From d558092522153caa627e33e4a76c6f64332bc609 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 14 May 2003 13:40:06 +1000 Subject: - (djm) RCSID sync w/ OpenBSD --- ssh-agent.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'ssh-agent.c') diff --git a/ssh-agent.c b/ssh-agent.c index 5dee9df45..c179ceaa2 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -35,7 +35,7 @@ #include "includes.h" #include "openbsd-compat/sys-queue.h" -RCSID("$OpenBSD: ssh-agent.c,v 1.108 2003/03/13 11:44:50 markus Exp $"); +RCSID("$OpenBSD: ssh-agent.c,v 1.109 2003/04/08 20:21:29 itojun Exp $"); #include #include -- cgit v1.2.3 From 0cbb9dea050942c643f739b79d0d9f30d75da213 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 4 Jun 2003 22:56:15 +1000 Subject: - (djm) Always use mysignal() for SIGALRM --- ChangeLog | 3 ++- progressmeter.c | 5 +++-- ssh-agent.c | 4 ++-- sshd.c | 4 ++-- 4 files changed, 9 insertions(+), 7 deletions(-) (limited to 'ssh-agent.c') diff --git a/ChangeLog b/ChangeLog index c5b3a92b5..4981ecf4a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -29,6 +29,7 @@ kill ssh process on receipt of signal; ok markus@ - (djm) Update to fix of bug #584: lock card before return. From larsch@trustcenter.de + - (djm) Always use mysignal() for SIGALRM 20030603 - (djm) Replace setproctitle replacement with code derived from @@ -457,4 +458,4 @@ - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. Report from murple@murple.net, diagnosis from dtucker@zip.com.au -$Id: ChangeLog,v 1.2780 2003/06/04 12:51:38 djm Exp $ +$Id: ChangeLog,v 1.2781 2003/06/04 12:56:15 djm Exp $ diff --git a/progressmeter.c b/progressmeter.c index 343e1b7d5..d4abf2fd9 100644 --- a/progressmeter.c +++ b/progressmeter.c @@ -72,6 +72,7 @@ RCSID("$OpenBSD: progressmeter.c,v 1.6 2003/04/07 21:58:05 millert Exp $"); #include "atomicio.h" #include "progressmeter.h" +#include "misc.h" /* Number of seconds before xfer considered "stalled". */ #define STALLTIME 5 @@ -121,7 +122,7 @@ start_progress_meter(char *file, off_t filesize, off_t *counter) lastsize = 0; draw_progress_meter(); - signal(SIGALRM, update_progress_meter); + mysignal(SIGALRM, update_progress_meter); alarm(PROGRESSTIME); } @@ -140,7 +141,7 @@ update_progress_meter(int ignore) int save_errno = errno; draw_progress_meter(); - signal(SIGALRM, update_progress_meter); + mysignal(SIGALRM, update_progress_meter); alarm(PROGRESSTIME); errno = save_errno; } diff --git a/ssh-agent.c b/ssh-agent.c index c179ceaa2..fbd41834e 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -962,7 +962,7 @@ check_parent_exists(int sig) /* printf("Parent has died - Authentication agent exiting.\n"); */ cleanup_handler(sig); /* safe */ } - signal(SIGALRM, check_parent_exists); + mysignal(SIGALRM, check_parent_exists); alarm(10); errno = save_errno; } @@ -1194,7 +1194,7 @@ skip: fatal_add_cleanup(cleanup_socket, NULL); new_socket(AUTH_SOCKET, sock); if (ac > 0) { - signal(SIGALRM, check_parent_exists); + mysignal(SIGALRM, check_parent_exists); alarm(10); } idtab_init(); diff --git a/sshd.c b/sshd.c index bdb092016..bc458488b 100644 --- a/sshd.c +++ b/sshd.c @@ -1373,7 +1373,7 @@ main(int ac, char **av) if ((options.protocol & SSH_PROTO_1) && key_used == 0) { /* Schedule server key regeneration alarm. */ - signal(SIGALRM, key_regeneration_alarm); + mysignal(SIGALRM, key_regeneration_alarm); alarm(options.key_regeneration_time); key_used = 1; } @@ -1462,7 +1462,7 @@ main(int ac, char **av) * mode; it is just annoying to have the server exit just when you * are about to discover the bug. */ - signal(SIGALRM, grace_alarm_handler); + mysignal(SIGALRM, grace_alarm_handler); if (!debug_flag) alarm(options.login_grace_time); -- cgit v1.2.3 From d94f20d28e9e966576302cd951776401c2856df6 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 11 Jun 2003 22:06:33 +1000 Subject: - djm@cvs.openbsd.org 2003/06/11 11:18:38 [authfd.c authfd.h ssh-add.c ssh-agent.c] make agent constraints (lifetime, confirm) work with smartcard keys; ok markus@ --- ChangeLog | 6 +++++- authfd.c | 27 ++++++++++++++++++++++----- authfd.h | 6 ++++-- ssh-add.c | 4 ++-- ssh-agent.c | 25 +++++++++++++++++++++---- 5 files changed, 54 insertions(+), 14 deletions(-) (limited to 'ssh-agent.c') diff --git a/ChangeLog b/ChangeLog index fab1da44b..fc17be0ca 100644 --- a/ChangeLog +++ b/ChangeLog @@ -18,6 +18,10 @@ - jakob@cvs.openbsd.org 2003/06/11 10:18:47 [dns.c] sync with check_host_key() change + - djm@cvs.openbsd.org 2003/06/11 11:18:38 + [authfd.c authfd.h ssh-add.c ssh-agent.c] + make agent constraints (lifetime, confirm) work with smartcard keys; + ok markus@ 20030609 @@ -502,4 +506,4 @@ - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. Report from murple@murple.net, diagnosis from dtucker@zip.com.au -$Id: ChangeLog,v 1.2796 2003/06/11 12:05:45 djm Exp $ +$Id: ChangeLog,v 1.2797 2003/06/11 12:06:33 djm Exp $ diff --git a/authfd.c b/authfd.c index 7e96269a4..368544b17 100644 --- a/authfd.c +++ b/authfd.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: authfd.c,v 1.59 2003/04/08 20:21:28 itojun Exp $"); +RCSID("$OpenBSD: authfd.c,v 1.60 2003/06/11 11:18:38 djm Exp $"); #include @@ -589,16 +589,33 @@ ssh_remove_identity(AuthenticationConnection *auth, Key *key) } int -ssh_update_card(AuthenticationConnection *auth, int add, const char *reader_id, const char *pin) +ssh_update_card(AuthenticationConnection *auth, int add, + const char *reader_id, const char *pin, u_int life, u_int confirm) { Buffer msg; - int type; + int type, constrained = (life || confirm); + + if (add) { + type = constrained ? + SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED : + SSH_AGENTC_ADD_SMARTCARD_KEY; + } else + type = SSH_AGENTC_REMOVE_SMARTCARD_KEY; buffer_init(&msg); - buffer_put_char(&msg, add ? SSH_AGENTC_ADD_SMARTCARD_KEY : - SSH_AGENTC_REMOVE_SMARTCARD_KEY); + buffer_put_char(&msg, type); buffer_put_cstring(&msg, reader_id); buffer_put_cstring(&msg, pin); + + if (constrained) { + if (life != 0) { + buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_LIFETIME); + buffer_put_int(&msg, life); + } + if (confirm != 0) + buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_CONFIRM); + } + if (ssh_request_reply(auth, &msg, &msg) == 0) { buffer_free(&msg); return 0; diff --git a/authfd.h b/authfd.h index 2a8751ec1..74b825c51 100644 --- a/authfd.h +++ b/authfd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: authfd.h,v 1.32 2003/01/23 13:50:27 markus Exp $ */ +/* $OpenBSD: authfd.h,v 1.33 2003/06/11 11:18:38 djm Exp $ */ /* * Author: Tatu Ylonen @@ -49,6 +49,7 @@ /* add key with constraints */ #define SSH_AGENTC_ADD_RSA_ID_CONSTRAINED 24 #define SSH2_AGENTC_ADD_ID_CONSTRAINED 25 +#define SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED 26 #define SSH_AGENT_CONSTRAIN_LIFETIME 1 #define SSH_AGENT_CONSTRAIN_CONFIRM 2 @@ -82,7 +83,8 @@ int ssh_add_identity_constrained(AuthenticationConnection *, Key *, int ssh_remove_identity(AuthenticationConnection *, Key *); int ssh_remove_all_identities(AuthenticationConnection *, int); int ssh_lock_agent(AuthenticationConnection *, int, const char *); -int ssh_update_card(AuthenticationConnection *, int, const char *, const char *); +int ssh_update_card(AuthenticationConnection *, int, const char *, + const char *, u_int, u_int); int ssh_decrypt_challenge(AuthenticationConnection *, Key *, BIGNUM *, u_char[16], diff --git a/ssh-add.c b/ssh-add.c index 9adec3094..9d14a3649 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-add.c,v 1.66 2003/03/05 22:33:43 markus Exp $"); +RCSID("$OpenBSD: ssh-add.c,v 1.67 2003/06/11 11:18:38 djm Exp $"); #include @@ -201,7 +201,7 @@ update_card(AuthenticationConnection *ac, int add, const char *id) if (pin == NULL) return -1; - if (ssh_update_card(ac, add, id, pin)) { + if (ssh_update_card(ac, add, id, pin, lifetime, confirm)) { fprintf(stderr, "Card %s: %s\n", add ? "added" : "removed", id); ret = 0; diff --git a/ssh-agent.c b/ssh-agent.c index fbd41834e..61ea34580 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -35,7 +35,7 @@ #include "includes.h" #include "openbsd-compat/sys-queue.h" -RCSID("$OpenBSD: ssh-agent.c,v 1.109 2003/04/08 20:21:29 itojun Exp $"); +RCSID("$OpenBSD: ssh-agent.c,v 1.110 2003/06/11 11:18:38 djm Exp $"); #include #include @@ -580,13 +580,29 @@ static void process_add_smartcard_key (SocketEntry *e) { char *sc_reader_id = NULL, *pin; - int i, version, success = 0; + int i, version, success = 0, death = 0, confirm = 0; Key **keys, *k; Identity *id; Idtab *tab; sc_reader_id = buffer_get_string(&e->request, NULL); pin = buffer_get_string(&e->request, NULL); + + while (buffer_len(&e->request)) { + switch (buffer_get_char(&e->request)) { + case SSH_AGENT_CONSTRAIN_LIFETIME: + death = time(NULL) + buffer_get_int(&e->request); + break; + case SSH_AGENT_CONSTRAIN_CONFIRM: + confirm = 1; + break; + default: + break; + } + } + if (lifetime && !death) + death = time(NULL) + lifetime; + keys = sc_get_keys(sc_reader_id, pin); xfree(sc_reader_id); xfree(pin); @@ -603,8 +619,8 @@ process_add_smartcard_key (SocketEntry *e) id = xmalloc(sizeof(Identity)); id->key = k; id->comment = xstrdup("smartcard key"); - id->death = 0; - id->confirm = 0; + id->death = death; + id->confirm = confirm; TAILQ_INSERT_TAIL(&tab->idlist, id, next); tab->nentries++; success = 1; @@ -748,6 +764,7 @@ process_message(SocketEntry *e) break; #ifdef SMARTCARD case SSH_AGENTC_ADD_SMARTCARD_KEY: + case SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED: process_add_smartcard_key(e); break; case SSH_AGENTC_REMOVE_SMARTCARD_KEY: -- cgit v1.2.3 From 56a0bb07c47285fe78268c95650032ab0ea667cd Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 18 Jun 2003 20:28:40 +1000 Subject: - markus@cvs.openbsd.org 2003/06/12 19:12:03 [scard.c scard.h ssh-agent.c ssh.c] add sc_get_key_label; larsch at trustcenter.de; bugzilla#591 --- ChangeLog | 5 ++++- scard.c | 9 ++++++++- scard.h | 3 ++- ssh-agent.c | 4 ++-- ssh.c | 4 ++-- 5 files changed, 18 insertions(+), 7 deletions(-) (limited to 'ssh-agent.c') diff --git a/ChangeLog b/ChangeLog index f5d3b36f0..2ccd501ab 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,9 @@ - nino@cvs.openbsd.org 2003/06/12 15:34:09 [scp.c] Typo. Ok markus@. + - markus@cvs.openbsd.org 2003/06/12 19:12:03 + [scard.c scard.h ssh-agent.c ssh.c] + add sc_get_key_label; larsch at trustcenter.de; bugzilla#591 20030614 - (djm) Update license on fake-rfc2553.[ch]; ok itojun@ @@ -524,4 +527,4 @@ - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. Report from murple@murple.net, diagnosis from dtucker@zip.com.au -$Id: ChangeLog,v 1.2804 2003/06/18 10:26:34 djm Exp $ +$Id: ChangeLog,v 1.2805 2003/06/18 10:28:40 djm Exp $ diff --git a/scard.c b/scard.c index 65f8bff14..906287ba2 100644 --- a/scard.c +++ b/scard.c @@ -24,7 +24,7 @@ #include "includes.h" #if defined(SMARTCARD) && defined(USE_SECTOK) -RCSID("$OpenBSD: scard.c,v 1.27 2003/04/08 20:21:29 itojun Exp $"); +RCSID("$OpenBSD: scard.c,v 1.28 2003/06/12 19:12:02 markus Exp $"); #include #include @@ -554,4 +554,11 @@ done: sectok_close(fd); return (status); } + +char * +sc_get_key_label(Key *key) +{ + return xstrdup("smartcard key"); +} + #endif /* SMARTCARD && USE_SECTOK */ diff --git a/scard.h b/scard.h index 00999cb09..9ba20a361 100644 --- a/scard.h +++ b/scard.h @@ -1,4 +1,4 @@ -/* $OpenBSD: scard.h,v 1.11 2002/06/30 21:59:45 deraadt Exp $ */ +/* $OpenBSD: scard.h,v 1.12 2003/06/12 19:12:03 markus Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -36,5 +36,6 @@ Key **sc_get_keys(const char *, const char *); void sc_close(void); int sc_put_key(Key *, const char *); +char *sc_get_key_label(Key *); #endif diff --git a/ssh-agent.c b/ssh-agent.c index 61ea34580..6c8ff30dd 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -35,7 +35,7 @@ #include "includes.h" #include "openbsd-compat/sys-queue.h" -RCSID("$OpenBSD: ssh-agent.c,v 1.110 2003/06/11 11:18:38 djm Exp $"); +RCSID("$OpenBSD: ssh-agent.c,v 1.111 2003/06/12 19:12:03 markus Exp $"); #include #include @@ -618,7 +618,7 @@ process_add_smartcard_key (SocketEntry *e) if (lookup_identity(k, version) == NULL) { id = xmalloc(sizeof(Identity)); id->key = k; - id->comment = xstrdup("smartcard key"); + id->comment = sc_get_key_label(k); id->death = death; id->confirm = confirm; TAILQ_INSERT_TAIL(&tab->idlist, id, next); diff --git a/ssh.c b/ssh.c index 480bd85e6..0142e7fad 100644 --- a/ssh.c +++ b/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.193 2003/05/15 13:52:10 djm Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.194 2003/06/12 19:12:03 markus Exp $"); #include #include @@ -1180,7 +1180,7 @@ load_public_identity_files(void) sizeof(Key *) * (SSH_MAX_IDENTITY_FILES - 1)); options.num_identity_files++; options.identity_keys[0] = keys[i]; - options.identity_files[0] = xstrdup("smartcard key");; + options.identity_files[0] = sc_get_key_label(keys[i]); } if (options.num_identity_files > SSH_MAX_IDENTITY_FILES) options.num_identity_files = SSH_MAX_IDENTITY_FILES; -- cgit v1.2.3 From 59d3d5b8b4813bdd1d4518d6839bd392ff6d21f7 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 22 Aug 2003 09:34:41 +1000 Subject: - (djm) s/get_progname/ssh_get_progname/g to avoid conflict with Heimdal -lbroken; ok dtucker --- ChangeLog | 6 +++++- logintest.c | 4 ++-- openbsd-compat/bsd-misc.c | 4 ++-- openbsd-compat/bsd-misc.h | 4 ++-- scp.c | 2 +- sftp-server.c | 2 +- sftp.c | 2 +- ssh-add.c | 2 +- ssh-agent.c | 2 +- ssh-keygen.c | 2 +- ssh-keyscan.c | 2 +- ssh-rand-helper.c | 4 ++-- ssh.c | 2 +- sshd.c | 2 +- 14 files changed, 22 insertions(+), 18 deletions(-) (limited to 'ssh-agent.c') diff --git a/ChangeLog b/ChangeLog index 081b07907..ded30f05a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20030822 + - (djm) s/get_progname/ssh_get_progname/g to avoid conflict with Heimdal + -lbroken; ok dtucker + 20030821 - (dtucker) OpenBSD CVS Sync - markus@cvs.openbsd.org 2003/08/14 16:08:58 @@ -845,4 +849,4 @@ - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. Report from murple@murple.net, diagnosis from dtucker@zip.com.au -$Id: ChangeLog,v 1.2896 2003/08/21 07:58:29 dtucker Exp $ +$Id: ChangeLog,v 1.2897 2003/08/21 23:34:41 djm Exp $ diff --git a/logintest.c b/logintest.c index a0c08118b..3f3997d10 100644 --- a/logintest.c +++ b/logintest.c @@ -43,7 +43,7 @@ #include "loginrec.h" -RCSID("$Id: logintest.c,v 1.9 2003/06/02 00:42:17 djm Exp $"); +RCSID("$Id: logintest.c,v 1.10 2003/08/21 23:34:41 djm Exp $"); #ifdef HAVE___PROGNAME extern char *__progname; @@ -287,7 +287,7 @@ main(int argc, char *argv[]) { printf("Platform-independent login recording test driver\n"); - __progname = get_progname(argv[0]); + __progname = ssh_get_progname(argv[0]); if (argc == 2) { if (strncmp(argv[1], "-i", 3) == 0) compile_opts_only = 1; diff --git a/openbsd-compat/bsd-misc.c b/openbsd-compat/bsd-misc.c index d4c793724..56cb45ade 100644 --- a/openbsd-compat/bsd-misc.c +++ b/openbsd-compat/bsd-misc.c @@ -25,13 +25,13 @@ #include "includes.h" #include "xmalloc.h" -RCSID("$Id: bsd-misc.c,v 1.17 2003/08/13 10:48:07 dtucker Exp $"); +RCSID("$Id: bsd-misc.c,v 1.18 2003/08/21 23:34:42 djm Exp $"); /* * NB. duplicate __progname in case it is an alias for argv[0] * Otherwise it may get clobbered by setproctitle() */ -char *get_progname(char *argv0) +char *ssh_get_progname(char *argv0) { #ifdef HAVE___PROGNAME extern char *__progname; diff --git a/openbsd-compat/bsd-misc.h b/openbsd-compat/bsd-misc.h index f2fbdc2e3..2857de59b 100644 --- a/openbsd-compat/bsd-misc.h +++ b/openbsd-compat/bsd-misc.h @@ -22,14 +22,14 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* $Id: bsd-misc.h,v 1.10 2003/08/13 10:48:07 dtucker Exp $ */ +/* $Id: bsd-misc.h,v 1.11 2003/08/21 23:34:42 djm Exp $ */ #ifndef _BSD_MISC_H #define _BSD_MISC_H #include "config.h" -char *get_progname(char *); +char *ssh_get_progname(char *); #ifndef HAVE_SETSID #define setsid() setpgrp(0, getpid()) diff --git a/scp.c b/scp.c index cf979f250..4f9247c2d 100644 --- a/scp.c +++ b/scp.c @@ -222,7 +222,7 @@ main(int argc, char **argv) extern char *optarg; extern int optind; - __progname = get_progname(argv[0]); + __progname = ssh_get_progname(argv[0]); args.list = NULL; addargs(&args, "ssh"); /* overwritten with ssh_program */ diff --git a/sftp-server.c b/sftp-server.c index 250814d72..9166853ed 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -1030,7 +1030,7 @@ main(int ac, char **av) /* XXX should use getopt */ - __progname = get_progname(av[0]); + __progname = ssh_get_progname(av[0]); handle_init(); #ifdef DEBUG_SFTP_SERVER diff --git a/sftp.c b/sftp.c index 4354bfd44..c2a6593b8 100644 --- a/sftp.c +++ b/sftp.c @@ -132,7 +132,7 @@ main(int argc, char **argv) extern int optind; extern char *optarg; - __progname = get_progname(argv[0]); + __progname = ssh_get_progname(argv[0]); args.list = NULL; addargs(&args, "ssh"); /* overwritten with ssh_program */ addargs(&args, "-oForwardX11 no"); diff --git a/ssh-add.c b/ssh-add.c index 5b0fbbce6..2e394e5c1 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -319,7 +319,7 @@ main(int argc, char **argv) char *sc_reader_id = NULL; int i, ch, deleting = 0, ret = 0; - __progname = get_progname(argv[0]); + __progname = ssh_get_progname(argv[0]); init_rng(); seed_rng(); diff --git a/ssh-agent.c b/ssh-agent.c index 6c8ff30dd..c05c61468 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1024,7 +1024,7 @@ main(int ac, char **av) SSLeay_add_all_algorithms(); - __progname = get_progname(av[0]); + __progname = ssh_get_progname(av[0]); init_rng(); seed_rng(); diff --git a/ssh-keygen.c b/ssh-keygen.c index 2ce5553f6..dbc514737 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -809,7 +809,7 @@ main(int ac, char **av) extern int optind; extern char *optarg; - __progname = get_progname(av[0]); + __progname = ssh_get_progname(av[0]); SSLeay_add_all_algorithms(); log_init(av[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1); diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 358a1e353..9fa8aaebc 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -697,7 +697,7 @@ main(int argc, char **argv) extern int optind; extern char *optarg; - __progname = get_progname(argv[0]); + __progname = ssh_get_progname(argv[0]); init_rng(); seed_rng(); TAILQ_INIT(&tq); diff --git a/ssh-rand-helper.c b/ssh-rand-helper.c index 88e6e7c05..7e65e4569 100644 --- a/ssh-rand-helper.c +++ b/ssh-rand-helper.c @@ -39,7 +39,7 @@ #include "pathnames.h" #include "log.h" -RCSID("$Id: ssh-rand-helper.c,v 1.12 2003/07/06 05:20:46 dtucker Exp $"); +RCSID("$Id: ssh-rand-helper.c,v 1.13 2003/08/21 23:34:41 djm Exp $"); /* Number of bytes we write out */ #define OUTPUT_SEED_SIZE 48 @@ -769,7 +769,7 @@ main(int argc, char **argv) extern char *optarg; LogLevel ll; - __progname = get_progname(argv[0]); + __progname = ssh_get_progname(argv[0]); log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1); ll = SYSLOG_LEVEL_INFO; diff --git a/ssh.c b/ssh.c index 694bb5acc..46640a857 100644 --- a/ssh.c +++ b/ssh.c @@ -212,7 +212,7 @@ main(int ac, char **av) extern int optind, optreset; extern char *optarg; - __progname = get_progname(av[0]); + __progname = ssh_get_progname(av[0]); init_rng(); /* diff --git a/sshd.c b/sshd.c index dc275b0cb..0e1bde3a3 100644 --- a/sshd.c +++ b/sshd.c @@ -819,7 +819,7 @@ main(int ac, char **av) #ifdef HAVE_SECUREWARE (void)set_auth_parameters(ac, av); #endif - __progname = get_progname(av[0]); + __progname = ssh_get_progname(av[0]); init_rng(); /* Save argv. Duplicate so setproctitle emulation doesn't clobber it */ -- cgit v1.2.3 From a05ec477b32c50aa793d865a231a3ec9d0ab1234 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 23 Sep 2003 18:59:08 +1000 Subject: - markus@cvs.openbsd.org 2003/09/18 08:49:45 [deattack.c misc.c session.c ssh-agent.c] more buffer allocation fixes; from Solar Designer; CAN-2003-0682; ok millert@ --- ChangeLog | 6 +++++- deattack.c | 6 +++--- misc.c | 13 ++++++++----- session.c | 18 ++++++++++-------- ssh-agent.c | 17 +++++++++-------- 5 files changed, 35 insertions(+), 25 deletions(-) (limited to 'ssh-agent.c') diff --git a/ChangeLog b/ChangeLog index 0a73b9948..fd254c761 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,10 @@ - markus@cvs.openbsd.org 2003/09/18 07:54:48 [buffer.c] protect against double free; #660; zardoz at users.sf.net + - markus@cvs.openbsd.org 2003/09/18 08:49:45 + [deattack.c misc.c session.c ssh-agent.c] + more buffer allocation fixes; from Solar Designer; CAN-2003-0682; + ok millert@ 20030922 - (dtucker) [Makefile.in] Bug #644: Fix "make clean" for out-of-tree @@ -1171,4 +1175,4 @@ - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. Report from murple@murple.net, diagnosis from dtucker@zip.com.au -$Id: ChangeLog,v 1.2994.2.29 2003/09/23 08:55:43 dtucker Exp $ +$Id: ChangeLog,v 1.2994.2.30 2003/09/23 08:59:08 dtucker Exp $ diff --git a/deattack.c b/deattack.c index 0442501e7..8b55d6686 100644 --- a/deattack.c +++ b/deattack.c @@ -18,7 +18,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: deattack.c,v 1.18 2002/03/04 17:27:39 stevesk Exp $"); +RCSID("$OpenBSD: deattack.c,v 1.19 2003/09/18 08:49:45 markus Exp $"); #include "deattack.h" #include "log.h" @@ -100,12 +100,12 @@ detect_attack(u_char *buf, u_int32_t len, u_char *IV) if (h == NULL) { debug("Installing crc compensation attack detector."); + h = (u_int16_t *) xmalloc(l * HASH_ENTRYSIZE); n = l; - h = (u_int16_t *) xmalloc(n * HASH_ENTRYSIZE); } else { if (l > n) { + h = (u_int16_t *) xrealloc(h, l * HASH_ENTRYSIZE); n = l; - h = (u_int16_t *) xrealloc(h, n * HASH_ENTRYSIZE); } } diff --git a/misc.c b/misc.c index c457a952c..ac616de02 100644 --- a/misc.c +++ b/misc.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: misc.c,v 1.21 2003/04/12 10:15:36 markus Exp $"); +RCSID("$OpenBSD: misc.c,v 1.22 2003/09/18 08:49:45 markus Exp $"); #include "misc.h" #include "log.h" @@ -308,18 +308,21 @@ addargs(arglist *args, char *fmt, ...) { va_list ap; char buf[1024]; + int nalloc; va_start(ap, fmt); vsnprintf(buf, sizeof(buf), fmt, ap); va_end(ap); + nalloc = args->nalloc; if (args->list == NULL) { - args->nalloc = 32; + nalloc = 32; args->num = 0; - } else if (args->num+2 >= args->nalloc) - args->nalloc *= 2; + } else if (args->num+2 >= nalloc) + nalloc *= 2; - args->list = xrealloc(args->list, args->nalloc * sizeof(char *)); + args->list = xrealloc(args->list, nalloc * sizeof(char *)); + args->nalloc = nalloc; args->list[args->num++] = xstrdup(buf); args->list[args->num] = NULL; } diff --git a/session.c b/session.c index 616fee971..2898ac518 100644 --- a/session.c +++ b/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.163 2003/08/31 13:29:05 markus Exp $"); +RCSID("$OpenBSD: session.c,v 1.164 2003/09/18 08:49:45 markus Exp $"); #include "ssh.h" #include "ssh1.h" @@ -798,8 +798,9 @@ void child_set_env(char ***envp, u_int *envsizep, const char *name, const char *value) { - u_int i, namelen; char **env; + u_int envsize; + u_int i, namelen; /* * If we're passed an uninitialized list, allocate a single null @@ -826,12 +827,13 @@ child_set_env(char ***envp, u_int *envsizep, const char *name, xfree(env[i]); } else { /* New variable. Expand if necessary. */ - if (i >= (*envsizep) - 1) { - if (*envsizep >= 1000) - fatal("child_set_env: too many env vars," - " skipping: %.100s", name); - (*envsizep) += 50; - env = (*envp) = xrealloc(env, (*envsizep) * sizeof(char *)); + envsize = *envsizep; + if (i >= envsize - 1) { + if (envsize >= 1000) + fatal("child_set_env: too many env vars"); + envsize += 50; + env = (*envp) = xrealloc(env, envsize * sizeof(char *)); + *envsizep = envsize; } /* Need to set the NULL pointer at end of array beyond the new slot. */ env[i + 1] = NULL; diff --git a/ssh-agent.c b/ssh-agent.c index c05c61468..e1e6cae9b 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -35,7 +35,7 @@ #include "includes.h" #include "openbsd-compat/sys-queue.h" -RCSID("$OpenBSD: ssh-agent.c,v 1.111 2003/06/12 19:12:03 markus Exp $"); +RCSID("$OpenBSD: ssh-agent.c,v 1.112 2003/09/18 08:49:45 markus Exp $"); #include #include @@ -784,7 +784,7 @@ process_message(SocketEntry *e) static void new_socket(sock_type type, int fd) { - u_int i, old_alloc; + u_int i, old_alloc, new_alloc; if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0) error("fcntl O_NONBLOCK: %s", strerror(errno)); @@ -795,25 +795,26 @@ new_socket(sock_type type, int fd) for (i = 0; i < sockets_alloc; i++) if (sockets[i].type == AUTH_UNUSED) { sockets[i].fd = fd; - sockets[i].type = type; buffer_init(&sockets[i].input); buffer_init(&sockets[i].output); buffer_init(&sockets[i].request); + sockets[i].type = type; return; } old_alloc = sockets_alloc; - sockets_alloc += 10; + new_alloc = sockets_alloc + 10; if (sockets) - sockets = xrealloc(sockets, sockets_alloc * sizeof(sockets[0])); + sockets = xrealloc(sockets, new_alloc * sizeof(sockets[0])); else - sockets = xmalloc(sockets_alloc * sizeof(sockets[0])); - for (i = old_alloc; i < sockets_alloc; i++) + sockets = xmalloc(new_alloc * sizeof(sockets[0])); + for (i = old_alloc; i < new_alloc; i++) sockets[i].type = AUTH_UNUSED; - sockets[old_alloc].type = type; + sockets_alloc = new_alloc; sockets[old_alloc].fd = fd; buffer_init(&sockets[old_alloc].input); buffer_init(&sockets[old_alloc].output); buffer_init(&sockets[old_alloc].request); + sockets[old_alloc].type = type; } static int -- cgit v1.2.3