_helper(Channel *c, char *rtype) int direct; char buf[1024]; char *remote_ipaddr = get_peer_ipaddr(c->sock); - u_short remote_port = get_peer_port(c->sock); + int remote_port = get_peer_port(c->sock); direct = (strcmp(rtype, "direct-tcpip") == 0); @@ -1208,7 +1208,7 @@ port_open_helper(Channel *c, char *rtype) } /* originator host and port */ packet_put_cstring(remote_ipaddr); - packet_put_int(remote_port); + packet_put_int((u_int)remote_port); packet_send(); } else { packet_start(SSH_MSG_PORT_OPEN); diff --git a/sshd.c b/sshd.c index 7ee2dd686..ed4158801 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.309 2005/04/06 09:43:59 djm Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.310 2005/06/16 08:00:00 markus Exp $"); #include #include @@ -1626,7 +1626,10 @@ main(int ac, char **av) setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) < 0) error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno)); - remote_port = get_remote_port(); + if ((remote_port = get_remote_port()) < 0) { + debug("get_remote_port failed"); + cleanup_exit(255); + } remote_ip = get_remote_ipaddr(); #ifdef SSH_AUDIT_EVENTS -- cgit v1.2.3 From eccb9de72aa29da5a3fad87a4287b32438689c1f Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 17 Jun 2005 12:59:34 +1000 Subject: - djm@cvs.openbsd.org 2005/06/17 02:44:33 [auth-rsa.c auth.c auth1.c auth2-chall.c auth2-gss.c authfd.c authfile.c] [bufaux.c canohost.c channels.c cipher.c clientloop.c dns.c gss-serv.c] [kex.c kex.h key.c mac.c match.c misc.c packet.c packet.h scp.c] [servconf.c session.c session.h sftp-client.c sftp-server.c sftp.c] [ssh-keyscan.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c] make this -Wsign-compare clean; ok avsm@ markus@ NB. auth1.c changes not committed yet (conflicts with uncommitted sync) NB2. more work may be needed to make portable Wsign-compare clean --- ChangeLog | 11 ++++++++++- auth-rsa.c | 6 ++++-- auth.c | 4 ++-- auth2-chall.c | 9 ++++----- auth2-gss.c | 4 ++-- authfd.c | 9 +++++---- authfile.c | 16 +++++++++------- bufaux.c | 4 ++-- canohost.c | 5 +++-- channels.c | 9 +++++---- cipher.c | 8 ++++---- clientloop.c | 11 +++++++---- dns.c | 8 ++++---- gss-serv.c | 4 ++-- kex.c | 33 +++++++++++++++++---------------- kex.h | 8 ++++---- key.c | 4 ++-- mac.c | 11 +++++++---- match.c | 4 ++-- misc.c | 13 +++++++------ packet.c | 8 ++++---- packet.h | 4 ++-- scp.c | 10 +++++----- servconf.c | 7 ++++--- session.c | 6 +++--- session.h | 4 ++-- sftp-client.c | 10 ++++------ sftp-server.c | 12 ++++++------ sftp.c | 13 +++++++------ ssh-keyscan.c | 12 ++++++------ ssh-rsa.c | 4 ++-- sshconnect.c | 5 +++-- sshconnect1.c | 4 ++-- sshconnect2.c | 7 ++++--- sshd.c | 7 ++++--- 35 files changed, 160 insertions(+), 134 deletions(-) (limited to 'channels.c') diff --git a/ChangeLog b/ChangeLog index 02eb57908..f3c3c93ba 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,15 @@ [canohost.c channels.c sshd.c] don't exit if getpeername fails for forwarded ports; bugzilla #1054; ok djm + - djm@cvs.openbsd.org 2005/06/17 02:44:33 + [auth-rsa.c auth.c auth1.c auth2-chall.c auth2-gss.c authfd.c authfile.c] + [bufaux.c canohost.c channels.c cipher.c clientloop.c dns.c gss-serv.c] + [kex.c kex.h key.c mac.c match.c misc.c packet.c packet.h scp.c] + [servconf.c session.c session.h sftp-client.c sftp-server.c sftp.c] + [ssh-keyscan.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c] + make this -Wsign-compare clean; ok avsm@ markus@ + NB. auth1.c changes not committed yet (conflicts with uncommitted sync) + NB2. more work may be needed to make portable Wsign-compare clean 20050616 - (djm) OpenBSD CVS Sync @@ -2725,4 +2734,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3822 2005/06/17 02:55:03 djm Exp $ +$Id: ChangeLog,v 1.3823 2005/06/17 02:59:34 djm Exp $ diff --git a/auth-rsa.c b/auth-rsa.c index 4378008d3..d9c9652dc 100644 --- a/auth-rsa.c +++ b/auth-rsa.c @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rsa.c,v 1.62 2004/12/11 01:48:56 dtucker Exp $"); +RCSID("$OpenBSD: auth-rsa.c,v 1.63 2005/06/17 02:44:32 djm Exp $"); #include #include @@ -205,6 +205,7 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { char *cp; char *key_options; + int keybits; /* Skip leading whitespace, empty and comment lines. */ for (cp = line; *cp == ' ' || *cp == '\t'; cp++) @@ -243,7 +244,8 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) continue; /* check the real bits */ - if (bits != BN_num_bits(key->rsa->n)) + keybits = BN_num_bits(key->rsa->n); + if (keybits < 0 || bits != (u_int)keybits) logit("Warning: %s, line %lu: keysize mismatch: " "actual %d vs. announced %d.", file, linenum, BN_num_bits(key->rsa->n), bits); diff --git a/auth.c b/auth.c index 68c2824fb..82fe8f06b 100644 --- a/auth.c +++ b/auth.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth.c,v 1.59 2005/06/06 11:20:36 djm Exp $"); +RCSID("$OpenBSD: auth.c,v 1.60 2005/06/17 02:44:32 djm Exp $"); #ifdef HAVE_LOGIN_H #include @@ -76,7 +76,7 @@ allowed_user(struct passwd * pw) struct stat st; const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL; char *shell; - int i; + u_int i; #ifdef USE_SHADOW struct spwd *spw = NULL; #endif diff --git a/auth2-chall.c b/auth2-chall.c index 384a543ee..1cea15378 100644 --- a/auth2-chall.c +++ b/auth2-chall.c @@ -23,7 +23,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: auth2-chall.c,v 1.22 2005/01/19 13:11:47 dtucker Exp $"); +RCSID("$OpenBSD: auth2-chall.c,v 1.23 2005/06/17 02:44:32 djm Exp $"); #include "ssh2.h" #include "auth.h" @@ -239,8 +239,7 @@ send_userauth_info_request(Authctxt *authctxt) { KbdintAuthctxt *kbdintctxt; char *name, *instr, **prompts; - int i; - u_int *echo_on; + u_int i, *echo_on; kbdintctxt = authctxt->kbdintctxt; if (kbdintctxt->device->query(kbdintctxt->ctxt, @@ -273,8 +272,8 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt) { Authctxt *authctxt = ctxt; KbdintAuthctxt *kbdintctxt; - int i, authenticated = 0, res, len; - u_int nresp; + int authenticated = 0, res, len; + u_int i, nresp; char **response = NULL, *method; if (authctxt == NULL) diff --git a/auth2-gss.c b/auth2-gss.c index 3289ba18e..855b61b4e 100644 --- a/auth2-gss.c +++ b/auth2-gss.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-gss.c,v 1.8 2004/06/21 17:36:31 avsm Exp $ */ +/* $OpenBSD: auth2-gss.c,v 1.9 2005/06/17 02:44:32 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -61,7 +61,7 @@ userauth_gssapi(Authctxt *authctxt) int present; OM_uint32 ms; u_int len; - char *doid = NULL; + u_char *doid = NULL; if (!authctxt->valid || authctxt->user == NULL) return (0); diff --git a/authfd.c b/authfd.c index 9ce5b5ea8..8976616b4 100644 --- a/authfd.c +++ b/authfd.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: authfd.c,v 1.65 2005/05/24 17:32:43 avsm Exp $"); +RCSID("$OpenBSD: authfd.c,v 1.66 2005/06/17 02:44:32 djm Exp $"); #include @@ -114,8 +114,7 @@ ssh_get_authentication_socket(void) static int ssh_request_reply(AuthenticationConnection *auth, Buffer *request, Buffer *reply) { - int l; - u_int len; + u_int l, len; char buf[1024]; /* Get the length of the message, and format it in the buffer. */ @@ -302,6 +301,7 @@ ssh_get_first_identity(AuthenticationConnection *auth, char **comment, int versi Key * ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int version) { + int keybits; u_int bits; u_char *blob; u_int blen; @@ -322,7 +322,8 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio buffer_get_bignum(&auth->identities, key->rsa->e); buffer_get_bignum(&auth->identities, key->rsa->n); *comment = buffer_get_string(&auth->identities, NULL); - if (bits != BN_num_bits(key->rsa->n)) + keybits = BN_num_bits(key->rsa->n); + if (keybits < 0 || bits != (u_int)keybits) logit("Warning: identity keysize mismatch: actual %d, announced %u", BN_num_bits(key->rsa->n), bits); break; diff --git a/authfile.c b/authfile.c index 6a04cd7a9..420813f37 100644 --- a/authfile.c +++ b/authfile.c @@ -36,7 +36,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: authfile.c,v 1.60 2004/12/11 01:48:56 dtucker Exp $"); +RCSID("$OpenBSD: authfile.c,v 1.61 2005/06/17 02:44:32 djm Exp $"); #include #include @@ -52,6 +52,7 @@ RCSID("$OpenBSD: authfile.c,v 1.60 2004/12/11 01:48:56 dtucker Exp $"); #include "authfile.h" #include "rsa.h" #include "misc.h" +#include "atomicio.h" /* Version identification string for SSH v1 identity files. */ static const char authfile_id_string[] = @@ -147,8 +148,8 @@ key_save_private_rsa1(Key *key, const char *filename, const char *passphrase, buffer_free(&encrypted); return 0; } - if (write(fd, buffer_ptr(&encrypted), buffer_len(&encrypted)) != - buffer_len(&encrypted)) { + if (atomicio(vwrite, fd, buffer_ptr(&encrypted), + buffer_len(&encrypted)) != buffer_len(&encrypted)) { error("write to key file %s failed: %s", filename, strerror(errno)); buffer_free(&encrypted); @@ -236,7 +237,7 @@ key_load_public_rsa1(int fd, const char *filename, char **commentp) Key *pub; struct stat st; char *cp; - int i; + u_int i; size_t len; if (fstat(fd, &st) < 0) { @@ -253,7 +254,7 @@ key_load_public_rsa1(int fd, const char *filename, char **commentp) buffer_init(&buffer); cp = buffer_append_space(&buffer, len); - if (read(fd, cp, (size_t) len) != (size_t) len) { + if (atomicio(read, fd, cp, len) != len) { debug("Read from key file %.200s failed: %.100s", filename, strerror(errno)); buffer_free(&buffer); @@ -322,7 +323,8 @@ static Key * key_load_private_rsa1(int fd, const char *filename, const char *passphrase, char **commentp) { - int i, check1, check2, cipher_type; + u_int i; + int check1, check2, cipher_type; size_t len; Buffer buffer, decrypted; u_char *cp; @@ -347,7 +349,7 @@ key_load_private_rsa1(int fd, const char *filename, const char *passphrase, buffer_init(&buffer); cp = buffer_append_space(&buffer, len); - if (read(fd, cp, (size_t) len) != (size_t) len) { + if (atomicio(read, fd, cp, len) != len) { debug("Read from key file %.200s failed: %.100s", filename, strerror(errno)); buffer_free(&buffer); diff --git a/bufaux.c b/bufaux.c index 5dbf2b770..8d096a056 100644 --- a/bufaux.c +++ b/bufaux.c @@ -37,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: bufaux.c,v 1.35 2005/03/10 22:01:05 deraadt Exp $"); +RCSID("$OpenBSD: bufaux.c,v 1.36 2005/06/17 02:44:32 djm Exp $"); #include #include "bufaux.h" @@ -154,7 +154,7 @@ buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value) buf[0] = 0x00; /* Get the value of in binary */ oi = BN_bn2bin(value, buf+1); - if (oi != bytes-1) { + if (oi < 0 || (u_int)oi != bytes - 1) { error("buffer_put_bignum2_ret: BN_bn2bin() failed: " "oi %d != bin_size %d", oi, bytes); xfree(buf); diff --git a/canohost.c b/canohost.c index c3ab45556..04dc3d182 100644 --- a/canohost.c +++ b/canohost.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: canohost.c,v 1.43 2005/06/16 08:00:00 markus Exp $"); +RCSID("$OpenBSD: canohost.c,v 1.44 2005/06/17 02:44:32 djm Exp $"); #include "packet.h" #include "xmalloc.h" @@ -143,7 +143,8 @@ check_ip_options(int sock, char *ipaddr) u_char options[200]; char text[sizeof(options) * 3 + 1]; socklen_t option_size; - int i, ipproto; + u_int i; + int ipproto; struct protoent *ip; if ((ip = getprotobyname("ip")) != NULL) diff --git a/channels.c b/channels.c index 66b15f5b5..7ca1c53ba 100644 --- a/channels.c +++ b/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.216 2005/06/16 08:00:00 markus Exp $"); +RCSID("$OpenBSD: channels.c,v 1.217 2005/06/17 02:44:32 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -894,7 +894,7 @@ static int channel_decode_socks4(Channel *c, fd_set * readset, fd_set * writeset) { char *p, *host; - int len, have, i, found; + u_int len, have, i, found; char username[256]; struct { u_int8_t version; @@ -979,7 +979,7 @@ channel_decode_socks5(Channel *c, fd_set * readset, fd_set * writeset) } s5_req, s5_rsp; u_int16_t dest_port; u_char *p, dest_addr[255+1]; - int i, have, found, nmethods, addrlen, af; + u_int have, i, found, nmethods, addrlen, af; debug2("channel %d: decode socks5", c->self); p = buffer_ptr(&c->input); @@ -1075,7 +1075,8 @@ static void channel_pre_dynamic(Channel *c, fd_set * readset, fd_set * writeset) { u_char *p; - int have, ret; + u_int have; + int ret; have = buffer_len(&c->input); c->delayed = 0; diff --git a/cipher.c b/cipher.c index 8096a5174..20d0a80c4 100644 --- a/cipher.c +++ b/cipher.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: cipher.c,v 1.75 2005/06/09 13:43:49 dtucker Exp $"); +RCSID("$OpenBSD: cipher.c,v 1.76 2005/06/17 02:44:32 djm Exp $"); #include "xmalloc.h" #include "log.h" @@ -235,7 +235,7 @@ cipher_init(CipherContext *cc, Cipher *cipher, fatal("cipher_init: EVP_CipherInit failed for %s", cipher->name); klen = EVP_CIPHER_CTX_key_length(&cc->evp); - if (klen > 0 && keylen != klen) { + if (klen > 0 && keylen != (u_int)klen) { debug2("cipher_init: set keylen (%d -> %d)", klen, keylen); if (EVP_CIPHER_CTX_set_key_length(&cc->evp, keylen) == 0) fatal("cipher_init: set keylen failed (%d -> %d)", @@ -326,9 +326,9 @@ cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len) case SSH_CIPHER_DES: case SSH_CIPHER_BLOWFISH: evplen = EVP_CIPHER_CTX_iv_length(&cc->evp); - if (evplen == 0) + if (evplen <= 0) return; - if (evplen != len) + if ((u_int)evplen != len) fatal("%s: wrong iv length %d != %d", __func__, evplen, len); #if OPENSSL_VERSION_NUMBER < 0x00907000L diff --git a/clientloop.c b/clientloop.c index ee36cc9e5..a030cf6e4 100644 --- a/clientloop.c +++ b/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.138 2005/06/16 03:38:36 djm Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.139 2005/06/17 02:44:32 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -659,12 +659,12 @@ client_process_control(fd_set * readset) { Buffer m; Channel *c; - int client_fd, new_fd[3], ver, i, allowed; + int client_fd, new_fd[3], ver, allowed; socklen_t addrlen; struct sockaddr_storage addr; struct confirm_ctx *cctx; char *cmd; - u_int len, env_len, command, flags; + u_int i, len, env_len, command, flags; uid_t euid; gid_t egid; @@ -971,7 +971,10 @@ process_escapes(Buffer *bin, Buffer *bout, Buffer *berr, char *buf, int len) u_char ch; char *s; - for (i = 0; i < len; i++) { + if (len <= 0) + return (0); + + for (i = 0; i < (u_int)len; i++) { /* Get one character at a time. */ ch = buf[i]; diff --git a/dns.c b/dns.c index 5a964bc7f..4487c1aba 100644 --- a/dns.c +++ b/dns.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dns.c,v 1.11 2005/04/20 10:05:45 jakob Exp $ */ +/* $OpenBSD: dns.c,v 1.12 2005/06/17 02:44:32 djm Exp $ */ /* * Copyright (c) 2003 Wesley Griffin. All rights reserved. @@ -43,7 +43,7 @@ #include "uuencode.h" extern char *__progname; -RCSID("$OpenBSD: dns.c,v 1.11 2005/04/20 10:05:45 jakob Exp $"); +RCSID("$OpenBSD: dns.c,v 1.12 2005/06/17 02:44:32 djm Exp $"); #ifndef LWRES static const char *errset_text[] = { @@ -171,7 +171,7 @@ int verify_host_key_dns(const char *hostname, struct sockaddr *address, const Key *hostkey, int *flags) { - int counter; + u_int counter; int result; struct rrsetinfo *fingerprints = NULL; @@ -274,7 +274,7 @@ export_dns_rr(const char *hostname, const Key *key, FILE *f, int generic) u_char *rdata_digest; u_int rdata_digest_len; - int i; + u_int i; int success = 0; if (dns_read_key(&rdata_pubkey_algorithm, &rdata_digest_type, diff --git a/gss-serv.c b/gss-serv.c index de32a3f2e..e1b843f01 100644 --- a/gss-serv.c +++ b/gss-serv.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-serv.c,v 1.5 2003/11/17 11:06:07 markus Exp $ */ +/* $OpenBSD: gss-serv.c,v 1.6 2005/06/17 02:44:32 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -134,7 +134,7 @@ ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *recv_tok, static OM_uint32 ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name) { - char *tok; + u_char *tok; OM_uint32 offset; OM_uint32 oidl; diff --git a/kex.c b/kex.c index a668346c3..8736aa286 100644 --- a/kex.c +++ b/kex.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kex.c,v 1.60 2004/06/21 17:36:31 avsm Exp $"); +RCSID("$OpenBSD: kex.c,v 1.61 2005/06/17 02:44:32 djm Exp $"); #include @@ -52,7 +52,7 @@ static void kex_choose_conf(Kex *); static void kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX]) { - int i; + u_int i; buffer_clear(b); /* @@ -101,7 +101,7 @@ kex_buf2prop(Buffer *raw, int *first_kex_follows) static void kex_prop_free(char **proposal) { - int i; + u_int i; for (i = 0; i < PROPOSAL_MAX; i++) xfree(proposal[i]); @@ -150,7 +150,7 @@ kex_send_kexinit(Kex *kex) { u_int32_t rnd = 0; u_char *cookie; - int i; + u_int i; if (kex == NULL) { error("kex_send_kexinit: no kex, cannot rekey"); @@ -183,8 +183,7 @@ void kex_input_kexinit(int type, u_int32_t seq, void *ctxt) { char *ptr; - int dlen; - int i; + u_int i, dlen; Kex *kex = (Kex *)ctxt; debug("SSH2_MSG_KEXINIT received"); @@ -343,9 +342,7 @@ kex_choose_conf(Kex *kex) char **my, **peer; char **cprop, **sprop; int nenc, nmac, ncomp; - int mode; - int ctos; /* direction: if true client-to-server */ - int need; + u_int mode, ctos, need; int first_kex_follows, type; my = kex_buf2prop(&kex->my, NULL); @@ -405,15 +402,19 @@ kex_choose_conf(Kex *kex) } static u_char * -derive_key(Kex *kex, int id, int need, u_char *hash, BIGNUM *shared_secret) +derive_key(Kex *kex, int id, u_int need, u_char *hash, BIGNUM *shared_secret) { Buffer b; const EVP_MD *evp_md = EVP_sha1(); EVP_MD_CTX md; char c = id; - int have; + u_int have; int mdsz = EVP_MD_size(evp_md); - u_char *digest = xmalloc(roundup(need, mdsz)); + u_char *digest; + + if (mdsz < 0) + fatal("derive_key: mdsz < 0"); + digest = xmalloc(roundup(need, mdsz)); buffer_init(&b); buffer_put_bignum2(&b, shared_secret); @@ -455,7 +456,7 @@ void kex_derive_keys(Kex *kex, u_char *hash, BIGNUM *shared_secret) { u_char *keys[NKEYS]; - int i, mode, ctos; + u_int i, mode, ctos; for (i = 0; i < NKEYS; i++) keys[i] = derive_key(kex, 'A'+i, kex->we_need, hash, shared_secret); @@ -493,13 +494,13 @@ derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus, EVP_DigestInit(&md, evp_md); len = BN_num_bytes(host_modulus); - if (len < (512 / 8) || len > sizeof(nbuf)) + if (len < (512 / 8) || (u_int)len > sizeof(nbuf)) fatal("%s: bad host modulus (len %d)", __func__, len); BN_bn2bin(host_modulus, nbuf); EVP_DigestUpdate(&md, nbuf, len); len = BN_num_bytes(server_modulus); - if (len < (512 / 8) || len > sizeof(nbuf)) + if (len < (512 / 8) || (u_int)len > sizeof(nbuf)) fatal("%s: bad server modulus (len %d)", __func__, len); BN_bn2bin(server_modulus, nbuf); EVP_DigestUpdate(&md, nbuf, len); @@ -518,7 +519,7 @@ derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus, void dump_digest(char *msg, u_char *digest, int len) { - int i; + u_int i; fprintf(stderr, "%s\n", msg); for (i = 0; i< len; i++) { diff --git a/kex.h b/kex.h index d9e9d6522..059d83cd5 100644 --- a/kex.h +++ b/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.35 2004/06/13 12:53:24 djm Exp $ */ +/* $OpenBSD: kex.h,v 1.36 2005/06/17 02:44:32 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -83,9 +83,9 @@ struct Mac { char *name; int enabled; const EVP_MD *md; - int mac_len; + u_int mac_len; u_char *key; - int key_len; + u_int key_len; }; struct Comp { int type; @@ -101,7 +101,7 @@ struct Kex { u_char *session_id; u_int session_id_len; Newkeys *newkeys[MODE_MAX]; - int we_need; + u_int we_need; int server; char *name; int hostkey_type; diff --git a/key.c b/key.c index e41930464..08c158b59 100644 --- a/key.c +++ b/key.c @@ -32,7 +32,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: key.c,v 1.57 2004/10/29 23:57:05 djm Exp $"); +RCSID("$OpenBSD: key.c,v 1.58 2005/06/17 02:44:32 djm Exp $"); #include @@ -231,7 +231,7 @@ static char * key_fingerprint_hex(u_char *dgst_raw, u_int dgst_raw_len) { char *retval; - int i; + u_int i; retval = xmalloc(dgst_raw_len * 3 + 1); retval[0] = '\0'; diff --git a/mac.c b/mac.c index 097f0b93b..2bda5a1b9 100644 --- a/mac.c +++ b/mac.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: mac.c,v 1.6 2003/09/18 13:02:21 miod Exp $"); +RCSID("$OpenBSD: mac.c,v 1.7 2005/06/17 02:44:32 djm Exp $"); #include @@ -51,12 +51,15 @@ struct { int mac_init(Mac *mac, char *name) { - int i; + int i, evp_len; + for (i = 0; macs[i].name; i++) { if (strcmp(name, macs[i].name) == 0) { if (mac != NULL) { mac->md = (*macs[i].mdfunc)(); - mac->key_len = mac->mac_len = EVP_MD_size(mac->md); + if ((evp_len = EVP_MD_size(mac->md)) <= 0) + fatal("mac %s len %d", name, evp_len); + mac->key_len = mac->mac_len = (u_int)evp_len; if (macs[i].truncatebits != 0) mac->mac_len = macs[i].truncatebits/8; } @@ -77,7 +80,7 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen) if (mac->key == NULL) fatal("mac_compute: no key"); - if ((u_int)mac->mac_len > sizeof(m)) + if (mac->mac_len > sizeof(m)) fatal("mac_compute: mac too long"); HMAC_Init(&c, mac->key, mac->key_len, mac->md); PUT_32BIT(b, seqno); diff --git a/match.c b/match.c index 3ddb62730..29fb7dab9 100644 --- a/match.c +++ b/match.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: match.c,v 1.19 2002/03/01 13:12:10 markus Exp $"); +RCSID("$OpenBSD: match.c,v 1.20 2005/06/17 02:44:32 djm Exp $"); #include "match.h" #include "xmalloc.h" @@ -254,7 +254,7 @@ match_list(const char *client, const char *server, u_int *next) ret = xstrdup(p); if (next != NULL) *next = (cp == NULL) ? - strlen(c) : cp - c; + strlen(c) : (u_int)(cp - c); xfree(c); xfree(s); return ret; diff --git a/misc.c b/misc.c index fc094f874..c5ca0ce38 100644 --- a/misc.c +++ b/misc.c @@ -24,7 +24,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: misc.c,v 1.31 2005/06/06 11:20:36 djm Exp $"); +RCSID("$OpenBSD: misc.c,v 1.32 2005/06/17 02:44:32 djm Exp $"); #include "misc.h" #include "log.h" @@ -386,7 +386,7 @@ tilde_expand_filename(const char *filename, uid_t uid) const char *path; char user[128], ret[MAXPATHLEN]; struct passwd *pw; - int len; + u_int len, slash; if (*filename != '~') return (xstrdup(filename)); @@ -394,10 +394,11 @@ tilde_expand_filename(const char *filename, uid_t uid) path = strchr(filename, '/'); if (path != NULL && path > filename) { /* ~user/path */ - if (path - filename > sizeof(user) - 1) + slash = path - filename; + if (slash > sizeof(user) - 1) fatal("tilde_expand_filename: ~username too long"); - memcpy(user, filename, path - filename); - user[path - filename] = '\0'; + memcpy(user, filename, slash); + user[slash] = '\0'; if ((pw = getpwnam(user)) == NULL) fatal("tilde_expand_filename: No such user %s", user); } else if ((pw = getpwuid(uid)) == NULL) /* ~/path */ @@ -435,7 +436,7 @@ percent_expand(const char *string, ...) const char *key; const char *repl; } keys[EXPAND_MAX_KEYS]; - int num_keys, i, j; + u_int num_keys, i, j; char buf[4096]; va_list ap; diff --git a/packet.c b/packet.c index 7c150fde7..d5b50f2f4 100644 --- a/packet.c +++ b/packet.c @@ -37,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: packet.c,v 1.116 2004/10/20 11:48:53 markus Exp $"); +RCSID("$OpenBSD: packet.c,v 1.117 2005/06/17 02:44:32 djm Exp $"); #include "openbsd-compat/sys-queue.h" @@ -992,7 +992,7 @@ packet_read_poll2(u_int32_t *seqnr_p) static u_int packet_length = 0; u_int padlen, need; u_char *macbuf, *cp, type; - int maclen, block_size; + u_int maclen, block_size; Enc *enc = NULL; Mac *mac = NULL; Comp *comp = NULL; @@ -1229,9 +1229,9 @@ packet_get_bignum2(BIGNUM * value) } void * -packet_get_raw(int *length_ptr) +packet_get_raw(u_int *length_ptr) { - int bytes = buffer_len(&incoming_packet); + u_int bytes = buffer_len(&incoming_packet); if (length_ptr != NULL) *length_ptr = bytes; diff --git a/packet.h b/packet.h index 37f82f2f6..1ab6d8572 100644 --- a/packet.h +++ b/packet.h @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.h,v 1.41 2004/05/11 19:01:43 deraadt Exp $ */ +/* $OpenBSD: packet.h,v 1.42 2005/06/17 02:44:33 djm Exp $ */ /* * Author: Tatu Ylonen @@ -52,7 +52,7 @@ u_int packet_get_char(void); u_int packet_get_int(void); void packet_get_bignum(BIGNUM * value); void packet_get_bignum2(BIGNUM * value); -void *packet_get_raw(int *length_ptr); +void *packet_get_raw(u_int *length_ptr); void *packet_get_string(u_int *length_ptr); void packet_disconnect(const char *fmt,...) __attribute__((format(printf, 1, 2))); void packet_send_debug(const char *fmt,...) __attribute__((format(printf, 1, 2))); diff --git a/scp.c b/scp.c index 9dc060e26..10c4b507c 100644 --- a/scp.c +++ b/scp.c @@ -71,7 +71,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: scp.c,v 1.123 2005/05/26 02:08:05 avsm Exp $"); +RCSID("$OpenBSD: scp.c,v 1.124 2005/06/17 02:44:33 djm Exp $"); #include "xmalloc.h" #include "atomicio.h" @@ -186,7 +186,7 @@ do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout, int argc) } typedef struct { - int cnt; + size_t cnt; char *buf; } BUF; @@ -724,8 +724,8 @@ sink(int argc, char **argv) } wrerr; BUF *bp; off_t i; - size_t j; - int amt, count, exists, first, mask, mode, ofd, omode; + size_t j, count; + int amt, exists, first, mask, mode, ofd, omode; off_t size, statbytes; int setimes, targisdir, wrerrno = 0; char ch, *cp, *np, *targ, *why, *vect[1], buf[2048]; @@ -833,7 +833,7 @@ sink(int argc, char **argv) } if (targisdir) { static char *namebuf; - static int cursize; + static size_t cursize; size_t need; need = strlen(targ) + strlen(cp) + 250; diff --git a/servconf.c b/servconf.c index ddb34f9b9..deec167be 100644 --- a/servconf.c +++ b/servconf.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: servconf.c,v 1.141 2005/05/16 15:30:51 markus Exp $"); +RCSID("$OpenBSD: servconf.c,v 1.142 2005/06/17 02:44:33 djm Exp $"); #include "ssh.h" #include "log.h" @@ -398,7 +398,7 @@ parse_token(const char *cp, const char *filename, static void add_listen_addr(ServerOptions *options, char *addr, u_short port) { - int i; + u_int i; if (options->num_ports == 0) options->ports[options->num_ports++] = SSH_DEFAULT_PORT; @@ -438,9 +438,10 @@ process_server_config_line(ServerOptions *options, char *line, const char *filename, int linenum) { char *cp, **charptr, *arg, *p; - int *intptr, value, i, n; + int *intptr, value, n; ServerOpCodes opcode; u_short port; + u_int i; cp = line; arg = strdelim(&cp); diff --git a/session.c b/session.c index d931532db..a1dc6835a 100644 --- a/session.c +++ b/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.181 2004/12/23 17:35:48 markus Exp $"); +RCSID("$OpenBSD: session.c,v 1.182 2005/06/17 02:44:33 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -1801,7 +1801,7 @@ session_subsystem_req(Session *s) u_int len; int success = 0; char *cmd, *subsys = packet_get_string(&len); - int i; + u_int i; packet_check_eom(); logit("subsystem request for %.100s", subsys); @@ -2107,7 +2107,7 @@ session_exit_message(Session *s, int status) void session_close(Session *s) { - int i; + u_int i; debug("session_close: session %d pid %ld", s->self, (long)s->pid); if (s->ttyfd != -1) diff --git a/session.h b/session.h index 48be5070c..92bd16573 100644 --- a/session.h +++ b/session.h @@ -1,4 +1,4 @@ -/* $OpenBSD: session.h,v 1.23 2004/07/17 05:31:41 dtucker Exp $ */ +/* $OpenBSD: session.h,v 1.24 2005/06/17 02:44:33 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -50,7 +50,7 @@ struct Session { /* proto 2 */ int chanid; int is_subsystem; - int num_env; + u_int num_env; struct { char *name; char *val; diff --git a/sftp-client.c b/sftp-client.c index 47297898a..ce15fc0a3 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -20,7 +20,7 @@ /* XXX: copy between two remote sites */ #include "includes.h" -RCSID("$OpenBSD: sftp-client.c,v 1.54 2005/05/24 17:32:44 avsm Exp $"); +RCSID("$OpenBSD: sftp-client.c,v 1.55 2005/06/17 02:44:33 djm Exp $"); #include "openbsd-compat/sys-queue.h" @@ -311,7 +311,7 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag, SFTP_DIRENT ***dir) { Buffer msg; - u_int type, id, handle_len, i, expected_id, ents = 0; + u_int count, type, id, handle_len, i, expected_id, ents = 0; char *handle; id = conn->msg_id++; @@ -335,8 +335,6 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag, } for (; !interrupted;) { - int count; - id = expected_id = conn->msg_id++; debug3("Sending SSH2_FXP_READDIR I:%u", id); @@ -744,10 +742,10 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, Attrib junk, *a; Buffer msg; char *handle; - int local_fd, status, num_req, max_req, write_error; + int local_fd, status, write_error; int read_error, write_errno; u_int64_t offset, size; - u_int handle_len, mode, type, id, buflen; + u_int handle_len, mode, type, id, buflen, num_req, max_req; off_t progress_counter; struct request { u_int id; diff --git a/sftp-server.c b/sftp-server.c index e82280057..6870e7732 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -14,7 +14,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include "includes.h" -RCSID("$OpenBSD: sftp-server.c,v 1.47 2004/06/25 05:38:48 dtucker Exp $"); +RCSID("$OpenBSD: sftp-server.c,v 1.48 2005/06/17 02:44:33 djm Exp $"); #include "buffer.h" #include "bufaux.h" @@ -130,7 +130,7 @@ Handle handles[100]; static void handle_init(void) { - int i; + u_int i; for (i = 0; i < sizeof(handles)/sizeof(Handle); i++) handles[i].use = HANDLE_UNUSED; @@ -139,7 +139,7 @@ handle_init(void) static int handle_new(int use, const char *name, int fd, DIR *dirp) { - int i; + u_int i; for (i = 0; i < sizeof(handles)/sizeof(Handle); i++) { if (handles[i].use == HANDLE_UNUSED) { @@ -156,7 +156,7 @@ handle_new(int use, const char *name, int fd, DIR *dirp) static int handle_is_ok(int i, int type) { - return i >= 0 && i < sizeof(handles)/sizeof(Handle) && + return i >= 0 && (u_int)i < sizeof(handles)/sizeof(Handle) && handles[i].use == type; } @@ -477,10 +477,10 @@ process_write(void) } else { /* XXX ATOMICIO ? */ ret = write(fd, data, len); - if (ret == -1) { + if (ret < 0) { error("process_write: write failed"); status = errno_to_portable(errno); - } else if (ret == len) { + } else if ((size_t)ret == len) { status = SSH2_FX_OK; } else { logit("nothing at all written"); diff --git a/sftp.c b/sftp.c index 16a6cf0c6..a77be84c6 100644 --- a/sftp.c +++ b/sftp.c @@ -16,7 +16,7 @@ #include "includes.h" -RCSID("$OpenBSD: sftp.c,v 1.63 2005/03/10 22:01:05 deraadt Exp $"); +RCSID("$OpenBSD: sftp.c,v 1.64 2005/06/17 02:44:33 djm Exp $"); #ifdef USE_LIBEDIT #include @@ -404,7 +404,7 @@ get_pathname(const char **cpp, char **path) { const char *cp = *cpp, *end; char quot; - int i, j; + u_int i, j; cp += strspn(cp, WHITESPACE); if (!*cp) { @@ -664,14 +664,15 @@ sdirent_comp(const void *aa, const void *bb) static int do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag) { - int n, c = 1, colspace = 0, columns = 1; + int n; + u_int c = 1, colspace = 0, columns = 1; SFTP_DIRENT **d; if ((n = do_readdir(conn, path, &d)) != 0) return (n); if (!(lflag & LS_SHORT_VIEW)) { - int m = 0, width = 80; + u_int m = 0, width = 80; struct winsize ws; char *tmp; @@ -747,7 +748,7 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, int lflag) { glob_t g; - int i, c = 1, colspace = 0, columns = 1; + u_int i, c = 1, colspace = 0, columns = 1; Attrib *a = NULL; memset(&g, 0, sizeof(g)); @@ -783,7 +784,7 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, } if (!(lflag & LS_SHORT_VIEW)) { - int m = 0, width = 80; + u_int m = 0, width = 80; struct winsize ws; /* Count entries for sort and find longest filename */ diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 7dffb8517..46f063687 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -7,7 +7,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keyscan.c,v 1.54 2005/05/24 17:32:44 avsm Exp $"); +RCSID("$OpenBSD: ssh-keyscan.c,v 1.55 2005/06/17 02:44:33 djm Exp $"); #include "openbsd-compat/sys-queue.h" @@ -166,7 +166,7 @@ Linebuf_lineno(Linebuf * lb) static char * Linebuf_getline(Linebuf * lb) { - int n = 0; + size_t n = 0; void *p; lb->lineno++; @@ -493,10 +493,10 @@ conrecycle(int s) static void congreet(int s) { - int remote_major = 0, remote_minor = 0; + int n = 0, remote_major = 0, remote_minor = 0; char buf[256], *cp; char remote_version[sizeof buf]; - size_t bufsiz, n = 0; + size_t bufsiz; con *c = &fdcon[s]; bufsiz = sizeof(buf); @@ -546,12 +546,12 @@ congreet(int s) n = snprintf(buf, sizeof buf, "SSH-%d.%d-OpenSSH-keyscan\r\n", c->c_keytype == KT_RSA1? PROTOCOL_MAJOR_1 : PROTOCOL_MAJOR_2, c->c_keytype == KT_RSA1? PROTOCOL_MINOR_1 : PROTOCOL_MINOR_2); - if (n == -1 || n >= sizeof buf) { + if (n < 0 || (size_t)n >= sizeof(buf)) { error("snprintf: buffer too small"); confree(s); return; } - if (atomicio(vwrite, s, buf, n) != n) { + if (atomicio(vwrite, s, buf, n) != (size_t)n) { error("write (%s): %s", c->c_name, strerror(errno)); confree(s); return; diff --git a/ssh-rsa.c b/ssh-rsa.c index 6e3be0a7e..eb422d07e 100644 --- a/ssh-rsa.c +++ b/ssh-rsa.c @@ -14,7 +14,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include "includes.h" -RCSID("$OpenBSD: ssh-rsa.c,v 1.31 2003/11/10 16:23:41 jakob Exp $"); +RCSID("$OpenBSD: ssh-rsa.c,v 1.32 2005/06/17 02:44:33 djm Exp $"); #include #include @@ -238,7 +238,7 @@ openssh_RSA_verify(int type, u_char *hash, u_int hashlen, ERR_error_string(ERR_get_error(), NULL)); goto done; } - if (len != hlen + oidlen) { + if (len < 0 || (u_int)len != hlen + oidlen) { error("bad decrypted len: %d != %d + %d", len, hlen, oidlen); goto done; } diff --git a/sshconnect.c b/sshconnect.c index 0bd351f6b..cbbe54821 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.164 2005/06/06 11:20:36 djm Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.165 2005/06/17 02:44:33 djm Exp $"); #include @@ -402,10 +402,11 @@ static void ssh_exchange_identification(void) { char buf[256], remote_version[256]; /* must be same size! */ - int remote_major, remote_minor, i, mismatch; + int remote_major, remote_minor, mismatch; int connection_in = packet_get_connection_in(); int connection_out = packet_get_connection_out(); int minor1 = PROTOCOL_MINOR_1; + u_int i; /* Read other side's version identification. */ for (;;) { diff --git a/sshconnect1.c b/sshconnect1.c index 6e2e31c02..bd05723c7 100644 --- a/sshconnect1.c +++ b/sshconnect1.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect1.c,v 1.60 2004/07/28 09:40:29 markus Exp $"); +RCSID("$OpenBSD: sshconnect1.c,v 1.61 2005/06/17 02:44:33 djm Exp $"); #include #include @@ -162,7 +162,7 @@ respond_to_rsa_challenge(BIGNUM * challenge, RSA * prv) /* Compute the response. */ /* The response is MD5 of decrypted challenge plus session id. */ len = BN_num_bytes(challenge); - if (len <= 0 || len > sizeof(buf)) + if (len <= 0 || (u_int)len > sizeof(buf)) packet_disconnect( "respond_to_rsa_challenge: bad challenge length %d", len); diff --git a/sshconnect2.c b/sshconnect2.c index 68d56d020..60afd6d3d 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.138 2004/06/13 12:53:24 djm Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.139 2005/06/17 02:44:33 djm Exp $"); #include "openbsd-compat/sys-queue.h" @@ -482,7 +482,7 @@ userauth_gssapi(Authctxt *authctxt) { Gssctxt *gssctxt = NULL; static gss_OID_set gss_supported = NULL; - static int mech = 0; + static u_int mech = 0; OM_uint32 min; int ok = 0; @@ -509,7 +509,8 @@ userauth_gssapi(Authctxt *authctxt) } } - if (!ok) return 0; + if (!ok) + return 0; authctxt->methoddata=(void *)gssctxt; diff --git a/sshd.c b/sshd.c index ed4158801..b0d65575f 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.310 2005/06/16 08:00:00 markus Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.311 2005/06/17 02:44:33 djm Exp $"); #include #include @@ -358,7 +358,8 @@ key_regeneration_alarm(int sig) static void sshd_exchange_identification(int sock_in, int sock_out) { - int i, mismatch; + u_int i; + int mismatch; int remote_major, remote_minor; int major, minor; char *s; @@ -1900,7 +1901,7 @@ do_ssh1_kex(void) if (!rsafail) { BN_mask_bits(session_key_int, sizeof(session_key) * 8); len = BN_num_bytes(session_key_int); - if (len < 0 || len > sizeof(session_key)) { + if (len < 0 || (u_int)len > sizeof(session_key)) { error("do_connection: bad session key len from %s: " "session_key_int %d > sizeof(session_key) %lu", get_remote_ipaddr(), len, (u_long)sizeof(session_key)); -- cgit v1.2.3 From a7270309fc5e95b29c91d0190b13ef5a9b1df339 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 6 Jul 2005 09:36:05 +1000 Subject: - markus@cvs.openbsd.org 2005/07/01 13:19:47 [channels.c] don't free() if getaddrinfo() fails; report mpech@ --- ChangeLog | 8 +++++++- channels.c | 12 +++++------- 2 files changed, 12 insertions(+), 8 deletions(-) (limited to 'channels.c') diff --git a/ChangeLog b/ChangeLog index 261373c03..85d4e91c9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20050706 + - (djm) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2005/07/01 13:19:47 + [channels.c] + don't free() if getaddrinfo() fails; report mpech@ + 20050626 - (djm) OpenBSD CVS Sync - djm@cvs.openbsd.org 2005/06/17 22:53:47 @@ -2763,4 +2769,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3831 2005/06/25 22:56:48 djm Exp $ +$Id: ChangeLog,v 1.3832 2005/07/05 23:36:05 djm Exp $ diff --git a/channels.c b/channels.c index 7ca1c53ba..b58902328 100644 --- a/channels.c +++ b/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.217 2005/06/17 02:44:32 djm Exp $"); +RCSID("$OpenBSD: channels.c,v 1.218 2005/07/01 13:19:47 markus Exp $"); #include "ssh.h" #include "ssh1.h" @@ -2196,11 +2196,11 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por if (host == NULL) { error("No forward host name."); - return success; + return 0; } if (strlen(host) > SSH_CHANNEL_PATH_LEN - 1) { error("Forward host name too long."); - return success; + return 0; } /* @@ -2251,12 +2251,10 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por packet_disconnect("getaddrinfo: fatal error: %s", gai_strerror(r)); } else { - verbose("channel_setup_fwd_listener: " - "getaddrinfo(%.64s): %s", addr, gai_strerror(r)); - packet_send_debug("channel_setup_fwd_listener: " + error("channel_setup_fwd_listener: " "getaddrinfo(%.64s): %s", addr, gai_strerror(r)); } - aitop = NULL; + return 0; } for (ai = aitop; ai; ai = ai->ai_next) { -- cgit v1.2.3 From 1339002e8b05d89b10767849d9ee9be55e460f4c Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 6 Jul 2005 09:44:19 +1000 Subject: - djm@cvs.openbsd.org 2005/07/04 00:58:43 [channels.c clientloop.c clientloop.h misc.c misc.h ssh.c ssh_config.5] implement support for X11 and agent forwarding over multiplex slave connections. Because of protocol limitations, the slave connections inherit the master's DISPLAY and SSH_AUTH_SOCK rather than distinctly forwarding their own. ok dtucker@ "put it in" deraadt@ --- ChangeLog | 9 ++++++++- channels.c | 61 +++++++++++++++++++++++++++++++++--------------------------- clientloop.c | 35 ++++++++++++++++++++++++++++------ clientloop.h | 7 ++++++- misc.c | 19 ++++++++++++++++++- misc.h | 3 ++- ssh.c | 45 +++++++++++++++++++++++--------------------- ssh_config.5 | 8 +++++++- 8 files changed, 128 insertions(+), 59 deletions(-) (limited to 'channels.c') diff --git a/ChangeLog b/ChangeLog index 85d4e91c9..58607022a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,13 @@ - markus@cvs.openbsd.org 2005/07/01 13:19:47 [channels.c] don't free() if getaddrinfo() fails; report mpech@ + - djm@cvs.openbsd.org 2005/07/04 00:58:43 + [channels.c clientloop.c clientloop.h misc.c misc.h ssh.c ssh_config.5] + implement support for X11 and agent forwarding over multiplex slave + connections. Because of protocol limitations, the slave connections inherit + the master's DISPLAY and SSH_AUTH_SOCK rather than distinctly forwarding + their own. + ok dtucker@ "put it in" deraadt@ 20050626 - (djm) OpenBSD CVS Sync @@ -2769,4 +2776,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3832 2005/07/05 23:36:05 djm Exp $ +$Id: ChangeLog,v 1.3833 2005/07/05 23:44:19 djm Exp $ diff --git a/channels.c b/channels.c index b58902328..14ff166ae 100644 --- a/channels.c +++ b/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.218 2005/07/01 13:19:47 markus Exp $"); +RCSID("$OpenBSD: channels.c,v 1.219 2005/07/04 00:58:42 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -111,6 +111,9 @@ static int all_opens_permitted = 0; /* Maximum number of fake X11 displays to try. */ #define MAX_DISPLAYS 1000 +/* Saved X11 local (client) display. */ +static char *x11_saved_display = NULL; + /* Saved X11 authentication protocol name. */ static char *x11_saved_proto = NULL; @@ -2955,12 +2958,18 @@ x11_request_forwarding_with_spoofing(int client_session_id, const char *disp, const char *proto, const char *data) { u_int data_len = (u_int) strlen(data) / 2; - u_int i, value, len; + u_int i, value; char *new_data; int screen_number; const char *cp; u_int32_t rnd = 0; + if (x11_saved_display && strcmp(disp, x11_saved_display) != 0) { + error("x11_request_forwarding_with_spoofing: different " + "$DISPLAY already forwarded"); + return; + } + cp = disp; if (disp) cp = strchr(disp, ':'); @@ -2971,33 +2980,31 @@ x11_request_forwarding_with_spoofing(int client_session_id, const char *disp, else screen_number = 0; - /* Save protocol name. */ - x11_saved_proto = xstrdup(proto); - - /* - * Extract real authentication data and generate fake data of the - * same length. - */ - x11_saved_data = xmalloc(data_len); - x11_fake_data = xmalloc(data_len); - for (i = 0; i < data_len; i++) { - if (sscanf(data + 2 * i, "%2x", &value) != 1) - fatal("x11_request_forwarding: bad authentication data: %.100s", data); - if (i % 4 == 0) - rnd = arc4random(); - x11_saved_data[i] = value; - x11_fake_data[i] = rnd & 0xff; - rnd >>= 8; - } - x11_saved_data_len = data_len; - x11_fake_data_len = data_len; + if (x11_saved_proto == NULL) { + /* Save protocol name. */ + x11_saved_proto = xstrdup(proto); + /* + * Extract real authentication data and generate fake data + * of the same length. + */ + x11_saved_data = xmalloc(data_len); + x11_fake_data = xmalloc(data_len); + for (i = 0; i < data_len; i++) { + if (sscanf(data + 2 * i, "%2x", &value) != 1) + fatal("x11_request_forwarding: bad " + "authentication data: %.100s", data); + if (i % 4 == 0) + rnd = arc4random(); + x11_saved_data[i] = value; + x11_fake_data[i] = rnd & 0xff; + rnd >>= 8; + } + x11_saved_data_len = data_len; + x11_fake_data_len = data_len; + } /* Convert the fake data into hex. */ - len = 2 * data_len + 1; - new_data = xmalloc(len); - for (i = 0; i < data_len; i++) - snprintf(new_data + 2 * i, len - 2 * i, - "%02x", (u_char) x11_fake_data[i]); + new_data = tohex(x11_fake_data, data_len); /* Send the request packet. */ if (compat20) { diff --git a/clientloop.c b/clientloop.c index a030cf6e4..9611a5e3e 100644 --- a/clientloop.c +++ b/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.139 2005/06/17 02:44:32 djm Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.140 2005/07/04 00:58:43 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -140,6 +140,8 @@ int session_ident = -1; struct confirm_ctx { int want_tty; int want_subsys; + int want_x_fwd; + int want_agent_fwd; Buffer cmd; char *term; struct termios tio; @@ -631,6 +633,7 @@ static void client_extra_session2_setup(int id, void *arg) { struct confirm_ctx *cctx = arg; + const char *display; Channel *c; int i; @@ -639,6 +642,24 @@ client_extra_session2_setup(int id, void *arg) if ((c = channel_lookup(id)) == NULL) fatal("%s: no channel for id %d", __func__, id); + display = getenv("DISPLAY"); + if (cctx->want_x_fwd && options.forward_x11 && display != NULL) { + char *proto, *data; + /* Get reasonable local authentication information. */ + client_x11_get_proto(display, options.xauth_location, + options.forward_x11_trusted, &proto, &data); + /* Request forwarding with authentication spoofing. */ + debug("Requesting X11 forwarding with authentication spoofing."); + x11_request_forwarding_with_spoofing(id, display, proto, data); + /* XXX wait for reply */ + } + + if (cctx->want_agent_fwd && options.forward_agent) { + debug("Requesting authentication agent forwarding."); + channel_request_start(id, "auth-agent-req@openssh.com", 0); + packet_send(); + } + client_session2_setup(id, cctx->want_tty, cctx->want_subsys, cctx->term, &cctx->tio, c->rfd, &cctx->cmd, cctx->env, client_subsystem_reply); @@ -704,7 +725,7 @@ client_process_control(fd_set * readset) buffer_free(&m); return; } - if ((ver = buffer_get_char(&m)) != 1) { + if ((ver = buffer_get_char(&m)) != SSHMUX_VER) { error("%s: wrong client version %d", __func__, ver); buffer_free(&m); close(client_fd); @@ -738,7 +759,7 @@ client_process_control(fd_set * readset) buffer_clear(&m); buffer_put_int(&m, allowed); buffer_put_int(&m, getpid()); - if (ssh_msg_send(client_fd, /* version */1, &m) == -1) { + if (ssh_msg_send(client_fd, SSHMUX_VER, &m) == -1) { error("%s: client msg_send failed", __func__); close(client_fd); buffer_free(&m); @@ -758,7 +779,7 @@ client_process_control(fd_set * readset) buffer_clear(&m); buffer_put_int(&m, allowed); buffer_put_int(&m, getpid()); - if (ssh_msg_send(client_fd, /* version */1, &m) == -1) { + if (ssh_msg_send(client_fd, SSHMUX_VER, &m) == -1) { error("%s: client msg_send failed", __func__); close(client_fd); buffer_free(&m); @@ -779,7 +800,7 @@ client_process_control(fd_set * readset) buffer_free(&m); return; } - if ((ver = buffer_get_char(&m)) != 1) { + if ((ver = buffer_get_char(&m)) != SSHMUX_VER) { error("%s: wrong client version %d", __func__, ver); buffer_free(&m); close(client_fd); @@ -790,6 +811,8 @@ client_process_control(fd_set * readset) memset(cctx, 0, sizeof(*cctx)); cctx->want_tty = (flags & SSHMUX_FLAG_TTY) != 0; cctx->want_subsys = (flags & SSHMUX_FLAG_SUBSYS) != 0; + cctx->want_x_fwd = (flags & SSHMUX_FLAG_X11_FWD) != 0; + cctx->want_agent_fwd = (flags & SSHMUX_FLAG_AGENT_FWD) != 0; cctx->term = buffer_get_string(&m, &len); cmd = buffer_get_string(&m, &len); @@ -823,7 +846,7 @@ client_process_control(fd_set * readset) /* This roundtrip is just for synchronisation of ttymodes */ buffer_clear(&m); - if (ssh_msg_send(client_fd, /* version */1, &m) == -1) { + if (ssh_msg_send(client_fd, SSHMUX_VER, &m) == -1) { error("%s: client msg_send failed", __func__); close(client_fd); close(new_fd[0]); diff --git a/clientloop.h b/clientloop.h index 71c61b5d2..aed2d918b 100644 --- a/clientloop.h +++ b/clientloop.h @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.h,v 1.13 2005/06/16 03:38:36 djm Exp $ */ +/* $OpenBSD: clientloop.h,v 1.14 2005/07/04 00:58:43 djm Exp $ */ /* * Author: Tatu Ylonen @@ -43,6 +43,9 @@ void client_global_request_reply_fwd(int, u_int32_t, void *); void client_session2_setup(int, int, int, const char *, struct termios *, int, Buffer *, char **, dispatch_fn *); +/* Multiplexing protocol version */ +#define SSHMUX_VER 1 + /* Multiplexing control protocol flags */ #define SSHMUX_COMMAND_OPEN 1 /* Open new connection */ #define SSHMUX_COMMAND_ALIVE_CHECK 2 /* Check master is alive */ @@ -50,3 +53,5 @@ void client_session2_setup(int, int, int, const char *, struct termios *, #define SSHMUX_FLAG_TTY (1) /* Request tty on open */ #define SSHMUX_FLAG_SUBSYS (1<<1) /* Subsystem request on open */ +#define SSHMUX_FLAG_X11_FWD (1<<2) /* Request X11 forwarding */ +#define SSHMUX_FLAG_AGENT_FWD (1<<3) /* Request agent forwarding */ diff --git a/misc.c b/misc.c index c5ca0ce38..808b7ba27 100644 --- a/misc.c +++ b/misc.c @@ -24,7 +24,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: misc.c,v 1.32 2005/06/17 02:44:32 djm Exp $"); +RCSID("$OpenBSD: misc.c,v 1.33 2005/07/04 00:58:43 djm Exp $"); #include "misc.h" #include "log.h" @@ -506,3 +506,20 @@ read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz, } return -1; } + +char * +tohex(const u_char *d, u_int l) +{ + char b[3], *r; + u_int i, hl; + + hl = l * 2 + 1; + r = xmalloc(hl); + *r = '\0'; + for (i = 0; i < l; i++) { + snprintf(b, sizeof(b), "%02x", d[i]); + strlcat(r, b, hl); + } + return (r); +} + diff --git a/misc.h b/misc.h index a85fcd134..92848b28e 100644 --- a/misc.h +++ b/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.23 2005/06/06 11:20:36 djm Exp $ */ +/* $OpenBSD: misc.h,v 1.24 2005/07/04 00:58:43 djm Exp $ */ /* * Author: Tatu Ylonen @@ -26,6 +26,7 @@ char *colon(char *); long convtime(const char *); char *tilde_expand_filename(const char *, uid_t); char *percent_expand(const char *, ...) __attribute__((sentinel)); +char *tohex(const u_char *, u_int); struct passwd *pwcopy(struct passwd *); diff --git a/ssh.c b/ssh.c index 67af53e69..43d97abcc 100644 --- a/ssh.c +++ b/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.246 2005/06/25 22:47:49 djm Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.247 2005/07/04 00:58:43 djm Exp $"); #include #include @@ -1250,41 +1250,44 @@ control_client(const char *path) error("Control socket connect(%.100s): %s", path, strerror(errno)); } - close(sock); - return; - } - - if (stdin_null_flag) { - if ((fd = open(_PATH_DEVNULL, O_RDONLY)) == -1) - fatal("open(/dev/null): %s", strerror(errno)); - if (dup2(fd, STDIN_FILENO) == -1) - fatal("dup2: %s", strerror(errno)); - if (fd > STDERR_FILENO) - close(fd); - } - - if ((term = getenv("TERM")) == NULL) - term = ""; + close(sock); + return; + } + + if (stdin_null_flag) { + if ((fd = open(_PATH_DEVNULL, O_RDONLY)) == -1) + fatal("open(/dev/null): %s", strerror(errno)); + if (dup2(fd, STDIN_FILENO) == -1) + fatal("dup2: %s", strerror(errno)); + if (fd > STDERR_FILENO) + close(fd); + } + + term = getenv("TERM"); flags = 0; if (tty_flag) flags |= SSHMUX_FLAG_TTY; if (subsystem_flag) flags |= SSHMUX_FLAG_SUBSYS; + if (options.forward_x11) + flags |= SSHMUX_FLAG_X11_FWD; + if (options.forward_agent) + flags |= SSHMUX_FLAG_AGENT_FWD; buffer_init(&m); /* Send our command to server */ buffer_put_int(&m, mux_command); buffer_put_int(&m, flags); - if (ssh_msg_send(sock, /* version */1, &m) == -1) + if (ssh_msg_send(sock, SSHMUX_VER, &m) == -1) fatal("%s: msg_send", __func__); buffer_clear(&m); /* Get authorisation status and PID of controlee */ if (ssh_msg_recv(sock, &m) == -1) fatal("%s: msg_recv", __func__); - if (buffer_get_char(&m) != 1) + if (buffer_get_char(&m) != SSHMUX_VER) fatal("%s: wrong version", __func__); if (buffer_get_int(&m) != 1) fatal("Connection to master denied"); @@ -1308,7 +1311,7 @@ control_client(const char *path) } /* SSHMUX_COMMAND_OPEN */ - buffer_put_cstring(&m, term); + buffer_put_cstring(&m, term ? term : ""); buffer_append(&command, "\0", 1); buffer_put_cstring(&m, buffer_ptr(&command)); @@ -1330,7 +1333,7 @@ control_client(const char *path) } } - if (ssh_msg_send(sock, /* version */1, &m) == -1) + if (ssh_msg_send(sock, SSHMUX_VER, &m) == -1) fatal("%s: msg_send", __func__); mm_send_fd(sock, STDIN_FILENO); @@ -1341,7 +1344,7 @@ control_client(const char *path) buffer_clear(&m); if (ssh_msg_recv(sock, &m) == -1) fatal("%s: msg_recv", __func__); - if (buffer_get_char(&m) != 1) + if (buffer_get_char(&m) != SSHMUX_VER) fatal("%s: wrong version", __func__); buffer_free(&m); diff --git a/ssh_config.5 b/ssh_config.5 index 3e7ca8f28..40774297c 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.57 2005/06/18 04:30:36 djm Exp $ +.\" $OpenBSD: ssh_config.5,v 1.58 2005/07/04 00:58:43 djm Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -279,6 +279,12 @@ can not be opened, .Nm ssh will continue without connecting to a master instance. .Pp +X11 and +.Xr ssh-agent 4 +forwarding is supported over these multiplexed connections, however the +display and agent fowarded will be the one belonging to the master +connection. I.e. it is not possible to forward multiple displays or agents. +.Pp Two additional options allow for opportunistic multiplexing: try to use a master connection but fall back to creating a new one if one does not already exist. -- cgit v1.2.3 From f92c0794ec9162f4e0d5291fe58e4fcb5a00f6d3 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 6 Jul 2005 09:45:26 +1000 Subject: - markus@cvs.openbsd.org 2005/07/04 14:04:11 [channels.c] don't forget to set x11_saved_display --- ChangeLog | 5 ++++- channels.c | 6 ++++-- 2 files changed, 8 insertions(+), 3 deletions(-) (limited to 'channels.c') diff --git a/ChangeLog b/ChangeLog index b391c6727..314d38f03 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,9 @@ - jmc@cvs.openbsd.org 2005/07/04 11:29:51 [ssh_config.5] fix Xr and a little grammar; + - markus@cvs.openbsd.org 2005/07/04 14:04:11 + [channels.c] + don't forget to set x11_saved_display 20050626 - (djm) OpenBSD CVS Sync @@ -2779,4 +2782,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3834 2005/07/05 23:44:59 djm Exp $ +$Id: ChangeLog,v 1.3835 2005/07/05 23:45:26 djm Exp $ diff --git a/channels.c b/channels.c index 14ff166ae..a7c69a066 100644 --- a/channels.c +++ b/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.219 2005/07/04 00:58:42 djm Exp $"); +RCSID("$OpenBSD: channels.c,v 1.220 2005/07/04 14:04:11 markus Exp $"); #include "ssh.h" #include "ssh1.h" @@ -2964,7 +2964,9 @@ x11_request_forwarding_with_spoofing(int client_session_id, const char *disp, const char *cp; u_int32_t rnd = 0; - if (x11_saved_display && strcmp(disp, x11_saved_display) != 0) { + if (x11_saved_display == NULL) + x11_saved_display = xstrdup(disp); + else if (strcmp(disp, x11_saved_display) != 0) { error("x11_request_forwarding_with_spoofing: different " "$DISPLAY already forwarded"); return; -- cgit v1.2.3 From 46d38de48b1018c74040d2399bafbedf50247529 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 17 Jul 2005 17:02:09 +1000 Subject: - djm@cvs.openbsd.org 2005/07/16 01:35:24 [auth1.c channels.c cipher.c clientloop.c kex.c session.c ssh.c] [sshconnect.c] spacing --- ChangeLog | 9 ++++++++- auth1.c | 4 ++-- channels.c | 4 ++-- cipher.c | 4 ++-- clientloop.c | 4 ++-- kex.c | 4 ++-- session.c | 12 ++++++------ ssh.c | 12 ++++++------ sshconnect.c | 4 ++-- 9 files changed, 32 insertions(+), 25 deletions(-) (limited to 'channels.c') diff --git a/ChangeLog b/ChangeLog index d46f02d2b..08b382213 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +20050717 +- OpenBSD CVS Sync + - djm@cvs.openbsd.org 2005/07/16 01:35:24 + [auth1.c channels.c cipher.c clientloop.c kex.c session.c ssh.c] + [sshconnect.c] + spacing + 20050716 - (dtucker) [auth-pam.c] Ensure that only one side of the authentication socketpair stays open on in both the monitor and PAM process. Patch from @@ -2830,4 +2837,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3846 2005/07/16 01:33:06 dtucker Exp $ +$Id: ChangeLog,v 1.3847 2005/07/17 07:02:09 djm Exp $ diff --git a/auth1.c b/auth1.c index 0f6be8201..ff937f80f 100644 --- a/auth1.c +++ b/auth1.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth1.c,v 1.61 2005/06/17 02:44:32 djm Exp $"); +RCSID("$OpenBSD: auth1.c,v 1.62 2005/07/16 01:35:24 djm Exp $"); #include "xmalloc.h" #include "rsa.h" @@ -179,7 +179,7 @@ static int auth1_process_tis_challenge(Authctxt *authctxt, char *info, size_t infolen) { char *challenge; - + if ((challenge = get_challenge(authctxt)) == NULL) return (0); diff --git a/channels.c b/channels.c index a7c69a066..b7ff85007 100644 --- a/channels.c +++ b/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.220 2005/07/04 14:04:11 markus Exp $"); +RCSID("$OpenBSD: channels.c,v 1.221 2005/07/16 01:35:24 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -2986,7 +2986,7 @@ x11_request_forwarding_with_spoofing(int client_session_id, const char *disp, /* Save protocol name. */ x11_saved_proto = xstrdup(proto); /* - * Extract real authentication data and generate fake data + * Extract real authentication data and generate fake data * of the same length. */ x11_saved_data = xmalloc(data_len); diff --git a/cipher.c b/cipher.c index fc1e2ae1c..0dddf270a 100644 --- a/cipher.c +++ b/cipher.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: cipher.c,v 1.76 2005/06/17 02:44:32 djm Exp $"); +RCSID("$OpenBSD: cipher.c,v 1.77 2005/07/16 01:35:24 djm Exp $"); #include "xmalloc.h" #include "log.h" @@ -249,7 +249,7 @@ cipher_init(CipherContext *cc, Cipher *cipher, cipher->name); #endif - if (cipher->discard_len > 0) { + if (cipher->discard_len > 0) { junk = xmalloc(cipher->discard_len); discard = xmalloc(cipher->discard_len); if (EVP_Cipher(&cc->evp, discard, junk, diff --git a/clientloop.c b/clientloop.c index 9611a5e3e..47f3c7ecd 100644 --- a/clientloop.c +++ b/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.140 2005/07/04 00:58:43 djm Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.141 2005/07/16 01:35:24 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -642,7 +642,7 @@ client_extra_session2_setup(int id, void *arg) if ((c = channel_lookup(id)) == NULL) fatal("%s: no channel for id %d", __func__, id); - display = getenv("DISPLAY"); + display = getenv("DISPLAY"); if (cctx->want_x_fwd && options.forward_x11 && display != NULL) { char *proto, *data; /* Get reasonable local authentication information. */ diff --git a/kex.c b/kex.c index 8736aa286..32c6d03ea 100644 --- a/kex.c +++ b/kex.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kex.c,v 1.61 2005/06/17 02:44:32 djm Exp $"); +RCSID("$OpenBSD: kex.c,v 1.62 2005/07/16 01:35:24 djm Exp $"); #include @@ -411,7 +411,7 @@ derive_key(Kex *kex, int id, u_int need, u_char *hash, BIGNUM *shared_secret) u_int have; int mdsz = EVP_MD_size(evp_md); u_char *digest; - + if (mdsz < 0) fatal("derive_key: mdsz < 0"); digest = xmalloc(roundup(need, mdsz)); diff --git a/session.c b/session.c index a1dc6835a..13c3b001f 100644 --- a/session.c +++ b/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.182 2005/06/17 02:44:33 djm Exp $"); +RCSID("$OpenBSD: session.c,v 1.183 2005/07/16 01:35:24 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -196,11 +196,11 @@ auth_input_request_forwarding(struct passwd * pw) static void display_loginmsg(void) { - if (buffer_len(&loginmsg) > 0) { - buffer_append(&loginmsg, "\0", 1); - printf("%s", (char *)buffer_ptr(&loginmsg)); - buffer_clear(&loginmsg); - } + if (buffer_len(&loginmsg) > 0) { + buffer_append(&loginmsg, "\0", 1); + printf("%s", (char *)buffer_ptr(&loginmsg)); + buffer_clear(&loginmsg); + } } void diff --git a/ssh.c b/ssh.c index 43d97abcc..cabc538e3 100644 --- a/ssh.c +++ b/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.247 2005/07/04 00:58:43 djm Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.248 2005/07/16 01:35:24 djm Exp $"); #include #include @@ -790,8 +790,8 @@ ssh_init_forwarding(void) for (i = 0; i < options.num_remote_forwards; i++) { debug("Remote connections from %.200s:%d forwarded to " "local address %.200s:%d", - (options.remote_forwards[i].listen_host == NULL) ? - (options.gateway_ports ? "*" : "LOCALHOST") : + (options.remote_forwards[i].listen_host == NULL) ? + (options.gateway_ports ? "*" : "LOCALHOST") : options.remote_forwards[i].listen_host, options.remote_forwards[i].listen_port, options.remote_forwards[i].connect_host, @@ -1037,7 +1037,7 @@ ssh_session2_setup(int id, void *arg) const char *display; int interactive = tty_flag; - display = getenv("DISPLAY"); + display = getenv("DISPLAY"); if (options.forward_x11 && display != NULL) { char *proto, *data; /* Get reasonable local authentication information. */ @@ -1253,7 +1253,7 @@ control_client(const char *path) close(sock); return; } - + if (stdin_null_flag) { if ((fd = open(_PATH_DEVNULL, O_RDONLY)) == -1) fatal("open(/dev/null): %s", strerror(errno)); @@ -1262,7 +1262,7 @@ control_client(const char *path) if (fd > STDERR_FILENO) close(fd); } - + term = getenv("TERM"); flags = 0; diff --git a/sshconnect.c b/sshconnect.c index 92f0f3800..84f287145 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.166 2005/06/17 22:53:47 djm Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.167 2005/07/16 01:35:24 djm Exp $"); #include @@ -404,7 +404,7 @@ ssh_exchange_identification(void) for (i = 0; i < sizeof(buf) - 1; i++) { size_t len = atomicio(read, connection_in, &buf[i], 1); - if (len != 1 && errno == EPIPE) + if (len != 1 && errno == EPIPE) fatal("ssh_exchange_identification: Connection closed by remote host"); else if (len != 1) fatal("ssh_exchange_identification: read: %.100s", strerror(errno)); -- cgit v1.2.3 From 2b9b045d930b8d724f768fafdd9a46fa453b9a3e Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 17 Jul 2005 17:19:24 +1000 Subject: - (djm) [auth-pam.c sftp.c] spaces vs. tabs at start of line - djm@cvs.openbsd.org 2005/07/17 06:49:04 [channels.c channels.h session.c session.h] Fix a number of X11 forwarding channel leaks: 1. Refuse multiple X11 forwarding requests on the same session 2. Clean up all listeners after a single_connection X11 forward, not just the one that made the single connection 3. Destroy X11 listeners when the session owning them goes away testing and ok dtucker@ --- ChangeLog | 10 +++++- channels.c | 10 ++++-- channels.h | 4 +-- session.c | 106 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-- session.h | 3 +- 5 files changed, 125 insertions(+), 8 deletions(-) (limited to 'channels.c') diff --git a/ChangeLog b/ChangeLog index 647ad0160..84b82cccc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,14 @@ [cipher-acss.c loginrec.c ssh-rand-helper.c sshd.c] Fix whitespace at EOL in portable too ("perl -p -i -e 's/\s+$/\n/' *.[ch]") - (djm) [auth-pam.c sftp.c] spaces vs. tabs at start of line + - djm@cvs.openbsd.org 2005/07/17 06:49:04 + [channels.c channels.h session.c session.h] + Fix a number of X11 forwarding channel leaks: + 1. Refuse multiple X11 forwarding requests on the same session + 2. Clean up all listeners after a single_connection X11 forward, not just + the one that made the single connection + 3. Destroy X11 listeners when the session owning them goes away + testing and ok dtucker@ 20050716 - (dtucker) [auth-pam.c] Ensure that only one side of the authentication @@ -2841,4 +2849,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3849 2005/07/17 07:18:49 djm Exp $ +$Id: ChangeLog,v 1.3850 2005/07/17 07:19:24 djm Exp $ diff --git a/channels.c b/channels.c index b7ff85007..8da399b69 100644 --- a/channels.c +++ b/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.221 2005/07/16 01:35:24 djm Exp $"); +RCSID("$OpenBSD: channels.c,v 1.222 2005/07/17 06:49:04 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -2659,7 +2659,7 @@ channel_send_window_changes(void) */ int x11_create_display_inet(int x11_display_offset, int x11_use_localhost, - int single_connection, u_int *display_numberp) + int single_connection, u_int *display_numberp, int **chanids) { Channel *nc = NULL; int display_number, sock; @@ -2749,6 +2749,8 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost, } /* Allocate a channel for each socket. */ + if (chanids != NULL) + *chanids = xmalloc(sizeof(**chanids) * (num_socks + 1)); for (n = 0; n < num_socks; n++) { sock = socks[n]; nc = channel_new("x11 listener", @@ -2756,7 +2758,11 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost, CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 0, "X11 inet listener", 1); nc->single_connection = single_connection; + if (*chanids != NULL) + (*chanids)[n] = nc->self; } + if (*chanids != NULL) + (*chanids)[n] = -1; /* Return the display number for the DISPLAY environment variable. */ *display_numberp = display_number; diff --git a/channels.h b/channels.h index b89b7c95d..1cb2c3a34 100644 --- a/channels.h +++ b/channels.h @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.h,v 1.78 2005/07/08 09:41:33 markus Exp $ */ +/* $OpenBSD: channels.h,v 1.79 2005/07/17 06:49:04 djm Exp $ */ /* * Author: Tatu Ylonen @@ -214,7 +214,7 @@ int channel_cancel_rport_listener(const char *, u_short); /* x11 forwarding */ int x11_connect_display(void); -int x11_create_display_inet(int, int, int, u_int *); +int x11_create_display_inet(int, int, int, u_int *, int **); void x11_input_open(int, u_int32_t, void *); void x11_request_forwarding_with_spoofing(int, const char *, const char *, const char *); diff --git a/session.c b/session.c index 13c3b001f..81d7d53e8 100644 --- a/session.c +++ b/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.183 2005/07/16 01:35:24 djm Exp $"); +RCSID("$OpenBSD: session.c,v 1.184 2005/07/17 06:49:04 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -1634,6 +1634,7 @@ session_new(void) s->ttyfd = -1; s->used = 1; s->self = i; + s->x11_chanids = NULL; debug("session_new: session %d", i); return s; } @@ -1706,6 +1707,29 @@ session_by_channel(int id) return NULL; } +static Session * +session_by_x11_channel(int id) +{ + int i, j; + + for (i = 0; i < MAX_SESSIONS; i++) { + Session *s = &sessions[i]; + + if (s->x11_chanids == NULL || !s->used) + continue; + for (j = 0; s->x11_chanids[j] != -1; j++) { + if (s->x11_chanids[j] == id) { + debug("session_by_x11_channel: session %d " + "channel %d", s->self, id); + return s; + } + } + } + debug("session_by_x11_channel: unknown channel %d", id); + session_dump(); + return NULL; +} + static Session * session_by_pid(pid_t pid) { @@ -1835,6 +1859,11 @@ session_x11_req(Session *s) { int success; + if (s->auth_proto != NULL || s->auth_data != NULL) { + error("session_x11_req: session %d: " + "x11 fowarding already active", s->self); + return 0; + } s->single_connection = packet_get_char(); s->auth_proto = packet_get_string(NULL); s->auth_data = packet_get_string(NULL); @@ -2059,10 +2088,67 @@ sig2name(int sig) return "SIG@openssh.com"; } +static void +session_close_x11(int id) +{ + Channel *c; + + if ((c = channel_lookup(id)) == NULL) { + debug("session_close_x11: x11 channel %d missing", id); + } else { + /* Detach X11 listener */ + debug("session_close_x11: detach x11 channel %d", id); + channel_cancel_cleanup(id); + if (c->ostate != CHAN_OUTPUT_CLOSED) + chan_mark_dead(c); + } +} + +static void +session_close_single_x11(int id, void *arg) +{ + Session *s; + u_int i; + + debug3("session_close_single_x11: channel %d", id); + channel_cancel_cleanup(id); + if ((s = session_by_x11_channel(id)) == NULL) + fatal("session_close_single_x11: no x11 channel %d", id); + for (i = 0; s->x11_chanids[i] != -1; i++) { + debug("session_close_single_x11: session %d: " + "closing channel %d", s->self, s->x11_chanids[i]); + /* + * The channel "id" is already closing, but make sure we + * close all of its siblings. + */ + if (s->x11_chanids[i] != id) + session_close_x11(s->x11_chanids[i]); + } + xfree(s->x11_chanids); + s->x11_chanids = NULL; + if (s->display) { + xfree(s->display); + s->display = NULL; + } + if (s->auth_proto) { + xfree(s->auth_proto); + s->auth_proto = NULL; + } + if (s->auth_data) { + xfree(s->auth_data); + s->auth_data = NULL; + } + if (s->auth_display) { + xfree(s->auth_display); + s->auth_display = NULL; + } +} + static void session_exit_message(Session *s, int status) { Channel *c; + u_int i; if ((c = channel_lookup(s->chanid)) == NULL) fatal("session_exit_message: session %d: no channel %d", @@ -2102,6 +2188,14 @@ session_exit_message(Session *s, int status) if (c->ostate != CHAN_OUTPUT_CLOSED) chan_write_failed(c); s->chanid = -1; + + /* Close any X11 listeners associated with this session */ + if (s->x11_chanids != NULL) { + for (i = 0; s->x11_chanids[i] != -1; i++) { + session_close_x11(s->x11_chanids[i]); + s->x11_chanids[i] = -1; + } + } } void @@ -2116,6 +2210,8 @@ session_close(Session *s) xfree(s->term); if (s->display) xfree(s->display); + if (s->x11_chanids) + xfree(s->x11_chanids); if (s->auth_display) xfree(s->auth_display); if (s->auth_data) @@ -2154,6 +2250,7 @@ void session_close_by_channel(int id, void *arg) { Session *s = session_by_channel(id); + if (s == NULL) { debug("session_close_by_channel: no session for id %d", id); return; @@ -2234,6 +2331,7 @@ session_setup_x11fwd(Session *s) struct stat st; char display[512], auth_display[512]; char hostname[MAXHOSTNAMELEN]; + u_int i; if (no_x11_forwarding_flag) { packet_send_debug("X11 forwarding disabled in user configuration file."); @@ -2259,10 +2357,14 @@ session_setup_x11fwd(Session *s) } if (x11_create_display_inet(options.x11_display_offset, options.x11_use_localhost, s->single_connection, - &s->display_number) == -1) { + &s->display_number, &s->x11_chanids) == -1) { debug("x11_create_display_inet failed."); return 0; } + for (i = 0; s->x11_chanids[i] != -1; i++) { + channel_register_cleanup(s->x11_chanids[i], + session_close_single_x11); + } /* Set up a suitable value for the DISPLAY variable. */ if (gethostname(hostname, sizeof(hostname)) < 0) diff --git a/session.h b/session.h index 92bd16573..a2598a99c 100644 --- a/session.h +++ b/session.h @@ -1,4 +1,4 @@ -/* $OpenBSD: session.h,v 1.24 2005/06/17 02:44:33 djm Exp $ */ +/* $OpenBSD: session.h,v 1.25 2005/07/17 06:49:04 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -49,6 +49,7 @@ struct Session { int single_connection; /* proto 2 */ int chanid; + int *x11_chanids; int is_subsystem; u_int num_env; struct { -- cgit v1.2.3 From 0dc1bef12d30162ba09bfcc0b1cd6a5535ebdaab Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 17 Jul 2005 17:22:45 +1000 Subject: - djm@cvs.openbsd.org 2005/07/17 07:17:55 [auth-rh-rsa.c auth-rhosts.c auth2-chall.c auth2-gss.c channels.c] [cipher-ctr.c gss-genr.c gss-serv.c kex.c moduli.c readconf.c] [serverloop.c session.c sftp-client.c sftp.c ssh-add.c ssh-keygen.c] [sshconnect.c sshconnect2.c] knf says that a 2nd level indent is four (not three or five) spaces --- ChangeLog | 8 +++++++- auth-rh-rsa.c | 4 ++-- auth-rhosts.c | 4 ++-- auth2-chall.c | 4 ++-- auth2-gss.c | 7 +++---- channels.c | 10 +++++----- cipher-ctr.c | 4 ++-- gss-genr.c | 6 +++--- gss-serv.c | 6 +++--- kex.c | 4 ++-- moduli.c | 24 ++++++++++++------------ readconf.c | 4 ++-- serverloop.c | 4 ++-- session.c | 4 ++-- sftp-client.c | 4 ++-- sftp.c | 4 ++-- ssh-add.c | 4 ++-- ssh-keygen.c | 4 ++-- sshconnect.c | 8 ++++---- sshconnect2.c | 6 +++--- 20 files changed, 64 insertions(+), 59 deletions(-) (limited to 'channels.c') diff --git a/ChangeLog b/ChangeLog index 84b82cccc..f1bf43095 100644 --- a/ChangeLog +++ b/ChangeLog @@ -16,6 +16,12 @@ the one that made the single connection 3. Destroy X11 listeners when the session owning them goes away testing and ok dtucker@ + - djm@cvs.openbsd.org 2005/07/17 07:17:55 + [auth-rh-rsa.c auth-rhosts.c auth2-chall.c auth2-gss.c channels.c] + [cipher-ctr.c gss-genr.c gss-serv.c kex.c moduli.c readconf.c] + [serverloop.c session.c sftp-client.c sftp.c ssh-add.c ssh-keygen.c] + [sshconnect.c sshconnect2.c] + knf says that a 2nd level indent is four (not three or five) spaces 20050716 - (dtucker) [auth-pam.c] Ensure that only one side of the authentication @@ -2849,4 +2855,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3850 2005/07/17 07:19:24 djm Exp $ +$Id: ChangeLog,v 1.3851 2005/07/17 07:22:45 djm Exp $ diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c index 29eb538ec..c31f2b97b 100644 --- a/auth-rh-rsa.c +++ b/auth-rh-rsa.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rh-rsa.c,v 1.37 2003/11/04 08:54:09 djm Exp $"); +RCSID("$OpenBSD: auth-rh-rsa.c,v 1.38 2005/07/17 07:17:54 djm Exp $"); #include "packet.h" #include "uidswap.h" @@ -86,7 +86,7 @@ auth_rhosts_rsa(Authctxt *authctxt, char *cuser, Key *client_host_key) */ verbose("Rhosts with RSA host authentication accepted for %.100s, %.100s on %.700s.", - pw->pw_name, cuser, chost); + pw->pw_name, cuser, chost); packet_send_debug("Rhosts with RSA host authentication accepted."); return 1; } diff --git a/auth-rhosts.c b/auth-rhosts.c index 585246e82..aaba8557e 100644 --- a/auth-rhosts.c +++ b/auth-rhosts.c @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rhosts.c,v 1.32 2003/11/04 08:54:09 djm Exp $"); +RCSID("$OpenBSD: auth-rhosts.c,v 1.33 2005/07/17 07:17:54 djm Exp $"); #include "packet.h" #include "uidswap.h" @@ -133,7 +133,7 @@ check_rhosts_file(const char *filename, const char *hostname, /* If the entry was negated, deny access. */ if (negated) { auth_debug_add("Matched negative entry in %.100s.", - filename); + filename); return 0; } /* Accept authentication. */ diff --git a/auth2-chall.c b/auth2-chall.c index 1cea15378..b147cadf3 100644 --- a/auth2-chall.c +++ b/auth2-chall.c @@ -23,7 +23,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: auth2-chall.c,v 1.23 2005/06/17 02:44:32 djm Exp $"); +RCSID("$OpenBSD: auth2-chall.c,v 1.24 2005/07/17 07:17:54 djm Exp $"); #include "ssh2.h" #include "auth.h" @@ -167,7 +167,7 @@ kbdint_next_device(KbdintAuthctxt *kbdintctxt) kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL; xfree(t); debug2("kbdint_next_device: devices %s", kbdintctxt->devices ? - kbdintctxt->devices : ""); + kbdintctxt->devices : ""); } while (kbdintctxt->devices && !kbdintctxt->device); return kbdintctxt->device ? 1 : 0; diff --git a/auth2-gss.c b/auth2-gss.c index 855b61b4e..4d468a0e8 100644 --- a/auth2-gss.c +++ b/auth2-gss.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-gss.c,v 1.9 2005/06/17 02:44:32 djm Exp $ */ +/* $OpenBSD: auth2-gss.c,v 1.10 2005/07/17 07:17:54 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -82,9 +82,8 @@ userauth_gssapi(Authctxt *authctxt) present = 0; doid = packet_get_string(&len); - if (len > 2 && - doid[0] == SSH_GSS_OIDTYPE && - doid[1] == len - 2) { + if (len > 2 && doid[0] == SSH_GSS_OIDTYPE && + doid[1] == len - 2) { goid.elements = doid + 2; goid.length = len - 2; gss_test_oid_set_member(&ms, &goid, supported, diff --git a/channels.c b/channels.c index 8da399b69..8c7b2b369 100644 --- a/channels.c +++ b/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.222 2005/07/17 06:49:04 djm Exp $"); +RCSID("$OpenBSD: channels.c,v 1.223 2005/07/17 07:17:54 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -730,8 +730,8 @@ channel_pre_open(Channel *c, fd_set * readset, fd_set * writeset) FD_SET(c->wfd, writeset); } else if (c->ostate == CHAN_OUTPUT_WAIT_DRAIN) { if (CHANNEL_EFD_OUTPUT_ACTIVE(c)) - debug2("channel %d: obuf_empty delayed efd %d/(%d)", - c->self, c->efd, buffer_len(&c->extended)); + debug2("channel %d: obuf_empty delayed efd %d/(%d)", + c->self, c->efd, buffer_len(&c->extended)); else chan_obuf_empty(c); } @@ -1813,8 +1813,8 @@ channel_output_poll(void) * hack for extended data: delay EOF if EFD still in use. */ if (CHANNEL_EFD_INPUT_ACTIVE(c)) - debug2("channel %d: ibuf_empty delayed efd %d/(%d)", - c->self, c->efd, buffer_len(&c->extended)); + debug2("channel %d: ibuf_empty delayed efd %d/(%d)", + c->self, c->efd, buffer_len(&c->extended)); else chan_ibuf_empty(c); } diff --git a/cipher-ctr.c b/cipher-ctr.c index 43f1ede57..856177349 100644 --- a/cipher-ctr.c +++ b/cipher-ctr.c @@ -14,7 +14,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include "includes.h" -RCSID("$OpenBSD: cipher-ctr.c,v 1.5 2004/12/22 02:13:19 djm Exp $"); +RCSID("$OpenBSD: cipher-ctr.c,v 1.6 2005/07/17 07:17:55 djm Exp $"); #include @@ -95,7 +95,7 @@ ssh_aes_ctr_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv, } if (key != NULL) AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, - &c->aes_ctx); + &c->aes_ctx); if (iv != NULL) memcpy(c->aes_counter, iv, AES_BLOCK_SIZE); return (1); diff --git a/gss-genr.c b/gss-genr.c index 3f5727b3e..9bc31aa2a 100644 --- a/gss-genr.c +++ b/gss-genr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-genr.c,v 1.3 2003/11/21 11:57:03 djm Exp $ */ +/* $OpenBSD: gss-genr.c,v 1.4 2005/07/17 07:17:55 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -78,8 +78,8 @@ ssh_gssapi_error(Gssctxt *ctxt) } char * -ssh_gssapi_last_error(Gssctxt *ctxt, - OM_uint32 *major_status, OM_uint32 *minor_status) +ssh_gssapi_last_error(Gssctxt *ctxt, OM_uint32 *major_status, + OM_uint32 *minor_status) { OM_uint32 lmin; gss_buffer_desc msg = GSS_C_EMPTY_BUFFER; diff --git a/gss-serv.c b/gss-serv.c index e1b843f01..e191eb5a0 100644 --- a/gss-serv.c +++ b/gss-serv.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-serv.c,v 1.6 2005/06/17 02:44:32 djm Exp $ */ +/* $OpenBSD: gss-serv.c,v 1.7 2005/07/17 07:17:55 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -164,7 +164,7 @@ ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name) */ if (tok[4] != 0x06 || tok[5] != oidl || ename->length < oidl+6 || - !ssh_gssapi_check_oid(ctx,tok+6,oidl)) + !ssh_gssapi_check_oid(ctx,tok+6,oidl)) return GSS_S_FAILURE; offset = oidl+6; @@ -267,7 +267,7 @@ ssh_gssapi_do_child(char ***envp, u_int *envsizep) debug("Setting %s to %s", gssapi_client.store.envvar, gssapi_client.store.envval); child_set_env(envp, envsizep, gssapi_client.store.envvar, - gssapi_client.store.envval); + gssapi_client.store.envval); } } diff --git a/kex.c b/kex.c index 32c6d03ea..06a3ad4cc 100644 --- a/kex.c +++ b/kex.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kex.c,v 1.62 2005/07/16 01:35:24 djm Exp $"); +RCSID("$OpenBSD: kex.c,v 1.63 2005/07/17 07:17:55 djm Exp $"); #include @@ -392,7 +392,7 @@ kex_choose_conf(Kex *kex) /* ignore the next message if the proposals do not match */ if (first_kex_follows && !proposals_match(my, peer) && - !(datafellows & SSH_BUG_FIRSTKEX)) { + !(datafellows & SSH_BUG_FIRSTKEX)) { type = packet_read(); debug2("skipping next packet (type %u)", type); } diff --git a/moduli.c b/moduli.c index c13c535d6..d53806ea6 100644 --- a/moduli.c +++ b/moduli.c @@ -1,4 +1,4 @@ -/* $OpenBSD: moduli.c,v 1.11 2005/05/23 22:44:01 avsm Exp $ */ +/* $OpenBSD: moduli.c,v 1.12 2005/07/17 07:17:55 djm Exp $ */ /* * Copyright 1994 Phil Karn * Copyright 1996-1998, 2003 William Allen Simpson @@ -112,22 +112,22 @@ #define TINY_NUMBER (1UL<<16) /* Ensure enough bit space for testing 2*q. */ -#define TEST_MAXIMUM (1UL<<16) -#define TEST_MINIMUM (QSIZE_MINIMUM + 1) -/* real TEST_MINIMUM (1UL << (SHIFT_WORD - TEST_POWER)) */ -#define TEST_POWER (3) /* 2**n, n < SHIFT_WORD */ +#define TEST_MAXIMUM (1UL<<16) +#define TEST_MINIMUM (QSIZE_MINIMUM + 1) +/* real TEST_MINIMUM (1UL << (SHIFT_WORD - TEST_POWER)) */ +#define TEST_POWER (3) /* 2**n, n < SHIFT_WORD */ /* bit operations on 32-bit words */ -#define BIT_CLEAR(a,n) ((a)[(n)>>SHIFT_WORD] &= ~(1L << ((n) & 31))) -#define BIT_SET(a,n) ((a)[(n)>>SHIFT_WORD] |= (1L << ((n) & 31))) -#define BIT_TEST(a,n) ((a)[(n)>>SHIFT_WORD] & (1L << ((n) & 31))) +#define BIT_CLEAR(a,n) ((a)[(n)>>SHIFT_WORD] &= ~(1L << ((n) & 31))) +#define BIT_SET(a,n) ((a)[(n)>>SHIFT_WORD] |= (1L << ((n) & 31))) +#define BIT_TEST(a,n) ((a)[(n)>>SHIFT_WORD] & (1L << ((n) & 31))) /* * Prime testing defines */ /* Minimum number of primality tests to perform */ -#define TRIAL_MINIMUM (4) +#define TRIAL_MINIMUM (4) /* * Sieving data (XXX - move to struct) @@ -254,7 +254,7 @@ gen_candidates(FILE *out, u_int32_t memory, u_int32_t power, BIGNUM *start) largememory = memory; if (memory != 0 && - (memory < LARGE_MINIMUM || memory > LARGE_MAXIMUM)) { + (memory < LARGE_MINIMUM || memory > LARGE_MAXIMUM)) { error("Invalid memory amount (min %ld, max %ld)", LARGE_MINIMUM, LARGE_MAXIMUM); return (-1); @@ -372,8 +372,8 @@ gen_candidates(FILE *out, u_int32_t memory, u_int32_t power, BIGNUM *start) * fencepost errors, the last pass is skipped. */ for (smallbase = TINY_NUMBER + 3; - smallbase < (SMALL_MAXIMUM - TINY_NUMBER); - smallbase += TINY_NUMBER) { + smallbase < (SMALL_MAXIMUM - TINY_NUMBER); + smallbase += TINY_NUMBER) { for (i = 0; i < tinybits; i++) { if (BIT_TEST(TinySieve, i)) continue; /* 2*i+3 is composite */ diff --git a/readconf.c b/readconf.c index 5ec89e2f0..1e3c13239 100644 --- a/readconf.c +++ b/readconf.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readconf.c,v 1.141 2005/06/08 11:25:09 djm Exp $"); +RCSID("$OpenBSD: readconf.c,v 1.142 2005/07/17 07:17:55 djm Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -839,7 +839,7 @@ parse_int: /* Check that there is no garbage at end of line. */ if ((arg = strdelim(&s)) != NULL && *arg != '\0') { fatal("%.200s line %d: garbage at end of line; \"%.200s\".", - filename, linenum, arg); + filename, linenum, arg); } return 0; } diff --git a/serverloop.c b/serverloop.c index eee1e7959..b0c4aafa0 100644 --- a/serverloop.c +++ b/serverloop.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: serverloop.c,v 1.117 2004/08/11 21:43:05 avsm Exp $"); +RCSID("$OpenBSD: serverloop.c,v 1.118 2005/07/17 07:17:55 djm Exp $"); #include "xmalloc.h" #include "packet.h" @@ -865,7 +865,7 @@ server_request_direct_tcpip(void) packet_check_eom(); debug("server_request_direct_tcpip: originator %s port %d, target %s port %d", - originator, originator_port, target, target_port); + originator, originator_port, target, target_port); /* XXX check permission */ sock = channel_connect_to(target, target_port); diff --git a/session.c b/session.c index 81d7d53e8..171c239e2 100644 --- a/session.c +++ b/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.184 2005/07/17 06:49:04 djm Exp $"); +RCSID("$OpenBSD: session.c,v 1.185 2005/07/17 07:17:55 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -1530,7 +1530,7 @@ do_child(Session *s, const char *command) */ if (options.kerberos_get_afs_token && k_hasafs() && - (s->authctxt->krb5_ctx != NULL)) { + (s->authctxt->krb5_ctx != NULL)) { char cell[64]; debug("Getting AFS token"); diff --git a/sftp-client.c b/sftp-client.c index ce15fc0a3..e4f95b0e5 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -20,7 +20,7 @@ /* XXX: copy between two remote sites */ #include "includes.h" -RCSID("$OpenBSD: sftp-client.c,v 1.55 2005/06/17 02:44:33 djm Exp $"); +RCSID("$OpenBSD: sftp-client.c,v 1.56 2005/07/17 07:17:55 djm Exp $"); #include "openbsd-compat/sys-queue.h" @@ -1126,7 +1126,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, goto done; } debug3("In write loop, ack for %u %u bytes at %llu", - ack->id, ack->len, (unsigned long long)ack->offset); + ack->id, ack->len, (unsigned long long)ack->offset); ++ackid; xfree(ack); } diff --git a/sftp.c b/sftp.c index 6dff39ede..9d2360743 100644 --- a/sftp.c +++ b/sftp.c @@ -16,7 +16,7 @@ #include "includes.h" -RCSID("$OpenBSD: sftp.c,v 1.64 2005/06/17 02:44:33 djm Exp $"); +RCSID("$OpenBSD: sftp.c,v 1.65 2005/07/17 07:17:55 djm Exp $"); #ifdef USE_LIBEDIT #include @@ -1476,7 +1476,7 @@ main(int argc, char **argv) /* Allow "-" as stdin */ if (strcmp(optarg, "-") != 0 && - (infile = fopen(optarg, "r")) == NULL) + (infile = fopen(optarg, "r")) == NULL) fatal("%s (%s).", strerror(errno), optarg); showprogress = 0; batchmode = 1; diff --git a/ssh-add.c b/ssh-add.c index a796647a7..a3428769c 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-add.c,v 1.71 2005/03/10 22:01:06 deraadt Exp $"); +RCSID("$OpenBSD: ssh-add.c,v 1.72 2005/07/17 07:17:55 djm Exp $"); #include @@ -145,7 +145,7 @@ add_file(AuthenticationConnection *ac, const char *filename) /* clear passphrase since it did not work */ clear_pass(); snprintf(msg, sizeof msg, "Enter passphrase for %.200s: ", - comment); + comment); for (;;) { pass = read_passphrase(msg, RP_ALLOW_STDIN); if (strcmp(pass, "") == 0) { diff --git a/ssh-keygen.c b/ssh-keygen.c index 828d2be79..b17851946 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keygen.c,v 1.127 2005/06/08 03:50:00 djm Exp $"); +RCSID("$OpenBSD: ssh-keygen.c,v 1.128 2005/07/17 07:17:55 djm Exp $"); #include #include @@ -738,7 +738,7 @@ do_known_hosts(struct passwd *pw, const char *name) fprintf(stderr, "WARNING: %s contains unhashed " "entries\n", old); fprintf(stderr, "Delete this file to ensure privacy " - "of hostnames\n"); + "of hostnames\n"); } } diff --git a/sshconnect.c b/sshconnect.c index 84f287145..ba7b9b71e 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.167 2005/07/16 01:35:24 djm Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.168 2005/07/17 07:17:55 djm Exp $"); #include @@ -547,7 +547,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, switch (hostaddr->sa_family) { case AF_INET: local = (ntohl(((struct sockaddr_in *)hostaddr)-> - sin_addr.s_addr) >> 24) == IN_LOOPBACKNET; + sin_addr.s_addr) >> 24) == IN_LOOPBACKNET; salen = sizeof(struct sockaddr_in); break; case AF_INET6: @@ -680,8 +680,8 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, if (show_other_keys(host, host_key)) snprintf(msg1, sizeof(msg1), - "\nbut keys of different type are already" - " known for this host."); + "\nbut keys of different type are already" + " known for this host."); else snprintf(msg1, sizeof(msg1), "."); /* The default */ diff --git a/sshconnect2.c b/sshconnect2.c index 60afd6d3d..012ce2b42 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.139 2005/06/17 02:44:33 djm Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.140 2005/07/17 07:17:55 djm Exp $"); #include "openbsd-compat/sys-queue.h" @@ -352,7 +352,7 @@ void input_userauth_error(int type, u_int32_t seq, void *ctxt) { fatal("input_userauth_error: bad message during authentication: " - "type %d", type); + "type %d", type); } void @@ -679,7 +679,7 @@ input_gssapi_errtok(int type, u_int32_t plen, void *ctxt) /* Stick it into GSSAPI and see what it says */ status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds, - &recv_tok, &send_tok, NULL); + &recv_tok, &send_tok, NULL); xfree(recv_tok.value); gss_release_buffer(&ms, &send_tok); -- cgit v1.2.3