[openssh-commits] [openssh] 02/03: upstream: Plug mem leaks on error paths, based in part on github
git+noreply at mindrot.org
git+noreply at mindrot.org
Fri Sep 13 14:53:55 AEST 2019
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit b36ee3fcb2f1601693b1b7fd60dd6bd96006ea75
Author: dtucker at openbsd.org <dtucker at openbsd.org>
Date: Fri Sep 13 04:36:43 2019 +0000
upstream: Plug mem leaks on error paths, based in part on github
pr#120 from David Carlier. ok djm at .
OpenBSD-Commit-ID: c57adeb1022a8148fc86e5a88837b3b156dbdb7e
---
auth-options.c | 3 ++-
ssh_api.c | 34 +++++++++++++++++++---------------
2 files changed, 21 insertions(+), 16 deletions(-)
diff --git a/auth-options.c b/auth-options.c
index 6fb59dc7..9550f656 100644
--- a/auth-options.c
+++ b/auth-options.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-options.c,v 1.88 2019/09/06 04:53:27 djm Exp $ */
+/* $OpenBSD: auth-options.c,v 1.89 2019/09/13 04:36:43 dtucker Exp $ */
/*
* Copyright (c) 2018 Damien Miller <djm at mindrot.org>
*
@@ -266,6 +266,7 @@ handle_permit(const char **optsp, int allow_bare_port,
* listen_host wildcard.
*/
if (asprintf(&tmp, "*:%s", opt) == -1) {
+ free(opt);
*errstrp = "memory allocation failed";
return -1;
}
diff --git a/ssh_api.c b/ssh_api.c
index 6ea40b5e..03dac098 100644
--- a/ssh_api.c
+++ b/ssh_api.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh_api.c,v 1.17 2019/09/06 05:23:55 djm Exp $ */
+/* $OpenBSD: ssh_api.c,v 1.18 2019/09/13 04:36:43 dtucker Exp $ */
/*
* Copyright (c) 2012 Markus Friedl. All rights reserved.
*
@@ -330,8 +330,8 @@ _ssh_read_banner(struct ssh *ssh, struct sshbuf *banner)
const char *mismatch = "Protocol mismatch.\r\n";
const u_char *s = sshbuf_ptr(input);
u_char c;
- char *cp, *remote_version;
- int r, remote_major, remote_minor, expect_nl;
+ char *cp = NULL, *remote_version = NULL;
+ int r = 0, remote_major, remote_minor, expect_nl;
size_t n, j;
for (j = n = 0;;) {
@@ -357,10 +357,8 @@ _ssh_read_banner(struct ssh *ssh, struct sshbuf *banner)
if (sshbuf_len(banner) >= 4 &&
memcmp(sshbuf_ptr(banner), "SSH-", 4) == 0)
break;
- if ((cp = sshbuf_dup_string(banner)) == NULL)
- return SSH_ERR_ALLOC_FAIL;
- debug("%s: %s", __func__, cp);
- free(cp);
+ debug("%s: %.*s", __func__, (int)sshbuf_len(banner),
+ sshbuf_ptr(banner));
/* Accept lines before banner only on client */
if (ssh->kex->server || ++n > SSH_MAX_PRE_BANNER_LINES) {
bad:
@@ -373,19 +371,22 @@ _ssh_read_banner(struct ssh *ssh, struct sshbuf *banner)
if ((r = sshbuf_consume(input, j)) != 0)
return r;
- if ((cp = sshbuf_dup_string(banner)) == NULL)
- return SSH_ERR_ALLOC_FAIL;
/* XXX remote version must be the same size as banner for sscanf */
- if ((remote_version = calloc(1, sshbuf_len(banner))) == NULL)
- return SSH_ERR_ALLOC_FAIL;
+ if ((cp = sshbuf_dup_string(banner)) == NULL ||
+ (remote_version = calloc(1, sshbuf_len(banner))) == NULL) {
+ r = SSH_ERR_ALLOC_FAIL;
+ goto out;
+ }
/*
* Check that the versions match. In future this might accept
* several versions and set appropriate flags to handle them.
*/
if (sscanf(cp, "SSH-%d.%d-%[^\n]\n",
- &remote_major, &remote_minor, remote_version) != 3)
- return SSH_ERR_INVALID_FORMAT;
+ &remote_major, &remote_minor, remote_version) != 3) {
+ r = SSH_ERR_INVALID_FORMAT;
+ goto out;
+ }
debug("Remote protocol version %d.%d, remote software version %.100s",
remote_major, remote_minor, remote_version);
@@ -395,10 +396,13 @@ _ssh_read_banner(struct ssh *ssh, struct sshbuf *banner)
remote_minor = 0;
}
if (remote_major != 2)
- return SSH_ERR_PROTOCOL_MISMATCH;
+ r = SSH_ERR_PROTOCOL_MISMATCH;
+
debug("Remote version string %.100s", cp);
+ out:
free(cp);
- return 0;
+ free(remote_version);
+ return r;
}
/* Send our own protocol version identification. */
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list