From d5ba1c03278eb079438bb038266d80d7477d49cb Mon Sep 17 00:00:00 2001 From: "jsg@openbsd.org" Date: Wed, 26 Feb 2020 13:40:09 +0000 Subject: upstream: change explicit_bzero();free() to freezero() While freezero() returns early if the pointer is NULL the tests for NULL in callers are left to avoid warnings about passing an uninitialised size argument across a function boundry. ok deraadt@ djm@ OpenBSD-Commit-ID: 2660fa334fcc7cd05ec74dd99cb036f9ade6384a --- monitor.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'monitor.c') diff --git a/monitor.c b/monitor.c index 2ce89fe90..9a67d937b 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.208 2020/02/06 22:30:54 naddy Exp $ */ +/* $OpenBSD: monitor.c,v 1.209 2020/02/26 13:40:09 jsg Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -893,8 +893,7 @@ mm_answer_authpassword(struct ssh *ssh, int sock, struct sshbuf *m) /* Only authenticate if the context is valid */ authenticated = options.password_authentication && auth_password(ssh, passwd); - explicit_bzero(passwd, plen); - free(passwd); + freezero(passwd, plen); sshbuf_reset(m); if ((r = sshbuf_put_u32(m, authenticated)) != 0) -- cgit v1.2.3 From d081f017c20a3564255873ed99fd7d024cac540f Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 13 Mar 2020 03:17:07 +0000 Subject: upstream: spelling errors in comments; no code change from OpenBSD-Commit-ID: 166ea64f6d84f7bac5636dbd38968592cb5eb924 --- PROTOCOL.mux | 4 ++-- cipher.c | 4 ++-- configure.ac | 6 +++++- gss-serv.c | 4 ++-- monitor.c | 4 ++-- session.c | 6 +++--- ssh-keygen.c | 4 ++-- sshbuf.h | 4 ++-- sshd.c | 4 ++-- umac.c | 4 ++-- 10 files changed, 24 insertions(+), 20 deletions(-) (limited to 'monitor.c') diff --git a/PROTOCOL.mux b/PROTOCOL.mux index 77a0780a5..5fc4c06b9 100644 --- a/PROTOCOL.mux +++ b/PROTOCOL.mux @@ -39,7 +39,7 @@ messages between the client and server. The client therefore must speak a significant subset of the SSH protocol, but in return is able to access basically the full suite of connection protocol features. Moreover, as no file descriptor passing is required, the connection -supporting a proxy client may iteself be forwarded or relayed to another +supporting a proxy client may itself be forwarded or relayed to another host if necessary. 1. Connection setup @@ -295,4 +295,4 @@ XXX session inspection via master XXX signals via mux request XXX list active connections via mux -$OpenBSD: PROTOCOL.mux,v 1.11 2018/09/26 07:30:05 djm Exp $ +$OpenBSD: PROTOCOL.mux,v 1.12 2020/03/13 03:17:07 djm Exp $ diff --git a/cipher.c b/cipher.c index 54d325ee2..cd6e6def0 100644 --- a/cipher.c +++ b/cipher.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cipher.c,v 1.115 2020/02/26 13:40:09 jsg Exp $ */ +/* $OpenBSD: cipher.c,v 1.116 2020/03/13 03:17:07 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -337,7 +337,7 @@ cipher_init(struct sshcipher_ctx **ccp, const struct sshcipher *cipher, /* * cipher_crypt() operates as following: * Copy 'aadlen' bytes (without en/decryption) from 'src' to 'dest'. - * Theses bytes are treated as additional authenticated data for + * These bytes are treated as additional authenticated data for * authenticated encryption modes. * En/Decrypt 'len' bytes at offset 'aadlen' from 'src' to 'dest'. * Use 'authlen' bytes at offset 'len'+'aadlen' as the authentication tag. diff --git a/configure.ac b/configure.ac index 7094d470d..a5c5c6243 100644 --- a/configure.ac +++ b/configure.ac @@ -3111,9 +3111,13 @@ if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" = "xyes" ; then AC_DEFINE([ENABLE_SK_INTERNAL], [], [Enable for built-in U2F/FIDO support]) enable_sk="built-in" - ], [ ], + ], [ AC_MSG_ERROR([no usable libfido2 found]) ], [ $OTHERLIBS ] ) + AC_CHECK_HEADER([fido.h], [], + AC_MSG_ERROR([missing fido.h from libfido2])) + AC_CHECK_HEADER([fido/credman.h], [], + AC_MSG_ERROR([missing fido/credman.h from libfido2])) fi AC_CHECK_FUNCS([ \ diff --git a/gss-serv.c b/gss-serv.c index ab3a15f0f..b5d4bb2d1 100644 --- a/gss-serv.c +++ b/gss-serv.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-serv.c,v 1.31 2018/07/09 21:37:55 markus Exp $ */ +/* $OpenBSD: gss-serv.c,v 1.32 2020/03/13 03:17:07 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -337,7 +337,7 @@ ssh_gssapi_storecreds(void) debug("ssh_gssapi_storecreds: Not a GSSAPI mechanism"); } -/* This allows GSSAPI methods to do things to the childs environment based +/* This allows GSSAPI methods to do things to the child's environment based * on the passed authentication process and credentials. */ /* As user */ diff --git a/monitor.c b/monitor.c index 9a67d937b..b6e855d5d 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.209 2020/02/26 13:40:09 jsg Exp $ */ +/* $OpenBSD: monitor.c,v 1.210 2020/03/13 03:17:07 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -1722,7 +1722,7 @@ monitor_apply_keystate(struct ssh *ssh, struct monitor *pmonitor) } } -/* This function requries careful sanity checking */ +/* This function requires careful sanity checking */ void mm_get_keystate(struct ssh *ssh, struct monitor *pmonitor) diff --git a/session.c b/session.c index 8c0e54f79..18cdfa8cf 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.318 2020/01/23 07:10:22 dtucker Exp $ */ +/* $OpenBSD: session.c,v 1.319 2020/03/13 03:17:07 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -1017,7 +1017,7 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell) #ifdef GSSAPI /* Allow any GSSAPI methods that we've used to alter - * the childs environment as they see fit + * the child's environment as they see fit */ ssh_gssapi_do_child(&env, &envsize); #endif @@ -2412,7 +2412,7 @@ session_exit_message(struct ssh *ssh, Session *s, int status) /* * Adjust cleanup callback attachment to send close messages when * the channel gets EOF. The session will be then be closed - * by session_close_by_channel when the childs close their fds. + * by session_close_by_channel when the child sessions close their fds. */ channel_register_cleanup(ssh, c->self, session_close_by_channel, 1); diff --git a/ssh-keygen.c b/ssh-keygen.c index cf8e1ba97..0fa141cff 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.403 2020/03/13 03:12:17 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.404 2020/03/13 03:17:07 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -2476,7 +2476,7 @@ load_sign_key(const char *keypath, const struct sshkey *pubkey) int r; /* - * If passed a public key filename, then try to locate the correponding + * If passed a public key filename, then try to locate the corresponding * private key. This lets us specify certificates on the command-line * and have ssh-keygen find the appropriate private key. */ diff --git a/sshbuf.h b/sshbuf.h index 165cd0b18..78e322647 100644 --- a/sshbuf.h +++ b/sshbuf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshbuf.h,v 1.19 2020/01/25 23:02:14 djm Exp $ */ +/* $OpenBSD: sshbuf.h,v 1.20 2020/03/13 03:17:07 djm Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -187,7 +187,7 @@ int sshbuf_peek_u8(const struct sshbuf *buf, size_t offset, u_char *valp); /* - * Functions to poke values into an exisiting buffer (e.g. a length header + * Functions to poke values into an existing buffer (e.g. a length header * to a packet). The destination bytes must already exist in the buffer. */ int sshbuf_poke_u64(struct sshbuf *buf, size_t offset, u_int64_t val); diff --git a/sshd.c b/sshd.c index 60b2aaf73..c85df4da9 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.549 2020/01/31 23:13:04 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.550 2020/03/13 03:17:07 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1110,7 +1110,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) for (i = 0; i < num_listen_socks; i++) if (listen_socks[i] > maxfd) maxfd = listen_socks[i]; - /* pipes connected to unauthenticated childs */ + /* pipes connected to unauthenticated child sshd processes */ startup_pipes = xcalloc(options.max_startups, sizeof(int)); startup_flags = xcalloc(options.max_startups, sizeof(int)); for (i = 0; i < options.max_startups; i++) diff --git a/umac.c b/umac.c index 23132e94e..3d4e285bb 100644 --- a/umac.c +++ b/umac.c @@ -1,4 +1,4 @@ -/* $OpenBSD: umac.c,v 1.19 2020/02/26 13:40:09 jsg Exp $ */ +/* $OpenBSD: umac.c,v 1.20 2020/03/13 03:17:07 djm Exp $ */ /* ----------------------------------------------------------------------- * * umac.c -- C Implementation UMAC Message Authentication @@ -39,7 +39,7 @@ * at http://www.esat.kuleuven.ac.be/~rijmen/rijndael/ (search for * "Barreto"). The only two files needed are rijndael-alg-fst.c and * rijndael-alg-fst.h. Brian Gladman's version is distributed with the GNU - * Public lisence at http://fp.gladman.plus.com/AES/index.htm. It + * Public license at http://fp.gladman.plus.com/AES/index.htm. It * includes a fast IA-32 assembly version. The OpenSSL crypo library is * the third. * -- cgit v1.2.3