From a627d42e51ffa71e014d7b2d2c07118122fd3ec3 Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@zip.com.au>
Date: Sun, 2 Jun 2013 07:31:17 +1000
Subject:    - djm@cvs.openbsd.org 2013/05/17 00:13:13      [xmalloc.h cipher.c
 sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c      ssh-ecdsa.c auth2-chall.c
 compat.c readconf.c kexgexs.c monitor.c      gss-genr.c cipher-3des1.c kex.c
 monitor_wrap.c ssh-pkcs11-client.c      auth-options.c rsa.c auth2-pubkey.c
 sftp.c hostfile.c auth2.c      servconf.c auth.c authfile.c xmalloc.c
 uuencode.c sftp-client.c      auth2-gss.c sftp-server.c bufaux.c mac.c
 session.c jpake.c kexgexc.c      sshconnect.c auth-chall.c auth2-passwd.c
 sshconnect1.c buffer.c      kexecdhs.c kexdhs.c ssh-rsa.c auth1.c
 ssh-pkcs11.c auth2-kbdint.c      kexdhc.c sshd.c umac.c ssh-dss.c
 auth2-jpake.c bufbn.c clientloop.c      monitor_mm.c scp.c roaming_client.c
 serverloop.c key.c auth-rsa.c      ssh-pkcs11-helper.c ssh-keysign.c
 ssh-keygen.c match.c channels.c      sshconnect2.c addrmatch.c mux.c
 canohost.c kexecdhc.c schnorr.c      ssh-add.c misc.c auth2-hostbased.c
 ssh-agent.c bufec.c groupaccess.c      dns.c packet.c readpass.c authfd.c
 moduli.c]      bye, bye xfree(); ok markus@

---
 ssh-agent.c | 63 +++++++++++++++++++++++++++----------------------------------
 1 file changed, 28 insertions(+), 35 deletions(-)

(limited to 'ssh-agent.c')

diff --git a/ssh-agent.c b/ssh-agent.c
index b9498e6ef..3f94851eb 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.172 2011/06/03 01:37:40 dtucker Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.173 2013/05/17 00:13:14 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -172,10 +172,9 @@ static void
 free_identity(Identity *id)
 {
 	key_free(id->key);
-	if (id->provider != NULL)
-		xfree(id->provider);
-	xfree(id->comment);
-	xfree(id);
+	free(id->provider);
+	free(id->comment);
+	free(id);
 }
 
 /* return matching private key for given public key */
@@ -203,7 +202,7 @@ confirm_key(Identity *id)
 	if (ask_permission("Allow use of key %s?\nKey fingerprint %s.",
 	    id->comment, p))
 		ret = 0;
-	xfree(p);
+	free(p);
 
 	return (ret);
 }
@@ -230,7 +229,7 @@ process_request_identities(SocketEntry *e, int version)
 			u_int blen;
 			key_to_blob(id->key, &blob, &blen);
 			buffer_put_string(&msg, blob, blen);
-			xfree(blob);
+			free(blob);
 		}
 		buffer_put_cstring(&msg, id->comment);
 	}
@@ -348,10 +347,9 @@ process_sign_request2(SocketEntry *e)
 	buffer_append(&e->output, buffer_ptr(&msg),
 	    buffer_len(&msg));
 	buffer_free(&msg);
-	xfree(data);
-	xfree(blob);
-	if (signature != NULL)
-		xfree(signature);
+	free(data);
+	free(blob);
+	free(signature);
 	datafellows = odatafellows;
 }
 
@@ -378,7 +376,7 @@ process_remove_identity(SocketEntry *e, int version)
 	case 2:
 		blob = buffer_get_string(&e->request, &blen);
 		key = key_from_blob(blob, blen);
-		xfree(blob);
+		free(blob);
 		break;
 	}
 	if (key != NULL) {
@@ -509,7 +507,7 @@ process_add_identity(SocketEntry *e, int version)
 			cert = buffer_get_string(&e->request, &len);
 			if ((k = key_from_blob(cert, len)) == NULL)
 				fatal("Certificate parse failed");
-			xfree(cert);
+			free(cert);
 			key_add_private(k);
 			buffer_get_bignum2(&e->request, k->dsa->priv_key);
 			break;
@@ -520,7 +518,7 @@ process_add_identity(SocketEntry *e, int version)
 			curve = buffer_get_string(&e->request, NULL);
 			if (k->ecdsa_nid != key_curve_name_to_nid(curve))
 				fatal("%s: curve names mismatch", __func__);
-			xfree(curve);
+			free(curve);
 			k->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid);
 			if (k->ecdsa == NULL)
 				fatal("%s: EC_KEY_new_by_curve_name failed",
@@ -551,7 +549,7 @@ process_add_identity(SocketEntry *e, int version)
 			cert = buffer_get_string(&e->request, &len);
 			if ((k = key_from_blob(cert, len)) == NULL)
 				fatal("Certificate parse failed");
-			xfree(cert);
+			free(cert);
 			key_add_private(k);
 			if ((exponent = BN_new()) == NULL)
 				fatal("%s: BN_new failed", __func__);
@@ -583,7 +581,7 @@ process_add_identity(SocketEntry *e, int version)
 			cert = buffer_get_string(&e->request, &len);
 			if ((k = key_from_blob(cert, len)) == NULL)
 				fatal("Certificate parse failed");
-			xfree(cert);
+			free(cert);
 			key_add_private(k);
 			buffer_get_bignum2(&e->request, k->rsa->d);
 			buffer_get_bignum2(&e->request, k->rsa->iqmp);
@@ -591,11 +589,11 @@ process_add_identity(SocketEntry *e, int version)
 			buffer_get_bignum2(&e->request, k->rsa->q);
 			break;
 		default:
-			xfree(type_name);
+			free(type_name);
 			buffer_clear(&e->request);
 			goto send;
 		}
-		xfree(type_name);
+		free(type_name);
 		break;
 	}
 	/* enable blinding */
@@ -613,7 +611,7 @@ process_add_identity(SocketEntry *e, int version)
 	}
 	comment = buffer_get_string(&e->request, NULL);
 	if (k == NULL) {
-		xfree(comment);
+		free(comment);
 		goto send;
 	}
 	while (buffer_len(&e->request)) {
@@ -627,7 +625,7 @@ process_add_identity(SocketEntry *e, int version)
 		default:
 			error("process_add_identity: "
 			    "Unknown constraint type %d", type);
-			xfree(comment);
+			free(comment);
 			key_free(k);
 			goto send;
 		}
@@ -643,7 +641,7 @@ process_add_identity(SocketEntry *e, int version)
 		tab->nentries++;
 	} else {
 		key_free(k);
-		xfree(id->comment);
+		free(id->comment);
 	}
 	id->comment = comment;
 	id->death = death;
@@ -665,7 +663,7 @@ process_lock_agent(SocketEntry *e, int lock)
 	if (locked && !lock && strcmp(passwd, lock_passwd) == 0) {
 		locked = 0;
 		memset(lock_passwd, 0, strlen(lock_passwd));
-		xfree(lock_passwd);
+		free(lock_passwd);
 		lock_passwd = NULL;
 		success = 1;
 	} else if (!locked && lock) {
@@ -674,7 +672,7 @@ process_lock_agent(SocketEntry *e, int lock)
 		success = 1;
 	}
 	memset(passwd, 0, strlen(passwd));
-	xfree(passwd);
+	free(passwd);
 
 	buffer_put_int(&e->output, 1);
 	buffer_put_char(&e->output,
@@ -747,12 +745,9 @@ process_add_smartcard_key(SocketEntry *e)
 		keys[i] = NULL;
 	}
 send:
-	if (pin)
-		xfree(pin);
-	if (provider)
-		xfree(provider);
-	if (keys)
-		xfree(keys);
+	free(pin);
+	free(provider);
+	free(keys);
 	buffer_put_int(&e->output, 1);
 	buffer_put_char(&e->output,
 	    success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE);
@@ -768,7 +763,7 @@ process_remove_smartcard_key(SocketEntry *e)
 
 	provider = buffer_get_string(&e->request, NULL);
 	pin = buffer_get_string(&e->request, NULL);
-	xfree(pin);
+	free(pin);
 
 	for (version = 1; version < 3; version++) {
 		tab = idtab_lookup(version);
@@ -786,7 +781,7 @@ process_remove_smartcard_key(SocketEntry *e)
 	else
 		error("process_remove_smartcard_key:"
 		    " pkcs11_del_provider failed");
-	xfree(provider);
+	free(provider);
 	buffer_put_int(&e->output, 1);
 	buffer_put_char(&e->output,
 	    success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE);
@@ -951,10 +946,8 @@ prepare_select(fd_set **fdrp, fd_set **fdwp, int *fdl, u_int *nallocp,
 
 	sz = howmany(n+1, NFDBITS) * sizeof(fd_mask);
 	if (*fdrp == NULL || sz > *nallocp) {
-		if (*fdrp)
-			xfree(*fdrp);
-		if (*fdwp)
-			xfree(*fdwp);
+		free(*fdrp);
+		free(*fdwp);
 		*fdrp = xmalloc(sz);
 		*fdwp = xmalloc(sz);
 		*nallocp = sz;
-- 
cgit v1.2.3


From 55119253c64808b0d3b2ab5d2bc67ee9dac3430b Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@zip.com.au>
Date: Sun, 2 Jun 2013 07:43:59 +1000
Subject:    - dtucker@cvs.openbsd.org 2013/05/31 12:28:10      [ssh-agent.c]  
    Use time_t where appropriate.  ok djm

---
 ChangeLog   |  3 +++
 ssh-agent.c | 21 ++++++++++++---------
 2 files changed, 15 insertions(+), 9 deletions(-)

(limited to 'ssh-agent.c')

diff --git a/ChangeLog b/ChangeLog
index d772486f5..5689f03d4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -35,6 +35,9 @@
      Pushing all logging onto a single line simplifies log analysis as it is
      no longer necessary to relate information scattered across multiple log
      entries. "I like it" markus@
+   - dtucker@cvs.openbsd.org 2013/05/31 12:28:10
+     [ssh-agent.c]
+     Use time_t where appropriate.  ok djm
 
 20130529
   - (dtucker) [configure.ac openbsd-compat/bsd-misc.h] bz#2087: Add a null
diff --git a/ssh-agent.c b/ssh-agent.c
index 3f94851eb..0fd9e0bb7 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.173 2013/05/17 00:13:14 djm Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.174 2013/05/31 12:28:10 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -106,7 +106,7 @@ typedef struct identity {
 	Key *key;
 	char *comment;
 	char *provider;
-	u_int death;
+	time_t death;
 	u_int confirm;
 } Identity;
 
@@ -134,8 +134,8 @@ char *lock_passwd = NULL;
 
 extern char *__progname;
 
-/* Default lifetime (0 == forever) */
-static int lifetime = 0;
+/* Default lifetime in seconds (0 == forever) */
+static long lifetime = 0;
 
 static void
 close_socket(SocketEntry *e)
@@ -428,10 +428,10 @@ process_remove_all_identities(SocketEntry *e, int version)
 }
 
 /* removes expired keys and returns number of seconds until the next expiry */
-static u_int
+static time_t
 reaper(void)
 {
-	u_int deadline = 0, now = time(NULL);
+	time_t deadline = 0, now = time(NULL);
 	Identity *id, *nxt;
 	int version;
 	Idtab *tab;
@@ -463,8 +463,9 @@ process_add_identity(SocketEntry *e, int version)
 {
 	Idtab *tab = idtab_lookup(version);
 	Identity *id;
-	int type, success = 0, death = 0, confirm = 0;
+	int type, success = 0, confirm = 0;
 	char *type_name, *comment;
+	time_t death = 0;
 	Key *k = NULL;
 #ifdef OPENSSL_HAS_ECC
 	BIGNUM *exponent;
@@ -699,7 +700,8 @@ static void
 process_add_smartcard_key(SocketEntry *e)
 {
 	char *provider = NULL, *pin;
-	int i, type, version, count = 0, success = 0, death = 0, confirm = 0;
+	int i, type, version, count = 0, success = 0, confirm = 0;
+	time_t death = 0;
 	Key **keys = NULL, *k;
 	Identity *id;
 	Idtab *tab;
@@ -926,9 +928,10 @@ static int
 prepare_select(fd_set **fdrp, fd_set **fdwp, int *fdl, u_int *nallocp,
     struct timeval **tvpp)
 {
-	u_int i, sz, deadline;
+	u_int i, sz;
 	int n = 0;
 	static struct timeval tv;
+	time_t deadline;
 
 	for (i = 0; i < sockets_alloc; i++) {
 		switch (sockets[i].type) {
-- 
cgit v1.2.3


From b759c9c2efebe7b416ab81093ca8eb17836b6933 Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@zip.com.au>
Date: Sun, 2 Jun 2013 07:46:16 +1000
Subject:    - dtucker@cvs.openbsd.org 2013/06/01 13:15:52      [ssh-agent.c
 clientloop.c misc.h packet.c progressmeter.c misc.c      channels.c
 sandbox-systrace.c]      Use clock_gettime(CLOCK_MONOTONIC ...) for ssh
 timers so that things like      keepalives and rekeying will work properly
 over clock steps.  Suggested by      markus@, "looks good" djm@.

---
 ChangeLog          |  6 ++++++
 channels.c         | 12 ++++++------
 clientloop.c       | 14 +++++++-------
 misc.c             | 13 ++++++++++++-
 misc.h             |  3 ++-
 packet.c           | 10 +++++-----
 progressmeter.c    |  6 +++---
 sandbox-systrace.c |  3 ++-
 ssh-agent.c        | 12 ++++++------
 9 files changed, 49 insertions(+), 30 deletions(-)

(limited to 'ssh-agent.c')

diff --git a/ChangeLog b/ChangeLog
index 5689f03d4..891db12a6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -38,6 +38,12 @@
    - dtucker@cvs.openbsd.org 2013/05/31 12:28:10
      [ssh-agent.c]
      Use time_t where appropriate.  ok djm
+   - dtucker@cvs.openbsd.org 2013/06/01 13:15:52
+     [ssh-agent.c clientloop.c misc.h packet.c progressmeter.c misc.c
+     channels.c sandbox-systrace.c]
+     Use clock_gettime(CLOCK_MONOTONIC ...) for ssh timers so that things like
+     keepalives and rekeying will work properly over clock steps.  Suggested by
+     markus@, "looks good" djm@.
 
 20130529
   - (dtucker) [configure.ac openbsd-compat/bsd-misc.h] bz#2087: Add a null
diff --git a/channels.c b/channels.c
index 6031394cc..d50a4a298 100644
--- a/channels.c
+++ b/channels.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.c,v 1.321 2013/05/17 00:13:13 djm Exp $ */
+/* $OpenBSD: channels.c,v 1.322 2013/06/01 13:15:51 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1335,7 +1335,7 @@ channel_post_x11_listener(Channel *c, fd_set *readset, fd_set *writeset)
 			    errno != ECONNABORTED)
 				error("accept: %.100s", strerror(errno));
 			if (errno == EMFILE || errno == ENFILE)
-				c->notbefore = time(NULL) + 1;
+				c->notbefore = monotime() + 1;
 			return;
 		}
 		set_nodelay(newsock);
@@ -1482,7 +1482,7 @@ channel_post_port_listener(Channel *c, fd_set *readset, fd_set *writeset)
 			    errno != ECONNABORTED)
 				error("accept: %.100s", strerror(errno));
 			if (errno == EMFILE || errno == ENFILE)
-				c->notbefore = time(NULL) + 1;
+				c->notbefore = monotime() + 1;
 			return;
 		}
 		set_nodelay(newsock);
@@ -1518,7 +1518,7 @@ channel_post_auth_listener(Channel *c, fd_set *readset, fd_set *writeset)
 			error("accept from auth socket: %.100s",
 			    strerror(errno));
 			if (errno == EMFILE || errno == ENFILE)
-				c->notbefore = time(NULL) + 1;
+				c->notbefore = monotime() + 1;
 			return;
 		}
 		nc = channel_new("accepted auth socket",
@@ -1922,7 +1922,7 @@ channel_post_mux_listener(Channel *c, fd_set *readset, fd_set *writeset)
 	    &addrlen)) == -1) {
 		error("%s accept: %s", __func__, strerror(errno));
 		if (errno == EMFILE || errno == ENFILE)
-			c->notbefore = time(NULL) + 1;
+			c->notbefore = monotime() + 1;
 		return;
 	}
 
@@ -2085,7 +2085,7 @@ channel_handler(chan_fn *ftab[], fd_set *readset, fd_set *writeset,
 		channel_handler_init();
 		did_init = 1;
 	}
-	now = time(NULL);
+	now = monotime();
 	if (unpause_secs != NULL)
 		*unpause_secs = 0;
 	for (i = 0, oalloc = channels_alloc; i < oalloc; i++) {
diff --git a/clientloop.c b/clientloop.c
index 22138560b..4b071eb91 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.250 2013/05/17 00:13:13 djm Exp $ */
+/* $OpenBSD: clientloop.c,v 1.251 2013/06/01 13:15:51 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -273,7 +273,7 @@ set_control_persist_exit_time(void)
 		control_persist_exit_time = 0;
 	} else if (control_persist_exit_time <= 0) {
 		/* a client connection has recently closed */
-		control_persist_exit_time = time(NULL) +
+		control_persist_exit_time = monotime() +
 			(time_t)options.control_persist_timeout;
 		debug2("%s: schedule exit in %d seconds", __func__,
 		    options.control_persist_timeout);
@@ -356,7 +356,7 @@ client_x11_get_proto(const char *display, const char *xauth_path,
 				if (system(cmd) == 0)
 					generated = 1;
 				if (x11_refuse_time == 0) {
-					now = time(NULL) + 1;
+					now = monotime() + 1;
 					if (UINT_MAX - timeout < now)
 						x11_refuse_time = UINT_MAX;
 					else
@@ -581,7 +581,7 @@ client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp,
 {
 	struct timeval tv, *tvp;
 	int timeout_secs;
-	time_t minwait_secs = 0, server_alive_time = 0, now = time(NULL);
+	time_t minwait_secs = 0, server_alive_time = 0, now = monotime();
 	int ret;
 
 	/* Add any selections by the channel mechanism. */
@@ -676,7 +676,7 @@ client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp,
 		 * Timeout.  Could have been either keepalive or rekeying.
 		 * Keepalive we check here, rekeying is checked in clientloop.
 		 */
-		if (server_alive_time != 0 && server_alive_time <= time(NULL))
+		if (server_alive_time != 0 && server_alive_time <= monotime())
 			server_alive_check();
 	}
 
@@ -1650,7 +1650,7 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
 		 * connections, then quit.
 		 */
 		if (control_persist_exit_time > 0) {
-			if (time(NULL) >= control_persist_exit_time) {
+			if (monotime() >= control_persist_exit_time) {
 				debug("ControlPersist timeout expired");
 				break;
 			}
@@ -1868,7 +1868,7 @@ client_request_x11(const char *request_type, int rchan)
 		    "malicious server.");
 		return NULL;
 	}
-	if (x11_refuse_time != 0 && time(NULL) >= x11_refuse_time) {
+	if (x11_refuse_time != 0 && monotime() >= x11_refuse_time) {
 		verbose("Rejected X11 connection after ForwardX11Timeout "
 		    "expired");
 		return NULL;
diff --git a/misc.c b/misc.c
index 4aa5fdc8b..cd45e9ecc 100644
--- a/misc.c
+++ b/misc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.c,v 1.89 2013/05/17 00:13:13 djm Exp $ */
+/* $OpenBSD: misc.c,v 1.90 2013/06/01 13:15:52 dtucker Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2005,2006 Damien Miller.  All rights reserved.
@@ -854,6 +854,17 @@ ms_to_timeval(struct timeval *tv, int ms)
 	tv->tv_usec = (ms % 1000) * 1000;
 }
 
+time_t
+monotime(void)
+{
+	struct timespec ts;
+
+	if (clock_gettime(CLOCK_MONOTONIC, &ts) != 0)
+		fatal("clock_gettime: %s", strerror(errno));
+
+	return (ts.tv_sec);
+}
+
 void
 bandwidth_limit_init(struct bwlimit *bw, u_int64_t kbps, size_t buflen)
 {
diff --git a/misc.h b/misc.h
index f3142a95e..fceb30655 100644
--- a/misc.h
+++ b/misc.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.h,v 1.48 2011/03/29 18:54:17 stevesk Exp $ */
+/* $OpenBSD: misc.h,v 1.49 2013/06/01 13:15:52 dtucker Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -35,6 +35,7 @@ char	*tohex(const void *, size_t);
 void	 sanitise_stdfd(void);
 void	 ms_subtract_diff(struct timeval *, int *);
 void	 ms_to_timeval(struct timeval *, int);
+time_t	 monotime(void);
 void	 sock_set_v6only(int);
 
 struct passwd *pwcopy(struct passwd *);
diff --git a/packet.c b/packet.c
index 84ebd81d5..b25395d4b 100644
--- a/packet.c
+++ b/packet.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.c,v 1.186 2013/05/17 00:13:13 djm Exp $ */
+/* $OpenBSD: packet.c,v 1.187 2013/06/01 13:15:52 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1015,7 +1015,7 @@ packet_send2(void)
 	/* after a NEWKEYS message we can send the complete queue */
 	if (type == SSH2_MSG_NEWKEYS) {
 		active_state->rekeying = 0;
-		active_state->rekey_time = time(NULL);
+		active_state->rekey_time = monotime();
 		while ((p = TAILQ_FIRST(&active_state->outgoing))) {
 			type = p->type;
 			debug("dequeue packet: %u", type);
@@ -1942,7 +1942,7 @@ packet_need_rekeying(void)
 	    (active_state->max_blocks_in &&
 	        (active_state->p_read.blocks > active_state->max_blocks_in)) ||
 	    (active_state->rekey_interval != 0 && active_state->rekey_time +
-		 active_state->rekey_interval <= time(NULL));
+		 active_state->rekey_interval <= monotime());
 }
 
 void
@@ -1956,7 +1956,7 @@ packet_set_rekey_limits(u_int32_t bytes, time_t seconds)
 	 * We set the time here so that in post-auth privsep slave we count
 	 * from the completion of the authentication.
 	 */
-	active_state->rekey_time = time(NULL);
+	active_state->rekey_time = monotime();
 }
 
 time_t
@@ -1965,7 +1965,7 @@ packet_get_rekey_timeout(void)
 	time_t seconds;
 
 	seconds = active_state->rekey_time + active_state->rekey_interval -
-	    time(NULL);
+	    monotime();
 	return (seconds <= 0 ? 1 : seconds);
 }
 
diff --git a/progressmeter.c b/progressmeter.c
index 0f95222d2..0e570e41a 100644
--- a/progressmeter.c
+++ b/progressmeter.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: progressmeter.c,v 1.37 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: progressmeter.c,v 1.38 2013/06/01 13:15:52 dtucker Exp $ */
 /*
  * Copyright (c) 2003 Nils Nordman.  All rights reserved.
  *
@@ -131,7 +131,7 @@ refresh_progress_meter(void)
 
 	transferred = *counter - cur_pos;
 	cur_pos = *counter;
-	now = time(NULL);
+	now = monotime();
 	bytes_left = end_pos - cur_pos;
 
 	if (bytes_left > 0)
@@ -249,7 +249,7 @@ update_progress_meter(int ignore)
 void
 start_progress_meter(char *f, off_t filesize, off_t *ctr)
 {
-	start = last_update = time(NULL);
+	start = last_update = monotime();
 	file = f;
 	end_pos = filesize;
 	cur_pos = 0;
diff --git a/sandbox-systrace.c b/sandbox-systrace.c
index 2d16a627f..cc0db46c4 100644
--- a/sandbox-systrace.c
+++ b/sandbox-systrace.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sandbox-systrace.c,v 1.6 2012/06/30 14:35:09 markus Exp $ */
+/* $OpenBSD: sandbox-systrace.c,v 1.7 2013/06/01 13:15:52 dtucker Exp $ */
 /*
  * Copyright (c) 2011 Damien Miller <djm@mindrot.org>
  *
@@ -57,6 +57,7 @@ static const struct sandbox_policy preauth_policy[] = {
 	{ SYS_exit, SYSTR_POLICY_PERMIT },
 	{ SYS_getpid, SYSTR_POLICY_PERMIT },
 	{ SYS_gettimeofday, SYSTR_POLICY_PERMIT },
+	{ SYS_clock_gettime, SYSTR_POLICY_PERMIT },
 	{ SYS_madvise, SYSTR_POLICY_PERMIT },
 	{ SYS_mmap, SYSTR_POLICY_PERMIT },
 	{ SYS_mprotect, SYSTR_POLICY_PERMIT },
diff --git a/ssh-agent.c b/ssh-agent.c
index 0fd9e0bb7..f5e5873ad 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.174 2013/05/31 12:28:10 dtucker Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.175 2013/06/01 13:15:52 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -431,7 +431,7 @@ process_remove_all_identities(SocketEntry *e, int version)
 static time_t
 reaper(void)
 {
-	time_t deadline = 0, now = time(NULL);
+	time_t deadline = 0, now = monotime();
 	Identity *id, *nxt;
 	int version;
 	Idtab *tab;
@@ -618,7 +618,7 @@ process_add_identity(SocketEntry *e, int version)
 	while (buffer_len(&e->request)) {
 		switch ((type = buffer_get_char(&e->request))) {
 		case SSH_AGENT_CONSTRAIN_LIFETIME:
-			death = time(NULL) + buffer_get_int(&e->request);
+			death = monotime() + buffer_get_int(&e->request);
 			break;
 		case SSH_AGENT_CONSTRAIN_CONFIRM:
 			confirm = 1;
@@ -633,7 +633,7 @@ process_add_identity(SocketEntry *e, int version)
 	}
 	success = 1;
 	if (lifetime && !death)
-		death = time(NULL) + lifetime;
+		death = monotime() + lifetime;
 	if ((id = lookup_identity(k, version)) == NULL) {
 		id = xcalloc(1, sizeof(Identity));
 		id->key = k;
@@ -712,7 +712,7 @@ process_add_smartcard_key(SocketEntry *e)
 	while (buffer_len(&e->request)) {
 		switch ((type = buffer_get_char(&e->request))) {
 		case SSH_AGENT_CONSTRAIN_LIFETIME:
-			death = time(NULL) + buffer_get_int(&e->request);
+			death = monotime() + buffer_get_int(&e->request);
 			break;
 		case SSH_AGENT_CONSTRAIN_CONFIRM:
 			confirm = 1;
@@ -724,7 +724,7 @@ process_add_smartcard_key(SocketEntry *e)
 		}
 	}
 	if (lifetime && !death)
-		death = time(NULL) + lifetime;
+		death = monotime() + lifetime;
 
 	count = pkcs11_add_provider(provider, pin, &keys);
 	for (i = 0; i < count; i++) {
-- 
cgit v1.2.3


From 073f795bc1c7728c320e5982c0d417376b0907f5 Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@zip.com.au>
Date: Sun, 2 Jun 2013 23:47:11 +1000
Subject:    - dtucker@cvs.openbsd.org 2013/06/02 13:35:58      [ssh-agent.c]  
    Make parent_alive_interval time_t to avoid signed/unsigned comparison

---
 ChangeLog   | 3 +++
 ssh-agent.c | 4 ++--
 2 files changed, 5 insertions(+), 2 deletions(-)

(limited to 'ssh-agent.c')

diff --git a/ChangeLog b/ChangeLog
index 0a66555b9..03a2e3ad2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,9 @@
    - dtucker@cvs.openbsd.org 2013/06/02 13:33:05
      [progressmeter.c]
      Add misc.h for monotime prototype. (ID sync only).
+   - dtucker@cvs.openbsd.org 2013/06/02 13:35:58
+     [ssh-agent.c]
+     Make parent_alive_interval time_t to avoid signed/unsigned comparison
 
 20130601
  - (dtucker) [configure.ac openbsd-compat/xcrypt.c] bz#2112: fall back to
diff --git a/ssh-agent.c b/ssh-agent.c
index f5e5873ad..27df4f475 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.175 2013/06/01 13:15:52 dtucker Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.176 2013/06/02 13:35:58 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -122,7 +122,7 @@ int max_fd = 0;
 
 /* pid of shell == parent of agent */
 pid_t parent_pid = -1;
-u_int parent_alive_interval = 0;
+time_t parent_alive_interval = 0;
 
 /* pathname and directory for AUTH_SOCKET */
 char socket_name[MAXPATHLEN];
-- 
cgit v1.2.3


From 1f0e86f23fcebb026371c0888402a981df2a61c4 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Sat, 20 Jul 2013 13:22:49 +1000
Subject:    - djm@cvs.openbsd.org 2013/07/20 01:50:20      [ssh-agent.c]     
 call cleanup_handler on SIGINT when in debug mode to ensure sockets      are
 cleaned up on manual exit; bz#2120

---
 ChangeLog   | 4 ++++
 ssh-agent.c | 5 ++---
 2 files changed, 6 insertions(+), 3 deletions(-)

(limited to 'ssh-agent.c')

diff --git a/ChangeLog b/ChangeLog
index 47bfa94ef..dc6ea90ef 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -12,6 +12,10 @@
    - djm@cvs.openbsd.org 2013/07/20 01:44:37
      [ssh-keygen.c ssh.c]
      More useful error message on missing current user in /etc/passwd
+   - djm@cvs.openbsd.org 2013/07/20 01:50:20
+     [ssh-agent.c]
+     call cleanup_handler on SIGINT when in debug mode to ensure sockets
+     are cleaned up on manual exit; bz#2120
 
 20130718
  - (djm) OpenBSD CVS Sync
diff --git a/ssh-agent.c b/ssh-agent.c
index 27df4f475..c3b11729c 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.176 2013/06/02 13:35:58 dtucker Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.177 2013/07/20 01:50:20 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1344,9 +1344,8 @@ skip:
 	if (ac > 0)
 		parent_alive_interval = 10;
 	idtab_init();
-	if (!d_flag)
-		signal(SIGINT, SIG_IGN);
 	signal(SIGPIPE, SIG_IGN);
+	signal(SIGINT, d_flag ? cleanup_handler : SIG_IGN);
 	signal(SIGHUP, cleanup_handler);
 	signal(SIGTERM, cleanup_handler);
 	nalloc = 0;
-- 
cgit v1.2.3