From 3e33cecf71860f73656a73b754cc7b7b9ec0b0ce Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 2 Oct 2003 16:12:36 +1000 Subject: - markus@cvs.openbsd.org 2003/09/23 20:17:11 [Makefile.in auth1.c auth2.c auth.c auth.h auth-krb5.c canohost.c cleanup.c clientloop.c fatal.c gss-serv.c log.c log.h monitor.c monitor.h monitor_wrap.c monitor_wrap.h packet.c serverloop.c session.c session.h ssh-agent.c sshd.c] replace fatal_cleanup() and linked list of fatal callbacks with static cleanup_exit() function. re-refine cleanup_exit() where appropriate, allocate sshd's authctxt eary to allow simpler cleanup in sshd. tested by many, ok deraadt@ --- serverloop.c | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) (limited to 'serverloop.c') diff --git a/serverloop.c b/serverloop.c index a95390273..21656cf87 100644 --- a/serverloop.c +++ b/serverloop.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: serverloop.c,v 1.110 2003/06/24 08:23:46 markus Exp $"); +RCSID("$OpenBSD: serverloop.c,v 1.111 2003/09/23 20:17:11 markus Exp $"); #include "xmalloc.h" #include "packet.h" @@ -60,7 +60,7 @@ extern ServerOptions options; /* XXX */ extern Kex *xxx_kex; -static Authctxt *xxx_authctxt; +extern Authctxt *the_authctxt; static Buffer stdin_buffer; /* Buffer for stdin data. */ static Buffer stdout_buffer; /* Buffer for stdout data. */ @@ -355,13 +355,13 @@ process_input(fd_set * readset) connection_closed = 1; if (compat20) return; - fatal_cleanup(); + cleanup_exit(255); } else if (len < 0) { if (errno != EINTR && errno != EAGAIN) { verbose("Read error from remote host " "%.100s: %.100s", get_remote_ipaddr(), strerror(errno)); - fatal_cleanup(); + cleanup_exit(255); } } else { /* Buffer any received data. */ @@ -756,8 +756,6 @@ server_loop2(Authctxt *authctxt) max_fd = MAX(connection_in, connection_out); max_fd = MAX(max_fd, notify_pipe[0]); - xxx_authctxt = authctxt; - server_init_dispatch(); for (;;) { @@ -900,7 +898,7 @@ server_request_session(char *ctype) c = channel_new(ctype, SSH_CHANNEL_LARVAL, -1, -1, -1, /*window size*/0, CHAN_SES_PACKET_DEFAULT, 0, "server-session", 1); - if (session_open(xxx_authctxt, c->self) != 1) { + if (session_open(the_authctxt, c->self) != 1) { debug("session open failed, free channel %d", c->self); channel_free(c); return NULL; @@ -974,7 +972,7 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt) char *listen_address; u_short listen_port; - pw = auth_get_user(); + pw = the_authctxt->pw; if (pw == NULL) fatal("server_input_global_request: no user"); listen_address = packet_get_string(NULL); -- cgit v1.2.3 From 3e3b5145e59c78cbde0f31f59a9267867b8eea2f Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 17 Nov 2003 21:13:40 +1100 Subject: - djm@cvs.openbsd.org 2003/11/04 08:54:09 [auth1.c auth2.c auth2-pubkey.c auth.h auth-krb5.c auth-passwd.c] [auth-rhosts.c auth-rh-rsa.c auth-rsa.c monitor.c serverloop.c] [session.c] standardise arguments to auth methods - they should all take authctxt. check authctxt->valid rather then pw != NULL; ok markus@ --- ChangeLog | 8 +++++++- auth-krb5.c | 4 ++-- auth-passwd.c | 7 ++----- auth-rh-rsa.c | 7 ++++--- auth-rhosts.c | 6 +----- auth-rsa.c | 7 ++++--- auth.h | 6 +++--- auth1.c | 6 +++--- auth2-pubkey.c | 5 +---- auth2.c | 3 +-- monitor.c | 4 ++-- serverloop.c | 6 +++--- session.c | 4 ++-- 13 files changed, 35 insertions(+), 38 deletions(-) (limited to 'serverloop.c') diff --git a/ChangeLog b/ChangeLog index 86f4bffe8..eb617187a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,12 @@ - jakob@cvs.openbsd.org 2003/11/03 09:37:32 [sshconnect.c] do not free static type pointer in warn_changed_key() + - djm@cvs.openbsd.org 2003/11/04 08:54:09 + [auth1.c auth2.c auth2-pubkey.c auth.h auth-krb5.c auth-passwd.c] + [auth-rhosts.c auth-rh-rsa.c auth-rsa.c monitor.c serverloop.c] + [session.c] + standardise arguments to auth methods - they should all take authctxt. + check authctxt->valid rather then pw != NULL; ok markus@ 20031115 - (dtucker) [regress/agent-ptrace.sh] Test for GDB output from Solaris and @@ -1430,4 +1436,4 @@ - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. Report from murple@murple.net, diagnosis from dtucker@zip.com.au -$Id: ChangeLog,v 1.3100 2003/11/17 10:11:15 djm Exp $ +$Id: ChangeLog,v 1.3101 2003/11/17 10:13:40 djm Exp $ diff --git a/auth-krb5.c b/auth-krb5.c index e31f2eb0e..101e53bca 100644 --- a/auth-krb5.c +++ b/auth-krb5.c @@ -28,7 +28,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-krb5.c,v 1.13 2003/09/23 20:17:11 markus Exp $"); +RCSID("$OpenBSD: auth-krb5.c,v 1.14 2003/11/04 08:54:09 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -72,7 +72,7 @@ auth_krb5_password(Authctxt *authctxt, const char *password) krb5_error_code problem; krb5_ccache ccache = NULL; - if (authctxt->pw == NULL) + if (!authctxt->valid) return (0); temporarily_use_uid(authctxt->pw); diff --git a/auth-passwd.c b/auth-passwd.c index 971c7ba19..b7e275556 100644 --- a/auth-passwd.c +++ b/auth-passwd.c @@ -36,7 +36,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-passwd.c,v 1.29 2003/08/26 09:58:43 markus Exp $"); +RCSID("$OpenBSD: auth-passwd.c,v 1.30 2003/11/04 08:54:09 djm Exp $"); #include "packet.h" #include "log.h" @@ -60,11 +60,8 @@ auth_password(Authctxt *authctxt, const char *password) struct passwd * pw = authctxt->pw; int ok = authctxt->valid; - /* deny if no user. */ - if (pw == NULL) - return 0; #ifndef HAVE_CYGWIN - if (pw && pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) + if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) ok = 0; #endif if (*password == '\0' && options.permit_empty_passwd == 0) diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c index 2eb7e6e2d..29eb538ec 100644 --- a/auth-rh-rsa.c +++ b/auth-rh-rsa.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rh-rsa.c,v 1.36 2003/06/02 09:17:34 markus Exp $"); +RCSID("$OpenBSD: auth-rh-rsa.c,v 1.37 2003/11/04 08:54:09 djm Exp $"); #include "packet.h" #include "uidswap.h" @@ -52,14 +52,15 @@ auth_rhosts_rsa_key_allowed(struct passwd *pw, char *cuser, char *chost, * its host key. Returns true if authentication succeeds. */ int -auth_rhosts_rsa(struct passwd *pw, char *cuser, Key *client_host_key) +auth_rhosts_rsa(Authctxt *authctxt, char *cuser, Key *client_host_key) { char *chost; + struct passwd *pw = authctxt->pw; debug("Trying rhosts with RSA host authentication for client user %.100s", cuser); - if (pw == NULL || client_host_key == NULL || + if (!authctxt->valid || client_host_key == NULL || client_host_key->rsa == NULL) return 0; diff --git a/auth-rhosts.c b/auth-rhosts.c index b42a64c90..585246e82 100644 --- a/auth-rhosts.c +++ b/auth-rhosts.c @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rhosts.c,v 1.31 2003/06/02 09:17:34 markus Exp $"); +RCSID("$OpenBSD: auth-rhosts.c,v 1.32 2003/11/04 08:54:09 djm Exp $"); #include "packet.h" #include "uidswap.h" @@ -173,10 +173,6 @@ auth_rhosts2_raw(struct passwd *pw, const char *client_user, const char *hostnam debug2("auth_rhosts2: clientuser %s hostname %s ipaddr %s", client_user, hostname, ipaddr); - /* no user given */ - if (pw == NULL) - return 0; - /* Switch to the user's uid. */ temporarily_use_uid(pw); /* diff --git a/auth-rsa.c b/auth-rsa.c index 5631d238c..2f0746b30 100644 --- a/auth-rsa.c +++ b/auth-rsa.c @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rsa.c,v 1.57 2003/04/08 20:21:28 itojun Exp $"); +RCSID("$OpenBSD: auth-rsa.c,v 1.58 2003/11/04 08:54:09 djm Exp $"); #include #include @@ -284,13 +284,14 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) * successful. This may exit if there is a serious protocol violation. */ int -auth_rsa(struct passwd *pw, BIGNUM *client_n) +auth_rsa(Authctxt *authctxt, BIGNUM *client_n) { Key *key; char *fp; + struct passwd *pw = authctxt->pw; /* no user given */ - if (pw == NULL) + if (!authctxt->valid) return 0; if (!PRIVSEP(auth_rsa_key_allowed(pw, client_n, &key))) { diff --git a/auth.h b/auth.h index b081bb5cb..34afdb492 100644 --- a/auth.h +++ b/auth.h @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.h,v 1.47 2003/09/23 20:17:11 markus Exp $ */ +/* $OpenBSD: auth.h,v 1.48 2003/11/04 08:54:09 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -102,9 +102,9 @@ int auth_rhosts(struct passwd *, const char *); int auth_rhosts2(struct passwd *, const char *, const char *, const char *); -int auth_rhosts_rsa(struct passwd *, char *, Key *); +int auth_rhosts_rsa(Authctxt *, char *, Key *); int auth_password(Authctxt *, const char *); -int auth_rsa(struct passwd *, BIGNUM *); +int auth_rsa(Authctxt *, BIGNUM *); int auth_rsa_challenge_dialog(Key *); BIGNUM *auth_rsa_generate_challenge(Key *); int auth_rsa_verify_response(Key *, BIGNUM *, u_char[]); diff --git a/auth1.c b/auth1.c index 38c0bf93c..ea81524f1 100644 --- a/auth1.c +++ b/auth1.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth1.c,v 1.53 2003/09/23 20:17:11 markus Exp $"); +RCSID("$OpenBSD: auth1.c,v 1.54 2003/11/04 08:54:09 djm Exp $"); #include "xmalloc.h" #include "rsa.h" @@ -139,7 +139,7 @@ do_authloop(Authctxt *authctxt) BN_num_bits(client_host_key->rsa->n), bits); packet_check_eom(); - authenticated = auth_rhosts_rsa(pw, client_user, + authenticated = auth_rhosts_rsa(authctxt, client_user, client_host_key); key_free(client_host_key); @@ -156,7 +156,7 @@ do_authloop(Authctxt *authctxt) fatal("do_authloop: BN_new failed"); packet_get_bignum(n); packet_check_eom(); - authenticated = auth_rsa(pw, n); + authenticated = auth_rsa(authctxt, n); BN_clear_free(n); break; diff --git a/auth2-pubkey.c b/auth2-pubkey.c index d51e939f1..c28571ab6 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2-pubkey.c,v 1.4 2003/06/24 08:23:46 markus Exp $"); +RCSID("$OpenBSD: auth2-pubkey.c,v 1.5 2003/11/04 08:54:09 djm Exp $"); #include "ssh2.h" #include "xmalloc.h" @@ -175,9 +175,6 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file) Key *found; char *fp; - if (pw == NULL) - return 0; - /* Temporarily use the user's uid. */ temporarily_use_uid(pw); diff --git a/auth2.c b/auth2.c index ef1173fe6..a9490ccfd 100644 --- a/auth2.c +++ b/auth2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2.c,v 1.103 2003/09/23 20:17:11 markus Exp $"); +RCSID("$OpenBSD: auth2.c,v 1.104 2003/11/04 08:54:09 djm Exp $"); #include "ssh2.h" #include "xmalloc.h" @@ -77,7 +77,6 @@ static void input_userauth_request(int, u_int32_t, void *); static Authmethod *authmethod_lookup(const char *); static char *authmethods_get(void); int user_key_allowed(struct passwd *, Key *); -int hostbased_key_allowed(struct passwd *, const char *, char *, Key *); /* * loop until authctxt->success == TRUE diff --git a/monitor.c b/monitor.c index eaf66f7c8..e83fb45a7 100644 --- a/monitor.c +++ b/monitor.c @@ -25,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor.c,v 1.50 2003/09/23 20:17:11 markus Exp $"); +RCSID("$OpenBSD: monitor.c,v 1.51 2003/11/04 08:54:09 djm Exp $"); #include @@ -946,7 +946,7 @@ mm_answer_keyallowed(int socket, Buffer *m) debug3("%s: key_from_blob: %p", __func__, key); - if (key != NULL && authctxt->pw != NULL) { + if (key != NULL && authctxt->valid) { switch(type) { case MM_USERKEY: allowed = options.pubkey_authentication && diff --git a/serverloop.c b/serverloop.c index 21656cf87..98793b756 100644 --- a/serverloop.c +++ b/serverloop.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: serverloop.c,v 1.111 2003/09/23 20:17:11 markus Exp $"); +RCSID("$OpenBSD: serverloop.c,v 1.112 2003/11/04 08:54:09 djm Exp $"); #include "xmalloc.h" #include "packet.h" @@ -973,8 +973,8 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt) u_short listen_port; pw = the_authctxt->pw; - if (pw == NULL) - fatal("server_input_global_request: no user"); + if (pw == NULL || !the_authctxt->pw) + fatal("server_input_global_request: no/invalid user"); listen_address = packet_get_string(NULL); listen_port = (u_short)packet_get_int(); debug("server_input_global_request: tcpip-forward listen %s port %d", diff --git a/session.c b/session.c index 2b228906d..0f8032430 100644 --- a/session.c +++ b/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.166 2003/10/14 19:54:39 markus Exp $"); +RCSID("$OpenBSD: session.c,v 1.167 2003/11/04 08:54:09 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -1532,7 +1532,7 @@ session_open(Authctxt *authctxt, int chanid) } s->authctxt = authctxt; s->pw = authctxt->pw; - if (s->pw == NULL) + if (s->pw == NULL || !authctxt->valid) fatal("no user for session %d", s->self); debug("session_open: session %d: link with channel %d", s->self, chanid); s->chanid = chanid; -- cgit v1.2.3 From 4bb1dd3166c2a04394e9ec55fdff6bf6ad667e39 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 18 Nov 2003 22:01:25 +1100 Subject: - (djm) OpenBSD CVS Sync - dtucker@cvs.openbsd.org 2003/11/18 00:40:05 [serverloop.c] Correct check for authctxt->valid. ok djm@ --- ChangeLog | 10 +++++++--- serverloop.c | 4 ++-- 2 files changed, 9 insertions(+), 5 deletions(-) (limited to 'serverloop.c') diff --git a/ChangeLog b/ChangeLog index 0f20d071a..f728c801a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,9 +2,13 @@ - (djm) Fix early exit for root auth success when UsePAM=yes and PermitRootLogin=no - (dtucker) [auth-pam.c] Convert chauthtok_conv into a generic tty_conv, - and use it for do_pam_session. Fixes problems like pam_motd not displaying - anything. ok djm@ + and use it for do_pam_session. Fixes problems like pam_motd not + displaying anything. ok djm@ - (dtucker) [auth-pam.c] Only use pam_putenv if our platform has it. ok djm@ + - (djm) OpenBSD CVS Sync + - dtucker@cvs.openbsd.org 2003/11/18 00:40:05 + [serverloop.c] + Correct check for authctxt->valid. ok djm@ 20031117 - (djm) OpenBSD CVS Sync @@ -1480,4 +1484,4 @@ - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. Report from murple@murple.net, diagnosis from dtucker@zip.com.au -$Id: ChangeLog,v 1.3115 2003/11/18 01:45:35 dtucker Exp $ +$Id: ChangeLog,v 1.3116 2003/11/18 11:01:25 djm Exp $ diff --git a/serverloop.c b/serverloop.c index 98793b756..20255aaee 100644 --- a/serverloop.c +++ b/serverloop.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: serverloop.c,v 1.112 2003/11/04 08:54:09 djm Exp $"); +RCSID("$OpenBSD: serverloop.c,v 1.113 2003/11/18 00:40:05 dtucker Exp $"); #include "xmalloc.h" #include "packet.h" @@ -973,7 +973,7 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt) u_short listen_port; pw = the_authctxt->pw; - if (pw == NULL || !the_authctxt->pw) + if (pw == NULL || !the_authctxt->valid) fatal("server_input_global_request: no/invalid user"); listen_address = packet_get_string(NULL); listen_port = (u_short)packet_get_int(); -- cgit v1.2.3 From b5820f40bf6c088b02106ef900c6608357834448 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 17 Dec 2003 16:27:32 +1100 Subject: 20031217 - (djm) OpenBSD CVS Sync - markus@cvs.openbsd.org 2003/12/09 15:28:43 [serverloop.c] make ClientKeepAlive work for ssh -N, too (no login shell requested). 1) send a bogus channel request if we find a channel 2) send a bogus global request if we don't have a channel ok + test beck@ --- ChangeLog | 11 ++++++++++- serverloop.c | 32 +++++++++++++++----------------- 2 files changed, 25 insertions(+), 18 deletions(-) (limited to 'serverloop.c') diff --git a/ChangeLog b/ChangeLog index 6e87bfbb4..c99f53a13 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,12 @@ +20031217 + - (djm) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2003/12/09 15:28:43 + [serverloop.c] + make ClientKeepAlive work for ssh -N, too (no login shell requested). + 1) send a bogus channel request if we find a channel + 2) send a bogus global request if we don't have a channel + ok + test beck@ + 20031209 - (dtucker) OpenBSD CVS Sync - matthieu@cvs.openbsd.org 2003/11/25 23:10:08 @@ -1566,4 +1575,4 @@ - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. Report from murple@murple.net, diagnosis from dtucker@zip.com.au -$Id: ChangeLog,v 1.3139 2003/12/09 13:54:38 dtucker Exp $ +$Id: ChangeLog,v 1.3140 2003/12/17 05:27:32 djm Exp $ diff --git a/serverloop.c b/serverloop.c index 20255aaee..bc7cd656a 100644 --- a/serverloop.c +++ b/serverloop.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: serverloop.c,v 1.113 2003/11/18 00:40:05 dtucker Exp $"); +RCSID("$OpenBSD: serverloop.c,v 1.114 2003/12/09 15:28:43 markus Exp $"); #include "xmalloc.h" #include "packet.h" @@ -212,26 +212,23 @@ make_packets_from_stdout_data(void) static void client_alive_check(void) { - static int had_channel = 0; - int id; - - id = channel_find_open(); - if (id == -1) { - if (!had_channel) - return; - packet_disconnect("No open channels after timeout!"); - } - had_channel = 1; + int channel_id; /* timeout, check to see how many we have had */ if (++client_alive_timeouts > options.client_alive_count_max) packet_disconnect("Timeout, your session not responding."); /* - * send a bogus channel request with "wantreply", + * send a bogus global/channel request with "wantreply", * we should get back a failure */ - channel_request_start(id, "keepalive@openssh.com", 1); + if ((channel_id = channel_find_open()) == -1) { + packet_start(SSH2_MSG_GLOBAL_REQUEST); + packet_put_cstring("keepalive@openssh.com"); + packet_put_char(1); /* boolean: want reply */ + } else { + channel_request_start(channel_id, "keepalive@openssh.com", 1); + } packet_send(); } @@ -797,9 +794,9 @@ server_loop2(Authctxt *authctxt) } static void -server_input_channel_failure(int type, u_int32_t seq, void *ctxt) +server_input_keep_alive(int type, u_int32_t seq, void *ctxt) { - debug("Got CHANNEL_FAILURE for keepalive"); + debug("Got %d/%u for keepalive", type, seq); /* * reset timeout, since we got a sane answer from the client. * even if this was generated by something other than @@ -808,7 +805,6 @@ server_input_channel_failure(int type, u_int32_t seq, void *ctxt) client_alive_timeouts = 0; } - static void server_input_stdin_data(int type, u_int32_t seq, void *ctxt) { @@ -1048,7 +1044,9 @@ server_init_dispatch_20(void) dispatch_set(SSH2_MSG_CHANNEL_WINDOW_ADJUST, &channel_input_window_adjust); dispatch_set(SSH2_MSG_GLOBAL_REQUEST, &server_input_global_request); /* client_alive */ - dispatch_set(SSH2_MSG_CHANNEL_FAILURE, &server_input_channel_failure); + dispatch_set(SSH2_MSG_CHANNEL_FAILURE, &server_input_keep_alive); + dispatch_set(SSH2_MSG_REQUEST_SUCCESS, &server_input_keep_alive); + dispatch_set(SSH2_MSG_REQUEST_FAILURE, &server_input_keep_alive); /* rekeying */ dispatch_set(SSH2_MSG_KEXINIT, &kex_input_kexinit); } -- cgit v1.2.3 From fb1310eded0788f106dc7e1f113cc75e1206cb60 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 21 Jan 2004 11:02:50 +1100 Subject: - markus@cvs.openbsd.org 2004/01/19 21:25:15 [auth2-hostbased.c auth2-pubkey.c serverloop.c ssh-keysign.c sshconnect2.c] fix mem leaks; some fixes from Pete Flugstad; tested dtucker@ --- ChangeLog | 5 ++++- auth2-hostbased.c | 4 ++-- auth2-pubkey.c | 6 +++--- serverloop.c | 14 +++++++------- ssh-keysign.c | 3 ++- sshconnect2.c | 8 ++++---- 6 files changed, 22 insertions(+), 18 deletions(-) (limited to 'serverloop.c') diff --git a/ChangeLog b/ChangeLog index e88f86d7c..70eebf71e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -20,6 +20,9 @@ fake consumption for half closed channels since the peer is waiting for window adjust messages; bugzilla #790 Matthew Dillon; test + ok dtucker@ reproduce with sh -c 'ulimit -f 10; ssh host -n od /bsd | cat > foo' + - markus@cvs.openbsd.org 2004/01/19 21:25:15 + [auth2-hostbased.c auth2-pubkey.c serverloop.c ssh-keysign.c sshconnect2.c] + fix mem leaks; some fixes from Pete Flugstad; tested dtucker@ 20040114 - (dtucker) [auth-pam.c] Have monitor die if PAM authentication thread exits @@ -1689,4 +1692,4 @@ - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. Report from murple@murple.net, diagnosis from dtucker@zip.com.au -$Id: ChangeLog,v 1.3174 2004/01/21 00:02:09 djm Exp $ +$Id: ChangeLog,v 1.3175 2004/01/21 00:02:50 djm Exp $ diff --git a/auth2-hostbased.c b/auth2-hostbased.c index 505d3eff4..1111ed67a 100644 --- a/auth2-hostbased.c +++ b/auth2-hostbased.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2-hostbased.c,v 1.5 2003/06/24 08:23:46 markus Exp $"); +RCSID("$OpenBSD: auth2-hostbased.c,v 1.6 2004/01/19 21:25:15 markus Exp $"); #include "ssh2.h" #include "xmalloc.h" @@ -114,7 +114,7 @@ userauth_hostbased(Authctxt *authctxt) buffer_len(&b))) == 1) authenticated = 1; - buffer_clear(&b); + buffer_free(&b); done: debug2("userauth_hostbased: authenticated %d", authenticated); if (key != NULL) diff --git a/auth2-pubkey.c b/auth2-pubkey.c index c28571ab6..3063eecc3 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2-pubkey.c,v 1.5 2003/11/04 08:54:09 djm Exp $"); +RCSID("$OpenBSD: auth2-pubkey.c,v 1.6 2004/01/19 21:25:15 markus Exp $"); #include "ssh2.h" #include "xmalloc.h" @@ -123,9 +123,9 @@ userauth_pubkey(Authctxt *authctxt) authenticated = 0; if (PRIVSEP(user_key_allowed(authctxt->pw, key)) && PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b), - buffer_len(&b))) == 1) + buffer_len(&b))) == 1) authenticated = 1; - buffer_clear(&b); + buffer_free(&b); xfree(sig); } else { debug("test whether pkalg/pkblob are acceptable"); diff --git a/serverloop.c b/serverloop.c index bc7cd656a..a777a048d 100644 --- a/serverloop.c +++ b/serverloop.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: serverloop.c,v 1.114 2003/12/09 15:28:43 markus Exp $"); +RCSID("$OpenBSD: serverloop.c,v 1.115 2004/01/19 21:25:15 markus Exp $"); #include "xmalloc.h" #include "packet.h" @@ -850,7 +850,7 @@ server_input_window_size(int type, u_int32_t seq, void *ctxt) } static Channel * -server_request_direct_tcpip(char *ctype) +server_request_direct_tcpip(void) { Channel *c; int sock; @@ -872,14 +872,14 @@ server_request_direct_tcpip(char *ctype) xfree(originator); if (sock < 0) return NULL; - c = channel_new(ctype, SSH_CHANNEL_CONNECTING, + c = channel_new("direct-tcpip", SSH_CHANNEL_CONNECTING, sock, sock, -1, CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "direct-tcpip", 1); return c; } static Channel * -server_request_session(char *ctype) +server_request_session(void) { Channel *c; @@ -891,7 +891,7 @@ server_request_session(char *ctype) * SSH_CHANNEL_LARVAL. Additionally, a callback for handling all * CHANNEL_REQUEST messages is registered. */ - c = channel_new(ctype, SSH_CHANNEL_LARVAL, + c = channel_new("session", SSH_CHANNEL_LARVAL, -1, -1, -1, /*window size*/0, CHAN_SES_PACKET_DEFAULT, 0, "server-session", 1); if (session_open(the_authctxt, c->self) != 1) { @@ -920,9 +920,9 @@ server_input_channel_open(int type, u_int32_t seq, void *ctxt) ctype, rchan, rwindow, rmaxpack); if (strcmp(ctype, "session") == 0) { - c = server_request_session(ctype); + c = server_request_session(); } else if (strcmp(ctype, "direct-tcpip") == 0) { - c = server_request_direct_tcpip(ctype); + c = server_request_direct_tcpip(); } if (c != NULL) { debug("server_input_channel_open: confirm %s", ctype); diff --git a/ssh-keysign.c b/ssh-keysign.c index b3db628c6..9e9ebe2f1 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -22,7 +22,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: ssh-keysign.c,v 1.14 2003/11/17 09:45:39 djm Exp $"); +RCSID("$OpenBSD: ssh-keysign.c,v 1.15 2004/01/19 21:25:15 markus Exp $"); #include #include @@ -126,6 +126,7 @@ valid_request(struct passwd *pw, char *host, Key **ret, u_char *data, /* end of message */ if (buffer_len(&b) != 0) fail++; + buffer_free(&b); debug3("valid_request: fail %d", fail); diff --git a/sshconnect2.c b/sshconnect2.c index 281fecdc9..3a218113c 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.133 2003/11/21 11:57:03 djm Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.134 2004/01/19 21:25:15 markus Exp $"); #include "openbsd-compat/sys-queue.h" @@ -1267,7 +1267,7 @@ ssh_keysign(Key *key, u_char **sigp, u_int *lenp, if (ssh_msg_recv(from[0], &b) < 0) { error("ssh_keysign: no reply"); - buffer_clear(&b); + buffer_free(&b); return -1; } close(from[0]); @@ -1279,11 +1279,11 @@ ssh_keysign(Key *key, u_char **sigp, u_int *lenp, if (buffer_get_char(&b) != version) { error("ssh_keysign: bad version"); - buffer_clear(&b); + buffer_free(&b); return -1; } *sigp = buffer_get_string(&b, lenp); - buffer_clear(&b); + buffer_free(&b); return 0; } -- cgit v1.2.3