Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Import new openssh to address 

Changes since OpenSSH 6.3
=========================

This release fixes a security bug:

 * sshd(8): fix a memory corruption problem triggered during rekeying
   when an AES-GCM cipher is selected. Full details of the vulnerability
   are available at: http://www.openssh.com/txt/gcmrekey.adv

Checksums:
==========

 - SHA1 (openssh-6.4.tar.gz) = 4caf1a50eb3a3da821c16298c4aaa576fe24210c
 - SHA1 (openssh-6.4p1.tar.gz) = cf5fe0eb118d7e4f9296fbc5d6884965885fc55d

Reporting Bugs:
===============

- Please read http://www.openssh.com/report.html
  Security bugs should be reported directly to openssh@openssh.com

OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt,
Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre, Tim Rice and
Ben Lindstrom.
This commit is contained in:
christos 2013-11-08 17:58:08 +00:00
parent 2a5e17aeda
commit f123b0a5e8
123 changed files with 2611 additions and 1991 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
crypto/external/bsd/openssh/dist/addrmatch.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: addrmatch.c,v 1.6 2012/06/21 00:16:07 dtucker Exp $ */
/* $OpenBSD: addrmatch.c,v 1.7 2013/05/17 00:13:13 djm Exp $ */
/*
* Copyright (c) 2004-2008 Damien Miller <djm@mindrot.org>
@ -416,7 +416,7 @@ addr_match_list(const char *addr, const char *_list)
goto foundit;
}
}
xfree(o);
free(o);
return ret;
}
@ -490,7 +490,7 @@ addr_match_cidr_list(const char *addr, const char *_list)
continue;
}
}
xfree(o);
free(o);
return ret;
}

12
crypto/external/bsd/openssh/dist/auth-chall.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth-chall.c,v 1.12 2006/08/03 03:34:41 deraadt Exp $ */
/* $OpenBSD: auth-chall.c,v 1.13 2013/05/17 00:13:13 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
@ -58,11 +58,11 @@ get_challenge(Authctxt *authctxt)
fatal("get_challenge: numprompts < 1");
challenge = xstrdup(prompts[0]);
for (i = 0; i < numprompts; i++)
xfree(prompts[i]);
xfree(prompts);
xfree(name);
xfree(echo_on);
xfree(info);
free(prompts[i]);
free(prompts);
free(name);
free(echo_on);
free(info);
return (challenge);
}

19
crypto/external/bsd/openssh/dist/auth-krb5.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth-krb5.c,v 1.19 2006/08/03 03:34:41 deraadt Exp $ */
/* $OpenBSD: auth-krb5.c,v 1.20 2013/07/20 01:55:13 djm Exp $ */
/*
* Kerberos v5 authentication and ticket-passing routines.
*
@ -69,6 +69,7 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
{
krb5_error_code problem;
krb5_ccache ccache = NULL;
const char *errmsg;
temporarily_use_uid(authctxt->pw);
@ -81,7 +82,8 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
if (problem)
goto out;
problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_mcc_ops, &ccache);
problem = krb5_cc_new_unique(authctxt->krb5_ctx,
krb5_mcc_ops.prefix, NULL, &ccache);
if (problem)
goto out;
@ -100,8 +102,8 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
if (problem)
goto out;
problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_fcc_ops,
&authctxt->krb5_fwd_ccache);
problem = krb5_cc_new_unique(authctxt->krb5_ctx,
krb5_fcc_ops.prefix, NULL, &authctxt->krb5_fwd_ccache);
if (problem)
goto out;
@ -122,10 +124,13 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
if (ccache)
krb5_cc_destroy(authctxt->krb5_ctx, ccache);
if (authctxt->krb5_ctx != NULL)
if (authctxt->krb5_ctx != NULL) {
errmsg = krb5_get_error_message(authctxt->krb5_ctx,
problem);
debug("Kerberos password authentication failed: %s",
krb5_get_err_text(authctxt->krb5_ctx, problem));
else
errmsg);
krb5_free_error_message(authctxt->krb5_ctx, errmsg);
} else
debug("Kerberos password authentication failed: %d",
problem);

68
crypto/external/bsd/openssh/dist/auth-options.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth-options.c,v 1.57 2012/12/02 20:46:11 djm Exp $ */
/* $OpenBSD: auth-options.c,v 1.59.2.1 2013/11/08 01:33:56 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -70,15 +70,15 @@ auth_clear_options(void)
while (custom_environment) {
struct envstring *ce = custom_environment;
custom_environment = ce->next;
xfree(ce->s);
xfree(ce);
free(ce->s);
free(ce);
}
if (forced_command) {
xfree(forced_command);
free(forced_command);
forced_command = NULL;
}
if (authorized_principals) {
xfree(authorized_principals);
free(authorized_principals);
authorized_principals = NULL;
}
forced_tun_device = -1;
@ -147,7 +147,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
if (strncasecmp(opts, cp, strlen(cp)) == 0) {
opts += strlen(cp);
if (forced_command != NULL)
xfree(forced_command);
free(forced_command);
forced_command = xmalloc(strlen(opts) + 1);
i = 0;
while (*opts) {
@ -165,7 +165,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
file, linenum);
auth_debug_add("%.100s, line %lu: missing end quote",
file, linenum);
xfree(forced_command);
free(forced_command);
forced_command = NULL;
goto bad_option;
}
@ -178,7 +178,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
if (strncasecmp(opts, cp, strlen(cp)) == 0) {
opts += strlen(cp);
if (authorized_principals != NULL)
xfree(authorized_principals);
free(authorized_principals);
authorized_principals = xmalloc(strlen(opts) + 1);
i = 0;
while (*opts) {
@ -196,7 +196,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
file, linenum);
auth_debug_add("%.100s, line %lu: missing end quote",
file, linenum);
xfree(authorized_principals);
free(authorized_principals);
authorized_principals = NULL;
goto bad_option;
}
@ -230,14 +230,14 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
file, linenum);
auth_debug_add("%.100s, line %lu: missing end quote",
file, linenum);
xfree(s);
free(s);
goto bad_option;
}
s[i] = '\0';
auth_debug_add("Adding to environment: %.900s", s);
debug("Adding to environment: %.900s", s);
opts++;
new_envstring = xmalloc(sizeof(struct envstring));
new_envstring = xcalloc(1, sizeof(struct envstring));
new_envstring->s = s;
new_envstring->next = custom_environment;
custom_environment = new_envstring;
@ -267,7 +267,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
file, linenum);
auth_debug_add("%.100s, line %lu: missing end quote",
file, linenum);
xfree(patterns);
free(patterns);
goto bad_option;
}
patterns[i] = '\0';
@ -275,7 +275,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
switch (match_host_and_ip(remote_host, remote_ip,
patterns)) {
case 1:
xfree(patterns);
free(patterns);
/* Host name matches. */
goto next_option;
case -1:
@ -285,7 +285,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
"invalid criteria", file, linenum);
/* FALLTHROUGH */
case 0:
xfree(patterns);
free(patterns);
logit("Authentication tried for %.100s with "
"correct key but not from a permitted "
"host (host=%.200s, ip=%.200s).",
@ -321,7 +321,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
file, linenum);
auth_debug_add("%.100s, line %lu: missing "
"end quote", file, linenum);
xfree(patterns);
free(patterns);
goto bad_option;
}
patterns[i] = '\0';
@ -335,7 +335,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
auth_debug_add("%.100s, line %lu: "
"Bad permitopen specification", file,
linenum);
xfree(patterns);
free(patterns);
goto bad_option;
}
host = cleanhostname(host);
@ -344,12 +344,12 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
"<%.100s>", file, linenum, p ? p : "");
auth_debug_add("%.100s, line %lu: "
"Bad permitopen port", file, linenum);
xfree(patterns);
free(patterns);
goto bad_option;
}
if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0)
channel_add_permitted_opens(host, port);
xfree(patterns);
free(patterns);
goto next_option;
}
cp = "tunnel=\"";
@ -368,13 +368,13 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
file, linenum);
auth_debug_add("%.100s, line %lu: missing end quote",
file, linenum);
xfree(tun);
free(tun);
forced_tun_device = -1;
goto bad_option;
}
tun[i] = '\0';
forced_tun_device = a2tun(tun, NULL);
xfree(tun);
free(tun);
if (forced_tun_device == SSH_TUNID_ERR) {
debug("%.100s, line %lu: invalid tun device",
file, linenum);
@ -430,7 +430,8 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
{
char *command, *allowed;
const char *remote_ip;
u_char *name = NULL, *data_blob = NULL;
char *name = NULL;
u_char *data_blob = NULL;
u_int nlen, dlen, clen;
Buffer c, data;
int ret = -1, found;
@ -482,7 +483,7 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
if (*cert_forced_command != NULL) {
error("Certificate has multiple "
"force-command options");
xfree(command);
free(command);
goto out;
}
*cert_forced_command = command;
@ -498,7 +499,7 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
if ((*cert_source_address_done)++) {
error("Certificate has multiple "
"source-address options");
xfree(allowed);
free(allowed);
goto out;
}
remote_ip = get_remote_ipaddr();
@ -506,7 +507,7 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
allowed)) {
case 1:
/* accepted */
xfree(allowed);
free(allowed);
break;
case 0:
/* no match */
@ -519,12 +520,12 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
"is not permitted to use this "
"certificate for login.",
remote_ip);
xfree(allowed);
free(allowed);
goto out;
case -1:
error("Certificate source-address "
"contents invalid");
xfree(allowed);
free(allowed);
goto out;
}
found = 1;
@ -546,9 +547,10 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
goto out;
}
buffer_clear(&data);
xfree(name);
xfree(data_blob);
name = data_blob = NULL;
free(name);
free(data_blob);
name = NULL;
data_blob = NULL;
}
/* successfully parsed all options */
ret = 0;
@ -557,13 +559,13 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
if (ret != 0 &&
cert_forced_command != NULL &&
*cert_forced_command != NULL) {
xfree(*cert_forced_command);
free(*cert_forced_command);
*cert_forced_command = NULL;
}
if (name != NULL)
xfree(name);
free(name);
if (data_blob != NULL)
xfree(data_blob);
free(data_blob);
buffer_free(&data);
buffer_free(&c);
return ret;
@ -625,7 +627,7 @@ auth_cert_options(Key *k, struct passwd *pw)
/* CA-specified forced command supersedes key option */
if (cert_forced_command != NULL) {
if (forced_command != NULL)
xfree(forced_command);
free(forced_command);
forced_command = cert_forced_command;
}
return 0;

23
crypto/external/bsd/openssh/dist/auth-rsa.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth-rsa.c,v 1.81 2012/10/30 21:29:54 djm Exp $ */
/* $OpenBSD: auth-rsa.c,v 1.85 2013/07/12 00:19:58 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -161,9 +161,8 @@ static int
rsa_key_allowed_in_file(struct passwd *pw, char *file,
const BIGNUM *client_n, Key **rkey)
{
char line[SSH_MAX_PUBKEY_BYTES];
int allowed = 0;
u_int bits;
char *fp, line[SSH_MAX_PUBKEY_BYTES];
int allowed = 0, bits;
FILE *f;
u_long linenum = 0;
Key *key;
@ -224,11 +223,16 @@ rsa_key_allowed_in_file(struct passwd *pw, char *file,
/* check the real bits */
keybits = BN_num_bits(key->rsa->n);
if (keybits < 0 || bits != (u_int)keybits)
if (keybits < 0 || bits != keybits)
logit("Warning: %s, line %lu: keysize mismatch: "
"actual %d vs. announced %d.",
file, linenum, BN_num_bits(key->rsa->n), bits);
fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
debug("matching key found: file %s, line %lu %s %s",
file, linenum, key_type(key), fp);
free(fp);
/* Never accept a revoked key */
if (auth_key_is_revoked(key))
break;
@ -278,7 +282,7 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
file = expand_authorized_keys(
options.authorized_keys_files[i], pw);
allowed = rsa_key_allowed_in_file(pw, file, client_n, rkey);
xfree(file);
free(file);
}
restore_uid();
@ -295,7 +299,6 @@ int
auth_rsa(Authctxt *authctxt, BIGNUM *client_n)
{
Key *key;
char *fp;
struct passwd *pw = authctxt->pw;
/* no user given */
@ -325,11 +328,7 @@ auth_rsa(Authctxt *authctxt, BIGNUM *client_n)
* options; this will be reset if the options cause the
* authentication to be rejected.
*/
fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
verbose("Found matching %s key: %s",
key_type(key), fp);
xfree(fp);
key_free(key);
pubkey_auth_info(authctxt, key, NULL);
packet_send_debug("RSA authentication accepted.");
return (1);

44
crypto/external/bsd/openssh/dist/auth.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth.c,v 1.101 2013/02/06 00:22:21 dtucker Exp $ */
/* $OpenBSD: auth.c,v 1.103 2013/05/19 02:42:42 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@ -58,6 +58,7 @@
#include "authfile.h"
#include "monitor_wrap.h"
#include "krl.h"
#include "compat.h"
/* import */
extern ServerOptions options;
@ -99,17 +100,17 @@ allowed_user(struct passwd * pw)
if (stat(shell, &st) != 0) {
logit("User %.100s not allowed because shell %.100s "
"does not exist", pw->pw_name, shell);
xfree(shell);
free(shell);
return 0;
}
if (S_ISREG(st.st_mode) == 0 ||
(st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)) == 0) {
logit("User %.100s not allowed because shell %.100s "
"is not executable", pw->pw_name, shell);
xfree(shell);
free(shell);
return 0;
}
xfree(shell);
free(shell);
}
if (options.num_deny_users > 0 || options.num_allow_users > 0 ||
@ -179,9 +180,26 @@ allowed_user(struct passwd * pw)
return 1;
}
void
auth_info(Authctxt *authctxt, const char *fmt, ...)
{
va_list ap;
int i;
free(authctxt->info);
authctxt->info = NULL;
va_start(ap, fmt);
i = vasprintf(&authctxt->info, fmt, ap);
va_end(ap);
if (i < 0 || authctxt->info == NULL)
fatal("vasprintf failed");
}
void
auth_log(Authctxt *authctxt, int authenticated, int partial,
const char *method, const char *submethod, const char *info)
const char *method, const char *submethod)
{
void (*authlog) (const char *fmt,...) = verbose;
char *authmsg;
@ -203,7 +221,7 @@ auth_log(Authctxt *authctxt, int authenticated, int partial,
else
authmsg = authenticated ? "Accepted" : "Failed";
authlog("%s %s%s%s for %s%.100s from %.200s port %d%s",
authlog("%s %s%s%s for %s%.100s from %.200s port %d %s%s%s",
authmsg,
method,
submethod != NULL ? "/" : "", submethod == NULL ? "" : submethod,
@ -211,7 +229,11 @@ auth_log(Authctxt *authctxt, int authenticated, int partial,
authctxt->user,
get_remote_ipaddr(),
get_remote_port(),
info);
compat20 ? "ssh2" : "ssh1",
authctxt->info != NULL ? ": " : "",
authctxt->info != NULL ? authctxt->info : "");
free(authctxt->info);
authctxt->info = NULL;
}
/*
@ -265,7 +287,7 @@ expand_authorized_keys(const char *filename, struct passwd *pw)
i = snprintf(ret, sizeof(ret), "%s/%s", pw->pw_dir, file);
if (i < 0 || (size_t)i >= sizeof(ret))
fatal("expand_authorized_keys: path too long");
xfree(file);
free(file);
return (xstrdup(ret));
}
@ -307,7 +329,7 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host,
load_hostkeys(hostkeys, host, user_hostfile);
restore_uid();
}
xfree(user_hostfile);
free(user_hostfile);
}
host_status = check_key_in_hostkeys(hostkeys, key, &found);
if (host_status == HOST_REVOKED)
@ -540,7 +562,7 @@ auth_key_is_revoked(Key *key)
key_fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
error("WARNING: authentication attempt with a revoked "
"%s key %s ", key_type(key), key_fp);
xfree(key_fp);
free(key_fp);
return 1;
}
fatal("key_in_file returned junk");
@ -571,7 +593,7 @@ auth_debug_send(void)
while (buffer_len(&auth_debug)) {
msg = buffer_get_string(&auth_debug, NULL);
packet_send_debug("%s", msg);
xfree(msg);
free(msg);
}
}

16
crypto/external/bsd/openssh/dist/auth.h vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth.h,v 1.72 2012/12/02 20:34:09 djm Exp $ */
/* $OpenBSD: auth.h,v 1.76 2013/07/19 07:37:48 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@ -55,6 +55,7 @@ struct Authctxt {
struct passwd *pw; /* set if 'valid' */
char *style;
void *kbdintctxt;
char *info; /* Extra info for next auth_log */
void *jpake_ctx;
auth_session_t *as;
char **auth_methods; /* modified from server config */
@ -112,6 +113,8 @@ int auth_rsa_key_allowed(struct passwd *, BIGNUM *, Key **);
int auth_rhosts_rsa_key_allowed(struct passwd *, char *, char *, Key *);
int hostbased_key_allowed(struct passwd *, const char *, char *, Key *);
int user_key_allowed(struct passwd *, Key *);
void pubkey_auth_info(Authctxt *, const Key *, const char *, ...)
__attribute__((__format__ (printf, 3, 4)));
struct stat;
int auth_secure_path(const char *, struct stat *, const char *, uid_t,
@ -127,15 +130,18 @@ void krb5_cleanup_proc(Authctxt *authctxt);
void do_authentication(Authctxt *);
void do_authentication2(Authctxt *);
void auth_log(Authctxt *, int, int, const char *, const char *,
const char *);
void auth_info(Authctxt *authctxt, const char *, ...)
__attribute__((__format__ (printf, 2, 3)))
__attribute__((__nonnull__ (2)));
void auth_log(Authctxt *, int, int, const char *, const char *);
void userauth_finish(Authctxt *, int, const char *, const char *);
int auth_root_allowed(const char *);
char *auth2_read_banner(void);
int auth2_methods_valid(const char *, int);
int auth2_update_methods_lists(Authctxt *, const char *);
int auth2_update_methods_lists(Authctxt *, const char *, const char *);
int auth2_setup_methods_lists(Authctxt *);
int auth2_method_allowed(Authctxt *, const char *, const char *);
void privsep_challenge_enable(void);
@ -168,10 +174,12 @@ check_key_in_hostfiles(struct passwd *, Key *, const char *,
/* hostkey handling */
Key *get_hostkey_by_index(int);
Key *get_hostkey_public_by_index(int);
Key *get_hostkey_public_by_type(int);
Key *get_hostkey_private_by_type(int);
int get_hostkey_index(Key *);
int ssh1_session_key(BIGNUM *);
void sshd_hostkey_sign(Key *, Key *, u_char **, u_int *, u_char *, u_int);
/* debug messages during authentication */
void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2)));

43
crypto/external/bsd/openssh/dist/auth1.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth1.c,v 1.77 2012/12/02 20:34:09 djm Exp $ */
/* $OpenBSD: auth1.c,v 1.79 2013/05/19 02:42:42 djm Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
@ -40,17 +40,17 @@
/* import */
extern ServerOptions options;
static int auth1_process_password(Authctxt *, char *, size_t);
static int auth1_process_rsa(Authctxt *, char *, size_t);
static int auth1_process_rhosts_rsa(Authctxt *, char *, size_t);
static int auth1_process_tis_challenge(Authctxt *, char *, size_t);
static int auth1_process_tis_response(Authctxt *, char *, size_t);
static int auth1_process_password(Authctxt *);
static int auth1_process_rsa(Authctxt *);
static int auth1_process_rhosts_rsa(Authctxt *);
static int auth1_process_tis_challenge(Authctxt *);
static int auth1_process_tis_response(Authctxt *);
struct AuthMethod1 {
int type;
char *name;
int *enabled;
int (*method)(Authctxt *, char *, size_t);
int (*method)(Authctxt *);
};
const struct AuthMethod1 auth1_methods[] = {
@ -105,7 +105,7 @@ get_authname(int type)
/*ARGSUSED*/
static int
auth1_process_password(Authctxt *authctxt, char *info, size_t infolen)
auth1_process_password(Authctxt *authctxt)
{
int authenticated = 0;
char *password;
@ -123,14 +123,14 @@ auth1_process_password(Authctxt *authctxt, char *info, size_t infolen)
authenticated = PRIVSEP(auth_password(authctxt, password));
memset(password, 0, dlen);
xfree(password);
free(password);
return (authenticated);
}
/*ARGSUSED*/
static int
auth1_process_rsa(Authctxt *authctxt, char *info, size_t infolen)
auth1_process_rsa(Authctxt *authctxt)
{
int authenticated = 0;
BIGNUM *n;
@ -148,7 +148,7 @@ auth1_process_rsa(Authctxt *authctxt, char *info, size_t infolen)
/*ARGSUSED*/
static int
auth1_process_rhosts_rsa(Authctxt *authctxt, char *info, size_t infolen)
auth1_process_rhosts_rsa(Authctxt *authctxt)
{
int keybits, authenticated = 0;
u_int bits;
@ -181,15 +181,15 @@ auth1_process_rhosts_rsa(Authctxt *authctxt, char *info, size_t infolen)
client_host_key);
key_free(client_host_key);
snprintf(info, infolen, " ruser %.100s", client_user);
xfree(client_user);
auth_info(authctxt, "ruser %.100s", client_user);
free(client_user);
return (authenticated);
}
/*ARGSUSED*/
static int
auth1_process_tis_challenge(Authctxt *authctxt, char *info, size_t infolen)
auth1_process_tis_challenge(Authctxt *authctxt)
{
char *challenge;
@ -199,7 +199,7 @@ auth1_process_tis_challenge(Authctxt *authctxt, char *info, size_t infolen)
debug("sending challenge '%s'", challenge);
packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE);
packet_put_cstring(challenge);
xfree(challenge);
free(challenge);
packet_send();
packet_write_wait();
@ -208,7 +208,7 @@ auth1_process_tis_challenge(Authctxt *authctxt, char *info, size_t infolen)
/*ARGSUSED*/
static int
auth1_process_tis_response(Authctxt *authctxt, char *info, size_t infolen)
auth1_process_tis_response(Authctxt *authctxt)
{
int authenticated = 0;
char *response;
@ -218,7 +218,7 @@ auth1_process_tis_response(Authctxt *authctxt, char *info, size_t infolen)
packet_check_eom();
authenticated = verify_response(authctxt, response);
memset(response, 'r', dlen);
xfree(response);
free(response);
return (authenticated);
}
@ -231,7 +231,6 @@ static void
do_authloop(Authctxt *authctxt)
{
int authenticated = 0;
char info[1024];
int type = 0;
const struct AuthMethod1 *meth;
@ -244,7 +243,7 @@ do_authloop(Authctxt *authctxt)
(!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
#endif
PRIVSEP(auth_password(authctxt, ""))) {
auth_log(authctxt, 1, 0, "without authentication", NULL, "");
auth_log(authctxt, 1, 0, "without authentication", NULL);
return;
}
@ -257,7 +256,6 @@ do_authloop(Authctxt *authctxt)
/* default to fail */
authenticated = 0;
info[0] = '\0';
/* Get a packet from the client. */
type = packet_read();
@ -274,7 +272,7 @@ do_authloop(Authctxt *authctxt)
goto skip;
}
authenticated = meth->method(authctxt, info, sizeof(info));
authenticated = meth->method(authctxt);
if (authenticated == -1)
continue; /* "postponed" */
@ -293,8 +291,7 @@ do_authloop(Authctxt *authctxt)
skip:
/* Log before sending the reply */
auth_log(authctxt, authenticated, 0, get_authname(type),
NULL, info);
auth_log(authctxt, authenticated, 0, get_authname(type), NULL);
if (authenticated)
return;

39
crypto/external/bsd/openssh/dist/auth2-chall.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth2-chall.c,v 1.36 2012/12/03 00:14:06 djm Exp $ */
/* $OpenBSD: auth2-chall.c,v 1.38.2.1 2013/11/08 01:33:56 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2001 Per Allansson. All rights reserved.
@ -66,7 +66,7 @@ kbdint_alloc(const char *devs)
Buffer b;
int i;
kbdintctxt = xmalloc(sizeof(KbdintAuthctxt));
kbdintctxt = xcalloc(1, sizeof(KbdintAuthctxt));
if (strcmp(devs, "") == 0) {
buffer_init(&b);
for (i = 0; devices[i]; i++) {
@ -102,15 +102,13 @@ kbdint_free(KbdintAuthctxt *kbdintctxt)
{
if (kbdintctxt->device)
kbdint_reset_device(kbdintctxt);
if (kbdintctxt->devices) {
xfree(kbdintctxt->devices);
kbdintctxt->devices = NULL;
}
xfree(kbdintctxt);
free(kbdintctxt->devices);
bzero(kbdintctxt, sizeof(*kbdintctxt));
free(kbdintctxt);
}
/* get next device */
static int
kbdint_next_device(KbdintAuthctxt *kbdintctxt)
kbdint_next_device(Authctxt *authctxt, KbdintAuthctxt *kbdintctxt)
{
size_t len;
char *t;
@ -124,12 +122,16 @@ kbdint_next_device(KbdintAuthctxt *kbdintctxt)
if (len == 0)
break;
for (i = 0; devices[i]; i++)
for (i = 0; devices[i]; i++) {
if (!auth2_method_allowed(authctxt,
"keyboard-interactive", devices[i]->name))
continue;
if (strncmp(kbdintctxt->devices, devices[i]->name, len) == 0)
kbdintctxt->device = devices[i];
}
t = kbdintctxt->devices;
kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL;
xfree(t);
free(t);
debug2("kbdint_next_device: devices %s", kbdintctxt->devices ?
kbdintctxt->devices : "<empty>");
} while (kbdintctxt->devices && !kbdintctxt->device);
@ -176,7 +178,7 @@ auth2_challenge_start(Authctxt *authctxt)
debug2("auth2_challenge_start: devices %s",
kbdintctxt->devices ? kbdintctxt->devices : "<empty>");
if (kbdint_next_device(kbdintctxt) == 0) {
if (kbdint_next_device(authctxt, kbdintctxt) == 0) {
auth2_challenge_stop(authctxt);
return 0;
}
@ -223,11 +225,11 @@ send_userauth_info_request(Authctxt *authctxt)
packet_write_wait();
for (i = 0; i < kbdintctxt->nreq; i++)
xfree(prompts[i]);
xfree(prompts);
xfree(echo_on);
xfree(name);
xfree(instr);
free(prompts[i]);
free(prompts);
free(echo_on);
free(name);
free(instr);
return 1;
}
@ -266,10 +268,9 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
for (i = 0; i < nresp; i++) {
memset(response[i], 'r', strlen(response[i]));
xfree(response[i]);
free(response[i]);
}
if (response)
xfree(response);
free(response);
switch (res) {
case 0:

20
crypto/external/bsd/openssh/dist/auth2-gss.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth2-gss.c,v 1.18 2012/12/02 20:34:09 djm Exp $ */
/* $OpenBSD: auth2-gss.c,v 1.20 2013/05/17 00:13:13 djm Exp $ */
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@ -77,8 +77,7 @@ userauth_gssapi(Authctxt *authctxt)
do {
mechs--;
if (doid)
xfree(doid);
free(doid);
present = 0;
doid = packet_get_string(&len);
@ -97,7 +96,7 @@ userauth_gssapi(Authctxt *authctxt)
gss_release_oid_set(&ms, &supported);
if (!present) {
xfree(doid);
free(doid);
authctxt->server_caused_failure = 1;
return (0);
}
@ -105,7 +104,7 @@ userauth_gssapi(Authctxt *authctxt)
if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, &goid)))) {
if (ctxt != NULL)
ssh_gssapi_delete_ctx(&ctxt);
xfree(doid);
free(doid);
authctxt->server_caused_failure = 1;
return (0);
}
@ -118,7 +117,7 @@ userauth_gssapi(Authctxt *authctxt)
packet_put_string(doid, len);
packet_send();
xfree(doid);
free(doid);
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, &input_gssapi_token);
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_gssapi_errtok);
@ -149,7 +148,7 @@ input_gssapi_token(int type, u_int32_t plen, void *ctxt)
maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok,
&send_tok, &flags));
xfree(recv_tok.value);
free(recv_tok.value);
if (GSS_ERROR(maj_status)) {
if (send_tok.length != 0) {
@ -204,7 +203,7 @@ input_gssapi_errtok(int type, u_int32_t plen, void *ctxt)
maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok,
&send_tok, NULL));
xfree(recv_tok.value);
free(recv_tok.value);
/* We can't return anything to the client, even if we wanted to */
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
@ -225,14 +224,11 @@ static void
input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt)
{
Authctxt *authctxt = ctxt;
Gssctxt *gssctxt;
int authenticated;
if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep))
fatal("No authentication or GSSAPI context");
gssctxt = authctxt->methoddata;
/*
* We don't need to check the status, because we're only enabled in
* the dispatcher once the exchange is complete
@ -280,7 +276,7 @@ input_gssapi_mic(int type, u_int32_t plen, void *ctxt)
logit("GSSAPI MIC check failed");
buffer_free(&b);
xfree(mic.value);
free(mic.value);
authctxt->postponed = 0;
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);

18
crypto/external/bsd/openssh/dist/auth2-hostbased.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth2-hostbased.c,v 1.14 2010/08/04 05:42:47 djm Exp $ */
/* $OpenBSD: auth2-hostbased.c,v 1.16 2013/06/21 00:34:49 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@ -115,6 +115,10 @@ userauth_hostbased(Authctxt *authctxt)
#ifdef DEBUG_PK
buffer_dump(&b);
#endif
pubkey_auth_info(authctxt, key,
"client user \"%.100s\", client host \"%.100s\"", cuser, chost);
/* test for allowed key and correct signature */
authenticated = 0;
if (PRIVSEP(hostbased_key_allowed(authctxt->pw, cuser, chost, key)) &&
@ -127,11 +131,11 @@ done:
debug2("userauth_hostbased: authenticated %d", authenticated);
if (key != NULL)
key_free(key);
xfree(pkalg);
xfree(pkblob);
xfree(cuser);
xfree(chost);
xfree(sig);
free(pkalg);
free(pkblob);
free(cuser);
free(chost);
free(sig);
return authenticated;
}
@ -206,7 +210,7 @@ hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,
verbose("Accepted %s public key %s from %s@%s",
key_type(key), fp, cuser, lookup);
}
xfree(fp);
free(fp);
}
return (host_status == HOST_OK);

24
crypto/external/bsd/openssh/dist/auth2-jpake.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth2-jpake.c,v 1.5 2012/12/02 20:34:09 djm Exp $ */
/* $OpenBSD: auth2-jpake.c,v 1.6 2013/05/17 00:13:13 djm Exp $ */
/*
* Copyright (c) 2008 Damien Miller. All rights reserved.
*
@ -179,7 +179,7 @@ derive_rawsalt(const char *username, u_char *rawsalt, u_int len)
__func__, len, digest_len);
memcpy(rawsalt, digest, len);
bzero(digest, digest_len);
xfree(digest);
free(digest);
}
/* ASCII an integer [0, 64) for inclusion in a password/salt */
@ -258,7 +258,7 @@ fake_salt_and_scheme(Authctxt *authctxt, char **salt, char **scheme)
makesalt(22, authctxt->user));
*scheme = xstrdup("bcrypt");
}
xfree(style);
free(style);
debug3("%s: fake %s salt for user %s: %s",
__func__, *scheme, authctxt->user, *salt);
}
@ -361,7 +361,7 @@ auth2_jpake_get_pwdata(Authctxt *authctxt, BIGNUM **s,
JPAKE_DEBUG_BN((*s, "%s: s = ", __func__));
#endif
bzero(secret, secret_len);
xfree(secret);
free(secret);
}
/*
@ -403,12 +403,12 @@ auth2_jpake_start(Authctxt *authctxt)
bzero(hash_scheme, strlen(hash_scheme));
bzero(salt, strlen(salt));
xfree(hash_scheme);
xfree(salt);
free(hash_scheme);
free(salt);
bzero(x3_proof, x3_proof_len);
bzero(x4_proof, x4_proof_len);
xfree(x3_proof);
xfree(x4_proof);
free(x3_proof);
free(x4_proof);
/* Expect step 1 packet from peer */
dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP1,
@ -455,8 +455,8 @@ input_userauth_jpake_client_step1(int type, u_int32_t seq, void *ctxt)
bzero(x1_proof, x1_proof_len);
bzero(x2_proof, x2_proof_len);
xfree(x1_proof);
xfree(x2_proof);
free(x1_proof);
free(x2_proof);
if (!use_privsep)
JPAKE_DEBUG_CTX((pctx, "step 2 sending in %s", __func__));
@ -469,7 +469,7 @@ input_userauth_jpake_client_step1(int type, u_int32_t seq, void *ctxt)
packet_write_wait();
bzero(x4_s_proof, x4_s_proof_len);
xfree(x4_s_proof);
free(x4_s_proof);
/* Expect step 2 packet from peer */
dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP2,
@ -510,7 +510,7 @@ input_userauth_jpake_client_step2(int type, u_int32_t seq, void *ctxt)
&pctx->h_k_sid_sessid, &pctx->h_k_sid_sessid_len));
bzero(x2_s_proof, x2_s_proof_len);
xfree(x2_s_proof);
free(x2_s_proof);
if (!use_privsep)
JPAKE_DEBUG_CTX((pctx, "confirm sending in %s", __func__));

6
crypto/external/bsd/openssh/dist/auth2-kbdint.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth2-kbdint.c,v 1.5 2006/08/03 03:34:41 deraadt Exp $ */
/* $OpenBSD: auth2-kbdint.c,v 1.6 2013/05/17 00:13:13 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@ -52,8 +52,8 @@ userauth_kbdint(Authctxt *authctxt)
if (options.challenge_response_authentication)
authenticated = auth2_challenge(authctxt, devs);
xfree(devs);
xfree(lang);
free(devs);
free(lang);
return authenticated;
}

6
crypto/external/bsd/openssh/dist/auth2-passwd.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth2-passwd.c,v 1.9 2006/08/03 03:34:41 deraadt Exp $ */
/* $OpenBSD: auth2-passwd.c,v 1.10 2013/05/17 00:13:13 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@ -58,7 +58,7 @@ userauth_passwd(Authctxt *authctxt)
/* discard new password from packet */
newpass = packet_get_string(&newlen);
memset(newpass, 0, newlen);
xfree(newpass);
free(newpass);
}
packet_check_eom();
@ -67,7 +67,7 @@ userauth_passwd(Authctxt *authctxt)
else if (PRIVSEP(auth_password(authctxt, password)) == 1)
authenticated = 1;
memset(password, 0, len);
xfree(password);
free(password);
return authenticated;
}

85
crypto/external/bsd/openssh/dist/auth2-pubkey.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth2-pubkey.c,v 1.34 2013/02/14 21:35:59 djm Exp $ */
/* $OpenBSD: auth2-pubkey.c,v 1.38 2013/06/21 00:34:49 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@ -72,7 +72,7 @@ userauth_pubkey(Authctxt *authctxt)
{
Buffer b;
Key *key = NULL;
char *pkalg;
char *pkalg, *userstyle;
u_char *pkblob, *sig;
u_int alen, blen, slen;
int have_sig, pktype;
@ -124,7 +124,11 @@ userauth_pubkey(Authctxt *authctxt)
}
/* reconstruct packet */
buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
buffer_put_cstring(&b, authctxt->user);
xasprintf(&userstyle, "%s%s%s", authctxt->user,
authctxt->style ? ":" : "",
authctxt->style ? authctxt->style : "");
buffer_put_cstring(&b, userstyle);
free(userstyle);
buffer_put_cstring(&b,
datafellows & SSH_BUG_PKSERVICE ?
"ssh-userauth" :
@ -140,6 +144,8 @@ userauth_pubkey(Authctxt *authctxt)
#ifdef DEBUG_PK
buffer_dump(&b);
#endif
pubkey_auth_info(authctxt, key, NULL);
/* test for correct signature */
authenticated = 0;
if (PRIVSEP(user_key_allowed(authctxt->pw, key)) &&
@ -147,7 +153,7 @@ userauth_pubkey(Authctxt *authctxt)
buffer_len(&b))) == 1)
authenticated = 1;
buffer_free(&b);
xfree(sig);
free(sig);
} else {
debug("test whether pkalg/pkblob are acceptable");
packet_check_eom();
@ -175,11 +181,45 @@ done:
debug2("userauth_pubkey: authenticated %d pkalg %s", authenticated, pkalg);
if (key != NULL)
key_free(key);
xfree(pkalg);
xfree(pkblob);
free(pkalg);
free(pkblob);
return authenticated;
}
void
pubkey_auth_info(Authctxt *authctxt, const Key *key, const char *fmt, ...)
{
char *fp, *extra;
va_list ap;
int i;
extra = NULL;
if (fmt != NULL) {
va_start(ap, fmt);
i = vasprintf(&extra, fmt, ap);
va_end(ap);
if (i < 0 || extra == NULL)
fatal("%s: vasprintf failed", __func__);
}
if (key_is_cert(key)) {
fp = key_fingerprint(key->cert->signature_key,
SSH_FP_MD5, SSH_FP_HEX);
auth_info(authctxt, "%s ID %s (serial %llu) CA %s %s%s%s",
key_type(key), key->cert->key_id,
(unsigned long long)key->cert->serial,
key_type(key->cert->signature_key), fp,
extra == NULL ? "" : ", ", extra == NULL ? "" : extra);
free(fp);
} else {
fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
auth_info(authctxt, "%s %s%s%s", key_type(key), fp,
extra == NULL ? "" : ", ", extra == NULL ? "" : extra);
free(fp);
}
free(extra);
}
static int
match_principals_option(const char *principal_list, struct KeyCert *cert)
{
@ -193,7 +233,7 @@ match_principals_option(const char *principal_list, struct KeyCert *cert)
principal_list, NULL)) != NULL) {
debug3("matched principal from key options \"%.100s\"",
result);
xfree(result);
free(result);
return 1;
}
}
@ -273,11 +313,13 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
char *fp;
found_key = 0;
found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type);
found = NULL;
while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
char *cp, *key_options = NULL;
if (found != NULL)
key_free(found);
found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type);
auth_clear_options();
/* Skip leading whitespace, empty and comment lines. */
@ -329,7 +371,7 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
reason = "Certificate does not contain an "
"authorized principal";
fail_reason:
xfree(fp);
free(fp);
error("%s", reason);
auth_debug_add("%s", reason);
continue;
@ -339,13 +381,13 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
&reason) != 0)
goto fail_reason;
if (auth_cert_options(key, pw) != 0) {
xfree(fp);
free(fp);
continue;
}
verbose("Accepted certificate ID \"%s\" "
"signed by %s CA %s via %s", key->cert->key_id,
key_type(found), fp, file);
xfree(fp);
free(fp);
found_key = 1;
break;
} else if (key_equal(found, key)) {
@ -355,16 +397,15 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
if (key_is_cert_authority)
continue;
found_key = 1;
debug("matching key found: file %s, line %lu",
file, linenum);
fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX);
verbose("Found matching %s key: %s",
key_type(found), fp);
xfree(fp);
debug("matching key found: file %s, line %lu %s %s",
file, linenum, key_type(found), fp);
free(fp);
break;
}
}
key_free(found);
if (found != NULL)
key_free(found);
if (!found_key)
debug2("key not found");
return found_key;
@ -418,10 +459,8 @@ user_cert_trusted_ca(struct passwd *pw, Key *key)
ret = 1;
out:
if (principals_file != NULL)
xfree(principals_file);
if (ca_fp != NULL)
xfree(ca_fp);
free(principals_file);
free(ca_fp);
return ret;
}
@ -626,7 +665,7 @@ user_key_allowed(struct passwd *pw, Key *key)
options.authorized_keys_files[i], pw);
success = user_key_allowed2(pw, key, file);
xfree(file);
free(file);
}
return success;

93
crypto/external/bsd/openssh/dist/auth2.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth2.c,v 1.126 2012/12/02 20:34:09 djm Exp $ */
/* $OpenBSD: auth2.c,v 1.129 2013/05/19 02:42:42 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@ -94,8 +94,12 @@ static void input_userauth_request(int, u_int32_t, void *);
/* helper */
static Authmethod *authmethod_lookup(Authctxt *, const char *);
static char *authmethods_get(Authctxt *authctxt);
static int method_allowed(Authctxt *, const char *);
static int list_starts_with(const char *, const char *);
#define MATCH_NONE 0 /* method or submethod mismatch */
#define MATCH_METHOD 1 /* method matches (no submethod specified) */
#define MATCH_BOTH 2 /* method and submethod match */
#define MATCH_PARTIAL 3 /* method matches, submethod can't be checked */
static int list_starts_with(const char *, const char *, const char *);
char *
auth2_read_banner(void)
@ -122,7 +126,7 @@ auth2_read_banner(void)
close(fd);
if (n != len) {
xfree(banner);
free(banner);
return (NULL);
}
banner[n] = '\0';
@ -149,8 +153,7 @@ userauth_banner(void)
packet_send();
debug("userauth_banner: sent");
done:
if (banner)
xfree(banner);
free(banner);
}
/*
@ -195,7 +198,7 @@ input_service_request(int type, u_int32_t seq, void *ctxt)
debug("bad service request %s", service);
packet_disconnect("bad service request %s", service);
}
xfree(service);
free(service);
}
/*ARGSUSED*/
@ -268,9 +271,9 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
}
userauth_finish(authctxt, authenticated, method, NULL);
xfree(service);
xfree(user);
xfree(method);
free(service);
free(user);
free(method);
}
void
@ -292,14 +295,14 @@ userauth_finish(Authctxt *authctxt, int authenticated, const char *method,
authenticated = 0;
if (authenticated && options.num_auth_methods != 0) {
if (!auth2_update_methods_lists(authctxt, method)) {
if (!auth2_update_methods_lists(authctxt, method, submethod)) {
authenticated = 0;
partial = 1;
}
}
/* Log before sending the reply */
auth_log(authctxt, authenticated, partial, method, submethod, " ssh2");
auth_log(authctxt, authenticated, partial, method, submethod);
if (authctxt->postponed)
return;
@ -327,7 +330,7 @@ userauth_finish(Authctxt *authctxt, int authenticated, const char *method,
packet_put_char(partial);
packet_send();
packet_write_wait();
xfree(methods);
free(methods);
}
}
@ -336,8 +339,9 @@ userauth_finish(Authctxt *authctxt, int authenticated, const char *method,
* methods list. Returns 1 if allowed, or no methods lists configured.
* 0 otherwise.
*/
static int
method_allowed(Authctxt *authctxt, const char *method)
int
auth2_method_allowed(Authctxt *authctxt, const char *method,
const char *submethod)
{
u_int i;
@ -348,7 +352,8 @@ method_allowed(Authctxt *authctxt, const char *method)
if (options.num_auth_methods == 0)
return 1;
for (i = 0; i < authctxt->num_auth_methods; i++) {
if (list_starts_with(authctxt->auth_methods[i], method))
if (list_starts_with(authctxt->auth_methods[i], method,
submethod) != MATCH_NONE)
return 1;
}
return 0;
@ -368,7 +373,8 @@ authmethods_get(Authctxt *authctxt)
if (authmethods[i]->enabled == NULL ||
*(authmethods[i]->enabled) == 0)
continue;
if (!method_allowed(authctxt, authmethods[i]->name))
if (!auth2_method_allowed(authctxt, authmethods[i]->name,
NULL))
continue;
if (buffer_len(&b) > 0)
buffer_append(&b, ",", 1);
@ -391,7 +397,8 @@ authmethod_lookup(Authctxt *authctxt, const char *name)
if (authmethods[i]->enabled != NULL &&
*(authmethods[i]->enabled) != 0 &&
strcmp(name, authmethods[i]->name) == 0 &&
method_allowed(authctxt, authmethods[i]->name))
auth2_method_allowed(authctxt,
authmethods[i]->name, NULL))
return authmethods[i];
debug2("Unrecognized authentication method name: %s",
name ? name : "NULL");
@ -406,7 +413,7 @@ authmethod_lookup(Authctxt *authctxt, const char *name)
int
auth2_methods_valid(const char *_methods, int need_enable)
{
char *methods, *omethods, *method;
char *methods, *omethods, *method, *p;
u_int i, found;
int ret = -1;
@ -417,6 +424,8 @@ auth2_methods_valid(const char *_methods, int need_enable)
omethods = methods = xstrdup(_methods);
while ((method = strsep(&methods, ",")) != NULL) {
for (found = i = 0; !found && authmethods[i] != NULL; i++) {
if ((p = strchr(method, ':')) != NULL)
*p = '\0';
if (strcmp(method, authmethods[i]->name) != 0)
continue;
if (need_enable) {
@ -482,15 +491,30 @@ auth2_setup_methods_lists(Authctxt *authctxt)
}
static int
list_starts_with(const char *methods, const char *method)
list_starts_with(const char *methods, const char *method,
const char *submethod)
{
size_t l = strlen(method);
int match;
const char *p;
if (strncmp(methods, method, l) != 0)
return 0;
if (methods[l] != ',' && methods[l] != '\0')
return 0;
return 1;
return MATCH_NONE;
p = methods + l;
match = MATCH_METHOD;
if (*p == ':') {
if (!submethod)
return MATCH_PARTIAL;
l = strlen(submethod);
p += 1;
if (strncmp(submethod, p, l))
return MATCH_NONE;
p += l;
match = MATCH_BOTH;
}
if (*p != ',' && *p != '\0')
return MATCH_NONE;
return match;
}
/*
@ -499,14 +523,21 @@ list_starts_with(const char *methods, const char *method)
* if it did.
*/
static int
remove_method(char **methods, const char *method)
remove_method(char **methods, const char *method, const char *submethod)
{
char *omethods = *methods;
char *omethods = *methods, *p;
size_t l = strlen(method);
int match;
if (!list_starts_with(omethods, method))
match = list_starts_with(omethods, method, submethod);
if (match != MATCH_METHOD && match != MATCH_BOTH)
return 0;
*methods = xstrdup(omethods + l + (omethods[l] == ',' ? 1 : 0));
p = omethods + l;
if (submethod && match == MATCH_BOTH)
p += 1 + strlen(submethod); /* include colon */
if (*p == ',')
p++;
*methods = xstrdup(p);
free(omethods);
return 1;
}
@ -518,13 +549,15 @@ remove_method(char **methods, const char *method)
* Returns 1 if the method completed any authentication list or 0 otherwise.
*/
int
auth2_update_methods_lists(Authctxt *authctxt, const char *method)
auth2_update_methods_lists(Authctxt *authctxt, const char *method,
const char *submethod)
{
u_int i, found = 0;
debug3("%s: updating methods list after \"%s\"", __func__, method);
for (i = 0; i < authctxt->num_auth_methods; i++) {
if (!remove_method(&(authctxt->auth_methods[i]), method))
if (!remove_method(&(authctxt->auth_methods[i]), method,
submethod))
continue;
found = 1;
if (*authctxt->auth_methods[i] == '\0') {

12
crypto/external/bsd/openssh/dist/authfd.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: authfd.c,v 1.86 2011/07/06 18:09:21 tedu Exp $ */
/* $OpenBSD: authfd.c,v 1.87.2.1 2013/11/08 01:33:56 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -204,7 +204,7 @@ ssh_get_authentication_connection(void)
if (sock < 0)
return NULL;
auth = xmalloc(sizeof(*auth));
auth = xcalloc(1, sizeof(*auth));
auth->fd = sock;
buffer_init(&auth->identities);
auth->howmany = 0;
@ -222,7 +222,7 @@ ssh_close_authentication_connection(AuthenticationConnection *auth)
{
buffer_free(&auth->identities);
close(auth->fd);
xfree(auth);
free(auth);
}
/* Lock/unlock agent */
@ -341,7 +341,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio
blob = buffer_get_string(&auth->identities, &blen);
*comment = buffer_get_string(&auth->identities, NULL);
key = key_from_blob(blob, blen);
xfree(blob);
free(blob);
break;
default:
return NULL;
@ -434,7 +434,7 @@ ssh_agent_sign(AuthenticationConnection *auth,
buffer_put_string(&msg, blob, blen);
buffer_put_string(&msg, data, datalen);
buffer_put_int(&msg, flags);
xfree(blob);
free(blob);
if (ssh_request_reply(auth, &msg, &msg) == 0) {
buffer_free(&msg);
@ -608,7 +608,7 @@ ssh_remove_identity(AuthenticationConnection *auth, Key *key)
key_to_blob(key, &blob, &blen);
buffer_put_char(&msg, SSH2_AGENTC_REMOVE_IDENTITY);
buffer_put_string(&msg, blob, blen);
xfree(blob);
free(blob);
} else {
buffer_free(&msg);
return 0;

14
crypto/external/bsd/openssh/dist/authfile.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: authfile.c,v 1.95 2013/01/08 18:49:04 markus Exp $ */
/* $OpenBSD: authfile.c,v 1.97 2013/05/17 00:13:13 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -84,7 +84,7 @@ key_private_rsa1_to_blob(Key *key, Buffer *blob, const char *passphrase,
u_char buf[100], *cp;
int i, cipher_num;
CipherContext ciphercontext;
Cipher *cipher;
const Cipher *cipher;
u_int32_t rnd;
/*
@ -410,7 +410,7 @@ key_parse_private_rsa1(Buffer *blob, const char *passphrase, char **commentp)
Buffer decrypted;
u_char *cp;
CipherContext ciphercontext;
Cipher *cipher;
const Cipher *cipher;
Key *prv = NULL;
Buffer copy;
@ -498,8 +498,8 @@ key_parse_private_rsa1(Buffer *blob, const char *passphrase, char **commentp)
return prv;
fail:
if (commentp)
xfree(*commentp);
if (commentp != NULL)
free(*commentp);
key_free(prv);
return NULL;
}
@ -816,10 +816,10 @@ key_load_cert(const char *filename)
pub = key_new(KEY_UNSPEC);
xasprintf(&file, "%s-cert.pub", filename);
if (key_try_load_public(pub, file, NULL) == 1) {
xfree(file);
free(file);
return pub;
}
xfree(file);
free(file);
key_free(pub);
return NULL;
}

12
crypto/external/bsd/openssh/dist/bufaux.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: bufaux.c,v 1.50 2010/08/31 09:58:37 djm Exp $ */
/* $OpenBSD: bufaux.c,v 1.52 2013/07/12 00:19:58 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -179,7 +179,7 @@ buffer_get_string_ret(Buffer *buffer, u_int *length_ptr)
/* Get the string. */
if (buffer_get_ret(buffer, value, len) == -1) {
error("buffer_get_string_ret: buffer_get failed");
xfree(value);
free(value);
return (NULL);
}
/* Append a null character to make processing easier. */
@ -214,7 +214,7 @@ buffer_get_cstring_ret(Buffer *buffer, u_int *length_ptr)
error("buffer_get_cstring_ret: string contains \\0");
else {
bzero(ret, length);
xfree(ret);
free(ret);
return NULL;
}
}
@ -283,7 +283,7 @@ buffer_put_cstring(Buffer *buffer, const char *s)
* Returns a character from the buffer (0 - 255).
*/
int
buffer_get_char_ret(char *ret, Buffer *buffer)
buffer_get_char_ret(u_char *ret, Buffer *buffer)
{
if (buffer_get_ret(buffer, ret, 1) == -1) {
error("buffer_get_char_ret: buffer_get_ret failed");
@ -295,11 +295,11 @@ buffer_get_char_ret(char *ret, Buffer *buffer)
int
buffer_get_char(Buffer *buffer)
{
char ch;
u_char ch;
if (buffer_get_char_ret(&ch, buffer) == -1)
fatal("buffer_get_char: buffer error");
return (u_char) ch;
return ch;
}
/*

18
crypto/external/bsd/openssh/dist/bufbn.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: bufbn.c,v 1.6 2007/06/02 09:04:58 djm Exp $*/
/* $OpenBSD: bufbn.c,v 1.7 2013/05/17 00:13:13 djm Exp $*/
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -67,7 +67,7 @@ buffer_put_bignum_ret(Buffer *buffer, const BIGNUM *value)
if (oi != bin_size) {
error("buffer_put_bignum_ret: BN_bn2bin() failed: oi %d != bin_size %d",
oi, bin_size);
xfree(buf);
free(buf);
return (-1);
}
@ -78,7 +78,7 @@ buffer_put_bignum_ret(Buffer *buffer, const BIGNUM *value)
buffer_append(buffer, buf, oi);
memset(buf, 0, bin_size);
xfree(buf);
free(buf);
return (0);
}
@ -165,13 +165,13 @@ buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value)
if (oi < 0 || (u_int)oi != bytes - 1) {
error("buffer_put_bignum2_ret: BN_bn2bin() failed: "
"oi %d != bin_size %d", oi, bytes);
xfree(buf);
free(buf);
return (-1);
}
hasnohigh = (buf[1] & 0x80) ? 0 : 1;
buffer_put_string(buffer, buf+hasnohigh, bytes-hasnohigh);
memset(buf, 0, bytes);
xfree(buf);
free(buf);
return (0);
}
@ -195,21 +195,21 @@ buffer_get_bignum2_ret(Buffer *buffer, BIGNUM *value)
if (len > 0 && (bin[0] & 0x80)) {
error("buffer_get_bignum2_ret: negative numbers not supported");
xfree(bin);
free(bin);
return (-1);
}
if (len > 8 * 1024) {
error("buffer_get_bignum2_ret: cannot handle BN of size %d",
len);
xfree(bin);
free(bin);
return (-1);
}
if (BN_bin2bn(bin, len, value) == NULL) {
error("buffer_get_bignum2_ret: BN_bin2bn failed");
xfree(bin);
free(bin);
return (-1);
}
xfree(bin);
free(bin);
return (0);
}

6
crypto/external/bsd/openssh/dist/bufec.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: bufec.c,v 1.1 2010/08/31 11:54:45 djm Exp $ */
/* $OpenBSD: bufec.c,v 1.2 2013/05/17 00:13:13 djm Exp $ */
/*
* Copyright (c) 2010 Damien Miller <djm@mindrot.org>
*
@ -73,7 +73,7 @@ buffer_put_ecpoint_ret(Buffer *buffer, const EC_GROUP *curve,
out:
if (buf != NULL) {
bzero(buf, len);
xfree(buf);
free(buf);
}
BN_CTX_free(bnctx);
return ret;
@ -126,7 +126,7 @@ buffer_get_ecpoint_ret(Buffer *buffer, const EC_GROUP *curve,
out:
BN_CTX_free(bnctx);
bzero(buf, len);
xfree(buf);
free(buf);
return ret;
}

4
crypto/external/bsd/openssh/dist/buffer.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: buffer.c,v 1.32 2010/02/09 03:56:28 djm Exp $ */
/* $OpenBSD: buffer.c,v 1.33 2013/05/17 00:13:13 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -48,7 +48,7 @@ buffer_free(Buffer *buffer)
if (buffer->alloc > 0) {
memset(buffer->buf, 0, buffer->alloc);
buffer->alloc = 0;
xfree(buffer->buf);
free(buffer->buf);
}
}

4
crypto/external/bsd/openssh/dist/buffer.h vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: buffer.h,v 1.21 2010/08/31 11:54:45 djm Exp $ */
/* $OpenBSD: buffer.h,v 1.22 2013/07/12 00:19:58 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -84,7 +84,7 @@ int buffer_get_int64_ret(u_int64_t *, Buffer *);
void *buffer_get_string_ret(Buffer *, u_int *);
char *buffer_get_cstring_ret(Buffer *, u_int *);
void *buffer_get_string_ptr_ret(Buffer *, u_int *);
int buffer_get_char_ret(char *, Buffer *);
int buffer_get_char_ret(u_char *, Buffer *);
#include <openssl/ec.h>

10
crypto/external/bsd/openssh/dist/canohost.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: canohost.c,v 1.66 2010/01/13 01:20:20 dtucker Exp $ */
/* $OpenBSD: canohost.c,v 1.67 2013/05/17 00:13:13 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -38,7 +38,7 @@ static int cached_port = -1;
/*
* Return the canonical name of the host at the other end of the socket. The
* caller should free the returned string with xfree.
* caller should free the returned string.
*/
static char *
@ -281,10 +281,8 @@ get_local_name(int fd)
void
clear_cached_addr(void)
{
if (canonical_host_ip != NULL) {
xfree(canonical_host_ip);
canonical_host_ip = NULL;
}
free(canonical_host_ip);
canonical_host_ip = NULL;
cached_port = -1;
}

133
crypto/external/bsd/openssh/dist/channels.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: channels.c,v 1.319 2012/12/02 20:46:11 djm Exp $ */
/* $OpenBSD: channels.c,v 1.324.2.1 2013/11/08 01:33:56 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -209,6 +209,7 @@ channel_lookup(int id)
case SSH_CHANNEL_OPEN:
case SSH_CHANNEL_INPUT_DRAINING:
case SSH_CHANNEL_OUTPUT_DRAINING:
case SSH_CHANNEL_ABANDONED:
return (c);
}
logit("Non-public channel %d, type %d.", id, c->type);
@ -396,7 +397,7 @@ channel_free(Channel *c)
s = channel_open_message();
debug3("channel %d: status: %s", c->self, s);
xfree(s);
free(s);
if (c->sock != -1)
shutdown(c->sock, SHUT_RDWR);
@ -404,29 +405,23 @@ channel_free(Channel *c)
buffer_free(&c->input);
buffer_free(&c->output);
buffer_free(&c->extended);
if (c->remote_name) {
xfree(c->remote_name);
c->remote_name = NULL;
}
if (c->path) {
xfree(c->path);
c->path = NULL;
}
if (c->listening_addr) {
xfree(c->listening_addr);
c->listening_addr = NULL;
}
free(c->remote_name);
c->remote_name = NULL;
free(c->path);
c->path = NULL;
free(c->listening_addr);
c->listening_addr = NULL;
while ((cc = TAILQ_FIRST(&c->status_confirms)) != NULL) {
if (cc->abandon_cb != NULL)
cc->abandon_cb(c, cc->ctx);
TAILQ_REMOVE(&c->status_confirms, cc, entry);
bzero(cc, sizeof(*cc));
xfree(cc);
free(cc);
}
if (c->filter_cleanup != NULL && c->filter_ctx != NULL)
c->filter_cleanup(c->self, c->filter_ctx);
channels[c->self] = NULL;
xfree(c);
free(c);
}
void
@ -531,6 +526,7 @@ channel_still_open(void)
case SSH_CHANNEL_DYNAMIC:
case SSH_CHANNEL_CONNECTING:
case SSH_CHANNEL_ZOMBIE:
case SSH_CHANNEL_ABANDONED:
continue;
case SSH_CHANNEL_LARVAL:
if (!compat20)
@ -576,6 +572,7 @@ channel_find_open(void)
case SSH_CHANNEL_OPENING:
case SSH_CHANNEL_CONNECTING:
case SSH_CHANNEL_ZOMBIE:
case SSH_CHANNEL_ABANDONED:
continue;
case SSH_CHANNEL_LARVAL:
case SSH_CHANNEL_AUTH_SOCKET:
@ -623,6 +620,7 @@ channel_open_message(void)
case SSH_CHANNEL_CLOSED:
case SSH_CHANNEL_AUTH_SOCKET:
case SSH_CHANNEL_ZOMBIE:
case SSH_CHANNEL_ABANDONED:
case SSH_CHANNEL_MUX_CLIENT:
case SSH_CHANNEL_MUX_LISTENER:
continue;
@ -698,7 +696,7 @@ channel_register_status_confirm(int id, channel_confirm_cb *cb,
if ((c = channel_lookup(id)) == NULL)
fatal("channel_register_expect: %d: bad id", id);
cc = xmalloc(sizeof(*cc));
cc = xcalloc(1, sizeof(*cc));
cc->cb = cb;
cc->abandon_cb = abandon_cb;
cc->ctx = ctx;
@ -1075,10 +1073,8 @@ channel_decode_socks4(Channel *c, fd_set *readset, fd_set *writeset)
strlcpy(username, p, sizeof(username));
buffer_consume(&c->input, len);
if (c->path != NULL) {
xfree(c->path);
c->path = NULL;
}
free(c->path);
c->path = NULL;
if (need == 1) { /* SOCKS4: one string */
host = inet_ntoa(s4_req.dest_addr);
c->path = xstrdup(host);
@ -1138,7 +1134,8 @@ channel_decode_socks5(Channel *c, fd_set *readset, fd_set *writeset)
u_int8_t atyp;
} s5_req, s5_rsp;
u_int16_t dest_port;
u_char *p, dest_addr[255+1], ntop[INET6_ADDRSTRLEN];
char dest_addr[255+1], ntop[INET6_ADDRSTRLEN];
u_char *p;
u_int have, need, i, found, nmethods, addrlen, af;
debug2("channel %d: decode socks5", c->self);
@ -1208,13 +1205,11 @@ channel_decode_socks5(Channel *c, fd_set *readset, fd_set *writeset)
buffer_consume(&c->input, sizeof(s5_req));
if (s5_req.atyp == SSH_SOCKS5_DOMAIN)
buffer_consume(&c->input, 1); /* host string length */
buffer_get(&c->input, (char *)&dest_addr, addrlen);
buffer_get(&c->input, &dest_addr, addrlen);
buffer_get(&c->input, (char *)&dest_port, 2);
dest_addr[addrlen] = '\0';
if (c->path != NULL) {
xfree(c->path);
c->path = NULL;
}
free(c->path);
c->path = NULL;
if (s5_req.atyp == SSH_SOCKS5_DOMAIN) {
if (addrlen >= NI_MAXHOST) {
error("channel %d: dynamic request: socks5 hostname "
@ -1319,7 +1314,7 @@ channel_post_x11_listener(Channel *c, fd_set *readset, fd_set *writeset)
{
Channel *nc;
struct sockaddr_storage addr;
int newsock;
int newsock, oerrno;
socklen_t addrlen;
char buf[16384], *remote_ipaddr;
int remote_port;
@ -1329,14 +1324,18 @@ channel_post_x11_listener(Channel *c, fd_set *readset, fd_set *writeset)
addrlen = sizeof(addr);
newsock = accept(c->sock, (struct sockaddr *)&addr, &addrlen);
if (c->single_connection) {
oerrno = errno;
debug2("single_connection: closing X11 listener.");
channel_close_fd(&c->sock);
chan_mark_dead(c);
errno = oerrno;
}
if (newsock < 0) {
error("accept: %.100s", strerror(errno));
if (errno != EINTR && errno != EWOULDBLOCK &&
errno != ECONNABORTED)
error("accept: %.100s", strerror(errno));
if (errno == EMFILE || errno == ENFILE)
c->notbefore = time(NULL) + 1;
c->notbefore = monotime() + 1;
return;
}
set_nodelay(newsock);
@ -1370,7 +1369,7 @@ channel_post_x11_listener(Channel *c, fd_set *readset, fd_set *writeset)
packet_put_cstring(buf);
packet_send();
}
xfree(remote_ipaddr);
free(remote_ipaddr);
}
}
@ -1384,7 +1383,7 @@ port_open_helper(Channel *c, char *rtype)
if (remote_port == -1) {
/* Fake addr/port to appease peers that validate it (Tectia) */
xfree(remote_ipaddr);
free(remote_ipaddr);
remote_ipaddr = xstrdup("127.0.0.1");
remote_port = 65535;
}
@ -1397,7 +1396,7 @@ port_open_helper(Channel *c, char *rtype)
rtype, c->listening_port, c->path, c->host_port,
remote_ipaddr, remote_port);
xfree(c->remote_name);
free(c->remote_name);
c->remote_name = xstrdup(buf);
if (compat20) {
@ -1429,7 +1428,7 @@ port_open_helper(Channel *c, char *rtype)
packet_put_cstring(c->remote_name);
packet_send();
}
xfree(remote_ipaddr);
free(remote_ipaddr);
}
static void
@ -1479,9 +1478,11 @@ channel_post_port_listener(Channel *c, fd_set *readset, fd_set *writeset)
addrlen = sizeof(addr);
newsock = accept(c->sock, (struct sockaddr *)&addr, &addrlen);
if (newsock < 0) {
error("accept: %.100s", strerror(errno));
if (errno != EINTR && errno != EWOULDBLOCK &&
errno != ECONNABORTED)
error("accept: %.100s", strerror(errno));
if (errno == EMFILE || errno == ENFILE)
c->notbefore = time(NULL) + 1;
c->notbefore = monotime() + 1;
return;
}
set_nodelay(newsock);
@ -1517,7 +1518,7 @@ channel_post_auth_listener(Channel *c, fd_set *readset, fd_set *writeset)
error("accept from auth socket: %.100s",
strerror(errno));
if (errno == EMFILE || errno == ENFILE)
c->notbefore = time(NULL) + 1;
c->notbefore = monotime() + 1;
return;
}
nc = channel_new("accepted auth socket",
@ -1673,7 +1674,7 @@ channel_handle_wfd(Channel *c, fd_set *readset, fd_set *writeset)
if (c->datagram) {
/* ignore truncated writes, datagrams might get lost */
len = write(c->wfd, buf, dlen);
xfree(data);
free(data);
if (len < 0 && (errno == EINTR || errno == EAGAIN))
return 1;
if (len <= 0) {
@ -1904,7 +1905,7 @@ channel_post_mux_listener(Channel *c, fd_set *readset, fd_set *writeset)
&addrlen)) == -1) {
error("%s accept: %s", __func__, strerror(errno));
if (errno == EMFILE || errno == ENFILE)
c->notbefore = time(NULL) + 1;
c->notbefore = monotime() + 1;
return;
}
@ -2067,7 +2068,7 @@ channel_handler(chan_fn *ftab[], fd_set *readset, fd_set *writeset,
channel_handler_init();
did_init = 1;
}
now = time(NULL);
now = monotime();
if (unpause_secs != NULL)
*unpause_secs = 0;
for (i = 0, oalloc = channels_alloc; i < oalloc; i++) {
@ -2197,7 +2198,7 @@ channel_output_poll(void)
debug("channel %d: datagram "
"too big for channel",
c->self);
xfree(data);
free(data);
continue;
}
packet_start(SSH2_MSG_CHANNEL_DATA);
@ -2205,7 +2206,7 @@ channel_output_poll(void)
packet_put_string(data, dlen);
packet_send();
c->remote_window -= dlen + 4;
xfree(data);
free(data);
}
continue;
}
@ -2377,13 +2378,13 @@ channel_input_extended_data(int type, u_int32_t seq, void *ctxt)
if (data_len > c->local_window) {
logit("channel %d: rcvd too much extended_data %d, win %d",
c->self, data_len, c->local_window);
xfree(data);
free(data);
return;
}
debug2("channel %d: rcvd ext data %d", c->self, data_len);
c->local_window -= data_len;
buffer_append(&c->extended, data, data_len);
xfree(data);
free(data);
}
/* ARGSUSED */
@ -2473,7 +2474,7 @@ channel_input_close_confirmation(int type, u_int32_t seq, void *ctxt)
if (c == NULL)
packet_disconnect("Received close confirmation for "
"out-of-range channel %d.", id);
if (c->type != SSH_CHANNEL_CLOSED)
if (c->type != SSH_CHANNEL_CLOSED && c->type != SSH_CHANNEL_ABANDONED)
packet_disconnect("Received close confirmation for "
"non-closed channel %d (type %d).", id, c->type);
channel_free(c);
@ -2549,10 +2550,8 @@ channel_input_open_failure(int type, u_int32_t seq, void *ctxt)
}
logit("channel %d: open failed: %s%s%s", id,
reason2txt(reason), msg ? ": ": "", msg ? msg : "");
if (msg != NULL)
xfree(msg);
if (lang != NULL)
xfree(lang);
free(msg);
free(lang);
if (c->open_confirm) {
debug2("callback start");
c->open_confirm(c->self, 0, c->open_confirm_ctx);
@ -2610,8 +2609,8 @@ channel_input_port_open(int type, u_int32_t seq, void *ctxt)
packet_check_eom();
c = channel_connect_to(host, host_port,
"connected socket", originator_string);
xfree(originator_string);
xfree(host);
free(originator_string);
free(host);
if (c == NULL) {
packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE);
packet_put_int(remote_id);
@ -2646,7 +2645,7 @@ channel_input_status_confirm(int type, u_int32_t seq, void *ctxt)
cc->cb(type, c, cc->ctx);
TAILQ_REMOVE(&c->status_confirms, cc, entry);
bzero(cc, sizeof(*cc));
xfree(cc);
free(cc);
}
/* -- tcp forwarding */
@ -3020,7 +3019,7 @@ channel_request_rforward_cancel(const char *host, u_short port)
permitted_opens[i].listen_port = 0;
permitted_opens[i].port_to_connect = 0;
xfree(permitted_opens[i].host_to_connect);
free(permitted_opens[i].host_to_connect);
permitted_opens[i].host_to_connect = NULL;
return 0;
@ -3059,7 +3058,7 @@ channel_input_port_forward_request(int is_root, int gateway_ports)
host_port, gateway_ports);
/* Free the argument string. */
xfree(hostname);
free(hostname);
return (success ? 0 : -1);
}
@ -3114,7 +3113,7 @@ channel_update_permitted_opens(int idx, int newport)
} else {
permitted_opens[idx].listen_port = 0;
permitted_opens[idx].port_to_connect = 0;
xfree(permitted_opens[idx].host_to_connect);
free(permitted_opens[idx].host_to_connect);
permitted_opens[idx].host_to_connect = NULL;
}
}
@ -3147,12 +3146,9 @@ channel_clear_permitted_opens(void)
int i;
for (i = 0; i < num_permitted_opens; i++)
if (permitted_opens[i].host_to_connect != NULL)
xfree(permitted_opens[i].host_to_connect);
if (num_permitted_opens > 0) {
xfree(permitted_opens);
permitted_opens = NULL;
}
free(permitted_opens[i].host_to_connect);
free(permitted_opens);
permitted_opens = NULL;
num_permitted_opens = 0;
}
@ -3162,12 +3158,9 @@ channel_clear_adm_permitted_opens(void)
int i;
for (i = 0; i < num_adm_permitted_opens; i++)
if (permitted_adm_opens[i].host_to_connect != NULL)
xfree(permitted_adm_opens[i].host_to_connect);
if (num_adm_permitted_opens > 0) {
xfree(permitted_adm_opens);
permitted_adm_opens = NULL;
}
free(permitted_adm_opens[i].host_to_connect);
free(permitted_adm_opens);
permitted_adm_opens = NULL;
num_adm_permitted_opens = 0;
}
@ -3261,7 +3254,7 @@ connect_next(struct channel_connect *cctx)
static void
channel_connect_ctx_free(struct channel_connect *cctx)
{
xfree(cctx->host);
free(cctx->host);
if (cctx->aitop)
freeaddrinfo(cctx->aitop);
bzero(cctx, sizeof(*cctx));
@ -3624,7 +3617,7 @@ x11_input_open(int type, u_int32_t seq, void *ctxt)
c->remote_id = remote_id;
c->force_drain = 1;
}
xfree(remote_host);
free(remote_host);
if (c == NULL) {
/* Send refusal to the remote host. */
packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE);
@ -3732,7 +3725,7 @@ x11_request_forwarding_with_spoofing(int client_session_id, const char *disp,
packet_put_int(screen_number);
packet_send();
packet_write_wait();
xfree(new_data);
free(new_data);
}

7
crypto/external/bsd/openssh/dist/channels.h vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: channels.h,v 1.111 2012/04/11 13:16:19 djm Exp $ */
/* $OpenBSD: channels.h,v 1.113 2013/06/07 15:37:52 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -55,7 +55,8 @@
#define SSH_CHANNEL_ZOMBIE 14 /* Almost dead. */
#define SSH_CHANNEL_MUX_LISTENER 15 /* Listener for mux conn. */
#define SSH_CHANNEL_MUX_CLIENT 16 /* Conn. to mux slave */
#define SSH_CHANNEL_MAX_TYPE 17
#define SSH_CHANNEL_ABANDONED 17 /* Abandoned session, eg mux */
#define SSH_CHANNEL_MAX_TYPE 18
#define CHANNEL_CANCEL_PORT_STATIC -1
@ -109,7 +110,7 @@ struct Channel {
* channels are delayed until the first call
* to a matching pre-select handler.
* this way post-select handlers are not
* accidenly called if a FD gets reused */
* accidentally called if a FD gets reused */
Buffer input; /* data read from socket, to be sent over
* encrypted connection */
Buffer output; /* data received over encrypted connection for

8
crypto/external/bsd/openssh/dist/cipher-3des1.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: cipher-3des1.c,v 1.7 2010/10/01 23:05:32 djm Exp $ */
/* $OpenBSD: cipher-3des1.c,v 1.8.2.1 2013/11/08 01:33:56 djm Exp $ */
/*
* Copyright (c) 2003 Markus Friedl. All rights reserved.
*
@ -62,7 +62,7 @@ ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
u_char *k1, *k2, *k3;
if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) {
c = xmalloc(sizeof(*c));
c = xcalloc(1, sizeof(*c));
EVP_CIPHER_CTX_set_app_data(ctx, c);
}
if (key == NULL)
@ -84,7 +84,7 @@ ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
EVP_CipherInit(&c->k2, EVP_des_cbc(), k2, NULL, !enc) == 0 ||
EVP_CipherInit(&c->k3, EVP_des_cbc(), k3, NULL, enc) == 0) {
memset(c, 0, sizeof(*c));
xfree(c);
free(c);
EVP_CIPHER_CTX_set_app_data(ctx, NULL);
return (0);
}
@ -117,7 +117,7 @@ ssh1_3des_cleanup(EVP_CIPHER_CTX *ctx)
EVP_CIPHER_CTX_cleanup(&c->k2);
EVP_CIPHER_CTX_cleanup(&c->k3);
memset(c, 0, sizeof(*c));
xfree(c);
free(c);
EVP_CIPHER_CTX_set_app_data(ctx, NULL);
}
return (1);

63
crypto/external/bsd/openssh/dist/cipher.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: cipher.c,v 1.87 2013/01/26 06:11:05 djm Exp $ */
/* $OpenBSD: cipher.c,v 1.89 2013/05/17 00:13:13 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -60,7 +60,9 @@ struct Cipher {
u_int discard_len;
u_int cbc_mode;
const EVP_CIPHER *(*evptype)(void);
} ciphers[] = {
};
static const struct Cipher ciphers[] = {
{ "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null },
{ "des", SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc },
{ "3des", SSH_CIPHER_3DES, 8, 16, 0, 0, 0, 1, evp_ssh1_3des },
@ -92,6 +94,27 @@ struct Cipher {
/*--*/
/* Returns a comma-separated list of supported ciphers. */
char *
cipher_alg_list(void)
{
char *ret = NULL;
size_t nlen, rlen = 0;
const Cipher *c;
for (c = ciphers; c->name != NULL; c++) {
if (c->number != SSH_CIPHER_SSH2)
continue;
if (ret != NULL)
ret[rlen++] = '\n';
nlen = strlen(c->name);
ret = xrealloc(ret, 1, rlen + nlen + 2);
memcpy(ret + rlen, c->name, nlen + 1);
rlen += nlen;
}
return ret;
}
u_int
cipher_blocksize(const Cipher *c)
{
@ -140,20 +163,20 @@ cipher_mask_ssh1(int client)
return mask;
}
Cipher *
const Cipher *
cipher_by_name(const char *name)
{
Cipher *c;
const Cipher *c;
for (c = ciphers; c->name != NULL; c++)
if (strcmp(c->name, name) == 0)
return c;
return NULL;
}
Cipher *
const Cipher *
cipher_by_number(int id)
{
Cipher *c;
const Cipher *c;
for (c = ciphers; c->name != NULL; c++)
if (c->number == id)
return c;
@ -164,7 +187,7 @@ cipher_by_number(int id)
int
ciphers_valid(const char *names)
{
Cipher *c;
const Cipher *c;
char *cipher_list, *cp;
char *p;
@ -176,14 +199,14 @@ ciphers_valid(const char *names)
c = cipher_by_name(p);
if (c == NULL || c->number != SSH_CIPHER_SSH2) {
debug("bad cipher %s [%s]", p, names);
xfree(cipher_list);
free(cipher_list);
return 0;
} else {
debug3("cipher ok: %s [%s]", p, names);
}
}
debug3("ciphers ok: [%s]", names);
xfree(cipher_list);
free(cipher_list);
return 1;
}
@ -195,7 +218,7 @@ ciphers_valid(const char *names)
int
cipher_number(const char *name)
{
Cipher *c;
const Cipher *c;
if (name == NULL)
return -1;
for (c = ciphers; c->name != NULL; c++)
@ -207,12 +230,12 @@ cipher_number(const char *name)
char *
cipher_name(int id)
{
Cipher *c = cipher_by_number(id);
const Cipher *c = cipher_by_number(id);
return (c==NULL) ? "<unknown>" : c->name;
}
void
cipher_init(CipherContext *cc, Cipher *cipher,
cipher_init(CipherContext *cc, const Cipher *cipher,
const u_char *key, u_int keylen, const u_char *iv, u_int ivlen,
int do_encrypt)
{
@ -271,8 +294,8 @@ cipher_init(CipherContext *cc, Cipher *cipher,
cipher->discard_len) == 0)
fatal("evp_crypt: EVP_Cipher failed during discard");
memset(discard, 0, cipher->discard_len);
xfree(junk);
xfree(discard);
free(junk);
free(discard);
}
}
@ -344,7 +367,7 @@ cipher_cleanup(CipherContext *cc)
*/
void
cipher_set_key_string(CipherContext *cc, Cipher *cipher,
cipher_set_key_string(CipherContext *cc, const Cipher *cipher,
const char *passphrase, int do_encrypt)
{
MD5_CTX md;
@ -369,7 +392,7 @@ cipher_set_key_string(CipherContext *cc, Cipher *cipher,
int
cipher_get_keyiv_len(const CipherContext *cc)
{
Cipher *c = cc->cipher;
const Cipher *c = cc->cipher;
int ivlen;
if (c->number == SSH_CIPHER_3DES)
@ -382,7 +405,7 @@ cipher_get_keyiv_len(const CipherContext *cc)
void
cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len)
{
Cipher *c = cc->cipher;
const Cipher *c = cc->cipher;
int evplen;
switch (c->number) {
@ -413,7 +436,7 @@ cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len)
void
cipher_set_keyiv(CipherContext *cc, u_char *iv)
{
Cipher *c = cc->cipher;
const Cipher *c = cc->cipher;
int evplen = 0;
switch (c->number) {
@ -445,7 +468,7 @@ cipher_set_keyiv(CipherContext *cc, u_char *iv)
int
cipher_get_keycontext(const CipherContext *cc, u_char *dat)
{
Cipher *c = cc->cipher;
const Cipher *c = cc->cipher;
int plen = 0;
if (c->evptype == EVP_rc4) {
@ -460,7 +483,7 @@ cipher_get_keycontext(const CipherContext *cc, u_char *dat)
void
cipher_set_keycontext(CipherContext *cc, u_char *dat)
{
Cipher *c = cc->cipher;
const Cipher *c = cc->cipher;
int plen;
if (c->evptype == EVP_rc4) {

13
crypto/external/bsd/openssh/dist/cipher.h vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: cipher.h,v 1.39 2013/01/08 18:49:04 markus Exp $ */
/* $OpenBSD: cipher.h,v 1.40 2013/04/19 01:06:50 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -66,21 +66,22 @@ struct CipherContext {
int plaintext;
int encrypt;
EVP_CIPHER_CTX evp;
Cipher *cipher;
const Cipher *cipher;
};
u_int cipher_mask_ssh1(int);
Cipher *cipher_by_name(const char *);
Cipher *cipher_by_number(int);
const Cipher *cipher_by_name(const char *);
const Cipher *cipher_by_number(int);
int cipher_number(const char *);
char *cipher_name(int);
int ciphers_valid(const char *);
void cipher_init(CipherContext *, Cipher *, const u_char *, u_int,
char *cipher_alg_list(void);
void cipher_init(CipherContext *, const Cipher *, const u_char *, u_int,
const u_char *, u_int, int);
void cipher_crypt(CipherContext *, u_char *, const u_char *,
u_int, u_int, u_int);
void cipher_cleanup(CipherContext *);
void cipher_set_key_string(CipherContext *, Cipher *, const char *, int);
void cipher_set_key_string(CipherContext *, const Cipher *, const char *, int);
u_int cipher_blocksize(const Cipher *);
u_int cipher_keylen(const Cipher *);
u_int cipher_authlen(const Cipher *);

97
crypto/external/bsd/openssh/dist/clientloop.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: clientloop.c,v 1.248 2013/01/02 00:32:07 djm Exp $ */
/* $OpenBSD: clientloop.c,v 1.253.2.1 2013/11/08 01:33:56 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -265,7 +265,7 @@ set_control_persist_exit_time(void)
control_persist_exit_time = 0;
} else if (control_persist_exit_time <= 0) {
/* a client connection has recently closed */
control_persist_exit_time = time(NULL) +
control_persist_exit_time = monotime() +
(time_t)options.control_persist_timeout;
debug2("%s: schedule exit in %d seconds", __func__,
options.control_persist_timeout);
@ -348,7 +348,7 @@ client_x11_get_proto(const char *display, const char *xauth_path,
if (system(cmd) == 0)
generated = 1;
if (x11_refuse_time == 0) {
now = time(NULL) + 1;
now = monotime() + 1;
if (UINT_MAX - timeout < now)
x11_refuse_time = UINT_MAX;
else
@ -385,10 +385,8 @@ client_x11_get_proto(const char *display, const char *xauth_path,
unlink(xauthfile);
rmdir(xauthdir);
}
if (xauthdir)
xfree(xauthdir);
if (xauthfile)
xfree(xauthfile);
free(xauthdir);
free(xauthfile);
/*
* If we didn't get authentication data, just make up some
@ -544,7 +542,7 @@ client_global_request_reply(int type, u_int32_t seq, void *ctxt)
if (--gc->ref_count <= 0) {
TAILQ_REMOVE(&global_confirms, gc, entry);
bzero(gc, sizeof(*gc));
xfree(gc);
free(gc);
}
packet_set_alive_timeouts(0);
@ -575,7 +573,7 @@ client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp,
{
struct timeval tv, *tvp;
int timeout_secs;
time_t minwait_secs = 0;
time_t minwait_secs = 0, server_alive_time = 0, now = monotime();
int ret;
/* Add any selections by the channel mechanism. */
@ -624,12 +622,16 @@ client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp,
*/
timeout_secs = INT_MAX; /* we use INT_MAX to mean no timeout */
if (options.server_alive_interval > 0 && compat20)
if (options.server_alive_interval > 0 && compat20) {
timeout_secs = options.server_alive_interval;
server_alive_time = now + options.server_alive_interval;
}
if (options.rekey_interval > 0 && compat20 && !rekeying)
timeout_secs = MIN(timeout_secs, packet_get_rekey_timeout());
set_control_persist_exit_time();
if (control_persist_exit_time > 0) {
timeout_secs = MIN(timeout_secs,
control_persist_exit_time - time(NULL));
control_persist_exit_time - now);
if (timeout_secs < 0)
timeout_secs = 0;
}
@ -661,8 +663,15 @@ client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp,
snprintf(buf, sizeof buf, "select: %s\r\n", strerror(errno));
buffer_append(&stderr_buffer, buf, strlen(buf));
quit_pending = 1;
} else if (ret == 0)
server_alive_check();
} else if (ret == 0) {
/*
* Timeout. Could have been either keepalive or rekeying.
* Keepalive we check here, rekeying is checked in clientloop.
*/
if (server_alive_time != 0 && server_alive_time <= monotime())
server_alive_check();
}
}
static void
@ -806,20 +815,20 @@ client_status_confirm(int type, Channel *c, void *ctx)
chan_write_failed(c);
}
}
xfree(cr);
free(cr);
}
static void
client_abandon_status_confirm(Channel *c, void *ctx)
{
xfree(ctx);
free(ctx);
}
void
client_expect_confirm(int id, const char *request,
enum confirm_action action)
{
struct channel_reply_ctx *cr = xmalloc(sizeof(*cr));
struct channel_reply_ctx *cr = xcalloc(1, sizeof(*cr));
cr->request_type = request;
cr->action = action;
@ -842,7 +851,7 @@ client_register_global_confirm(global_confirm_cb *cb, void *ctx)
return;
}
gc = xmalloc(sizeof(*gc));
gc = xcalloc(1, sizeof(*gc));
gc->cb = cb;
gc->ctx = ctx;
gc->ref_count = 1;
@ -979,12 +988,9 @@ process_cmdline(void)
out:
signal(SIGINT, handler);
enter_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
if (cmd)
xfree(cmd);
if (fwd.listen_host != NULL)
xfree(fwd.listen_host);
if (fwd.connect_host != NULL)
xfree(fwd.connect_host);
free(cmd);
free(fwd.listen_host);
free(fwd.connect_host);
}
/* reasons to suppress output of an escape command in help output */
@ -1094,8 +1100,11 @@ process_escapes(Channel *c, Buffer *bin, Buffer *bout, Buffer *berr,
if (c && c->ctl_chan != -1) {
chan_read_failed(c);
chan_write_failed(c);
mux_master_session_cleanup_cb(c->self,
NULL);
if (c->detach_user)
c->detach_user(c->self, NULL);
c->type = SSH_CHANNEL_ABANDONED;
buffer_clear(&c->input);
chan_ibuf_empty(c);
return 0;
} else
quit_pending = 1;
@ -1241,7 +1250,7 @@ process_escapes(Channel *c, Buffer *bin, Buffer *bout, Buffer *berr,
buffer_append(berr, string, strlen(string));
s = channel_open_message();
buffer_append(berr, s, strlen(s));
xfree(s);
free(s);
continue;
case 'C':
@ -1417,7 +1426,7 @@ client_new_escape_filter_ctx(int escape_char)
{
struct escape_filter_ctx *ret;
ret = xmalloc(sizeof(*ret));
ret = xcalloc(1, sizeof(*ret));
ret->escape_pending = 0;
ret->escape_char = escape_char;
return (void *)ret;
@ -1427,7 +1436,7 @@ client_new_escape_filter_ctx(int escape_char)
void
client_filter_cleanup(int cid, void *ctx)
{
xfree(ctx);
free(ctx);
}
int
@ -1632,16 +1641,14 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
* connections, then quit.
*/
if (control_persist_exit_time > 0) {
if (time(NULL) >= control_persist_exit_time) {
if (monotime() >= control_persist_exit_time) {
debug("ControlPersist timeout expired");
break;
}
}
}
if (readset)
xfree(readset);
if (writeset)
xfree(writeset);
free(readset);
free(writeset);
/* Terminate the session. */
@ -1743,7 +1750,7 @@ client_input_stdout_data(int type, u_int32_t seq, void *ctxt)
packet_check_eom();
buffer_append(&stdout_buffer, data, data_len);
memset(data, 0, data_len);
xfree(data);
free(data);
}
static void
client_input_stderr_data(int type, u_int32_t seq, void *ctxt)
@ -1753,7 +1760,7 @@ client_input_stderr_data(int type, u_int32_t seq, void *ctxt)
packet_check_eom();
buffer_append(&stderr_buffer, data, data_len);
memset(data, 0, data_len);
xfree(data);
free(data);
}
static void
client_input_exit_status(int type, u_int32_t seq, void *ctxt)
@ -1833,8 +1840,8 @@ client_request_forwarded_tcpip(const char *request_type, int rchan)
c = channel_connect_by_listen_address(listen_port,
"forwarded-tcpip", originator_address);
xfree(originator_address);
xfree(listen_address);
free(originator_address);
free(listen_address);
return c;
}
@ -1852,7 +1859,7 @@ client_request_x11(const char *request_type, int rchan)
"malicious server.");
return NULL;
}
if (x11_refuse_time != 0 && time(NULL) >= x11_refuse_time) {
if (x11_refuse_time != 0 && monotime() >= x11_refuse_time) {
verbose("Rejected X11 connection after ForwardX11Timeout "
"expired");
return NULL;
@ -1868,7 +1875,7 @@ client_request_x11(const char *request_type, int rchan)
/* XXX check permission */
debug("client_request_x11: request from %s %d", originator,
originator_port);
xfree(originator);
free(originator);
sock = x11_connect_display();
if (sock < 0)
return NULL;
@ -1989,7 +1996,7 @@ client_input_channel_open(int type, u_int32_t seq, void *ctxt)
}
packet_send();
}
xfree(ctype);
free(ctype);
}
static void
client_input_channel_req(int type, u_int32_t seq, void *ctxt)
@ -2035,7 +2042,7 @@ client_input_channel_req(int type, u_int32_t seq, void *ctxt)
packet_put_int(c->remote_id);
packet_send();
}
xfree(rtype);
free(rtype);
}
static void
client_input_global_request(int type, u_int32_t seq, void *ctxt)
@ -2054,7 +2061,7 @@ client_input_global_request(int type, u_int32_t seq, void *ctxt)
packet_send();
packet_write_wait();
}
xfree(rtype);
free(rtype);
}
void
@ -2104,7 +2111,7 @@ client_session2_setup(int id, int want_tty, int want_subsystem,
/* Split */
name = xstrdup(env[i]);
if ((val = strchr(name, '=')) == NULL) {
xfree(name);
free(name);
continue;
}
*val++ = '\0';
@ -2118,7 +2125,7 @@ client_session2_setup(int id, int want_tty, int want_subsystem,
}
if (!matched) {
debug3("Ignored env %s", name);
xfree(name);
free(name);
continue;
}
@ -2127,7 +2134,7 @@ client_session2_setup(int id, int want_tty, int want_subsystem,
packet_put_cstring(name);
packet_put_cstring(val);
packet_send();
xfree(name);
free(name);
}
}

3
crypto/external/bsd/openssh/dist/clientloop.h vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: clientloop.h,v 1.30 2012/08/17 00:45:45 dtucker Exp $ */
/* $OpenBSD: clientloop.h,v 1.31 2013/06/02 23:36:29 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -76,5 +76,4 @@ void muxserver_listen(void);
void muxclient(const char *);
void mux_exit_message(Channel *, int);
void mux_tty_alloc_failed(Channel *);
void mux_master_session_cleanup_cb(int, void *);

6
crypto/external/bsd/openssh/dist/compat.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: compat.c,v 1.80 2012/08/17 01:30:00 djm Exp $ */
/* $OpenBSD: compat.c,v 1.81 2013/05/17 00:13:13 djm Exp $ */
/*
* Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
*
@ -202,7 +202,7 @@ proto_spec(const char *spec)
break;
}
}
xfree(s);
free(s);
return ret;
}
@ -228,7 +228,7 @@ compat_cipher_proposal(char *cipher_prop)
buffer_append(&b, "\0", 1);
fix_ciphers = xstrdup(buffer_ptr(&b));
buffer_free(&b);
xfree(orig_prop);
free(orig_prop);
debug2("Original cipher proposal: %s", cipher_prop);
debug2("Compat cipher proposal: %s", fix_ciphers);
if (!*fix_ciphers)

74
crypto/external/bsd/openssh/dist/dh.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: dh.c,v 1.49 2011/12/07 05:44:38 djm Exp $ */
/* $OpenBSD: dh.c,v 1.51 2013/07/02 12:31:43 markus Exp $ */
/*
* Copyright (c) 2000 Niels Provos. All rights reserved.
*
@ -45,6 +45,7 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg)
const char *errstr = NULL;
long long n;
dhg->p = dhg->g = NULL;
cp = line;
if ((arg = strdelim(&cp)) == NULL)
return 0;
@ -56,66 +57,85 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg)
/* time */
if (cp == NULL || *arg == '\0')
goto fail;
goto truncated;
arg = strsep(&cp, " "); /* type */
if (cp == NULL || *arg == '\0')
goto fail;
goto truncated;
/* Ensure this is a safe prime */
n = strtonum(arg, 0, 5, &errstr);
if (errstr != NULL || n != MODULI_TYPE_SAFE)
if (errstr != NULL || n != MODULI_TYPE_SAFE) {
error("moduli:%d: type is not %d", linenum, MODULI_TYPE_SAFE);
goto fail;
}
arg = strsep(&cp, " "); /* tests */
if (cp == NULL || *arg == '\0')
goto fail;
goto truncated;
/* Ensure prime has been tested and is not composite */
n = strtonum(arg, 0, 0x1f, &errstr);
if (errstr != NULL ||
(n & MODULI_TESTS_COMPOSITE) || !(n & ~MODULI_TESTS_COMPOSITE))
(n & MODULI_TESTS_COMPOSITE) || !(n & ~MODULI_TESTS_COMPOSITE)) {
error("moduli:%d: invalid moduli tests flag", linenum);
goto fail;
}
arg = strsep(&cp, " "); /* tries */
if (cp == NULL || *arg == '\0')
goto fail;
goto truncated;
n = strtonum(arg, 0, 1<<30, &errstr);
if (errstr != NULL || n == 0)
if (errstr != NULL || n == 0) {
error("moduli:%d: invalid primality trial count", linenum);
goto fail;
}
strsize = strsep(&cp, " "); /* size */
if (cp == NULL || *strsize == '\0' ||
(dhg->size = (int)strtonum(strsize, 0, 64*1024, &errstr)) == 0 ||
errstr)
errstr) {
error("moduli:%d: invalid prime length", linenum);
goto fail;
}
/* The whole group is one bit larger */
dhg->size++;
gen = strsep(&cp, " "); /* gen */
if (cp == NULL || *gen == '\0')
goto fail;
goto truncated;
prime = strsep(&cp, " "); /* prime */
if (cp != NULL || *prime == '\0')
if (cp != NULL || *prime == '\0') {
truncated:
error("moduli:%d: truncated", linenum);
goto fail;
}
if ((dhg->g = BN_new()) == NULL)
fatal("parse_prime: BN_new failed");
if ((dhg->p = BN_new()) == NULL)
fatal("parse_prime: BN_new failed");
if (BN_hex2bn(&dhg->g, gen) == 0)
goto failclean;
if (BN_hex2bn(&dhg->g, gen) == 0) {
error("moduli:%d: could not parse generator value", linenum);
goto fail;
}
if (BN_hex2bn(&dhg->p, prime) == 0) {
error("moduli:%d: could not parse prime value", linenum);
goto fail;
}
if (BN_num_bits(dhg->p) != dhg->size) {
error("moduli:%d: prime has wrong size: actual %d listed %d",
linenum, BN_num_bits(dhg->p), dhg->size - 1);
goto fail;
}
if (BN_cmp(dhg->g, BN_value_one()) <= 0) {
error("moduli:%d: generator is invalid", linenum);
goto fail;
}
if (BN_hex2bn(&dhg->p, prime) == 0)
goto failclean;
return 1;
if (BN_num_bits(dhg->p) != dhg->size)
goto failclean;
if (BN_is_zero(dhg->g) || BN_is_one(dhg->g))
goto failclean;
return (1);
failclean:
BN_clear_free(dhg->g);
BN_clear_free(dhg->p);
fail:
if (dhg->g != NULL)
BN_clear_free(dhg->g);
if (dhg->p != NULL)
BN_clear_free(dhg->p);
dhg->g = dhg->p = NULL;
error("Bad prime description in line %d", linenum);
return (0);
return 0;
}
DH *

10
crypto/external/bsd/openssh/dist/dns.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: dns.c,v 1.28 2012/05/23 03:28:28 djm Exp $ */
/* $OpenBSD: dns.c,v 1.29 2013/05/17 00:13:13 djm Exp $ */
/*
* Copyright (c) 2003 Wesley Griffin. All rights reserved.
@ -258,7 +258,7 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address,
if (hostkey_digest_type != dnskey_digest_type) {
hostkey_digest_type = dnskey_digest_type;
xfree(hostkey_digest);
free(hostkey_digest);
/* Initialize host key parameters */
if (!dns_read_key(&hostkey_algorithm,
@ -278,10 +278,10 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address,
hostkey_digest_len) == 0)
*flags |= DNS_VERIFY_MATCH;
}
xfree(dnskey_digest);
free(dnskey_digest);
}
xfree(hostkey_digest); /* from key_fingerprint_raw() */
free(hostkey_digest); /* from key_fingerprint_raw() */
freerrset(fingerprints);
if (*flags & DNS_VERIFY_FOUND)
@ -324,7 +324,7 @@ export_dns_rr(const char *hostname, Key *key, FILE *f, int generic)
for (i = 0; i < rdata_digest_len; i++)
fprintf(f, "%02x", rdata_digest[i]);
fprintf(f, "\n");
xfree(rdata_digest); /* from key_fingerprint_raw() */
free(rdata_digest); /* from key_fingerprint_raw() */
success = 1;
}
}

5
crypto/external/bsd/openssh/dist/groupaccess.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: groupaccess.c,v 1.13 2008/07/04 03:44:59 djm Exp $ */
/* $OpenBSD: groupaccess.c,v 1.14 2013/05/17 00:13:13 djm Exp $ */
/*
* Copyright (c) 2001 Kevin Steves. All rights reserved.
*
@ -29,6 +29,7 @@
#include <grp.h>
#include <unistd.h>
#include <stdarg.h>
#include <stdlib.h>
#include <string.h>
#include "xmalloc.h"
@ -112,7 +113,7 @@ ga_free(void)
if (ngroups > 0) {
for (i = 0; i < ngroups; i++)
xfree(groups_byname[i]);
free(groups_byname[i]);
ngroups = 0;
}
}

18
crypto/external/bsd/openssh/dist/gss-genr.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: gss-genr.c,v 1.20 2009/06/22 05:39:28 dtucker Exp $ */
/* $OpenBSD: gss-genr.c,v 1.21.2.1 2013/11/08 01:33:56 djm Exp $ */
/*
* Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved.
@ -55,10 +55,10 @@ void
ssh_gssapi_set_oid_data(Gssctxt *ctx, void *data, size_t len)
{
if (ctx->oid != GSS_C_NO_OID) {
xfree(ctx->oid->elements);
xfree(ctx->oid);
free(ctx->oid->elements);
free(ctx->oid);
}
ctx->oid = xmalloc(sizeof(gss_OID_desc));
ctx->oid = xcalloc(1, sizeof(gss_OID_desc));
ctx->oid->length = len;
ctx->oid->elements = xmalloc(len);
memcpy(ctx->oid->elements, data, len);
@ -79,7 +79,7 @@ ssh_gssapi_error(Gssctxt *ctxt)
s = ssh_gssapi_last_error(ctxt, NULL, NULL);
debug("%s", s);
xfree(s);
free(s);
}
char *
@ -160,8 +160,8 @@ ssh_gssapi_delete_ctx(Gssctxt **ctx)
if ((*ctx)->name != GSS_C_NO_NAME)
gss_release_name(&ms, &(*ctx)->name);
if ((*ctx)->oid != GSS_C_NO_OID) {
xfree((*ctx)->oid->elements);
xfree((*ctx)->oid);
free((*ctx)->oid->elements);
free((*ctx)->oid);
(*ctx)->oid = GSS_C_NO_OID;
}
if ((*ctx)->creds != GSS_C_NO_CREDENTIAL)
@ -171,7 +171,7 @@ ssh_gssapi_delete_ctx(Gssctxt **ctx)
if ((*ctx)->client_creds != GSS_C_NO_CREDENTIAL)
gss_release_cred(&ms, &(*ctx)->client_creds);
xfree(*ctx);
free(*ctx);
*ctx = NULL;
}
@ -218,7 +218,7 @@ ssh_gssapi_import_name(Gssctxt *ctx, const char *host)
&gssbuf, GSS_C_NT_HOSTBASED_SERVICE, &ctx->name)))
ssh_gssapi_error(ctx);
xfree(gssbuf.value);
free(gssbuf.value);
return (ctx->major);
}

28
crypto/external/bsd/openssh/dist/gss-serv-krb5.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: gss-serv-krb5.c,v 1.7 2006/08/03 03:34:42 deraadt Exp $ */
/* $OpenBSD: gss-serv-krb5.c,v 1.8 2013/07/20 01:55:13 djm Exp $ */
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@ -39,6 +39,7 @@
#include "ssh-gss.h"
#include <krb5.h>
#include <gssapi/gssapi_krb5.h>
static krb5_context krb_context = NULL;
@ -72,14 +73,16 @@ ssh_gssapi_krb5_userok(ssh_gssapi_client *client, char *name)
{
krb5_principal princ;
int retval;
const char *errmsg;
if (ssh_gssapi_krb5_init() == 0)
return 0;
if ((retval = krb5_parse_name(krb_context, client->exportedname.value,
&princ))) {
logit("krb5_parse_name(): %.100s",
krb5_get_err_text(krb_context, retval));
errmsg = krb5_get_error_message(krb_context, retval);
logit("krb5_parse_name(): %.100s", errmsg);
krb5_free_error_message(krb_context, errmsg);
return 0;
}
if (krb5_kuserok(krb_context, princ, name)) {
@ -104,6 +107,7 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
krb5_error_code problem;
krb5_principal princ;
OM_uint32 maj_status, min_status;
const char *errmsg;
if (client->creds == NULL) {
debug("No credentials stored");
@ -113,23 +117,27 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
if (ssh_gssapi_krb5_init() == 0)
return;
if ((problem = krb5_cc_gen_new(krb_context, &krb5_fcc_ops, &ccache))) {
logit("krb5_cc_gen_new(): %.100s",
krb5_get_err_text(krb_context, problem));
if ((problem = krb5_cc_new_unique(krb_context, krb5_fcc_ops.prefix,
NULL, &ccache)) != 0) {
errmsg = krb5_get_error_message(krb_context, problem);
logit("krb5_cc_new_unique(): %.100s", errmsg);
krb5_free_error_message(krb_context, errmsg);
return;
}
if ((problem = krb5_parse_name(krb_context,
client->exportedname.value, &princ))) {
logit("krb5_parse_name(): %.100s",
krb5_get_err_text(krb_context, problem));
errmsg = krb5_get_error_message(krb_context, problem);
logit("krb5_parse_name(): %.100s", errmsg);
krb5_free_error_message(krb_context, errmsg);
krb5_cc_destroy(krb_context, ccache);
return;
}
if ((problem = krb5_cc_initialize(krb_context, ccache, princ))) {
logit("krb5_cc_initialize(): %.100s",
krb5_get_err_text(krb_context, problem));
errmsg = krb5_get_error_message(krb_context, problem);
logit("krb5_cc_initialize(): %.100s", errmsg);
krb5_free_error_message(krb_context, errmsg);
krb5_free_principal(krb_context, princ);
krb5_cc_destroy(krb_context, ccache);
return;

4
crypto/external/bsd/openssh/dist/gss-serv.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: gss-serv.c,v 1.23 2011/08/01 19:18:15 markus Exp $ */
/* $OpenBSD: gss-serv.c,v 1.24 2013/07/20 01:55:13 djm Exp $ */
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@ -46,7 +46,7 @@
static ssh_gssapi_client gssapi_client =
{ GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER,
GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL}};
GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL, NULL}};
ssh_gssapi_mech gssapi_null_mech =
{ NULL, NULL, {0, NULL}, NULL, NULL, NULL, NULL};

31
crypto/external/bsd/openssh/dist/hostfile.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: hostfile.c,v 1.50 2010/12/04 13:31:37 djm Exp $ */
/* $OpenBSD: hostfile.c,v 1.52 2013/07/12 00:19:58 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -61,7 +61,7 @@ struct hostkeys {
};
static int
extract_salt(const char *s, u_int l, char *salt, size_t salt_len)
extract_salt(const char *s, u_int l, u_char *salt, size_t salt_len)
{
char *p, *b64salt;
u_int b64len;
@ -93,7 +93,7 @@ extract_salt(const char *s, u_int l, char *salt, size_t salt_len)
b64salt[b64len] = '\0';
ret = __b64_pton(b64salt, salt, salt_len);
xfree(b64salt);
free(b64salt);
if (ret == -1) {
debug2("extract_salt: salt decode error");
return (-1);
@ -112,7 +112,8 @@ host_hash(const char *host, const char *name_from_hostfile, u_int src_len)
{
const EVP_MD *md = EVP_sha1();
HMAC_CTX mac_ctx;
char salt[256], result[256], uu_salt[512], uu_result[512];
u_char salt[256], result[256];
char uu_salt[512], uu_result[512];
static char encoded[1024];
u_int i, len;
@ -130,7 +131,7 @@ host_hash(const char *host, const char *name_from_hostfile, u_int src_len)
}
HMAC_Init(&mac_ctx, salt, len, md);
HMAC_Update(&mac_ctx, host, strlen(host));
HMAC_Update(&mac_ctx, (u_char *)host, strlen(host));
HMAC_Final(&mac_ctx, result, NULL);
HMAC_cleanup(&mac_ctx);
@ -150,7 +151,7 @@ host_hash(const char *host, const char *name_from_hostfile, u_int src_len)
*/
int
hostfile_read_key(char **cpp, u_int *bitsp, Key *ret)
hostfile_read_key(char **cpp, int *bitsp, Key *ret)
{
char *cp;
@ -167,8 +168,10 @@ hostfile_read_key(char **cpp, u_int *bitsp, Key *ret)
/* Return results. */
*cpp = cp;
if (bitsp != NULL)
*bitsp = key_size(ret);
if (bitsp != NULL) {
if ((*bitsp = key_size(ret)) <= 0)
return 0;
}
return 1;
}
@ -324,16 +327,14 @@ free_hostkeys(struct hostkeys *hostkeys)
u_int i;
for (i = 0; i < hostkeys->num_entries; i++) {
xfree(hostkeys->entries[i].host);
xfree(hostkeys->entries[i].file);
free(hostkeys->entries[i].host);
free(hostkeys->entries[i].file);
key_free(hostkeys->entries[i].key);
bzero(hostkeys->entries + i, sizeof(*hostkeys->entries));
}
if (hostkeys->entries != NULL)
xfree(hostkeys->entries);
hostkeys->entries = NULL;
hostkeys->num_entries = 0;
xfree(hostkeys);
free(hostkeys->entries);
bzero(hostkeys, sizeof(*hostkeys));
free(hostkeys);
}
static int

4
crypto/external/bsd/openssh/dist/hostfile.h vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: hostfile.h,v 1.19 2010/11/29 23:45:51 djm Exp $ */
/* $OpenBSD: hostfile.h,v 1.20 2013/07/12 00:19:58 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -40,7 +40,7 @@ HostStatus check_key_in_hostkeys(struct hostkeys *, Key *,
int lookup_key_in_hostkeys_by_type(struct hostkeys *, int,
const struct hostkey_entry **);
int hostfile_read_key(char **, u_int *, Key *);
int hostfile_read_key(char **, int *, Key *);
int add_host_to_hostfile(const char *, const char *, const Key *, int);
#define HASH_MAGIC "|1|"

8
crypto/external/bsd/openssh/dist/jpake.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: jpake.c,v 1.7 2012/06/18 11:43:53 dtucker Exp $ */
/* $OpenBSD: jpake.c,v 1.8 2013/05/17 00:13:13 djm Exp $ */
/*
* Copyright (c) 2008 Damien Miller. All rights reserved.
*
@ -104,7 +104,7 @@ jpake_free(struct jpake_ctx *pctx)
do { \
if ((v) != NULL) { \
bzero((v), (l)); \
xfree(v); \
free(v); \
(v) = NULL; \
(l) = 0; \
} \
@ -132,7 +132,7 @@ jpake_free(struct jpake_ctx *pctx)
#undef JPAKE_BUF_CLEAR_FREE
bzero(pctx, sizeof(*pctx));
xfree(pctx);
free(pctx);
}
/* dump entire jpake_ctx. NB. includes private values! */
@ -443,7 +443,7 @@ jpake_check_confirm(const BIGNUM *k,
expected_confirm_hash_len) == 0)
success = 1;
bzero(expected_confirm_hash, expected_confirm_hash_len);
xfree(expected_confirm_hash);
free(expected_confirm_hash);
debug3("%s: success = %d", __func__, success);
return success;
}

98
crypto/external/bsd/openssh/dist/kex.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: kex.c,v 1.88 2013/01/08 18:49:04 markus Exp $ */
/* $OpenBSD: kex.c,v 1.91 2013/05/17 00:13:13 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
*
@ -51,6 +51,53 @@
static void kex_kexinit_finish(Kex *);
static void kex_choose_conf(Kex *);
struct kexalg {
char *name;
int type;
int ec_nid;
const EVP_MD *(*mdfunc)(void);
};
static const struct kexalg kexalgs[] = {
{ KEX_DH1, KEX_DH_GRP1_SHA1, 0, EVP_sha1 },
{ KEX_DH14, KEX_DH_GRP14_SHA1, 0, EVP_sha1 },
{ KEX_DHGEX_SHA1, KEX_DH_GEX_SHA1, 0, EVP_sha1 },
{ KEX_DHGEX_SHA256, KEX_DH_GEX_SHA256, 0, EVP_sha256 },
{ KEX_ECDH_SHA2_NISTP256, KEX_ECDH_SHA2, NID_X9_62_prime256v1, EVP_sha256 },
{ KEX_ECDH_SHA2_NISTP384, KEX_ECDH_SHA2, NID_secp384r1, EVP_sha384 },
{ KEX_ECDH_SHA2_NISTP521, KEX_ECDH_SHA2, NID_secp521r1, EVP_sha512 },
{ NULL, -1, -1, NULL},
};
char *
kex_alg_list(void)
{
char *ret = NULL;
size_t nlen, rlen = 0;
const struct kexalg *k;
for (k = kexalgs; k->name != NULL; k++) {
if (ret != NULL)
ret[rlen++] = '\n';
nlen = strlen(k->name);
ret = xrealloc(ret, 1, rlen + nlen + 2);
memcpy(ret + rlen, k->name, nlen + 1);
rlen += nlen;
}
return ret;
}
static const struct kexalg *
kex_alg_by_name(const char *name)
{
const struct kexalg *k;
for (k = kexalgs; k->name != NULL; k++) {
if (strcmp(k->name, name) == 0)
return k;
}
return NULL;
}
/* Validate KEX method name list */
int
kex_names_valid(const char *names)
@ -62,20 +109,14 @@ kex_names_valid(const char *names)
s = cp = xstrdup(names);
for ((p = strsep(&cp, ",")); p && *p != '\0';
(p = strsep(&cp, ","))) {
if (strcmp(p, KEX_DHGEX_SHA256) != 0 &&
strcmp(p, KEX_DHGEX_SHA1) != 0 &&
strcmp(p, KEX_DH14) != 0 &&
strcmp(p, KEX_DH1) != 0 &&
(strncmp(p, KEX_ECDH_SHA2_STEM,
sizeof(KEX_ECDH_SHA2_STEM) - 1) != 0 ||
kex_ecdh_name_to_nid(p) == -1)) {
if (kex_alg_by_name(p) == NULL) {
error("Unsupported KEX algorithm \"%.100s\"", p);
xfree(s);
free(s);
return 0;
}
}
debug3("kex names ok: [%s]", names);
xfree(s);
free(s);
return 1;
}
@ -135,8 +176,8 @@ kex_prop_free(char **proposal)
u_int i;
for (i = 0; i < PROPOSAL_MAX; i++)
xfree(proposal[i]);
xfree(proposal);
free(proposal[i]);
free(proposal);
}
/* ARGSUSED */
@ -173,7 +214,7 @@ kex_finish(Kex *kex)
buffer_clear(&kex->peer);
/* buffer_clear(&kex->my); */
kex->flags &= ~KEX_INIT_SENT;
xfree(kex->name);
free(kex->name);
kex->name = NULL;
}
@ -230,7 +271,7 @@ kex_input_kexinit(int type, u_int32_t seq, void *ctxt)
for (i = 0; i < KEX_COOKIE_LEN; i++)
packet_get_char();
for (i = 0; i < PROPOSAL_MAX; i++)
xfree(packet_get_string(NULL));
free(packet_get_string(NULL));
/*
* XXX RFC4253 sec 7: "each side MAY guess" - currently no supported
* KEX method has the server move first, but a server might be using
@ -337,27 +378,16 @@ choose_comp(Comp *comp, char *client, char *server)
static void
choose_kex(Kex *k, char *client, char *server)
{
const struct kexalg *kexalg;
k->name = match_list(client, server, NULL);
if (k->name == NULL)
fatal("Unable to negotiate a key exchange method");
if (strcmp(k->name, KEX_DH1) == 0) {
k->kex_type = KEX_DH_GRP1_SHA1;
k->evp_md = EVP_sha1();
} else if (strcmp(k->name, KEX_DH14) == 0) {
k->kex_type = KEX_DH_GRP14_SHA1;
k->evp_md = EVP_sha1();
} else if (strcmp(k->name, KEX_DHGEX_SHA1) == 0) {
k->kex_type = KEX_DH_GEX_SHA1;
k->evp_md = EVP_sha1();
} else if (strcmp(k->name, KEX_DHGEX_SHA256) == 0) {
k->kex_type = KEX_DH_GEX_SHA256;
k->evp_md = EVP_sha256();
} else if (strncmp(k->name, KEX_ECDH_SHA2_STEM,
sizeof(KEX_ECDH_SHA2_STEM) - 1) == 0) {
k->kex_type = KEX_ECDH_SHA2;
k->evp_md = kex_ecdh_name_to_evpmd(k->name);
} else
fatal("bad kex alg %s", k->name);
if ((kexalg = kex_alg_by_name(k->name)) == NULL)
fatal("unsupported kex alg %s", k->name);
k->kex_type = kexalg->type;
k->evp_md = kexalg->mdfunc();
k->ec_nid = kexalg->ec_nid;
}
static void
@ -369,7 +399,7 @@ choose_hostkeyalg(Kex *k, char *client, char *server)
k->hostkey_type = key_type_from_name(hostkeyalg);
if (k->hostkey_type == KEY_UNSPEC)
fatal("bad hostkey alg '%s'", hostkeyalg);
xfree(hostkeyalg);
free(hostkeyalg);
}
static int
@ -423,7 +453,7 @@ kex_choose_conf(Kex *kex)
roaming = match_list(KEX_RESUME, peer[PROPOSAL_KEX_ALGS], NULL);
if (roaming) {
kex->roaming = 1;
xfree(roaming);
free(roaming);
}
}

15
crypto/external/bsd/openssh/dist/kex.h vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: kex.h,v 1.54 2013/01/08 18:49:04 markus Exp $ */
/* $OpenBSD: kex.h,v 1.56 2013/07/19 07:37:48 markus Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@ -37,8 +37,9 @@
#define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1"
#define KEX_DHGEX_SHA256 "diffie-hellman-group-exchange-sha256"
#define KEX_RESUME "resume@appgate.com"
/* The following represents the family of ECDH methods */
#define KEX_ECDH_SHA2_STEM "ecdh-sha2-"
#define KEX_ECDH_SHA2_NISTP256 "ecdh-sha2-nistp256"
#define KEX_ECDH_SHA2_NISTP384 "ecdh-sha2-nistp384"
#define KEX_ECDH_SHA2_NISTP521 "ecdh-sha2-nistp521"
#define COMP_NONE 0
#define COMP_ZLIB 1
@ -83,7 +84,7 @@ typedef struct Newkeys Newkeys;
struct Enc {
char *name;
Cipher *cipher;
const Cipher *cipher;
int enabled;
u_int key_len;
u_int iv_len;
@ -128,16 +129,19 @@ struct Kex {
sig_atomic_t done;
int flags;
const EVP_MD *evp_md;
int ec_nid;
char *client_version_string;
char *server_version_string;
int (*verify_host_key)(Key *);
Key *(*load_host_public_key)(int);
Key *(*load_host_private_key)(int);
int (*host_key_index)(Key *);
void (*sign)(Key *, Key *, u_char **, u_int *, u_char *, u_int);
void (*kex[KEX_MAX])(Kex *);
};
int kex_names_valid(const char *);
char *kex_alg_list(void);
Kex *kex_setup(char *[PROPOSAL_MAX]);
void kex_finish(Kex *);
@ -167,9 +171,6 @@ kex_ecdh_hash(const EVP_MD *, const EC_GROUP *, char *, char *, char *, int,
char *, int, u_char *, int, const EC_POINT *, const EC_POINT *,
const BIGNUM *, u_char **, u_int *);
int kex_ecdh_name_to_nid(const char *);
const EVP_MD *kex_ecdh_name_to_evpmd(const char *);
void
derive_ssh1_session_id(BIGNUM *, BIGNUM *, u_int8_t[8], u_int8_t[16]);

8
crypto/external/bsd/openssh/dist/kexdhc.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: kexdhc.c,v 1.12 2010/11/10 01:33:07 djm Exp $ */
/* $OpenBSD: kexdhc.c,v 1.13 2013/05/17 00:13:13 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
@ -122,7 +122,7 @@ kexdh_client(Kex *kex)
if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
fatal("kexdh_client: BN_bin2bn failed");
memset(kbuf, 0, klen);
xfree(kbuf);
free(kbuf);
/* calc and verify H */
kex_dh_hash(
@ -136,14 +136,14 @@ kexdh_client(Kex *kex)
shared_secret,
&hash, &hashlen
);
xfree(server_host_key_blob);
free(server_host_key_blob);
BN_clear_free(dh_server_pub);
DH_free(dh);
if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1)
fatal("key_verify failed for server_host_key");
key_free(server_host_key);
xfree(signature);
free(signature);
/* save session id */
if (kex->session_id == NULL) {

16
crypto/external/bsd/openssh/dist/kexdhs.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: kexdhs.c,v 1.12 2010/11/10 01:33:07 djm Exp $ */
/* $OpenBSD: kexdhs.c,v 1.14 2013/07/19 07:37:48 markus Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
@ -77,9 +77,6 @@ kexdh_server(Kex *kex)
if (server_host_public == NULL)
fatal("Unsupported hostkey type %d", kex->hostkey_type);
server_host_private = kex->load_host_private_key(kex->hostkey_type);
if (server_host_private == NULL)
fatal("Missing private key for hostkey type %d",
kex->hostkey_type);
/* key, cert */
if ((dh_client_pub = BN_new()) == NULL)
@ -115,7 +112,7 @@ kexdh_server(Kex *kex)
if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
fatal("kexdh_server: BN_bin2bn failed");
memset(kbuf, 0, klen);
xfree(kbuf);
free(kbuf);
key_to_blob(server_host_public, &server_host_key_blob, &sbloblen);
@ -141,9 +138,8 @@ kexdh_server(Kex *kex)
}
/* sign H */
if (PRIVSEP(key_sign(server_host_private, &signature, &slen, hash,
hashlen)) < 0)
fatal("kexdh_server: key_sign failed");
kex->sign(server_host_private, server_host_public, &signature, &slen,
hash, hashlen);
/* destroy_sensitive_data(); */
@ -154,8 +150,8 @@ kexdh_server(Kex *kex)
packet_put_string(signature, slen);
packet_send();
xfree(signature);
xfree(server_host_key_blob);
free(signature);
free(server_host_key_blob);
/* have keys, free DH */
DH_free(dh);

20
crypto/external/bsd/openssh/dist/kexecdh.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: kexecdh.c,v 1.3 2010/09/22 05:01:29 djm Exp $ */
/* $OpenBSD: kexecdh.c,v 1.4 2013/04/19 01:06:50 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2010 Damien Miller. All rights reserved.
@ -41,24 +41,6 @@
#include "kex.h"
#include "log.h"
int
kex_ecdh_name_to_nid(const char *kexname)
{
if (strlen(kexname) < sizeof(KEX_ECDH_SHA2_STEM) - 1)
fatal("%s: kexname too short \"%s\"", __func__, kexname);
return key_curve_name_to_nid(kexname + sizeof(KEX_ECDH_SHA2_STEM) - 1);
}
const EVP_MD *
kex_ecdh_name_to_evpmd(const char *kexname)
{
int nid = kex_ecdh_name_to_nid(kexname);
if (nid == -1)
fatal("%s: unsupported ECDH curve \"%s\"", __func__, kexname);
return key_ec_nid_to_evpmd(nid);
}
void
kex_ecdh_hash(
const EVP_MD *evp_md,

13
crypto/external/bsd/openssh/dist/kexecdhc.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: kexecdhc.c,v 1.2 2010/09/22 05:01:29 djm Exp $ */
/* $OpenBSD: kexecdhc.c,v 1.4 2013/05/17 00:13:13 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2010 Damien Miller. All rights reserved.
@ -53,11 +53,8 @@ kexecdh_client(Kex *kex)
u_char *server_host_key_blob = NULL, *signature = NULL;
u_char *kbuf, *hash;
u_int klen, slen, sbloblen, hashlen;
int curve_nid;
if ((curve_nid = kex_ecdh_name_to_nid(kex->name)) == -1)
fatal("%s: unsupported ECDH curve \"%s\"", __func__, kex->name);
if ((client_key = EC_KEY_new_by_curve_name(curve_nid)) == NULL)
if ((client_key = EC_KEY_new_by_curve_name(kex->ec_nid)) == NULL)
fatal("%s: EC_KEY_new_by_curve_name failed", __func__);
if (EC_KEY_generate_key(client_key) != 1)
fatal("%s: EC_KEY_generate_key failed", __func__);
@ -119,7 +116,7 @@ kexecdh_client(Kex *kex)
if (BN_bin2bn(kbuf, klen, shared_secret) == NULL)
fatal("%s: BN_bin2bn failed", __func__);
memset(kbuf, 0, klen);
xfree(kbuf);
free(kbuf);
/* calc and verify H */
kex_ecdh_hash(
@ -135,14 +132,14 @@ kexecdh_client(Kex *kex)
shared_secret,
&hash, &hashlen
);
xfree(server_host_key_blob);
free(server_host_key_blob);
EC_POINT_clear_free(server_public);
EC_KEY_free(client_key);
if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1)
fatal("key_verify failed for server_host_key");
key_free(server_host_key);
xfree(signature);
free(signature);
/* save session id */
if (kex->session_id == NULL) {

21
crypto/external/bsd/openssh/dist/kexecdhs.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: kexecdhs.c,v 1.2 2010/09/22 05:01:29 djm Exp $ */
/* $OpenBSD: kexecdhs.c,v 1.5 2013/07/19 07:37:48 markus Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2010 Damien Miller. All rights reserved.
@ -55,11 +55,8 @@ kexecdh_server(Kex *kex)
u_char *server_host_key_blob = NULL, *signature = NULL;
u_char *kbuf, *hash;
u_int klen, slen, sbloblen, hashlen;
int curve_nid;
if ((curve_nid = kex_ecdh_name_to_nid(kex->name)) == -1)
fatal("%s: unsupported ECDH curve \"%s\"", __func__, kex->name);
if ((server_key = EC_KEY_new_by_curve_name(curve_nid)) == NULL)
if ((server_key = EC_KEY_new_by_curve_name(kex->ec_nid)) == NULL)
fatal("%s: EC_KEY_new_by_curve_name failed", __func__);
if (EC_KEY_generate_key(server_key) != 1)
fatal("%s: EC_KEY_generate_key failed", __func__);
@ -77,9 +74,6 @@ kexecdh_server(Kex *kex)
if (server_host_public == NULL)
fatal("Unsupported hostkey type %d", kex->hostkey_type);
server_host_private = kex->load_host_private_key(kex->hostkey_type);
if (server_host_private == NULL)
fatal("Missing private key for hostkey type %d",
kex->hostkey_type);
debug("expecting SSH2_MSG_KEX_ECDH_INIT");
packet_read_expect(SSH2_MSG_KEX_ECDH_INIT);
@ -111,7 +105,7 @@ kexecdh_server(Kex *kex)
if (BN_bin2bn(kbuf, klen, shared_secret) == NULL)
fatal("%s: BN_bin2bn failed", __func__);
memset(kbuf, 0, klen);
xfree(kbuf);
free(kbuf);
/* calc H */
key_to_blob(server_host_public, &server_host_key_blob, &sbloblen);
@ -138,9 +132,8 @@ kexecdh_server(Kex *kex)
}
/* sign H */
if (PRIVSEP(key_sign(server_host_private, &signature, &slen,
hash, hashlen)) < 0)
fatal("kexdh_server: key_sign failed");
kex->sign(server_host_private, server_host_public, &signature, &slen,
hash, hashlen);
/* destroy_sensitive_data(); */
@ -151,8 +144,8 @@ kexecdh_server(Kex *kex)
packet_put_string(signature, slen);
packet_send();
xfree(signature);
xfree(server_host_key_blob);
free(signature);
free(server_host_key_blob);
/* have keys, free server key */
EC_KEY_free(server_key);

8
crypto/external/bsd/openssh/dist/kexgexc.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: kexgexc.c,v 1.12 2010/11/10 01:33:07 djm Exp $ */
/* $OpenBSD: kexgexc.c,v 1.13 2013/05/17 00:13:13 djm Exp $ */
/*
* Copyright (c) 2000 Niels Provos. All rights reserved.
* Copyright (c) 2001 Markus Friedl. All rights reserved.
@ -160,7 +160,7 @@ kexgex_client(Kex *kex)
if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
fatal("kexgex_client: BN_bin2bn failed");
memset(kbuf, 0, klen);
xfree(kbuf);
free(kbuf);
if (datafellows & SSH_OLD_DHGEX)
min = max = -1;
@ -183,13 +183,13 @@ kexgex_client(Kex *kex)
/* have keys, free DH */
DH_free(dh);
xfree(server_host_key_blob);
free(server_host_key_blob);
BN_clear_free(dh_server_pub);
if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1)
fatal("key_verify failed for server_host_key");
key_free(server_host_key);
xfree(signature);
free(signature);
/* save session id */
if (kex->session_id == NULL) {

17
crypto/external/bsd/openssh/dist/kexgexs.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: kexgexs.c,v 1.14 2010/11/10 01:33:07 djm Exp $ */
/* $OpenBSD: kexgexs.c,v 1.16 2013/07/19 07:37:48 markus Exp $ */
/*
* Copyright (c) 2000 Niels Provos. All rights reserved.
* Copyright (c) 2001 Markus Friedl. All rights reserved.
@ -65,10 +65,6 @@ kexgex_server(Kex *kex)
if (server_host_public == NULL)
fatal("Unsupported hostkey type %d", kex->hostkey_type);
server_host_private = kex->load_host_private_key(kex->hostkey_type);
if (server_host_private == NULL)
fatal("Missing private key for hostkey type %d",
kex->hostkey_type);
type = packet_read();
switch (type) {
@ -152,7 +148,7 @@ kexgex_server(Kex *kex)
if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
fatal("kexgex_server: BN_bin2bn failed");
memset(kbuf, 0, klen);
xfree(kbuf);
free(kbuf);
key_to_blob(server_host_public, &server_host_key_blob, &sbloblen);
@ -184,9 +180,8 @@ kexgex_server(Kex *kex)
}
/* sign H */
if (PRIVSEP(key_sign(server_host_private, &signature, &slen, hash,
hashlen)) < 0)
fatal("kexgex_server: key_sign failed");
kex->sign(server_host_private, server_host_public, &signature, &slen,
hash, hashlen);
/* destroy_sensitive_data(); */
@ -198,8 +193,8 @@ kexgex_server(Kex *kex)
packet_put_string(signature, slen);
packet_send();
xfree(signature);
xfree(server_host_key_blob);
free(signature);
free(server_host_key_blob);
/* have keys, free DH */
DH_free(dh);

269
crypto/external/bsd/openssh/dist/key.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: key.c,v 1.100 2013/01/17 23:00:01 djm Exp $ */
/* $OpenBSD: key.c,v 1.104 2013/05/19 02:42:42 djm Exp $ */
/*
* read_bignum():
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -181,14 +181,13 @@ cert_free(struct KeyCert *cert)
buffer_free(&cert->certblob);
buffer_free(&cert->critical);
buffer_free(&cert->extensions);
if (cert->key_id != NULL)
xfree(cert->key_id);
free(cert->key_id);
for (i = 0; i < cert->nprincipals; i++)
xfree(cert->principals[i]);
if (cert->principals != NULL)
xfree(cert->principals);
free(cert->principals[i]);
free(cert->principals);
if (cert->signature_key != NULL)
key_free(cert->signature_key);
free(cert);
}
void
@ -230,7 +229,7 @@ key_free(Key *k)
k->cert = NULL;
}
xfree(k);
free(k);
}
static int
@ -374,7 +373,7 @@ key_fingerprint_raw(const Key *k, enum fp_type dgst_type,
EVP_DigestUpdate(&ctx, blob, len);
EVP_DigestFinal(&ctx, retval, dgst_raw_length);
memset(blob, 0, len);
xfree(blob);
free(blob);
} else {
fatal("key_fingerprint_raw: blob is null");
}
@ -556,7 +555,7 @@ key_fingerprint_randomart(u_char *dgst_raw, u_int dgst_raw_len, const Key *k)
}
char *
key_fingerprint(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep)
key_fingerprint(const Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep)
{
char *retval = NULL;
u_char *dgst_raw;
@ -581,7 +580,7 @@ key_fingerprint(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep)
break;
}
memset(dgst_raw, 0, dgst_raw_len);
xfree(dgst_raw);
free(dgst_raw);
return retval;
}
@ -721,11 +720,11 @@ key_read(Key *ret, char **cpp)
n = uudecode(cp, blob, len);
if (n < 0) {
error("key_read: uudecode %s failed", cp);
xfree(blob);
free(blob);
return -1;
}
k = key_from_blob(blob, (u_int)n);
xfree(blob);
free(blob);
if (k == NULL) {
error("key_read: key_from_blob %s failed", cp);
return -1;
@ -860,38 +859,12 @@ key_write(const Key *key, FILE *f)
fprintf(f, "%s %s", key_ssh_name(key), uu);
success = 1;
}
xfree(blob);
xfree(uu);
free(blob);
free(uu);
return success;
}
const char *
key_type(const Key *k)
{
switch (k->type) {
case KEY_RSA1:
return "RSA1";
case KEY_RSA:
return "RSA";
case KEY_DSA:
return "DSA";
case KEY_ECDSA:
return "ECDSA";
case KEY_RSA_CERT_V00:
return "RSA-CERT-V00";
case KEY_DSA_CERT_V00:
return "DSA-CERT-V00";
case KEY_RSA_CERT:
return "RSA-CERT";
case KEY_DSA_CERT:
return "DSA-CERT";
case KEY_ECDSA_CERT:
return "ECDSA-CERT";
}
return "unknown";
}
const char *
key_cert_type(const Key *k)
{
@ -905,46 +878,55 @@ key_cert_type(const Key *k)
}
}
struct keytype {
char *name;
char *shortname;
int type;
int nid;
int cert;
};
static const struct keytype keytypes[] = {
{ NULL, "RSA1", KEY_RSA1, 0, 0 },
{ "ssh-rsa", "RSA", KEY_RSA, 0, 0 },
{ "ssh-dss", "DSA", KEY_DSA, 0, 0 },
{ "ecdsa-sha2-nistp256", "ECDSA", KEY_ECDSA, NID_X9_62_prime256v1, 0 },
{ "ecdsa-sha2-nistp384", "ECDSA", KEY_ECDSA, NID_secp384r1, 0 },
{ "ecdsa-sha2-nistp521", "ECDSA", KEY_ECDSA, NID_secp521r1, 0 },
{ "ssh-rsa-cert-v01@openssh.com", "RSA-CERT", KEY_RSA_CERT, 0, 1 },
{ "ssh-dss-cert-v01@openssh.com", "DSA-CERT", KEY_DSA_CERT, 0, 1 },
{ "ecdsa-sha2-nistp256-cert-v01@openssh.com", "ECDSA-CERT",
KEY_ECDSA_CERT, NID_X9_62_prime256v1, 1 },
{ "ecdsa-sha2-nistp384-cert-v01@openssh.com", "ECDSA-CERT",
KEY_ECDSA_CERT, NID_secp384r1, 1 },
{ "ecdsa-sha2-nistp521-cert-v01@openssh.com", "ECDSA-CERT",
KEY_ECDSA_CERT, NID_secp521r1, 1 },
{ "ssh-rsa-cert-v00@openssh.com", "RSA-CERT-V00",
KEY_RSA_CERT_V00, 0, 1 },
{ "ssh-dss-cert-v00@openssh.com", "DSA-CERT-V00",
KEY_DSA_CERT_V00, 0, 1 },
{ NULL, NULL, -1, -1, 0 }
};
const char *
key_type(const Key *k)
{
const struct keytype *kt;
for (kt = keytypes; kt->type != -1; kt++) {
if (kt->type == k->type)
return kt->shortname;
}
return "unknown";
}
static const char *
key_ssh_name_from_type_nid(int type, int nid)
{
switch (type) {
case KEY_RSA:
return "ssh-rsa";
case KEY_DSA:
return "ssh-dss";
case KEY_RSA_CERT_V00:
return "ssh-rsa-cert-v00@openssh.com";
case KEY_DSA_CERT_V00:
return "ssh-dss-cert-v00@openssh.com";
case KEY_RSA_CERT:
return "ssh-rsa-cert-v01@openssh.com";
case KEY_DSA_CERT:
return "ssh-dss-cert-v01@openssh.com";
case KEY_ECDSA:
switch (nid) {
case NID_X9_62_prime256v1:
return "ecdsa-sha2-nistp256";
case NID_secp384r1:
return "ecdsa-sha2-nistp384";
case NID_secp521r1:
return "ecdsa-sha2-nistp521";
default:
break;
}
break;
case KEY_ECDSA_CERT:
switch (nid) {
case NID_X9_62_prime256v1:
return "ecdsa-sha2-nistp256-cert-v01@openssh.com";
case NID_secp384r1:
return "ecdsa-sha2-nistp384-cert-v01@openssh.com";
case NID_secp521r1:
return "ecdsa-sha2-nistp521-cert-v01@openssh.com";
default:
break;
}
break;
const struct keytype *kt;
for (kt = keytypes; kt->type != -1; kt++) {
if (kt->type == type && (kt->nid == 0 || kt->nid == nid))
return kt->name;
}
return "ssh-unknown";
}
@ -962,6 +944,56 @@ key_ssh_name_plain(const Key *k)
k->ecdsa_nid);
}
int
key_type_from_name(char *name)
{
const struct keytype *kt;
for (kt = keytypes; kt->type != -1; kt++) {
/* Only allow shortname matches for plain key types */
if ((kt->name != NULL && strcmp(name, kt->name) == 0) ||
(!kt->cert && strcasecmp(kt->shortname, name) == 0))
return kt->type;
}
debug2("key_type_from_name: unknown key type '%s'", name);
return KEY_UNSPEC;
}
int
key_ecdsa_nid_from_name(const char *name)
{
const struct keytype *kt;
for (kt = keytypes; kt->type != -1; kt++) {
if (kt->type != KEY_ECDSA && kt->type != KEY_ECDSA_CERT)
continue;
if (kt->name != NULL && strcmp(name, kt->name) == 0)
return kt->nid;
}
debug2("%s: unknown/non-ECDSA key type '%s'", __func__, name);
return -1;
}
char *
key_alg_list(void)
{
char *ret = NULL;
size_t nlen, rlen = 0;
const struct keytype *kt;
for (kt = keytypes; kt->type != -1; kt++) {
if (kt->name == NULL)
continue;
if (ret != NULL)
ret[rlen++] = '\n';
nlen = strlen(kt->name);
ret = xrealloc(ret, 1, rlen + nlen + 2);
memcpy(ret + rlen, kt->name, nlen + 1);
rlen += nlen;
}
return ret;
}
u_int
key_size(const Key *k)
{
@ -1206,58 +1238,6 @@ key_from_private(const Key *k)
return n;
}
int
key_type_from_name(char *name)
{
if (strcmp(name, "rsa1") == 0) {
return KEY_RSA1;
} else if (strcmp(name, "rsa") == 0) {
return KEY_RSA;
} else if (strcmp(name, "dsa") == 0) {
return KEY_DSA;
} else if (strcmp(name, "ssh-rsa") == 0) {
return KEY_RSA;
} else if (strcmp(name, "ssh-dss") == 0) {
return KEY_DSA;
} else if (strcmp(name, "ecdsa") == 0 ||
strcmp(name, "ecdsa-sha2-nistp256") == 0 ||
strcmp(name, "ecdsa-sha2-nistp384") == 0 ||
strcmp(name, "ecdsa-sha2-nistp521") == 0) {
return KEY_ECDSA;
} else if (strcmp(name, "ssh-rsa-cert-v00@openssh.com") == 0) {
return KEY_RSA_CERT_V00;
} else if (strcmp(name, "ssh-dss-cert-v00@openssh.com") == 0) {
return KEY_DSA_CERT_V00;
} else if (strcmp(name, "ssh-rsa-cert-v01@openssh.com") == 0) {
return KEY_RSA_CERT;
} else if (strcmp(name, "ssh-dss-cert-v01@openssh.com") == 0) {
return KEY_DSA_CERT;
} else if (strcmp(name, "ecdsa-sha2-nistp256-cert-v01@openssh.com") == 0 ||
strcmp(name, "ecdsa-sha2-nistp384-cert-v01@openssh.com") == 0 ||
strcmp(name, "ecdsa-sha2-nistp521-cert-v01@openssh.com") == 0)
return KEY_ECDSA_CERT;
debug2("key_type_from_name: unknown key type '%s'", name);
return KEY_UNSPEC;
}
int
key_ecdsa_nid_from_name(const char *name)
{
if (strcmp(name, "ecdsa-sha2-nistp256") == 0 ||
strcmp(name, "ecdsa-sha2-nistp256-cert-v01@openssh.com") == 0)
return NID_X9_62_prime256v1;
if (strcmp(name, "ecdsa-sha2-nistp384") == 0 ||
strcmp(name, "ecdsa-sha2-nistp384-cert-v01@openssh.com") == 0)
return NID_secp384r1;
if (strcmp(name, "ecdsa-sha2-nistp521") == 0 ||
strcmp(name, "ecdsa-sha2-nistp521-cert-v01@openssh.com") == 0)
return NID_secp521r1;
debug2("%s: unknown/non-ECDSA key type '%s'", __func__, name);
return -1;
}
int
key_names_valid2(const char *names)
{
@ -1271,12 +1251,12 @@ key_names_valid2(const char *names)
switch (key_type_from_name(p)) {
case KEY_RSA1:
case KEY_UNSPEC:
xfree(s);
free(s);
return 0;
}
}
debug3("key names ok: [%s]", names);
xfree(s);
free(s);
return 1;
}
@ -1398,16 +1378,11 @@ cert_parse(Buffer *b, Key *key, const u_char *blob, u_int blen)
out:
buffer_free(&tmp);
if (principals != NULL)
xfree(principals);
if (critical != NULL)
xfree(critical);
if (exts != NULL)
xfree(exts);
if (sig_key != NULL)
xfree(sig_key);
if (sig != NULL)
xfree(sig);
free(principals);
free(critical);
free(exts);
free(sig_key);
free(sig);
return ret;
}
@ -1520,10 +1495,8 @@ key_from_blob(const u_char *blob, u_int blen)
if (key != NULL && rlen != 0)
error("key_from_blob: remaining bytes in key blob %d", rlen);
out:
if (ktype != NULL)
xfree(ktype);
if (curve != NULL)
xfree(curve);
free(ktype);
free(curve);
if (q != NULL)
EC_POINT_free(q);
buffer_free(&b);
@ -1861,7 +1834,7 @@ key_certify(Key *k, Key *ca)
default:
error("%s: key has incorrect type %s", __func__, key_type(k));
buffer_clear(&k->cert->certblob);
xfree(ca_blob);
free(ca_blob);
return -1;
}
@ -1897,7 +1870,7 @@ key_certify(Key *k, Key *ca)
buffer_put_string(&k->cert->certblob, NULL, 0); /* reserved */
buffer_put_string(&k->cert->certblob, ca_blob, ca_len);
xfree(ca_blob);
free(ca_blob);
/* Sign the whole mess */
if (key_sign(ca, &sig_blob, &sig_len, buffer_ptr(&k->cert->certblob),
@ -1908,7 +1881,7 @@ key_certify(Key *k, Key *ca)
}
/* Append signature and we are done */
buffer_put_string(&k->cert->certblob, sig_blob, sig_len);
xfree(sig_blob);
free(sig_blob);
return 0;
}

9
crypto/external/bsd/openssh/dist/key.h vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: key.h,v 1.35 2013/01/17 23:00:01 djm Exp $ */
/* $OpenBSD: key.h,v 1.37 2013/05/19 02:42:42 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@ -89,7 +89,7 @@ void key_free(Key *);
Key *key_demote(const Key *);
int key_equal_public(const Key *, const Key *);
int key_equal(const Key *, const Key *);
char *key_fingerprint(Key *, enum fp_type, enum fp_rep);
char *key_fingerprint(const Key *, enum fp_type, enum fp_rep);
u_char *key_fingerprint_raw(const Key *, enum fp_type, u_int *);
const char *key_type(const Key *);
const char *key_cert_type(const Key *);
@ -112,13 +112,14 @@ int key_cert_is_legacy(const Key *);
int key_ecdsa_nid_from_name(const char *);
int key_curve_name_to_nid(const char *);
const char * key_curve_nid_to_name(int);
const char *key_curve_nid_to_name(int);
u_int key_curve_nid_to_bits(int);
int key_ecdsa_bits_to_nid(int);
int key_ecdsa_key_to_nid(EC_KEY *);
const EVP_MD * key_ec_nid_to_evpmd(int nid);
const EVP_MD *key_ec_nid_to_evpmd(int nid);
int key_ec_validate_public(const EC_GROUP *, const EC_POINT *);
int key_ec_validate_private(const EC_KEY *);
char *key_alg_list(void);
Key *key_from_blob(const u_char *, u_int);
int key_to_blob(const Key *, u_char **, u_int *);

37
crypto/external/bsd/openssh/dist/krl.c vendored
View File

@ -14,7 +14,7 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $OpenBSD: krl.c,v 1.9 2013/01/27 10:06:12 djm Exp $ */
/* $OpenBSD: krl.c,v 1.13 2013/07/20 22:20:42 djm Exp $ */
#include <sys/types.h>
#include <sys/param.h>
@ -31,7 +31,6 @@
#include "buffer.h"
#include "key.h"
#include "authfile.h"
#include "err.h"
#include "misc.h"
#include "log.h"
#include "xmalloc.h"
@ -501,8 +500,11 @@ choose_next_state(int current_state, u_int64_t contig, int final,
}
debug3("%s: contig %llu last_gap %llu next_gap %llu final %d, costs:"
"list %llu range %llu bitmap %llu new bitmap %llu, "
"selected 0x%02x%s", __func__, contig, last_gap, next_gap, final,
cost_list, cost_range, cost_bitmap, cost_bitmap_restart, new_state,
"selected 0x%02x%s", __func__, (long long unsigned)contig,
(long long unsigned)last_gap, (long long unsigned)next_gap, final,
(long long unsigned)cost_list, (long long unsigned)cost_range,
(long long unsigned)cost_bitmap,
(long long unsigned)cost_bitmap_restart, new_state,
*force_new_section ? " restart" : "");
return new_state;
}
@ -538,7 +540,8 @@ revoked_certs_generate(struct revoked_certs *rc, Buffer *buf)
rs != NULL;
rs = RB_NEXT(revoked_serial_tree, &rc->revoked_serials, rs)) {
debug3("%s: serial %llu:%llu state 0x%02x", __func__,
rs->lo, rs->hi, state);
(long long unsigned)rs->lo, (long long unsigned)rs->hi,
state);
/* Check contiguous length and gap to next section (if any) */
nrs = RB_NEXT(revoked_serial_tree, &rc->revoked_serials, rs);
@ -882,9 +885,10 @@ ssh_krl_from_blob(Buffer *buf, struct ssh_krl **krlp,
char timestamp[64];
int ret = -1, r, sig_seen;
Key *key = NULL, **ca_used = NULL;
u_char type, *blob;
u_int i, j, sig_off, sects_off, blen, format_version, nca_used = 0;
u_char type, *blob, *rdata = NULL;
u_int i, j, sig_off, sects_off, rlen, blen, format_version, nca_used;
nca_used = 0;
*krlp = NULL;
if (buffer_len(buf) < sizeof(KRL_MAGIC) - 1 ||
memcmp(buffer_ptr(buf), KRL_MAGIC, sizeof(KRL_MAGIC) - 1) != 0) {
@ -927,8 +931,9 @@ ssh_krl_from_blob(Buffer *buf, struct ssh_krl **krlp,
}
format_timestamp(krl->generated_date, timestamp, sizeof(timestamp));
debug("KRL version %llu generated at %s%s%s", krl->krl_version,
timestamp, *krl->comment ? ": " : "", krl->comment);
debug("KRL version %llu generated at %s%s%s",
(long long unsigned)krl->krl_version, timestamp,
*krl->comment ? ": " : "", krl->comment);
/*
* 1st pass: verify signatures, if any. This is done to avoid
@ -966,7 +971,7 @@ ssh_krl_from_blob(Buffer *buf, struct ssh_krl **krlp,
}
/* Check signature over entire KRL up to this point */
if (key_verify(key, blob, blen,
buffer_ptr(buf), buffer_len(buf) - sig_off) == -1) {
buffer_ptr(buf), buffer_len(buf) - sig_off) != 1) {
error("bad signaure on KRL");
goto out;
}
@ -1009,21 +1014,22 @@ ssh_krl_from_blob(Buffer *buf, struct ssh_krl **krlp,
case KRL_SECTION_EXPLICIT_KEY:
case KRL_SECTION_FINGERPRINT_SHA1:
while (buffer_len(&sect) > 0) {
if ((blob = buffer_get_string_ret(&sect,
&blen)) == NULL) {
if ((rdata = buffer_get_string_ret(&sect,
&rlen)) == NULL) {
error("%s: buffer error", __func__);
goto out;
}
if (type == KRL_SECTION_FINGERPRINT_SHA1 &&
blen != 20) {
rlen != 20) {
error("%s: bad SHA1 length", __func__);
goto out;
}
if (revoke_blob(
type == KRL_SECTION_EXPLICIT_KEY ?
&krl->revoked_keys : &krl->revoked_sha1s,
blob, blen) != 0)
goto out; /* revoke_blob frees blob */
rdata, rlen) != 0)
goto out;
rdata = NULL; /* revoke_blob frees blob */
}
break;
case KRL_SECTION_SIGNATURE:
@ -1089,6 +1095,7 @@ ssh_krl_from_blob(Buffer *buf, struct ssh_krl **krlp,
key_free(ca_used[i]);
}
free(ca_used);
free(rdata);
if (key != NULL)
key_free(key);
buffer_free(&copy);

20
crypto/external/bsd/openssh/dist/log.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: log.c,v 1.43 2012/09/06 04:37:39 dtucker Exp $ */
/* $OpenBSD: log.c,v 1.45 2013/05/16 09:08:41 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -36,6 +36,7 @@
#include <sys/types.h>
#include <fcntl.h>
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
@ -50,6 +51,7 @@
static LogLevel log_level = SYSLOG_LEVEL_INFO;
static int log_on_stderr = 1;
static int log_stderr_fd = STDERR_FILENO;
static int log_facility = LOG_AUTH;
static char *argv0;
static log_handler_fn *log_handler;
@ -310,6 +312,20 @@ log_is_on_stderr(void)
return log_on_stderr;
}
/* redirect what would usually get written to stderr to specified file */
void
log_redirect_stderr_to(const char *logfile)
{
int fd;
if ((fd = open(logfile, O_WRONLY|O_CREAT|O_APPEND, 0600)) == -1) {
fprintf(stderr, "Couldn't open logfile %s: %s\n", logfile,
strerror(errno));
exit(1);
}
log_stderr_fd = fd;
}
#define MSGBUFSIZ 1024
void
@ -392,7 +408,7 @@ do_log(LogLevel level, const char *fmt, va_list args)
log_handler = tmp_handler;
} else if (log_on_stderr) {
snprintf(msgbuf, sizeof msgbuf, "%s\r\n", fmtbuf);
write(STDERR_FILENO, msgbuf, strlen(msgbuf));
(void)write(log_stderr_fd, msgbuf, strlen(msgbuf));
} else {
openlog_r(argv0 ? argv0 : __progname, LOG_PID, log_facility, &sdata);
syslog_r(pri, &sdata, "%.500s", fmtbuf);

3
crypto/external/bsd/openssh/dist/log.h vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: log.h,v 1.19 2012/09/06 04:37:39 dtucker Exp $ */
/* $OpenBSD: log.h,v 1.20 2013/04/07 02:10:33 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -48,6 +48,7 @@ typedef void (log_handler_fn)(LogLevel, const char *, void *);
void log_init(char *, LogLevel, SyslogFacility, int);
void log_change_level(LogLevel);
int log_is_on_stderr(void);
void log_redirect_stderr_to(const char *);
SyslogFacility log_facility_number(char *);
const char * log_facility_name(SyslogFacility);

81
crypto/external/bsd/openssh/dist/mac.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: mac.c,v 1.21 2012/12/11 22:51:45 sthen Exp $ */
/* $OpenBSD: mac.c,v 1.24 2013/06/03 00:03:18 dtucker Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
@ -45,7 +45,7 @@
#define SSH_UMAC 2 /* UMAC (not integrated with OpenSSL) */
#define SSH_UMAC128 3
struct {
struct macalg {
char *name;
int type;
const EVP_MD * (*mdfunc)(void);
@ -53,7 +53,9 @@ struct {
int key_len; /* just for UMAC */
int len; /* just for UMAC */
int etm; /* Encrypt-then-MAC */
} macs[] = {
};
static const struct macalg macs[] = {
/* Encrypt-and-MAC (encrypt-and-authenticate) variants */
{ "hmac-sha1", SSH_EVP, EVP_sha1, 0, 0, 0, 0 },
{ "hmac-sha1-96", SSH_EVP, EVP_sha1, 96, 0, 0, 0 },
@ -80,38 +82,58 @@ struct {
{ NULL, 0, NULL, 0, 0, 0, 0 }
};
/* Returns a comma-separated list of supported MACs. */
char *
mac_alg_list(void)
{
char *ret = NULL;
size_t nlen, rlen = 0;
const struct macalg *m;
for (m = macs; m->name != NULL; m++) {
if (ret != NULL)
ret[rlen++] = '\n';
nlen = strlen(m->name);
ret = xrealloc(ret, 1, rlen + nlen + 2);
memcpy(ret + rlen, m->name, nlen + 1);
rlen += nlen;
}
return ret;
}
static void
mac_setup_by_id(Mac *mac, int which)
mac_setup_by_alg(Mac *mac, const struct macalg *macalg)
{
int evp_len;
mac->type = macs[which].type;
mac->type = macalg->type;
if (mac->type == SSH_EVP) {
mac->evp_md = (*macs[which].mdfunc)();
mac->evp_md = macalg->mdfunc();
if ((evp_len = EVP_MD_size(mac->evp_md)) <= 0)
fatal("mac %s len %d", mac->name, evp_len);
mac->key_len = mac->mac_len = (u_int)evp_len;
} else {
mac->mac_len = macs[which].len / 8;
mac->key_len = macs[which].key_len / 8;
mac->mac_len = macalg->len / 8;
mac->key_len = macalg->key_len / 8;
mac->umac_ctx = NULL;
}
if (macs[which].truncatebits != 0)
mac->mac_len = macs[which].truncatebits / 8;
mac->etm = macs[which].etm;
if (macalg->truncatebits != 0)
mac->mac_len = macalg->truncatebits / 8;
mac->etm = macalg->etm;
}
int
mac_setup(Mac *mac, char *name)
{
int i;
const struct macalg *m;
for (i = 0; macs[i].name; i++) {
if (strcmp(name, macs[i].name) == 0) {
if (mac != NULL)
mac_setup_by_id(mac, i);
debug2("mac_setup: found %s", name);
return (0);
}
for (m = macs; m->name != NULL; m++) {
if (strcmp(name, m->name) != 0)
continue;
if (mac != NULL)
mac_setup_by_alg(mac, m);
debug2("mac_setup: found %s", name);
return (0);
}
debug2("mac_setup: unknown %s", name);
return (-1);
@ -143,12 +165,15 @@ mac_init(Mac *mac)
u_char *
mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen)
{
static u_char m[EVP_MAX_MD_SIZE];
static union {
u_char m[EVP_MAX_MD_SIZE];
u_int64_t for_align;
} u;
u_char b[4], nonce[8];
if (mac->mac_len > sizeof(m))
if (mac->mac_len > sizeof(u))
fatal("mac_compute: mac too long %u %lu",
mac->mac_len, (u_long)sizeof(m));
mac->mac_len, (u_long)sizeof(u));
switch (mac->type) {
case SSH_EVP:
@ -157,22 +182,22 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen)
HMAC_Init(&mac->evp_ctx, NULL, 0, NULL);
HMAC_Update(&mac->evp_ctx, b, sizeof(b));
HMAC_Update(&mac->evp_ctx, data, datalen);
HMAC_Final(&mac->evp_ctx, m, NULL);
HMAC_Final(&mac->evp_ctx, u.m, NULL);
break;
case SSH_UMAC:
put_u64(nonce, seqno);
umac_update(mac->umac_ctx, data, datalen);
umac_final(mac->umac_ctx, m, nonce);
umac_final(mac->umac_ctx, u.m, nonce);
break;
case SSH_UMAC128:
put_u64(nonce, seqno);
umac128_update(mac->umac_ctx, data, datalen);
umac128_final(mac->umac_ctx, m, nonce);
umac128_final(mac->umac_ctx, u.m, nonce);
break;
default:
fatal("mac_compute: unknown MAC type");
}
return (m);
return (u.m);
}
void
@ -204,13 +229,13 @@ mac_valid(const char *names)
(p = strsep(&cp, MAC_SEP))) {
if (mac_setup(NULL, p) < 0) {
debug("bad mac %s [%s]", p, names);
xfree(maclist);
free(maclist);
return (0);
} else {
debug3("mac ok: %s [%s]", p, names);
}
}
debug3("macs ok: [%s]", names);
xfree(maclist);
free(maclist);
return (1);
}

3
crypto/external/bsd/openssh/dist/mac.h vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: mac.h,v 1.6 2007/06/07 19:37:34 pvalchev Exp $ */
/* $OpenBSD: mac.h,v 1.7 2013/04/19 01:06:50 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
@ -24,6 +24,7 @@
*/
int mac_valid(const char *);
char *mac_alg_list(void);
int mac_setup(Mac *, char *);
int mac_init(Mac *);
u_char *mac_compute(Mac *, u_int32_t, u_char *, int);

15
crypto/external/bsd/openssh/dist/match.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: match.c,v 1.27 2008/06/10 23:06:19 djm Exp $ */
/* $OpenBSD: match.c,v 1.28 2013/05/17 00:13:13 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -38,6 +38,7 @@
#include <sys/types.h>
#include <ctype.h>
#include <stdlib.h>
#include <string.h>
#include "xmalloc.h"
@ -224,14 +225,14 @@ match_user(const char *user, const char *host, const char *ipaddr,
if ((ret = match_pattern(user, pat)) == 1)
ret = match_host_and_ip(host, ipaddr, p);
xfree(pat);
free(pat);
return ret;
}
/*
* Returns first item from client-list that is also supported by server-list,
* caller must xfree() returned string.
* caller must free the returned string.
*/
#define MAX_PROP 40
#define SEP ","
@ -262,15 +263,15 @@ match_list(const char *client, const char *server, u_int *next)
if (next != NULL)
*next = (cp == NULL) ?
strlen(c) : (u_int)(cp - c);
xfree(c);
xfree(s);
free(c);
free(s);
return ret;
}
}
}
if (next != NULL)
*next = strlen(c);
xfree(c);
xfree(s);
free(c);
free(s);
return NULL;
}

44
crypto/external/bsd/openssh/dist/misc.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: misc.c,v 1.86 2011/09/05 05:59:08 djm Exp $ */
/* $OpenBSD: misc.c,v 1.91 2013/07/12 00:43:50 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2005,2006 Damien Miller. All rights reserved.
@ -119,7 +119,7 @@ unset_nonblock(int fd)
const char *
ssh_gai_strerror(int gaierr)
{
if (gaierr == EAI_SYSTEM)
if (gaierr == EAI_SYSTEM && errno != 0)
return strerror(errno);
return gai_strerror(gaierr);
}
@ -237,13 +237,13 @@ a2tun(const char *s, int *remote)
*remote = SSH_TUNID_ANY;
sp = xstrdup(s);
if ((ep = strchr(sp, ':')) == NULL) {
xfree(sp);
free(sp);
return (a2tun(s, NULL));
}
ep[0] = '\0'; ep++;
*remote = a2tun(ep, NULL);
tun = a2tun(sp, NULL);
xfree(sp);
free(sp);
return (*remote == SSH_TUNID_ERR ? *remote : tun);
}
@ -476,7 +476,7 @@ replacearg(arglist *args, u_int which, char *fmt, ...)
if (which >= args->num)
fatal("replacearg: tried to replace invalid arg %d >= %d",
which, args->num);
xfree(args->list[which]);
free(args->list[which]);
args->list[which] = cp;
}
@ -487,8 +487,8 @@ freeargs(arglist *args)
if (args->list != NULL) {
for (i = 0; i < args->num; i++)
xfree(args->list[i]);
xfree(args->list);
free(args->list[i]);
free(args->list);
args->nalloc = args->num = 0;
args->list = NULL;
}
@ -501,8 +501,8 @@ freeargs(arglist *args)
char *
tilde_expand_filename(const char *filename, uid_t uid)
{
const char *path;
char user[128], ret[MAXPATHLEN];
const char *path, *sep;
char user[128], *ret;
struct passwd *pw;
u_int len, slash;
@ -522,22 +522,21 @@ tilde_expand_filename(const char *filename, uid_t uid)
} else if ((pw = getpwuid(uid)) == NULL) /* ~/path */
fatal("tilde_expand_filename: No such uid %ld", (long)uid);
if (strlcpy(ret, pw->pw_dir, sizeof(ret)) >= sizeof(ret))
fatal("tilde_expand_filename: Path too long");
/* Make sure directory has a trailing '/' */
len = strlen(pw->pw_dir);
if ((len == 0 || pw->pw_dir[len - 1] != '/') &&
strlcat(ret, "/", sizeof(ret)) >= sizeof(ret))
fatal("tilde_expand_filename: Path too long");
if (len == 0 || pw->pw_dir[len - 1] != '/')
sep = "/";
else
sep = "";
/* Skip leading '/' from specified path */
if (path != NULL)
filename = path + 1;
if (strlcat(ret, filename, sizeof(ret)) >= sizeof(ret))
if (xasprintf(&ret, "%s%s%s", pw->pw_dir, sep, filename) >= MAXPATHLEN)
fatal("tilde_expand_filename: Path too long");
return (xstrdup(ret));
return (ret);
}
/*
@ -832,6 +831,17 @@ ms_to_timeval(struct timeval *tv, int ms)
tv->tv_usec = (ms % 1000) * 1000;
}
time_t
monotime(void)
{
struct timespec ts;
if (clock_gettime(CLOCK_MONOTONIC, &ts) != 0)
fatal("clock_gettime: %s", strerror(errno));
return (ts.tv_sec);
}
void
bandwidth_limit_init(struct bwlimit *bw, u_int64_t kbps, size_t buflen)
{

3
crypto/external/bsd/openssh/dist/misc.h vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: misc.h,v 1.48 2011/03/29 18:54:17 stevesk Exp $ */
/* $OpenBSD: misc.h,v 1.49 2013/06/01 13:15:52 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -35,6 +35,7 @@ char *tohex(const void *, size_t);
void sanitise_stdfd(void);
void ms_subtract_diff(struct timeval *, int *);
void ms_to_timeval(struct timeval *, int);
time_t monotime(void);
struct passwd *pwcopy(struct passwd *);
const char *ssh_gai_strerror(int);

10
crypto/external/bsd/openssh/dist/moduli.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: moduli.c,v 1.26 2012/07/06 00:41:59 dtucker Exp $ */
/* $OpenBSD: moduli.c,v 1.27 2013/05/17 00:13:13 djm Exp $ */
/*
* Copyright 1994 Phil Karn <karn@qualcomm.com>
* Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com>
@ -429,9 +429,9 @@ gen_candidates(FILE *out, u_int32_t memory, u_int32_t power, BIGNUM *start)
time(&time_stop);
xfree(LargeSieve);
xfree(SmallSieve);
xfree(TinySieve);
free(LargeSieve);
free(SmallSieve);
free(TinySieve);
logit("%.24s Found %u candidates", ctime(&time_stop), r);
@ -705,7 +705,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted,
}
time(&time_stop);
xfree(lp);
free(lp);
BN_free(p);
BN_free(q);
BN_CTX_free(ctx);

190
crypto/external/bsd/openssh/dist/monitor.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: monitor.c,v 1.120 2012/12/11 22:16:21 markus Exp $ */
/* $OpenBSD: monitor.c,v 1.127 2013/07/19 07:37:48 markus Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org>
@ -75,6 +75,7 @@
#include "ssh2.h"
#include "jpake.h"
#include "roaming.h"
#include "authfd.h"
#ifdef GSSAPI
static Gssctxt *gsscontext = NULL;
@ -312,7 +313,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
"with SSH protocol 1");
if (authenticated &&
!auth2_update_methods_lists(authctxt,
auth_method)) {
auth_method, auth_submethod)) {
debug3("%s: method %s: partial", __func__,
auth_method);
authenticated = 0;
@ -330,8 +331,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
}
if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) {
auth_log(authctxt, authenticated, partial,
auth_method, auth_submethod,
compat20 ? " ssh2" : "");
auth_method, auth_submethod);
if (!authenticated)
authctxt->failures++;
}
@ -459,7 +459,7 @@ monitor_read_log(struct monitor *pmonitor)
do_log2(level, "%s [preauth]", msg);
buffer_free(&logmsg);
xfree(msg);
free(msg);
return 0;
}
@ -550,12 +550,9 @@ static void
monitor_reset_key_state(void)
{
/* reset state */
if (key_blob != NULL)
xfree(key_blob);
if (hostbased_cuser != NULL)
xfree(hostbased_cuser);
if (hostbased_chost != NULL)
xfree(hostbased_chost);
free(key_blob);
free(hostbased_cuser);
free(hostbased_chost);
key_blob = NULL;
key_bloblen = 0;
key_blobtype = MM_NOKEY;
@ -598,6 +595,8 @@ mm_answer_moduli(int sock, Buffer *m)
return (0);
}
extern AuthenticationConnection *auth_conn;
int
mm_answer_sign(int sock, Buffer *m)
{
@ -626,18 +625,24 @@ mm_answer_sign(int sock, Buffer *m)
memcpy(session_id2, p, session_id2_len);
}
if ((key = get_hostkey_by_index(keyid)) == NULL)
if ((key = get_hostkey_by_index(keyid)) != NULL) {
if (key_sign(key, &signature, &siglen, p, datlen) < 0)
fatal("%s: key_sign failed", __func__);
} else if ((key = get_hostkey_public_by_index(keyid)) != NULL &&
auth_conn != NULL) {
if (ssh_agent_sign(auth_conn, key, &signature, &siglen, p,
datlen) < 0)
fatal("%s: ssh_agent_sign failed", __func__);
} else
fatal("%s: no hostkey from index %d", __func__, keyid);
if (key_sign(key, &signature, &siglen, p, datlen) < 0)
fatal("%s: key_sign failed", __func__);
debug3("%s: signature %p(%u)", __func__, signature, siglen);
buffer_clear(m);
buffer_put_string(m, signature, siglen);
xfree(p);
xfree(signature);
free(p);
free(signature);
mm_request_send(sock, MONITOR_ANS_SIGN, m);
@ -668,7 +673,7 @@ mm_answer_pwnamallow(int sock, Buffer *m)
authctxt->user = xstrdup(username);
setproctitle("%s [priv]", pwent ? username : "unknown");
xfree(username);
free(username);
buffer_clear(m);
@ -740,9 +745,7 @@ int mm_answer_auth2_read_banner(int sock, Buffer *m)
banner = auth2_read_banner();
buffer_put_cstring(m, banner != NULL ? banner : "");
mm_request_send(sock, MONITOR_ANS_AUTH2_READ_BANNER, m);
if (banner != NULL)
xfree(banner);
free(banner);
return (0);
}
@ -758,7 +761,7 @@ mm_answer_authserv(int sock, Buffer *m)
__func__, authctxt->service, authctxt->style);
if (strlen(authctxt->style) == 0) {
xfree(authctxt->style);
free(authctxt->style);
authctxt->style = NULL;
}
@ -778,7 +781,7 @@ mm_answer_authpassword(int sock, Buffer *m)
authenticated = options.password_authentication &&
auth_password(authctxt, passwd);
memset(passwd, 0, strlen(passwd));
xfree(passwd);
free(passwd);
buffer_clear(m);
buffer_put_int(m, authenticated);
@ -817,10 +820,10 @@ mm_answer_bsdauthquery(int sock, Buffer *m)
mm_request_send(sock, MONITOR_ANS_BSDAUTHQUERY, m);
if (success) {
xfree(name);
xfree(infotxt);
xfree(prompts);
xfree(echo_on);
free(name);
free(infotxt);
free(prompts);
free(echo_on);
}
return (0);
@ -840,7 +843,7 @@ mm_answer_bsdauthrespond(int sock, Buffer *m)
auth_userresponse(authctxt->as, response, 0);
authctxt->as = NULL;
debug3("%s: <%s> = <%d>", __func__, response, authok);
xfree(response);
free(response);
buffer_clear(m);
buffer_put_int(m, authok);
@ -848,9 +851,10 @@ mm_answer_bsdauthrespond(int sock, Buffer *m)
debug3("%s: sending authenticated: %d", __func__, authok);
mm_request_send(sock, MONITOR_ANS_BSDAUTHRESPOND, m);
if (compat20)
auth_method = "keyboard-interactive"; /* XXX auth_submethod */
else
if (compat20) {
auth_method = "keyboard-interactive";
auth_submethod = "bsdauth";
} else
auth_method = "bsdauth";
return (authok != 0);
@ -886,6 +890,7 @@ mm_answer_keyallowed(int sock, Buffer *m)
case MM_USERKEY:
allowed = options.pubkey_authentication &&
user_key_allowed(authctxt->pw, key);
pubkey_auth_info(authctxt, key, NULL);
auth_method = "publickey";
if (options.pubkey_authentication && allowed != 1)
auth_clear_options();
@ -894,6 +899,9 @@ mm_answer_keyallowed(int sock, Buffer *m)
allowed = options.hostbased_authentication &&
hostbased_key_allowed(authctxt->pw,
cuser, chost, key);
pubkey_auth_info(authctxt, key,
"client user \"%.100s\", client host \"%.100s\"",
cuser, chost);
auth_method = "hostbased";
break;
case MM_RSAHOSTKEY:
@ -925,11 +933,10 @@ mm_answer_keyallowed(int sock, Buffer *m)
hostbased_chost = chost;
} else {
/* Log failed attempt */
auth_log(authctxt, 0, 0, auth_method, NULL,
compat20 ? " ssh2" : "");
xfree(blob);
xfree(cuser);
xfree(chost);
auth_log(authctxt, 0, 0, auth_method, NULL);
free(blob);
free(cuser);
free(chost);
}
debug3("%s: key %p is %s",
@ -951,7 +958,7 @@ static int
monitor_valid_userblob(u_char *data, u_int datalen)
{
Buffer b;
char *p;
char *p, *userstyle;
u_int len;
int fail = 0;
@ -972,26 +979,30 @@ monitor_valid_userblob(u_char *data, u_int datalen)
(len != session_id2_len) ||
(timingsafe_bcmp(p, session_id2, session_id2_len) != 0))
fail++;
xfree(p);
free(p);
}
if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
fail++;
p = buffer_get_string(&b, NULL);
if (strcmp(authctxt->user, p) != 0) {
p = buffer_get_cstring(&b, NULL);
xasprintf(&userstyle, "%s%s%s", authctxt->user,
authctxt->style ? ":" : "",
authctxt->style ? authctxt->style : "");
if (strcmp(userstyle, p) != 0) {
logit("wrong user name passed to monitor: expected %s != %.100s",
authctxt->user, p);
userstyle, p);
fail++;
}
xfree(p);
free(userstyle);
free(p);
buffer_skip_string(&b);
if (datafellows & SSH_BUG_PKAUTH) {
if (!buffer_get_char(&b))
fail++;
} else {
p = buffer_get_string(&b, NULL);
p = buffer_get_cstring(&b, NULL);
if (strcmp("publickey", p) != 0)
fail++;
xfree(p);
free(p);
if (!buffer_get_char(&b))
fail++;
buffer_skip_string(&b);
@ -1008,7 +1019,7 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser,
char *chost)
{
Buffer b;
char *p;
char *p, *userstyle;
u_int len;
int fail = 0;
@ -1020,22 +1031,26 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser,
(len != session_id2_len) ||
(timingsafe_bcmp(p, session_id2, session_id2_len) != 0))
fail++;
xfree(p);
free(p);
if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
fail++;
p = buffer_get_string(&b, NULL);
if (strcmp(authctxt->user, p) != 0) {
p = buffer_get_cstring(&b, NULL);
xasprintf(&userstyle, "%s%s%s", authctxt->user,
authctxt->style ? ":" : "",
authctxt->style ? authctxt->style : "");
if (strcmp(userstyle, p) != 0) {
logit("wrong user name passed to monitor: expected %s != %.100s",
authctxt->user, p);
userstyle, p);
fail++;
}
xfree(p);
free(userstyle);
free(p);
buffer_skip_string(&b); /* service */
p = buffer_get_string(&b, NULL);
p = buffer_get_cstring(&b, NULL);
if (strcmp(p, "hostbased") != 0)
fail++;
xfree(p);
free(p);
buffer_skip_string(&b); /* pkalg */
buffer_skip_string(&b); /* pkblob */
@ -1045,13 +1060,13 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser,
p[len - 1] = '\0';
if (strcmp(p, chost) != 0)
fail++;
xfree(p);
free(p);
/* verify client user */
p = buffer_get_string(&b, NULL);
if (strcmp(p, cuser) != 0)
fail++;
xfree(p);
free(p);
if (buffer_len(&b) != 0)
fail++;
@ -1100,9 +1115,9 @@ mm_answer_keyverify(int sock, Buffer *m)
__func__, key, (verified == 1) ? "verified" : "unverified");
key_free(key);
xfree(blob);
xfree(signature);
xfree(data);
free(blob);
free(signature);
free(data);
auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased";
@ -1230,7 +1245,7 @@ mm_answer_pty_cleanup(int sock, Buffer *m)
if ((s = session_by_tty(tty)) != NULL)
mm_session_close(s);
buffer_clear(m);
xfree(tty);
free(tty);
return (0);
}
@ -1362,7 +1377,7 @@ mm_answer_rsa_challenge(int sock, Buffer *m)
monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 1);
xfree(blob);
free(blob);
key_free(key);
return (0);
}
@ -1394,9 +1409,9 @@ mm_answer_rsa_response(int sock, Buffer *m)
fatal("%s: received bad response to challenge", __func__);
success = auth_rsa_verify_response(key, ssh1_challenge, response);
xfree(blob);
free(blob);
key_free(key);
xfree(response);
free(response);
auth_method = key_blobtype == MM_RSAUSERKEY ? "rsa" : "rhosts-rsa";
@ -1443,20 +1458,20 @@ monitor_apply_keystate(struct monitor *pmonitor)
packet_set_protocol_flags(child_state.ssh1protoflags);
packet_set_encryption_key(child_state.ssh1key,
child_state.ssh1keylen, child_state.ssh1cipher);
xfree(child_state.ssh1key);
free(child_state.ssh1key);
}
/* for rc4 and other stateful ciphers */
packet_set_keycontext(MODE_OUT, child_state.keyout);
xfree(child_state.keyout);
free(child_state.keyout);
packet_set_keycontext(MODE_IN, child_state.keyin);
xfree(child_state.keyin);
free(child_state.keyin);
if (!compat20) {
packet_set_iv(MODE_OUT, child_state.ivout);
xfree(child_state.ivout);
free(child_state.ivout);
packet_set_iv(MODE_IN, child_state.ivin);
xfree(child_state.ivin);
free(child_state.ivin);
}
memcpy(&incoming_stream, &child_state.incoming,
@ -1468,18 +1483,22 @@ monitor_apply_keystate(struct monitor *pmonitor)
if (options.compression)
mm_init_compression(pmonitor->m_zlib);
if (options.rekey_limit || options.rekey_interval)
packet_set_rekey_limits((u_int32_t)options.rekey_limit,
(time_t)options.rekey_interval);
/* Network I/O buffers */
/* XXX inefficient for large buffers, need: buffer_init_from_string */
buffer_clear(packet_get_input());
buffer_append(packet_get_input(), child_state.input, child_state.ilen);
memset(child_state.input, 0, child_state.ilen);
xfree(child_state.input);
free(child_state.input);
buffer_clear(packet_get_output());
buffer_append(packet_get_output(), child_state.output,
child_state.olen);
memset(child_state.output, 0, child_state.olen);
xfree(child_state.output);
free(child_state.output);
/* Roaming */
if (compat20)
@ -1511,11 +1530,11 @@ mm_get_kex(Buffer *m)
blob = buffer_get_string(m, &bloblen);
buffer_init(&kex->my);
buffer_append(&kex->my, blob, bloblen);
xfree(blob);
free(blob);
blob = buffer_get_string(m, &bloblen);
buffer_init(&kex->peer);
buffer_append(&kex->peer, blob, bloblen);
xfree(blob);
free(blob);
kex->done = 1;
kex->flags = buffer_get_int(m);
kex->client_version_string = buffer_get_string(m, NULL);
@ -1523,6 +1542,7 @@ mm_get_kex(Buffer *m)
kex->load_host_public_key=&get_hostkey_public_by_type;
kex->load_host_private_key=&get_hostkey_private_by_type;
kex->host_key_index=&get_hostkey_index;
kex->sign = sshd_hostkey_sign;
return (kex);
}
@ -1558,12 +1578,12 @@ mm_get_keystate(struct monitor *pmonitor)
blob = buffer_get_string(&m, &bloblen);
current_keys[MODE_OUT] = mm_newkeys_from_blob(blob, bloblen);
xfree(blob);
free(blob);
debug3("%s: Waiting for second key", __func__);
blob = buffer_get_string(&m, &bloblen);
current_keys[MODE_IN] = mm_newkeys_from_blob(blob, bloblen);
xfree(blob);
free(blob);
/* Now get sequence numbers for the packets */
seqnr = buffer_get_int(&m);
@ -1588,13 +1608,13 @@ mm_get_keystate(struct monitor *pmonitor)
if (plen != sizeof(child_state.outgoing))
fatal("%s: bad request size", __func__);
memcpy(&child_state.outgoing, p, sizeof(child_state.outgoing));
xfree(p);
free(p);
p = buffer_get_string(&m, &plen);
if (plen != sizeof(child_state.incoming))
fatal("%s: bad request size", __func__);
memcpy(&child_state.incoming, p, sizeof(child_state.incoming));
xfree(p);
free(p);
/* Network I/O buffers */
debug3("%s: Getting Network I/O buffers", __func__);
@ -1716,7 +1736,7 @@ mm_answer_gss_setup_ctx(int sock, Buffer *m)
major = ssh_gssapi_server_ctx(&gsscontext, &goid);
xfree(goid.elements);
free(goid.elements);
buffer_clear(m);
buffer_put_int(m, major);
@ -1741,7 +1761,7 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m)
in.value = buffer_get_string(m, &len);
in.length = len;
major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags);
xfree(in.value);
free(in.value);
buffer_clear(m);
buffer_put_int(m, major);
@ -1773,8 +1793,8 @@ mm_answer_gss_checkmic(int sock, Buffer *m)
ret = ssh_gssapi_checkmic(gsscontext, &gssbuf, &mic);
xfree(gssbuf.value);
xfree(mic.value);
free(gssbuf.value);
free(mic.value);
buffer_clear(m);
buffer_put_int(m, ret);
@ -1844,8 +1864,8 @@ mm_answer_jpake_step1(int sock, Buffer *m)
bzero(x3_proof, x3_proof_len);
bzero(x4_proof, x4_proof_len);
xfree(x3_proof);
xfree(x4_proof);
free(x3_proof);
free(x4_proof);
monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_GET_PWDATA, 1);
monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP1, 0);
@ -1874,8 +1894,8 @@ mm_answer_jpake_get_pwdata(int sock, Buffer *m)
bzero(hash_scheme, strlen(hash_scheme));
bzero(salt, strlen(salt));
xfree(hash_scheme);
xfree(salt);
free(hash_scheme);
free(salt);
monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP2, 1);
@ -1914,8 +1934,8 @@ mm_answer_jpake_step2(int sock, Buffer *m)
bzero(x1_proof, x1_proof_len);
bzero(x2_proof, x2_proof_len);
xfree(x1_proof);
xfree(x2_proof);
free(x1_proof);
free(x2_proof);
buffer_clear(m);
@ -1926,7 +1946,7 @@ mm_answer_jpake_step2(int sock, Buffer *m)
mm_request_send(sock, MONITOR_ANS_JPAKE_STEP2, m);
bzero(x4_s_proof, x4_s_proof_len);
xfree(x4_s_proof);
free(x4_s_proof);
monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_KEY_CONFIRM, 1);
@ -1994,7 +2014,7 @@ mm_answer_jpake_check_confirm(int sock, Buffer *m)
JPAKE_DEBUG_CTX((pctx, "check_confirm done in %s", __func__));
bzero(peer_confirm_hash, peer_confirm_hash_len);
xfree(peer_confirm_hash);
free(peer_confirm_hash);
buffer_clear(m);
buffer_put_int(m, authenticated);

18
crypto/external/bsd/openssh/dist/monitor_mm.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: monitor_mm.c,v 1.16 2009/06/22 05:39:28 dtucker Exp $ */
/* $OpenBSD: monitor_mm.c,v 1.17.2.1 2013/11/08 01:33:56 djm Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* All rights reserved.
@ -31,6 +31,7 @@
#include <errno.h>
#include <stdarg.h>
#include <stdlib.h>
#include <string.h>
#include "xmalloc.h"
@ -60,7 +61,7 @@ mm_make_entry(struct mm_master *mm, struct mmtree *head,
struct mm_share *tmp, *tmp2;
if (mm->mmalloc == NULL)
tmp = xmalloc(sizeof(struct mm_share));
tmp = xcalloc(1, sizeof(struct mm_share));
else
tmp = mm_xmalloc(mm->mmalloc, sizeof(struct mm_share));
tmp->address = address;
@ -83,7 +84,7 @@ mm_create(struct mm_master *mmalloc, size_t size)
struct mm_master *mm;
if (mmalloc == NULL)
mm = xmalloc(sizeof(struct mm_master));
mm = xcalloc(1, sizeof(struct mm_master));
else
mm = mm_xmalloc(mmalloc, sizeof(struct mm_master));
@ -121,7 +122,7 @@ mm_freelist(struct mm_master *mmalloc, struct mmtree *head)
next = RB_NEXT(mmtree, head, mms);
RB_REMOVE(mmtree, head, mms);
if (mmalloc == NULL)
xfree(mms);
free(mms);
else
mm_free(mmalloc, mms);
}
@ -139,7 +140,7 @@ mm_destroy(struct mm_master *mm)
fatal("munmap(%p, %lu): %s", mm->address, (u_long)mm->size,
strerror(errno));
if (mm->mmalloc == NULL)
xfree(mm);
free(mm);
else
mm_free(mm->mmalloc, mm);
}
@ -152,6 +153,7 @@ mm_xmalloc(struct mm_master *mm, size_t size)
address = mm_malloc(mm, size);
if (address == NULL)
fatal("%s: mm_malloc(%lu)", __func__, (u_long)size);
memset(address, 0, size);
return (address);
}
@ -190,7 +192,7 @@ mm_malloc(struct mm_master *mm, size_t size)
if (mms->size == 0) {
RB_REMOVE(mmtree, &mm->rb_free, mms);
if (mm->mmalloc == NULL)
xfree(mms);
free(mms);
else
mm_free(mm->mmalloc, mms);
}
@ -246,7 +248,7 @@ mm_free(struct mm_master *mm, void *address)
prev->size += mms->size;
RB_REMOVE(mmtree, &mm->rb_free, mms);
if (mm->mmalloc == NULL)
xfree(mms);
free(mms);
else
mm_free(mm->mmalloc, mms);
} else
@ -270,7 +272,7 @@ mm_free(struct mm_master *mm, void *address)
RB_REMOVE(mmtree, &mm->rb_free, mms);
if (mm->mmalloc == NULL)
xfree(mms);
free(mms);
else
mm_free(mm->mmalloc, mms);
}

32
crypto/external/bsd/openssh/dist/monitor_wrap.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: monitor_wrap.c,v 1.75 2013/01/08 18:49:04 markus Exp $ */
/* $OpenBSD: monitor_wrap.c,v 1.76.2.1 2013/11/08 00:25:26 djm Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org>
@ -275,7 +275,7 @@ out:
#undef M_CP_STRARRAYOPT
copy_set_server_options(&options, newopts, 1);
xfree(newopts);
free(newopts);
buffer_free(&m);
@ -301,7 +301,7 @@ mm_auth2_read_banner(void)
/* treat empty banner as missing banner */
if (strlen(banner) == 0) {
xfree(banner);
free(banner);
banner = NULL;
}
return (banner);
@ -394,7 +394,7 @@ mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key)
buffer_put_cstring(&m, user ? user : "");
buffer_put_cstring(&m, host ? host : "");
buffer_put_string(&m, blob, len);
xfree(blob);
free(blob);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYALLOWED, &m);
@ -437,7 +437,7 @@ mm_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen)
buffer_put_string(&m, blob, len);
buffer_put_string(&m, sig, siglen);
buffer_put_string(&m, data, datalen);
xfree(blob);
free(blob);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYVERIFY, &m);
@ -469,7 +469,7 @@ mm_newkeys_from_blob(u_char *blob, int blen)
buffer_init(&b);
buffer_append(&b, blob, blen);
newkey = xmalloc(sizeof(*newkey));
newkey = xcalloc(1, sizeof(*newkey));
enc = &newkey->enc;
mac = &newkey->mac;
comp = &newkey->comp;
@ -606,7 +606,7 @@ mm_send_keystate(struct monitor *monitor)
keylen = packet_get_encryption_key(key);
buffer_put_string(&m, key, keylen);
memset(key, 0, keylen);
xfree(key);
free(key);
ivlen = packet_get_keyiv_len(MODE_OUT);
packet_get_keyiv(MODE_OUT, iv, ivlen);
@ -629,13 +629,13 @@ mm_send_keystate(struct monitor *monitor)
fatal("%s: conversion of newkeys failed", __func__);
buffer_put_string(&m, blob, bloblen);
xfree(blob);
free(blob);
if (!mm_newkeys_to_blob(MODE_IN, &blob, &bloblen))
fatal("%s: conversion of newkeys failed", __func__);
buffer_put_string(&m, blob, bloblen);
xfree(blob);
free(blob);
packet_get_state(MODE_OUT, &seqnr, &blocks, &packets, &bytes);
buffer_put_int(&m, seqnr);
@ -655,13 +655,13 @@ mm_send_keystate(struct monitor *monitor)
p = xmalloc(plen+1);
packet_get_keycontext(MODE_OUT, p);
buffer_put_string(&m, p, plen);
xfree(p);
free(p);
plen = packet_get_keycontext(MODE_IN, NULL);
p = xmalloc(plen+1);
packet_get_keycontext(MODE_IN, p);
buffer_put_string(&m, p, plen);
xfree(p);
free(p);
/* Compression state */
debug3("%s: Sending compression state", __func__);
@ -723,10 +723,10 @@ mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen)
buffer_free(&m);
strlcpy(namebuf, p, namebuflen); /* Possible truncation */
xfree(p);
free(p);
buffer_append(&loginmsg, msg, strlen(msg));
xfree(msg);
free(msg);
if ((*ptyfd = mm_receive_fd(pmonitor->m_recvfd)) == -1 ||
(*ttyfd = mm_receive_fd(pmonitor->m_recvfd)) == -1)
@ -904,7 +904,7 @@ mm_auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
if ((key = key_from_blob(blob, blen)) == NULL)
fatal("%s: key_from_blob failed", __func__);
*rkey = key;
xfree(blob);
free(blob);
}
buffer_free(&m);
@ -931,7 +931,7 @@ mm_auth_rsa_generate_challenge(Key *key)
buffer_init(&m);
buffer_put_string(&m, blob, blen);
xfree(blob);
free(blob);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSACHALLENGE, &m);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSACHALLENGE, &m);
@ -960,7 +960,7 @@ mm_auth_rsa_verify_response(Key *key, BIGNUM *p, u_char response[16])
buffer_init(&m);
buffer_put_string(&m, blob, blen);
buffer_put_string(&m, response, 16);
xfree(blob);
free(blob);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSARESPONSE, &m);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSARESPONSE, &m);

152
crypto/external/bsd/openssh/dist/mux.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: mux.c,v 1.38 2013/01/02 00:32:07 djm Exp $ */
/* $OpenBSD: mux.c,v 1.44 2013/07/12 00:19:58 djm Exp $ */
/*
* Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
*
@ -171,7 +171,7 @@ static const struct {
/* Cleanup callback fired on closure of mux slave _session_ channel */
/* ARGSUSED */
void
static void
mux_master_session_cleanup_cb(int cid, void *unused)
{
Channel *cc, *c = channel_by_id(cid);
@ -206,7 +206,8 @@ mux_master_control_cleanup_cb(int cid, void *unused)
__func__, c->self, c->remote_id);
c->remote_id = -1;
sc->ctl_chan = -1;
if (sc->type != SSH_CHANNEL_OPEN) {
if (sc->type != SSH_CHANNEL_OPEN &&
sc->type != SSH_CHANNEL_OPENING) {
debug2("%s: channel %d: not open", __func__, sc->self);
chan_mark_dead(sc);
} else {
@ -273,13 +274,13 @@ process_mux_master_hello(u_int rid, Channel *c, Buffer *m, Buffer *r)
char *value = buffer_get_string_ret(m, NULL);
if (name == NULL || value == NULL) {
if (name != NULL)
xfree(name);
free(name);
free(value);
goto malf;
}
debug2("Unrecognised slave extension \"%s\"", name);
xfree(name);
xfree(value);
free(name);
free(value);
}
state->hello_rcvd = 1;
return 0;
@ -310,21 +311,17 @@ process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r)
(cctx->term = buffer_get_string_ret(m, &len)) == NULL ||
(cmd = buffer_get_string_ret(m, &len)) == NULL) {
malf:
if (cmd != NULL)
xfree(cmd);
if (reserved != NULL)
xfree(reserved);
free(cmd);
free(reserved);
for (j = 0; j < env_len; j++)
xfree(cctx->env[j]);
if (env_len > 0)
xfree(cctx->env);
if (cctx->term != NULL)
xfree(cctx->term);
xfree(cctx);
free(cctx->env[j]);
free(cctx->env);
free(cctx->term);
free(cctx);
error("%s: malformed message", __func__);
return -1;
}
xfree(reserved);
free(reserved);
reserved = NULL;
while (buffer_len(m) > 0) {
@ -332,7 +329,7 @@ process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r)
if ((cp = buffer_get_string_ret(m, &len)) == NULL)
goto malf;
if (!env_permitted(cp)) {
xfree(cp);
free(cp);
continue;
}
cctx->env = xrealloc(cctx->env, env_len + 2,
@ -353,7 +350,7 @@ process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r)
buffer_init(&cctx->cmd);
buffer_append(&cctx->cmd, cmd, strlen(cmd));
xfree(cmd);
free(cmd);
cmd = NULL;
/* Gather fds from client */
@ -364,12 +361,11 @@ process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r)
for (j = 0; j < i; j++)
close(new_fd[j]);
for (j = 0; j < env_len; j++)
xfree(cctx->env[j]);
if (env_len > 0)
xfree(cctx->env);
xfree(cctx->term);
free(cctx->env[j]);
free(cctx->env);
free(cctx->term);
buffer_free(&cctx->cmd);
xfree(cctx);
free(cctx);
/* prepare reply */
buffer_put_int(r, MUX_S_FAILURE);
@ -394,14 +390,14 @@ process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r)
close(new_fd[0]);
close(new_fd[1]);
close(new_fd[2]);
xfree(cctx->term);
free(cctx->term);
if (env_len != 0) {
for (i = 0; i < env_len; i++)
xfree(cctx->env[i]);
xfree(cctx->env);
free(cctx->env[i]);
free(cctx->env);
}
buffer_free(&cctx->cmd);
xfree(cctx);
free(cctx);
return 0;
}
@ -606,7 +602,7 @@ mux_confirm_remote_forward(int type, u_int32_t seq, void *ctxt)
buffer_put_int(&out, MUX_S_FAILURE);
buffer_put_int(&out, fctx->rid);
buffer_put_cstring(&out, failmsg);
xfree(failmsg);
free(failmsg);
out:
buffer_put_string(&c->output, buffer_ptr(&out), buffer_len(&out));
buffer_free(&out);
@ -621,25 +617,28 @@ process_mux_open_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
Forward fwd;
char *fwd_desc = NULL;
u_int ftype;
u_int lport, cport;
int i, ret = 0, freefwd = 1;
fwd.listen_host = fwd.connect_host = NULL;
if (buffer_get_int_ret(&ftype, m) != 0 ||
(fwd.listen_host = buffer_get_string_ret(m, NULL)) == NULL ||
buffer_get_int_ret(&fwd.listen_port, m) != 0 ||
buffer_get_int_ret(&lport, m) != 0 ||
(fwd.connect_host = buffer_get_string_ret(m, NULL)) == NULL ||
buffer_get_int_ret(&fwd.connect_port, m) != 0) {
buffer_get_int_ret(&cport, m) != 0 ||
lport > 65535 || cport > 65535) {
error("%s: malformed message", __func__);
ret = -1;
goto out;
}
fwd.listen_port = lport;
fwd.connect_port = cport;
if (*fwd.listen_host == '\0') {
xfree(fwd.listen_host);
free(fwd.listen_host);
fwd.listen_host = NULL;
}
if (*fwd.connect_host == '\0') {
xfree(fwd.connect_host);
free(fwd.connect_host);
fwd.connect_host = NULL;
}
@ -650,10 +649,8 @@ process_mux_open_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
ftype != MUX_FWD_DYNAMIC) {
logit("%s: invalid forwarding type %u", __func__, ftype);
invalid:
if (fwd.listen_host)
xfree(fwd.listen_host);
if (fwd.connect_host)
xfree(fwd.connect_host);
free(fwd.listen_host);
free(fwd.connect_host);
buffer_put_int(r, MUX_S_FAILURE);
buffer_put_int(r, rid);
buffer_put_cstring(r, "Invalid forwarding request");
@ -755,13 +752,10 @@ process_mux_open_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
buffer_put_int(r, MUX_S_OK);
buffer_put_int(r, rid);
out:
if (fwd_desc != NULL)
xfree(fwd_desc);
free(fwd_desc);
if (freefwd) {
if (fwd.listen_host != NULL)
xfree(fwd.listen_host);
if (fwd.connect_host != NULL)
xfree(fwd.connect_host);
free(fwd.listen_host);
free(fwd.connect_host);
}
return ret;
}
@ -774,24 +768,28 @@ process_mux_close_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
const char *error_reason = NULL;
u_int ftype;
int i, listen_port, ret = 0;
u_int lport, cport;
fwd.listen_host = fwd.connect_host = NULL;
if (buffer_get_int_ret(&ftype, m) != 0 ||
(fwd.listen_host = buffer_get_string_ret(m, NULL)) == NULL ||
buffer_get_int_ret(&fwd.listen_port, m) != 0 ||
buffer_get_int_ret(&lport, m) != 0 ||
(fwd.connect_host = buffer_get_string_ret(m, NULL)) == NULL ||
buffer_get_int_ret(&fwd.connect_port, m) != 0) {
buffer_get_int_ret(&cport, m) != 0 ||
lport > 65535 || cport > 65535) {
error("%s: malformed message", __func__);
ret = -1;
goto out;
}
fwd.listen_port = lport;
fwd.connect_port = cport;
if (*fwd.listen_host == '\0') {
xfree(fwd.listen_host);
free(fwd.listen_host);
fwd.listen_host = NULL;
}
if (*fwd.connect_host == '\0') {
xfree(fwd.connect_host);
free(fwd.connect_host);
fwd.connect_host = NULL;
}
@ -848,10 +846,8 @@ process_mux_close_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
buffer_put_int(r, MUX_S_OK);
buffer_put_int(r, rid);
if (found_fwd->listen_host != NULL)
xfree(found_fwd->listen_host);
if (found_fwd->connect_host != NULL)
xfree(found_fwd->connect_host);
free(found_fwd->listen_host);
free(found_fwd->connect_host);
found_fwd->listen_host = found_fwd->connect_host = NULL;
found_fwd->listen_port = found_fwd->connect_port = 0;
} else {
@ -860,12 +856,9 @@ process_mux_close_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
buffer_put_cstring(r, error_reason);
}
out:
if (fwd_desc != NULL)
xfree(fwd_desc);
if (fwd.listen_host != NULL)
xfree(fwd.listen_host);
if (fwd.connect_host != NULL)
xfree(fwd.connect_host);
free(fwd_desc);
free(fwd.listen_host);
free(fwd.connect_host);
return ret;
}
@ -882,14 +875,12 @@ process_mux_stdio_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
if ((reserved = buffer_get_string_ret(m, NULL)) == NULL ||
(chost = buffer_get_string_ret(m, NULL)) == NULL ||
buffer_get_int_ret(&cport, m) != 0) {
if (reserved != NULL)
xfree(reserved);
if (chost != NULL)
xfree(chost);
free(reserved);
free(chost);
error("%s: malformed message", __func__);
return -1;
}
xfree(reserved);
free(reserved);
debug2("%s: channel %d: request stdio fwd to %s:%u",
__func__, c->self, chost, cport);
@ -901,7 +892,7 @@ process_mux_stdio_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
__func__, i);
for (j = 0; j < i; j++)
close(new_fd[j]);
xfree(chost);
free(chost);
/* prepare reply */
buffer_put_int(r, MUX_S_FAILURE);
@ -925,7 +916,7 @@ process_mux_stdio_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
cleanup:
close(new_fd[0]);
close(new_fd[1]);
xfree(chost);
free(chost);
return 0;
}
@ -987,7 +978,7 @@ process_mux_stop_listening(u_int rid, Channel *c, Buffer *m, Buffer *r)
if (mux_listener_channel != NULL) {
channel_free(mux_listener_channel);
client_stop_mux();
xfree(options.control_path);
free(options.control_path);
options.control_path = NULL;
mux_listener_channel = NULL;
muxserver_sock = -1;
@ -1087,7 +1078,7 @@ mux_exit_message(Channel *c, int exitval)
Buffer m;
Channel *mux_chan;
debug3("%s: channel %d: exit message, evitval %d", __func__, c->self,
debug3("%s: channel %d: exit message, exitval %d", __func__, c->self,
exitval);
if ((mux_chan = channel_by_id(c->ctl_chan)) == NULL)
@ -1183,8 +1174,8 @@ muxserver_listen(void)
close(muxserver_sock);
muxserver_sock = -1;
}
xfree(orig_control_path);
xfree(options.control_path);
free(orig_control_path);
free(options.control_path);
options.control_path = NULL;
options.control_master = SSHCTL_MASTER_NO;
return;
@ -1209,7 +1200,7 @@ muxserver_listen(void)
goto disable_mux_master;
}
unlink(options.control_path);
xfree(options.control_path);
free(options.control_path);
options.control_path = orig_control_path;
set_nonblock(muxserver_sock);
@ -1294,13 +1285,13 @@ mux_session_confirm(int id, int success, void *arg)
cc->mux_pause = 0; /* start processing messages again */
c->open_confirm_ctx = NULL;
buffer_free(&cctx->cmd);
xfree(cctx->term);
free(cctx->term);
if (cctx->env != NULL) {
for (i = 0; cctx->env[i] != NULL; i++)
xfree(cctx->env[i]);
xfree(cctx->env);
free(cctx->env[i]);
free(cctx->env);
}
xfree(cctx);
free(cctx);
}
/* ** Multiplexing client support */
@ -1424,7 +1415,9 @@ mux_client_read_packet(int fd, Buffer *m)
buffer_init(&queue);
if (mux_client_read(fd, &queue, 4) != 0) {
if ((oerrno = errno) == EPIPE)
debug3("%s: read header failed: %s", __func__, strerror(errno));
debug3("%s: read header failed: %s", __func__,
strerror(errno));
buffer_free(&queue);
errno = oerrno;
return -1;
}
@ -1432,6 +1425,7 @@ mux_client_read_packet(int fd, Buffer *m)
if (mux_client_read(fd, &queue, need) != 0) {
oerrno = errno;
debug3("%s: read body failed: %s", __func__, strerror(errno));
buffer_free(&queue);
errno = oerrno;
return -1;
}
@ -1478,8 +1472,8 @@ mux_client_hello_exchange(int fd)
char *value = buffer_get_string(&m, NULL);
debug2("Unrecognised master extension \"%s\"", name);
xfree(name);
xfree(value);
free(name);
free(value);
}
buffer_free(&m);
return 0;
@ -1588,7 +1582,7 @@ mux_client_forward(int fd, int cancel_flag, u_int ftype, Forward *fwd)
fwd_desc = format_forward(ftype, fwd);
debug("Requesting %s %s",
cancel_flag ? "cancellation of" : "forwarding of", fwd_desc);
xfree(fwd_desc);
free(fwd_desc);
buffer_init(&m);
buffer_put_int(&m, cancel_flag ? MUX_C_CLOSE_FWD : MUX_C_OPEN_FWD);

82
crypto/external/bsd/openssh/dist/packet.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: packet.c,v 1.181 2013/02/10 23:35:24 djm Exp $ */
/* $OpenBSD: packet.c,v 1.188.2.1 2013/11/08 01:33:56 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -54,6 +54,7 @@
#include <string.h>
#include <unistd.h>
#include <signal.h>
#include <time.h>
#include "xmalloc.h"
#include "buffer.h"
@ -161,9 +162,14 @@ struct session_state {
Newkeys *newkeys[MODE_MAX];
struct packet_state p_read, p_send;
/* Volume-based rekeying */
u_int64_t max_blocks_in, max_blocks_out;
u_int32_t rekey_limit;
/* Time-based rekeying */
time_t rekey_interval; /* how often in seconds */
time_t rekey_time; /* time of last rekeying */
/* Session key for protocol v1 */
u_char ssh1_key[SSH_SESSION_KEY_LENGTH];
u_int ssh1_keylen;
@ -211,7 +217,7 @@ alloc_session_state(void)
void
packet_set_connection(int fd_in, int fd_out)
{
Cipher *none = cipher_by_name("none");
const Cipher *none = cipher_by_name("none");
if (none == NULL)
fatal("packet_set_connection: cannot load cipher 'none'");
@ -536,7 +542,7 @@ packet_start_compression(int level)
void
packet_set_encryption_key(const u_char *key, u_int keylen, int number)
{
Cipher *cipher = cipher_by_number(number);
const Cipher *cipher = cipher_by_number(number);
if (cipher == NULL)
fatal("packet_set_encryption_key: unknown cipher number %d", number);
@ -749,13 +755,13 @@ set_newkeys(int mode)
memset(enc->iv, 0, enc->iv_len);
memset(enc->key, 0, enc->key_len);
memset(mac->key, 0, mac->key_len);
xfree(enc->name);
xfree(enc->iv);
xfree(enc->key);
xfree(mac->name);
xfree(mac->key);
xfree(comp->name);
xfree(active_state->newkeys[mode]);
free(enc->name);
free(enc->iv);
free(enc->key);
free(mac->name);
free(mac->key);
free(comp->name);
free(active_state->newkeys[mode]);
}
active_state->newkeys[mode] = kex_get_newkeys(mode);
if (active_state->newkeys[mode] == NULL)
@ -979,7 +985,7 @@ packet_send2(void)
(type == SSH2_MSG_SERVICE_REQUEST) ||
(type == SSH2_MSG_SERVICE_ACCEPT)) {
debug("enqueue packet: %u", type);
p = xmalloc(sizeof(*p));
p = xcalloc(1, sizeof(*p));
p->type = type;
memcpy(&p->payload, &active_state->outgoing_packet,
sizeof(Buffer));
@ -998,6 +1004,7 @@ packet_send2(void)
/* after a NEWKEYS message we can send the complete queue */
if (type == SSH2_MSG_NEWKEYS) {
active_state->rekeying = 0;
active_state->rekey_time = monotime();
while ((p = TAILQ_FIRST(&active_state->outgoing))) {
type = p->type;
debug("dequeue packet: %u", type);
@ -1005,7 +1012,7 @@ packet_send2(void)
memcpy(&active_state->outgoing_packet, &p->payload,
sizeof(Buffer));
TAILQ_REMOVE(&active_state->outgoing, p, next);
xfree(p);
free(p);
packet_send2_wrapped();
}
}
@ -1030,7 +1037,7 @@ packet_send(void)
int
packet_read_seqnr(u_int32_t *seqnr_p)
{
int type, len, ret, ms_remain, cont;
int type, len, ret, cont, ms_remain = 0;
fd_set *setp;
char buf[8192];
struct timeval timeout, start, *timeoutp = NULL;
@ -1055,7 +1062,7 @@ packet_read_seqnr(u_int32_t *seqnr_p)
packet_check_eom();
/* If we got a packet, return it. */
if (type != SSH_MSG_NONE) {
xfree(setp);
free(setp);
return type;
}
/*
@ -1441,16 +1448,20 @@ packet_read_poll_seqnr(u_int32_t *seqnr_p)
packet_get_char();
msg = packet_get_string(NULL);
debug("Remote: %.900s", msg);
xfree(msg);
free(msg);
msg = packet_get_string(NULL);
xfree(msg);
free(msg);
break;
case SSH2_MSG_DISCONNECT:
reason = packet_get_int();
msg = packet_get_string(NULL);
error("Received disconnect from %s: %u: %.400s",
/* Ignore normal client exit notifications */
do_log2(active_state->server_side &&
reason == SSH2_DISCONNECT_BY_APPLICATION ?
SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_ERROR,
"Received disconnect from %s: %u: %.400s",
get_remote_ipaddr(), reason, msg);
xfree(msg);
free(msg);
cleanup_exit(255);
break;
case SSH2_MSG_UNIMPLEMENTED:
@ -1464,12 +1475,14 @@ packet_read_poll_seqnr(u_int32_t *seqnr_p)
} else {
type = packet_read_poll1();
switch (type) {
case SSH_MSG_NONE:
return SSH_MSG_NONE;
case SSH_MSG_IGNORE:
break;
case SSH_MSG_DEBUG:
msg = packet_get_string(NULL);
debug("Remote: %.900s", msg);
xfree(msg);
free(msg);
break;
case SSH_MSG_DISCONNECT:
msg = packet_get_string(NULL);
@ -1478,8 +1491,7 @@ packet_read_poll_seqnr(u_int32_t *seqnr_p)
cleanup_exit(255);
break;
default:
if (type)
DBG(debug("received packet type %d", type));
DBG(debug("received packet type %d", type));
return type;
}
}
@ -1713,7 +1725,7 @@ void
packet_write_wait(void)
{
fd_set *setp;
int ret, ms_remain;
int ret, ms_remain = 0;
struct timeval start, timeout, *timeoutp = NULL;
setp = (fd_set *)xcalloc(howmany(active_state->connection_out + 1,
@ -1753,7 +1765,7 @@ packet_write_wait(void)
}
packet_write_poll();
}
xfree(setp);
free(setp);
}
/* Returns true if there is buffered data to write to the connection. */
@ -1907,13 +1919,33 @@ packet_need_rekeying(void)
(active_state->max_blocks_out &&
(active_state->p_send.blocks > active_state->max_blocks_out)) ||
(active_state->max_blocks_in &&
(active_state->p_read.blocks > active_state->max_blocks_in));
(active_state->p_read.blocks > active_state->max_blocks_in)) ||
(active_state->rekey_interval != 0 && active_state->rekey_time +
active_state->rekey_interval <= monotime());
}
void
packet_set_rekey_limit(u_int32_t bytes)
packet_set_rekey_limits(u_int32_t bytes, time_t seconds)
{
debug3("rekey after %lld bytes, %d seconds", (long long)bytes,
(int)seconds);
active_state->rekey_limit = bytes;
active_state->rekey_interval = seconds;
/*
* We set the time here so that in post-auth privsep slave we count
* from the completion of the authentication.
*/
active_state->rekey_time = monotime();
}
time_t
packet_get_rekey_timeout(void)
{
time_t seconds;
seconds = active_state->rekey_time + active_state->rekey_interval -
monotime();
return (seconds <= 0 ? 1 : seconds);
}
void

7
crypto/external/bsd/openssh/dist/packet.h vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: packet.h,v 1.57 2012/01/25 19:40:09 markus Exp $ */
/* $OpenBSD: packet.h,v 1.59 2013/07/12 00:19:59 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -65,7 +65,7 @@ void *packet_get_raw(u_int *length_ptr);
void *packet_get_string(u_int *length_ptr);
char *packet_get_cstring(u_int *length_ptr);
void *packet_get_string_ptr(u_int *length_ptr);
void packet_disconnect(const char *fmt,...) __attribute__((format(printf, 1, 2)));
void packet_disconnect(const char *fmt,...) __attribute__((noreturn)) __attribute__((format(printf, 1, 2)));
void packet_send_debug(const char *fmt,...) __attribute__((format(printf, 1, 2)));
void set_newkeys(int mode);
@ -109,7 +109,8 @@ do { \
} while (0)
int packet_need_rekeying(void);
void packet_set_rekey_limit(u_int32_t);
void packet_set_rekey_limits(u_int32_t, time_t);
time_t packet_get_rekey_timeout(void);
void packet_backup_state(void);
void packet_restore_state(void);

22
crypto/external/bsd/openssh/dist/pathnames.h vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: pathnames.h,v 1.22 2011/05/23 03:30:07 djm Exp $ */
/* $OpenBSD: pathnames.h,v 1.23 2013/04/05 00:31:49 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -57,18 +57,18 @@
* readable by anyone except the user him/herself, though this does not
* contain anything particularly secret.
*/
#define _PATH_SSH_USER_HOSTFILE "~/.ssh/known_hosts"
#define _PATH_SSH_USER_HOSTFILE "~/" _PATH_SSH_USER_DIR "/known_hosts"
/* backward compat for protocol 2 */
#define _PATH_SSH_USER_HOSTFILE2 "~/.ssh/known_hosts2"
#define _PATH_SSH_USER_HOSTFILE2 "~/" _PATH_SSH_USER_DIR "/known_hosts2"
/*
* Name of the default file containing client-side authentication key. This
* file should only be readable by the user him/herself.
*/
#define _PATH_SSH_CLIENT_IDENTITY ".ssh/identity"
#define _PATH_SSH_CLIENT_ID_DSA ".ssh/id_dsa"
#define _PATH_SSH_CLIENT_ID_ECDSA ".ssh/id_ecdsa"
#define _PATH_SSH_CLIENT_ID_RSA ".ssh/id_rsa"
#define _PATH_SSH_CLIENT_IDENTITY _PATH_SSH_USER_DIR "/identity"
#define _PATH_SSH_CLIENT_ID_DSA _PATH_SSH_USER_DIR "/id_dsa"
#define _PATH_SSH_CLIENT_ID_ECDSA _PATH_SSH_USER_DIR "/id_ecdsa"
#define _PATH_SSH_CLIENT_ID_RSA _PATH_SSH_USER_DIR "/id_rsa"
/*
* Configuration file in user's home directory. This file need not be
@ -76,7 +76,7 @@
* particularly secret. If the user's home directory resides on an NFS
* volume where root is mapped to nobody, this may need to be world-readable.
*/
#define _PATH_SSH_USER_CONFFILE ".ssh/config"
#define _PATH_SSH_USER_CONFFILE _PATH_SSH_USER_DIR "/config"
/*
* File containing a list of those rsa keys that permit logging in as this
@ -86,10 +86,10 @@
* may need to be world-readable. (This file is read by the daemon which is
* running as root.)
*/
#define _PATH_SSH_USER_PERMITTED_KEYS ".ssh/authorized_keys"
#define _PATH_SSH_USER_PERMITTED_KEYS _PATH_SSH_USER_DIR "/authorized_keys"
/* backward compat for protocol v2 */
#define _PATH_SSH_USER_PERMITTED_KEYS2 ".ssh/authorized_keys2"
#define _PATH_SSH_USER_PERMITTED_KEYS2 _PATH_SSH_USER_DIR "/authorized_keys2"
/*
* Per-user and system-wide ssh "rc" files. These files are executed with
@ -97,7 +97,7 @@
* passed "proto cookie" as arguments if X11 forwarding with spoofing is in
* use. xauth will be run if neither of these exists.
*/
#define _PATH_SSH_USER_RC ".ssh/rc"
#define _PATH_SSH_USER_RC _PATH_SSH_USER_DIR "/rc"
#define _PATH_SSH_SYSTEM_RC SSHDIR "/sshrc"
/*

7
crypto/external/bsd/openssh/dist/progressmeter.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: progressmeter.c,v 1.37 2006/08/03 03:34:42 deraadt Exp $ */
/* $OpenBSD: progressmeter.c,v 1.39 2013/06/02 13:33:05 dtucker Exp $ */
/*
* Copyright (c) 2003 Nils Nordman. All rights reserved.
*
@ -36,6 +36,7 @@
#include "progressmeter.h"
#include "atomicio.h"
#include "misc.h"
#define DEFAULT_WINSIZE 80
#define MAX_WINSIZE 512
@ -128,7 +129,7 @@ refresh_progress_meter(void)
transferred = *counter - cur_pos;
cur_pos = *counter;
now = time(NULL);
now = monotime();
bytes_left = end_pos - cur_pos;
if (bytes_left > 0)
@ -246,7 +247,7 @@ update_progress_meter(int ignore)
void
start_progress_meter(char *f, off_t filesize, off_t *ctr)
{
start = last_update = time(NULL);
start = last_update = monotime();
file = f;
end_pos = filesize;
cur_pos = 0;

189
crypto/external/bsd/openssh/dist/readconf.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: readconf.c,v 1.194 2011/09/23 07:45:05 markus Exp $ */
/* $OpenBSD: readconf.c,v 1.204 2013/06/10 19:19:44 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -27,6 +27,7 @@
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <util.h>
#include "xmalloc.h"
#include "ssh.h"
@ -131,8 +132,8 @@ typedef enum {
oHashKnownHosts,
oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication,
oKexAlgorithms, oIPQoS, oRequestTTY,
oDeprecated, oUnsupported
oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown,
oIgnoredUnknownOption, oDeprecated, oUnsupported
} OpCodes;
/* Textual representations of the tokens. */
@ -243,6 +244,7 @@ static struct {
{ "kexalgorithms", oKexAlgorithms },
{ "ipqos", oIPQoS },
{ "requesttty", oRequestTTY },
{ "ignoreunknown", oIgnoreUnknown },
{ NULL, oBadOption }
};
@ -300,41 +302,62 @@ clear_forwardings(Options *options)
int i;
for (i = 0; i < options->num_local_forwards; i++) {
if (options->local_forwards[i].listen_host != NULL)
xfree(options->local_forwards[i].listen_host);
xfree(options->local_forwards[i].connect_host);
free(options->local_forwards[i].listen_host);
free(options->local_forwards[i].connect_host);
}
if (options->num_local_forwards > 0) {
xfree(options->local_forwards);
free(options->local_forwards);
options->local_forwards = NULL;
}
options->num_local_forwards = 0;
for (i = 0; i < options->num_remote_forwards; i++) {
if (options->remote_forwards[i].listen_host != NULL)
xfree(options->remote_forwards[i].listen_host);
xfree(options->remote_forwards[i].connect_host);
free(options->remote_forwards[i].listen_host);
free(options->remote_forwards[i].connect_host);
}
if (options->num_remote_forwards > 0) {
xfree(options->remote_forwards);
free(options->remote_forwards);
options->remote_forwards = NULL;
}
options->num_remote_forwards = 0;
options->tun_open = SSH_TUNMODE_NO;
}
void
add_identity_file(Options *options, const char *dir, const char *filename,
int userprovided)
{
char *path;
if (options->num_identity_files >= SSH_MAX_IDENTITY_FILES)
fatal("Too many identity files specified (max %d)",
SSH_MAX_IDENTITY_FILES);
if (dir == NULL) /* no dir, filename is absolute */
path = xstrdup(filename);
else
(void)xasprintf(&path, "%.100s%.100s", dir, filename);
options->identity_file_userprovided[options->num_identity_files] =
userprovided;
options->identity_files[options->num_identity_files++] = path;
}
/*
* Returns the number of the token pointed to by cp or oBadOption.
*/
static OpCodes
parse_token(const char *cp, const char *filename, int linenum)
parse_token(const char *cp, const char *filename, int linenum,
const char *ignored_unknown)
{
u_int i;
int i;
for (i = 0; keywords[i].name; i++)
if (strcasecmp(cp, keywords[i].name) == 0)
if (strcmp(cp, keywords[i].name) == 0)
return keywords[i].opcode;
if (ignored_unknown != NULL && match_pattern_list(cp, ignored_unknown,
strlen(ignored_unknown), 1) == 1)
return oIgnoredUnknownOption;
error("%s: line %d: Bad configuration option: %s",
filename, linenum, cp);
return oBadOption;
@ -349,14 +372,14 @@ parse_token(const char *cp, const char *filename, int linenum)
int
process_config_line(Options *options, const char *host,
char *line, const char *filename, int linenum,
int *activep)
int *activep, int userconfig)
{
char *s, **charptr, *endofnumber, *keyword, *arg, *arg2;
char **cpptr, fwdarg[256];
u_int *uintptr, max_entries = 0;
int negated, opcode, *intptr, value, value2, scale;
u_int i, *uintptr, max_entries = 0;
int negated, opcode, *intptr, value, value2;
LogLevel *log_level_ptr;
long long orig, val64;
long long val64;
size_t len;
Forward fwd;
@ -376,14 +399,22 @@ process_config_line(Options *options, const char *host,
keyword = strdelim(&s);
if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#')
return 0;
/* Match lowercase keyword */
for (i = 0; i < strlen(keyword); i++)
keyword[i] = tolower(keyword[i]);
opcode = parse_token(keyword, filename, linenum);
opcode = parse_token(keyword, filename, linenum,
options->ignored_unknown);
switch (opcode) {
case oBadOption:
/* don't panic, but count bad options */
return -1;
/* NOTREACHED */
case oIgnoredUnknownOption:
debug("%s line %d: Ignored unknown option \"%s\"",
filename, linenum, keyword);
return 0;
case oConnectTimeout:
intptr = &options->connection_timeout;
parse_time:
@ -538,39 +569,32 @@ parse_yesnoask:
case oRekeyLimit:
arg = strdelim(&s);
if (!arg || *arg == '\0')
fatal("%.200s line %d: Missing argument.", filename, linenum);
if (arg[0] < '0' || arg[0] > '9')
fatal("%.200s line %d: Bad number.", filename, linenum);
orig = val64 = strtoll(arg, &endofnumber, 10);
if (arg == endofnumber)
fatal("%.200s line %d: Bad number.", filename, linenum);
switch (toupper(*endofnumber)) {
case '\0':
scale = 1;
break;
case 'K':
scale = 1<<10;
break;
case 'M':
scale = 1<<20;
break;
case 'G':
scale = 1<<30;
break;
default:
fatal("%.200s line %d: Invalid RekeyLimit suffix",
filename, linenum);
fatal("%.200s line %d: Missing argument.", filename,
linenum);
if (strcmp(arg, "default") == 0) {
val64 = 0;
} else {
if (scan_scaled(arg, &val64) == -1)
fatal("%.200s line %d: Bad number '%s': %s",
filename, linenum, arg, strerror(errno));
/* check for too-large or too-small limits */
if (val64 > UINT_MAX)
fatal("%.200s line %d: RekeyLimit too large",
filename, linenum);
if (val64 != 0 && val64 < 16)
fatal("%.200s line %d: RekeyLimit too small",
filename, linenum);
}
val64 *= scale;
/* detect integer wrap and too-large limits */
if ((val64 / scale) != orig || val64 > UINT_MAX)
fatal("%.200s line %d: RekeyLimit too large",
filename, linenum);
if (val64 < 16)
fatal("%.200s line %d: RekeyLimit too small",
filename, linenum);
if (*activep && options->rekey_limit == -1)
options->rekey_limit = (u_int32_t)val64;
if (s != NULL) { /* optional rekey interval present */
if (strcmp(s, "none") == 0) {
(void)strdelim(&s); /* discard */
break;
}
intptr = &options->rekey_interval;
goto parse_time;
}
break;
case oIdentityFile:
@ -582,9 +606,7 @@ parse_yesnoask:
if (*intptr >= SSH_MAX_IDENTITY_FILES)
fatal("%.200s line %d: Too many identity files specified (max %d).",
filename, linenum, SSH_MAX_IDENTITY_FILES);
charptr = &options->identity_files[*intptr];
*charptr = xstrdup(arg);
*intptr = *intptr + 1;
add_identity_file(options, NULL, arg, userconfig);
}
break;
@ -1040,6 +1062,10 @@ parse_int:
*intptr = value;
break;
case oIgnoreUnknown:
charptr = &options->ignored_unknown;
goto parse_string;
case oDeprecated:
debug("%s line %d: Deprecated option \"%s\"",
filename, linenum, keyword);
@ -1071,7 +1097,7 @@ parse_int:
int
read_config_file(const char *filename, const char *host, Options *options,
int checkperm)
int flags)
{
FILE *f;
char line[1024];
@ -1081,7 +1107,7 @@ read_config_file(const char *filename, const char *host, Options *options,
if ((f = fopen(filename, "r")) == NULL)
return 0;
if (checkperm) {
if (flags & SSHCONF_CHECKPERM) {
struct stat sb;
if (fstat(fileno(f), &sb) == -1)
@ -1102,7 +1128,8 @@ read_config_file(const char *filename, const char *host, Options *options,
while (fgets(line, sizeof(line), f)) {
/* Update line number counter. */
linenum++;
if (process_config_line(options, host, line, filename, linenum, &active) != 0)
if (process_config_line(options, host, line, filename, linenum,
&active, flags & SSHCONF_USERCONF) != 0)
bad_options++;
}
fclose(f);
@ -1179,6 +1206,7 @@ initialize_options(Options * options)
options->no_host_authentication_for_localhost = - 1;
options->identities_only = - 1;
options->rekey_limit = - 1;
options->rekey_interval = -1;
options->verify_host_key_dns = -1;
options->server_alive_interval = -1;
options->server_alive_count_max = -1;
@ -1199,6 +1227,7 @@ initialize_options(Options * options)
options->ip_qos_interactive = -1;
options->ip_qos_bulk = -1;
options->request_tty = -1;
options->ignored_unknown = NULL;
}
/*
@ -1209,8 +1238,6 @@ initialize_options(Options * options)
void
fill_default_options(Options * options)
{
int len;
if (options->forward_agent == -1)
options->forward_agent = 0;
if (options->forward_x11 == -1)
@ -1276,30 +1303,16 @@ fill_default_options(Options * options)
options->protocol = SSH_PROTO_2;
if (options->num_identity_files == 0) {
if (options->protocol & SSH_PROTO_1) {
len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1;
options->identity_files[options->num_identity_files] =
xmalloc(len);
snprintf(options->identity_files[options->num_identity_files++],
len, "~/%.100s", _PATH_SSH_CLIENT_IDENTITY);
add_identity_file(options, "~/",
_PATH_SSH_CLIENT_IDENTITY, 0);
}
if (options->protocol & SSH_PROTO_2) {
len = 2 + strlen(_PATH_SSH_CLIENT_ID_RSA) + 1;
options->identity_files[options->num_identity_files] =
xmalloc(len);
snprintf(options->identity_files[options->num_identity_files++],
len, "~/%.100s", _PATH_SSH_CLIENT_ID_RSA);
len = 2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1;
options->identity_files[options->num_identity_files] =
xmalloc(len);
snprintf(options->identity_files[options->num_identity_files++],
len, "~/%.100s", _PATH_SSH_CLIENT_ID_DSA);
len = 2 + strlen(_PATH_SSH_CLIENT_ID_ECDSA) + 1;
options->identity_files[options->num_identity_files] =
xmalloc(len);
snprintf(options->identity_files[options->num_identity_files++],
len, "~/%.100s", _PATH_SSH_CLIENT_ID_ECDSA);
add_identity_file(options, "~/",
_PATH_SSH_CLIENT_ID_RSA, 0);
add_identity_file(options, "~/",
_PATH_SSH_CLIENT_ID_DSA, 0);
add_identity_file(options, "~/",
_PATH_SSH_CLIENT_ID_ECDSA, 0);
}
}
if (options->escape_char == -1)
@ -1328,6 +1341,8 @@ fill_default_options(Options * options)
options->enable_ssh_keysign = 0;
if (options->rekey_limit == -1)
options->rekey_limit = 0;
if (options->rekey_interval == -1)
options->rekey_interval = 0;
if (options->verify_host_key_dns == -1)
options->verify_host_key_dns = 0;
if (options->server_alive_interval == -1)
@ -1431,7 +1446,7 @@ parse_forward(Forward *fwd, const char *fwdspec, int dynamicfwd, int remotefwd)
i = 0; /* failure */
}
xfree(p);
free(p);
if (dynamicfwd) {
if (!(i == 1 || i == 2))
@ -1457,13 +1472,9 @@ parse_forward(Forward *fwd, const char *fwdspec, int dynamicfwd, int remotefwd)
return (i);
fail_free:
if (fwd->connect_host != NULL) {
xfree(fwd->connect_host);
fwd->connect_host = NULL;
}
if (fwd->listen_host != NULL) {
xfree(fwd->listen_host);
fwd->listen_host = NULL;
}
free(fwd->connect_host);
fwd->connect_host = NULL;
free(fwd->listen_host);
fwd->listen_host = NULL;
return (0);
}

13
crypto/external/bsd/openssh/dist/readconf.h vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: readconf.h,v 1.91 2011/09/23 07:45:05 markus Exp $ */
/* $OpenBSD: readconf.h,v 1.95 2013/05/16 04:27:50 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -96,6 +96,7 @@ typedef struct {
int num_identity_files; /* Number of files for RSA/DSA identities. */
char *identity_files[SSH_MAX_IDENTITY_FILES];
int identity_file_userprovided[SSH_MAX_IDENTITY_FILES];
Key *identity_keys[SSH_MAX_IDENTITY_FILES];
/* Local TCP/IP forward requests. */
@ -109,6 +110,7 @@ typedef struct {
int enable_ssh_keysign;
int64_t rekey_limit;
int rekey_interval;
int no_host_authentication_for_localhost;
int identities_only;
int server_alive_interval;
@ -135,6 +137,8 @@ typedef struct {
int use_roaming;
int request_tty;
char *ignored_unknown; /* Pattern list of unknown tokens to ignore */
} Options;
#define SSHCTL_MASTER_NO 0
@ -148,15 +152,20 @@ typedef struct {
#define REQUEST_TTY_YES 2
#define REQUEST_TTY_FORCE 3
#define SSHCONF_CHECKPERM 1 /* check permissions on config file */
#define SSHCONF_USERCONF 2 /* user provided config file not system */
void initialize_options(Options *);
void fill_default_options(Options *);
int read_config_file(const char *, const char *, Options *, int);
int parse_forward(Forward *, const char *, int, int);
int
process_config_line(Options *, const char *, char *, const char *, int, int *);
process_config_line(Options *, const char *, char *, const char *, int, int *,
int);
void add_local_forward(Options *, const Forward *);
void add_remote_forward(Options *, const Forward *);
void add_identity_file(Options *, const char *, const char *, int);
#endif /* READCONF_H */

4
crypto/external/bsd/openssh/dist/readpass.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: readpass.c,v 1.48 2010/12/15 00:49:27 djm Exp $ */
/* $OpenBSD: readpass.c,v 1.49 2013/05/17 00:13:14 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
@ -183,7 +183,7 @@ ask_permission(const char *fmt, ...)
if (*p == '\0' || *p == '\n' ||
strcasecmp(p, "yes") == 0)
allowed = 1;
xfree(p);
free(p);
}
return (allowed);

9
crypto/external/bsd/openssh/dist/roaming_client.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: roaming_client.c,v 1.4 2011/12/07 05:44:38 djm Exp $ */
/* $OpenBSD: roaming_client.c,v 1.5 2013/05/17 00:13:14 djm Exp $ */
/*
* Copyright (c) 2004-2009 AppGate Network Security AB
*
@ -183,10 +183,10 @@ roaming_resume(void)
debug("server doesn't allow resume");
goto fail;
}
xfree(str);
free(str);
for (i = 1; i < PROPOSAL_MAX; i++) {
/* kex algorithm taken care of so start with i=1 and not 0 */
xfree(packet_get_string(&len));
free(packet_get_string(&len));
}
i = packet_get_char(); /* first_kex_packet_follows */
if (i && (c = strchr(kexlist, ',')))
@ -222,8 +222,7 @@ roaming_resume(void)
return 0;
fail:
if (kexlist)
xfree(kexlist);
free(kexlist);
if (packet_get_connection_in() == packet_get_connection_out())
close(packet_get_connection_in());
else {

4
crypto/external/bsd/openssh/dist/roaming_common.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: roaming_common.c,v 1.9 2011/12/07 05:44:38 djm Exp $ */
/* $OpenBSD: roaming_common.c,v 1.10 2013/07/12 00:19:59 djm Exp $ */
/*
* Copyright (c) 2004-2009 AppGate Network Security AB
*
@ -223,7 +223,7 @@ calculate_new_key(u_int64_t *key, u_int64_t cookie, u_int64_t challenge)
{
const EVP_MD *md = EVP_sha1();
EVP_MD_CTX ctx;
char hash[EVP_MAX_MD_SIZE];
u_char hash[EVP_MAX_MD_SIZE];
Buffer b;
buffer_init(&b);

10
crypto/external/bsd/openssh/dist/rsa.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: rsa.c,v 1.29 2006/11/06 21:25:28 markus Exp $ */
/* $OpenBSD: rsa.c,v 1.30 2013/05/17 00:13:14 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -93,8 +93,8 @@ rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *key)
memset(outbuf, 0, olen);
memset(inbuf, 0, ilen);
xfree(outbuf);
xfree(inbuf);
free(outbuf);
free(inbuf);
}
int
@ -119,8 +119,8 @@ rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *key)
}
memset(outbuf, 0, olen);
memset(inbuf, 0, ilen);
xfree(outbuf);
xfree(inbuf);
free(outbuf);
free(inbuf);
return len;
}

3
crypto/external/bsd/openssh/dist/sandbox-systrace.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sandbox-systrace.c,v 1.6 2012/06/30 14:35:09 markus Exp $ */
/* $OpenBSD: sandbox-systrace.c,v 1.7 2013/06/01 13:15:52 dtucker Exp $ */
/*
* Copyright (c) 2011 Damien Miller <djm@mindrot.org>
*
@ -53,6 +53,7 @@ static const struct sandbox_policy preauth_policy[] = {
{ SYS_exit, SYSTR_POLICY_PERMIT },
{ SYS_getpid, SYSTR_POLICY_PERMIT },
{ SYS_gettimeofday, SYSTR_POLICY_PERMIT },
{ SYS_clock_gettime, SYSTR_POLICY_PERMIT },
{ SYS_madvise, SYSTR_POLICY_PERMIT },
{ SYS_mmap, SYSTR_POLICY_PERMIT },
{ SYS_mprotect, SYSTR_POLICY_PERMIT },

20
crypto/external/bsd/openssh/dist/schnorr.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: schnorr.c,v 1.5 2010/12/03 23:49:26 djm Exp $ */
/* $OpenBSD: schnorr.c,v 1.7.2.1 2013/11/08 01:33:56 djm Exp $ */
/*
* Copyright (c) 2008 Damien Miller. All rights reserved.
*
@ -98,7 +98,7 @@ schnorr_hash(const BIGNUM *p, const BIGNUM *q, const BIGNUM *g,
out:
buffer_free(&b);
bzero(digest, digest_len);
xfree(digest);
free(digest);
digest_len = 0;
if (success == 0)
return h;
@ -484,12 +484,13 @@ debug3_bn(const BIGNUM *n, const char *fmt, ...)
{
char *out, *h;
va_list args;
int ret;
out = NULL;
va_start(args, fmt);
vasprintf(&out, fmt, args);
ret = vasprintf(&out, fmt, args);
va_end(args);
if (out == NULL)
if (ret == -1 || out == NULL)
fatal("%s: vasprintf failed", __func__);
if (n == NULL)
@ -509,12 +510,13 @@ debug3_buf(const u_char *buf, u_int len, const char *fmt, ...)
char *out, h[65];
u_int i, j;
va_list args;
int ret;
out = NULL;
va_start(args, fmt);
vasprintf(&out, fmt, args);
ret = vasprintf(&out, fmt, args);
va_end(args);
if (out == NULL)
if (ret == -1 || out == NULL)
fatal("%s: vasprintf failed", __func__);
debug3("%s length %u%s", out, len, buf == NULL ? " (null)" : "");
@ -543,7 +545,7 @@ modp_group_from_g_and_safe_p(const char *grp_g, const char *grp_p)
{
struct modp_group *ret;
ret = xmalloc(sizeof(*ret));
ret = xcalloc(1, sizeof(*ret));
ret->p = ret->q = ret->g = NULL;
if (BN_hex2bn(&ret->p, grp_p) == 0 ||
BN_hex2bn(&ret->g, grp_g) == 0)
@ -567,7 +569,7 @@ modp_group_free(struct modp_group *grp)
if (grp->q != NULL)
BN_clear_free(grp->q);
bzero(grp, sizeof(*grp));
xfree(grp);
free(grp);
}
/* main() function for self-test */
@ -602,7 +604,7 @@ schnorr_selftest_one(const BIGNUM *grp_p, const BIGNUM *grp_q,
if (schnorr_verify_buf(grp_p, grp_q, grp_g, g_x, "junk", 4,
sig, siglen) != 0)
fatal("%s: verify should have failed (bit error)", __func__);
xfree(sig);
free(sig);
BN_free(g_x);
BN_CTX_free(bn_ctx);
}

8
crypto/external/bsd/openssh/dist/scp.1 vendored
View File

@ -8,9 +8,9 @@
.\"
.\" Created: Sun May 7 00:14:37 1995 ylo
.\"
.\" $OpenBSD: scp.1,v 1.58 2011/09/05 07:01:44 jmc Exp $
.\" $OpenBSD: scp.1,v 1.59 2013/07/16 00:07:52 schwarze Exp $
.\"
.Dd $Mdocdate: September 5 2011 $
.Dd $Mdocdate: July 16 2013 $
.Dt SCP 1
.Os
.Sh NAME
@ -235,5 +235,5 @@ is based on the
program in BSD source code from the Regents of the University of
California.
.Sh AUTHORS
.An Timo Rinne Aq tri@iki.fi
.An Tatu Ylonen Aq ylo@cs.hut.fi
.An Timo Rinne Aq Mt tri@iki.fi
.An Tatu Ylonen Aq Mt ylo@cs.hut.fi

91
crypto/external/bsd/openssh/dist/scp.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: scp.c,v 1.171 2011/09/09 22:37:01 djm Exp $ */
/* $OpenBSD: scp.c,v 1.178 2013/06/22 06:31:57 djm Exp $ */
/*
* scp - secure remote copy. This is basically patched BSD rcp which
* uses ssh to do the data transfer (instead of using rcmd).
@ -529,6 +529,24 @@ scpio(void *_cnt, size_t s)
return 0;
}
static int
do_times(int fd, int verb, const struct stat *sb)
{
/* strlen(2^64) == 20; strlen(10^6) == 7 */
char buf[(20 + 7 + 2) * 2 + 2];
(void)snprintf(buf, sizeof(buf), "T%llu 0 %llu 0\n",
(unsigned long long) (sb->st_mtime < 0 ? 0 : sb->st_mtime),
(unsigned long long) (sb->st_atime < 0 ? 0 : sb->st_atime));
if (verb) {
fprintf(stderr, "File mtime %lld atime %lld\n",
(long long)sb->st_mtime, (long long)sb->st_atime);
fprintf(stderr, "Sending file timestamps: %s", buf);
}
(void) atomicio(vwrite, fd, buf, strlen(buf));
return (response());
}
void
toremote(char *targ, int argc, char **argv)
{
@ -557,7 +575,7 @@ toremote(char *targ, int argc, char **argv)
}
if (tuser != NULL && !okname(tuser)) {
xfree(arg);
free(arg);
return;
}
@ -584,13 +602,13 @@ toremote(char *targ, int argc, char **argv)
*src == '-' ? "-- " : "", src);
if (do_cmd(host, suser, bp, &remin, &remout) < 0)
exit(1);
(void) xfree(bp);
free(bp);
host = cleanhostname(thost);
xasprintf(&bp, "%s -t %s%s", cmd,
*targ == '-' ? "-- " : "", targ);
if (do_cmd2(host, tuser, bp, remin, remout) < 0)
exit(1);
(void) xfree(bp);
free(bp);
(void) close(remin);
(void) close(remout);
remin = remout = -1;
@ -641,12 +659,12 @@ toremote(char *targ, int argc, char **argv)
exit(1);
if (response() < 0)
exit(1);
(void) xfree(bp);
free(bp);
}
source(1, argv + i);
}
}
xfree(arg);
free(arg);
}
void
@ -690,11 +708,11 @@ tolocal(int argc, char **argv)
xasprintf(&bp, "%s -f %s%s",
cmd, *src == '-' ? "-- " : "", src);
if (do_cmd(host, suser, bp, &remin, &remout) < 0) {
(void) xfree(bp);
free(bp);
++errs;
continue;
}
xfree(bp);
free(bp);
sink(1, argv + argc - 1);
(void) close(remin);
remin = remout = -1;
@ -753,21 +771,7 @@ syserr: run_err("%s: %s", name, strerror(errno));
++last;
curfile = last;
if (pflag) {
/*
* Make it compatible with possible future
* versions expecting microseconds.
*/
(void) snprintf(buf, sizeof buf, "T%lu 0 %lu 0\n",
(u_long) (stb.st_mtime < 0 ? 0 : stb.st_mtime),
(u_long) (stb.st_atime < 0 ? 0 : stb.st_atime));
if (verbose_mode) {
fprintf(stderr, "File mtime %ld atime %ld\n",
(long)stb.st_mtime, (long)stb.st_atime);
fprintf(stderr, "Sending file timestamps: %s",
buf);
}
(void) atomicio(vwrite, remout, buf, strlen(buf));
if (response() < 0)
if (do_times(remout, verbose_mode, &stb) < 0)
goto next;
}
#define FILEMODEMASK (S_ISUID|S_ISGID|S_IRWXU|S_IRWXG|S_IRWXO)
@ -829,7 +833,7 @@ rsource(char *name, struct stat *statp)
{
DIR *dirp;
struct dirent *dp;
char *last, *vect[1], path[1100];
char *last, *vect[1], path[MAXPATHLEN];
if (!(dirp = opendir(name))) {
run_err("%s: %s", name, strerror(errno));
@ -841,11 +845,7 @@ rsource(char *name, struct stat *statp)
else
last++;
if (pflag) {
(void) snprintf(path, sizeof(path), "T%lu 0 %lu 0\n",
(u_long) statp->st_mtime,
(u_long) statp->st_atime);
(void) atomicio(vwrite, remout, path, strlen(path));
if (response() < 0) {
if (do_times(remout, verbose_mode, statp) < 0) {
closedir(dirp);
return;
}
@ -891,6 +891,7 @@ sink(int argc, char **argv)
int amt, exists, first, ofd;
mode_t mode, omode, mask;
off_t size, statbytes;
unsigned long long ull;
int setimes, targisdir, wrerrno = 0;
char ch, *cp, *np, *targ, *why, *vect[1], buf[2048];
struct timeval tv[2];
@ -949,17 +950,31 @@ sink(int argc, char **argv)
if (*cp == 'T') {
setimes++;
cp++;
mtime.tv_sec = strtol(cp, &cp, 10);
if (!isdigit((unsigned char)*cp))
SCREWUP("mtime.sec not present");
ull = strtoull(cp, &cp, 10);
if (!cp || *cp++ != ' ')
SCREWUP("mtime.sec not delimited");
if ((time_t)ull < 0 ||
(unsigned long long)(time_t)ull != ull)
setimes = 0; /* out of range */
mtime.tv_sec = ull;
mtime.tv_usec = strtol(cp, &cp, 10);
if (!cp || *cp++ != ' ')
if (!cp || *cp++ != ' ' || mtime.tv_usec < 0 ||
mtime.tv_usec > 999999)
SCREWUP("mtime.usec not delimited");
atime.tv_sec = strtol(cp, &cp, 10);
if (!isdigit((unsigned char)*cp))
SCREWUP("atime.sec not present");
ull = strtoull(cp, &cp, 10);
if (!cp || *cp++ != ' ')
SCREWUP("atime.sec not delimited");
if ((time_t)ull < 0 ||
(unsigned long long)(time_t)ull != ull)
setimes = 0; /* out of range */
atime.tv_sec = ull;
atime.tv_usec = strtol(cp, &cp, 10);
if (!cp || *cp++ != '\0')
if (!cp || *cp++ != '\0' || atime.tv_usec < 0 ||
atime.tv_usec > 999999)
SCREWUP("atime.usec not delimited");
(void) atomicio(vwrite, remout, "", 1);
continue;
@ -1002,8 +1017,7 @@ sink(int argc, char **argv)
need = strlen(targ) + strlen(cp) + 250;
if (need > cursize) {
if (namebuf)
xfree(namebuf);
free(namebuf);
namebuf = xmalloc(need);
cursize = need;
}
@ -1042,12 +1056,11 @@ sink(int argc, char **argv)
}
if (mod_flag)
(void) chmod(vect[0], mode);
if (vect[0])
xfree(vect[0]);
free(vect[0]);
continue;
}
omode = mode;
mode |= S_IWRITE;
mode |= S_IWUSR;
if ((ofd = open(np, O_WRONLY|O_CREAT, mode)) < 0) {
bad: run_err("%s: %s", np, strerror(errno));
continue;
@ -1292,7 +1305,7 @@ void
lostconn(int signo)
{
if (!iamremote)
write(STDERR_FILENO, "lost connection\n", 16);
(void)write(STDERR_FILENO, "lost connection\n", 16);
if (signo)
_exit(1);
else

75
crypto/external/bsd/openssh/dist/servconf.c vendored
View File

@ -1,5 +1,5 @@
/* $OpenBSD: servconf.c,v 1.234 2013/02/06 00:20:42 dtucker Exp $ */
/* $OpenBSD: servconf.c,v 1.240 2013/07/19 07:37:48 markus Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
@ -19,6 +19,7 @@
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <ctype.h>
#include <netdb.h>
#include <pwd.h>
#include <stdio.h>
@ -28,6 +29,7 @@
#include <unistd.h>
#include <stdarg.h>
#include <errno.h>
#include <util.h>
#include "xmalloc.h"
#include "ssh.h"
@ -68,6 +70,7 @@ initialize_server_options(ServerOptions *options)
options->address_family = -1;
options->num_host_key_files = 0;
options->num_host_cert_files = 0;
options->host_key_agent = NULL;
options->pid_file = NULL;
options->server_key_bits = -1;
options->login_grace_time = -1;
@ -103,6 +106,8 @@ initialize_server_options(ServerOptions *options)
options->permit_user_env = -1;
options->use_login = -1;
options->compression = -1;
options->rekey_limit = -1;
options->rekey_interval = -1;
options->allow_tcp_forwarding = -1;
options->allow_agent_forwarding = -1;
options->num_allow_users = 0;
@ -235,6 +240,10 @@ fill_default_server_options(ServerOptions *options)
options->use_login = 0;
if (options->compression == -1)
options->compression = COMP_DELAYED;
if (options->rekey_limit == -1)
options->rekey_limit = 0;
if (options->rekey_interval == -1)
options->rekey_interval = 0;
if (options->allow_tcp_forwarding == -1)
options->allow_tcp_forwarding = FORWARD_ALLOW;
if (options->allow_agent_forwarding == -1)
@ -293,7 +302,7 @@ typedef enum {
sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
sStrictModes, sEmptyPasswd, sTCPKeepAlive,
sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem,
sMaxStartups, sMaxAuthTries, sMaxSessions,
@ -307,7 +316,7 @@ typedef enum {
sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
sKexAlgorithms, sIPQoS, sVersionAddendum,
sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
sAuthenticationMethods,
sAuthenticationMethods, sHostKeyAgent,
sDeprecated, sUnsupported
} ServerOpCodes;
@ -324,6 +333,7 @@ static struct {
{ "port", sPort, SSHCFG_GLOBAL },
{ "hostkey", sHostKeyFile, SSHCFG_GLOBAL },
{ "hostdsakey", sHostKeyFile, SSHCFG_GLOBAL }, /* alias */
{ "hostkeyagent", sHostKeyAgent, SSHCFG_GLOBAL },
{ "pidfile", sPidFile, SSHCFG_GLOBAL },
{ "serverkeybits", sServerKeyBits, SSHCFG_GLOBAL },
{ "logingracetime", sLoginGraceTime, SSHCFG_GLOBAL },
@ -383,6 +393,7 @@ static struct {
{ "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL },
{ "uselogin", sUseLogin, SSHCFG_GLOBAL },
{ "compression", sCompression, SSHCFG_GLOBAL },
{ "rekeylimit", sRekeyLimit, SSHCFG_ALL },
{ "tcpkeepalive", sTCPKeepAlive, SSHCFG_GLOBAL },
{ "keepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, /* obsolete alias */
{ "allowtcpforwarding", sAllowTcpForwarding, SSHCFG_ALL },
@ -470,7 +481,7 @@ derelativise_path(const char *path)
if (getcwd(cwd, sizeof(cwd)) == NULL)
fatal("%s: getcwd: %s", __func__, strerror(errno));
xasprintf(&ret, "%s/%s", cwd, expanded);
xfree(expanded);
free(expanded);
return ret;
}
@ -762,13 +773,13 @@ process_server_config_line(ServerOptions *options, char *line,
struct connection_info *connectinfo)
{
char *cp, **charptr, *arg, *p;
int cmdline = 0, *intptr, value, value2, n;
int cmdline = 0, *intptr, value, value2, n, port;
SyslogFacility *log_facility_ptr;
LogLevel *log_level_ptr;
ServerOpCodes opcode;
int port;
u_int i, flags = 0;
size_t len;
long long val64;
const struct multistate *multistate_ptr;
cp = line;
@ -922,6 +933,17 @@ process_server_config_line(ServerOptions *options, char *line,
}
break;
case sHostKeyAgent:
charptr = &options->host_key_agent;
arg = strdelim(&cp);
if (!arg || *arg == '\0')
fatal("%s line %d: missing socket name.",
filename, linenum);
if (*activep && *charptr == NULL)
*charptr = !strcmp(arg, SSH_AUTHSOCKET_ENV_NAME) ?
xstrdup(arg) : derelativise_path(arg);
break;
case sHostCertificate:
intptr = &options->num_host_cert_files;
if (*intptr >= MAX_HOSTKEYS)
@ -1073,6 +1095,37 @@ process_server_config_line(ServerOptions *options, char *line,
multistate_ptr = multistate_compression;
goto parse_multistate;
case sRekeyLimit:
arg = strdelim(&cp);
if (!arg || *arg == '\0')
fatal("%.200s line %d: Missing argument.", filename,
linenum);
if (strcmp(arg, "default") == 0) {
val64 = 0;
} else {
if (scan_scaled(arg, &val64) == -1)
fatal("%.200s line %d: Bad number '%s': %s",
filename, linenum, arg, strerror(errno));
/* check for too-large or too-small limits */
if (val64 > UINT_MAX)
fatal("%.200s line %d: RekeyLimit too large",
filename, linenum);
if (val64 != 0 && val64 < 16)
fatal("%.200s line %d: RekeyLimit too small",
filename, linenum);
}
if (*activep && options->rekey_limit == -1)
options->rekey_limit = (u_int32_t)val64;
if (cp != NULL) { /* optional rekey interval present */
if (strcmp(cp, "none") == 0) {
(void)strdelim(&cp); /* discard */
break;
}
intptr = &options->rekey_interval;
goto parse_time;
}
break;
case sGatewayPorts:
intptr = &options->gateway_ports;
multistate_ptr = multistate_gatewayports;
@ -1626,8 +1679,7 @@ int server_match_spec_complete(struct connection_info *ci)
} while (0)
#define M_CP_STROPT(n) do {\
if (src->n != NULL) { \
if (dst->n != NULL) \
xfree(dst->n); \
free(dst->n); \
dst->n = src->n; \
} \
} while(0)
@ -1673,6 +1725,8 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
M_CP_INTOPT(max_authtries);
M_CP_INTOPT(ip_qos_interactive);
M_CP_INTOPT(ip_qos_bulk);
M_CP_INTOPT(rekey_limit);
M_CP_INTOPT(rekey_interval);
/* See comment in servconf.h */
COPY_MATCH_STRING_OPTS();
@ -1709,7 +1763,7 @@ parse_server_config(ServerOptions *options, const char *filename, Buffer *conf,
linenum++, &active, connectinfo) != 0)
bad_options++;
}
xfree(obuf);
free(obuf);
if (bad_options > 0)
fatal("%s: terminating, %d bad configuration options",
filename, bad_options);
@ -1918,6 +1972,7 @@ dump_config(ServerOptions *o)
dump_cfg_string(sVersionAddendum, o->version_addendum);
dump_cfg_string(sAuthorizedKeysCommand, o->authorized_keys_command);
dump_cfg_string(sAuthorizedKeysCommandUser, o->authorized_keys_command_user);
dump_cfg_string(sHostKeyAgent, o->host_key_agent);
/* string arguments requiring a lookup */
dump_cfg_string(sLogLevel, log_level_name(o->log_level));
@ -1956,5 +2011,7 @@ dump_config(ServerOptions *o)
printf("ipqos %s ", iptos2str(o->ip_qos_interactive));
printf("%s\n", iptos2str(o->ip_qos_bulk));
printf("rekeylimit %lld %d\n", o->rekey_limit, o->rekey_interval);
channel_print_adm_permitted_opens();
}

6
crypto/external/bsd/openssh/dist/servconf.h vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: servconf.h,v 1.107 2013/01/03 05:49:36 djm Exp $ */
/* $OpenBSD: servconf.h,v 1.109 2013/07/19 07:37:48 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -65,6 +65,7 @@ typedef struct {
int num_host_key_files; /* Number of files for host keys. */
char *host_cert_files[MAX_HOSTCERTS]; /* Files containing host certs. */
int num_host_cert_files; /* Number of files for host certs. */
char *host_key_agent; /* ssh-agent socket for host keys. */
char *pid_file; /* Where to put our pid */
int server_key_bits;/* Size of the server key. */
int login_grace_time; /* Disconnect if no auth in this time
@ -174,6 +175,9 @@ typedef struct {
char *authorized_keys_command;
char *authorized_keys_command_user;
int64_t rekey_limit;
int rekey_interval;
char *version_addendum; /* Appended to SSH banner */
u_int num_auth_methods;

49
crypto/external/bsd/openssh/dist/serverloop.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: serverloop.c,v 1.164 2012/12/07 01:51:35 dtucker Exp $ */
/* $OpenBSD: serverloop.c,v 1.168 2013/07/12 00:19:59 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -144,7 +144,7 @@ static void
notify_parent(void)
{
if (notify_pipe[1] != -1)
write(notify_pipe[1], "", 1);
(void)write(notify_pipe[1], "", 1);
}
static void
notify_prepare(fd_set *readset)
@ -271,7 +271,7 @@ client_alive_check(void)
*/
static void
wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp,
u_int *nallocp, u_int max_time_milliseconds)
u_int *nallocp, u_int64_t max_time_milliseconds)
{
struct timeval tv, *tvp;
int ret;
@ -531,7 +531,7 @@ server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg)
int wait_status; /* Status returned by wait(). */
pid_t wait_pid; /* pid returned by wait(). */
int waiting_termination = 0; /* Have displayed waiting close message. */
u_int max_time_milliseconds;
u_int64_t max_time_milliseconds;
u_int previous_stdout_buffer_bytes;
u_int stdout_buffer_bytes;
int type;
@ -662,7 +662,7 @@ server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg)
/* Display list of open channels. */
cp = channel_open_message();
buffer_append(&stderr_buffer, cp, strlen(cp));
xfree(cp);
free(cp);
}
}
max_fd = MAX(connection_in, connection_out);
@ -690,10 +690,8 @@ server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg)
/* Process output to the client and to program stdin. */
process_output(writeset);
}
if (readset)
xfree(readset);
if (writeset)
xfree(writeset);
free(readset);
free(writeset);
/* Cleanup and termination code. */
@ -793,7 +791,9 @@ void
server_loop2(Authctxt *authctxt)
{
fd_set *readset = NULL, *writeset = NULL;
int rekeying = 0, max_fd, nalloc = 0;
int rekeying = 0, max_fd;
u_int nalloc = 0;
u_int64_t rekey_timeout_ms = 0;
debug("Entering interactive session for SSH2.");
@ -822,8 +822,13 @@ server_loop2(Authctxt *authctxt)
if (!rekeying && packet_not_very_much_data_to_write())
channel_output_poll();
if (options.rekey_interval > 0 && compat20 && !rekeying)
rekey_timeout_ms = packet_get_rekey_timeout() * 1000;
else
rekey_timeout_ms = 0;
wait_until_can_do_something(&readset, &writeset, &max_fd,
&nalloc, 0);
&nalloc, rekey_timeout_ms);
if (received_sigterm) {
logit("Exiting on signal %d", (int)received_sigterm);
@ -847,10 +852,8 @@ server_loop2(Authctxt *authctxt)
}
collect_children();
if (readset)
xfree(readset);
if (writeset)
xfree(writeset);
free(readset);
free(writeset);
/* free all channels, no more reads and writes */
channel_free_all();
@ -885,7 +888,7 @@ server_input_stdin_data(int type, u_int32_t seq, void *ctxt)
packet_check_eom();
buffer_append(&stdin_buffer, data, data_len);
memset(data, 0, data_len);
xfree(data);
free(data);
}
static void
@ -942,8 +945,8 @@ server_request_direct_tcpip(void)
originator, originator_port, target, target_port);
}
xfree(originator);
xfree(target);
free(originator);
free(target);
return c;
}
@ -1067,7 +1070,7 @@ server_input_channel_open(int type, u_int32_t seq, void *ctxt)
}
packet_send();
}
xfree(ctype);
free(ctype);
}
static void
@ -1109,7 +1112,7 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
listen_address, listen_port,
&allocated_listen_port, options.gateway_ports);
}
xfree(listen_address);
free(listen_address);
} else if (strcmp(rtype, "cancel-tcpip-forward") == 0) {
char *cancel_address;
u_short cancel_port;
@ -1121,7 +1124,7 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
success = channel_cancel_rport_listener(cancel_address,
cancel_port);
xfree(cancel_address);
free(cancel_address);
} else if (strcmp(rtype, "no-more-sessions@openssh.com") == 0) {
no_more_sessions = 1;
success = 1;
@ -1134,7 +1137,7 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
packet_send();
packet_write_wait();
}
xfree(rtype);
free(rtype);
}
static void
@ -1166,7 +1169,7 @@ server_input_channel_req(int type, u_int32_t seq, void *ctxt)
packet_put_int(c->remote_id);
packet_send();
}
xfree(rtype);
free(rtype);
}
static void

107
crypto/external/bsd/openssh/dist/session.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: session.c,v 1.261 2012/12/02 20:46:11 djm Exp $ */
/* $OpenBSD: session.c,v 1.266 2013/07/19 07:37:48 markus Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
@ -70,6 +70,7 @@
#include "hostfile.h"
#include "auth.h"
#include "auth-options.h"
#include "authfd.h"
#include "pathnames.h"
#include "log.h"
#include "servconf.h"
@ -182,7 +183,7 @@ auth_input_request_forwarding(struct passwd * pw)
packet_send_debug("Agent forwarding disabled: "
"mkdtemp() failed: %.100s", strerror(errno));
restore_uid();
xfree(auth_sock_dir);
free(auth_sock_dir);
auth_sock_dir = NULL;
goto authsock_err;
}
@ -227,11 +228,10 @@ auth_input_request_forwarding(struct passwd * pw)
return 1;
authsock_err:
if (auth_sock_name != NULL)
xfree(auth_sock_name);
free(auth_sock_name);
if (auth_sock_dir != NULL) {
rmdir(auth_sock_dir);
xfree(auth_sock_dir);
free(auth_sock_dir);
}
if (sock != -1)
close(sock);
@ -347,8 +347,8 @@ do_authenticated1(Authctxt *authctxt)
packet_check_eom();
success = session_setup_x11fwd(s);
if (!success) {
xfree(s->auth_proto);
xfree(s->auth_data);
free(s->auth_proto);
free(s->auth_data);
s->auth_proto = NULL;
s->auth_data = NULL;
}
@ -395,7 +395,7 @@ do_authenticated1(Authctxt *authctxt)
if (do_exec(s, command) != 0)
packet_disconnect(
"command execution failed");
xfree(command);
free(command);
} else {
if (do_exec(s, NULL) != 0)
packet_disconnect(
@ -860,7 +860,7 @@ child_set_env(char ***envp, u_int *envsizep, const char *name,
break;
if (env[i]) {
/* Reuse the slot. */
xfree(env[i]);
free(env[i]);
} else {
/* New variable. Expand if necessary. */
envsize = *envsizep;
@ -983,8 +983,8 @@ do_setup_env(Session *s, const char *shell)
child_set_env(&env, &envsize, str, str + i + 1);
}
custom_environment = ce->next;
xfree(ce->s);
xfree(ce);
free(ce->s);
free(ce);
}
}
@ -996,7 +996,7 @@ do_setup_env(Session *s, const char *shell)
laddr = get_local_ipaddr(packet_get_connection_in());
snprintf(buf, sizeof buf, "%.50s %d %.50s %d",
get_remote_ipaddr(), get_remote_port(), laddr, get_local_port());
xfree(laddr);
free(laddr);
child_set_env(&env, &envsize, "SSH_CONNECTION", buf);
if (s->ttyfd != -1)
@ -1117,7 +1117,7 @@ do_nologin(struct passwd *pw)
if (stat(nl, &sb) == -1) {
if (nl != def_nl)
xfree(nl);
free(nl);
return;
}
@ -1209,6 +1209,9 @@ do_setusercontext(struct passwd *pw)
safely_chroot(chroot_path, pw->pw_uid);
free(tmp);
free(chroot_path);
/* Make sure we don't attempt to chroot again */
free(options.chroot_directory);
options.chroot_directory = NULL;
}
/* Set UID */
@ -1216,7 +1219,11 @@ do_setusercontext(struct passwd *pw)
perror("unable to set user context (setuser)");
exit(1);
}
} else if (options.chroot_directory != NULL &&
strcasecmp(options.chroot_directory, "none") != 0) {
fatal("server lacks privileges to chroot to ChrootDirectory");
}
if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
}
@ -1255,6 +1262,13 @@ launch_login(struct passwd *pw, const char *hostname)
static void
child_close_fds(void)
{
extern AuthenticationConnection *auth_conn;
if (auth_conn) {
ssh_close_authentication_connection(auth_conn);
auth_conn = NULL;
}
if (packet_get_connection_in() == packet_get_connection_out())
close(packet_get_connection_in());
else {
@ -1685,7 +1699,7 @@ session_pty_req(Session *s)
s->ypixel = packet_get_int();
if (strcmp(s->term, "") == 0) {
xfree(s->term);
free(s->term);
s->term = NULL;
}
@ -1693,8 +1707,7 @@ session_pty_req(Session *s)
debug("Allocating pty.");
if (!PRIVSEP(pty_allocate(&s->ptyfd, &s->ttyfd, s->tty,
sizeof(s->tty)))) {
if (s->term)
xfree(s->term);
free(s->term);
s->term = NULL;
s->ptyfd = -1;
s->ttyfd = -1;
@ -1755,7 +1768,7 @@ session_subsystem_req(Session *s)
logit("subsystem request for %.100s failed, subsystem not found",
subsys);
xfree(subsys);
free(subsys);
return success;
}
@ -1777,8 +1790,8 @@ session_x11_req(Session *s)
success = session_setup_x11fwd(s);
if (!success) {
xfree(s->auth_proto);
xfree(s->auth_data);
free(s->auth_proto);
free(s->auth_data);
s->auth_proto = NULL;
s->auth_data = NULL;
}
@ -1800,7 +1813,7 @@ session_exec_req(Session *s)
char *command = packet_get_string(&len);
packet_check_eom();
success = do_exec(s, command) == 0;
xfree(command);
free(command);
return success;
}
@ -1846,8 +1859,8 @@ session_env_req(Session *s)
debug2("Ignoring env request %s: disallowed name", name);
fail:
xfree(name);
xfree(val);
free(name);
free(val);
return (0);
}
@ -2029,24 +2042,16 @@ session_close_single_x11(int id, void *arg)
if (s->x11_chanids[i] != id)
session_close_x11(s->x11_chanids[i]);
}
xfree(s->x11_chanids);
free(s->x11_chanids);
s->x11_chanids = NULL;
if (s->display) {
xfree(s->display);
s->display = NULL;
}
if (s->auth_proto) {
xfree(s->auth_proto);
s->auth_proto = NULL;
}
if (s->auth_data) {
xfree(s->auth_data);
s->auth_data = NULL;
}
if (s->auth_display) {
xfree(s->auth_display);
s->auth_display = NULL;
}
free(s->display);
s->display = NULL;
free(s->auth_proto);
s->auth_proto = NULL;
free(s->auth_data);
s->auth_data = NULL;
free(s->auth_display);
s->auth_display = NULL;
}
static void
@ -2104,24 +2109,18 @@ session_close(Session *s)
debug("session_close: session %d pid %ld", s->self, (long)s->pid);
if (s->ttyfd != -1)
session_pty_cleanup(s);
if (s->term)
xfree(s->term);
if (s->display)
xfree(s->display);
if (s->x11_chanids)
xfree(s->x11_chanids);
if (s->auth_display)
xfree(s->auth_display);
if (s->auth_data)
xfree(s->auth_data);
if (s->auth_proto)
xfree(s->auth_proto);
free(s->term);
free(s->display);
free(s->x11_chanids);
free(s->auth_display);
free(s->auth_data);
free(s->auth_proto);
if (s->env != NULL) {
for (i = 0; i < s->num_env; i++) {
xfree(s->env[i].name);
xfree(s->env[i].val);
free(s->env[i].name);
free(s->env[i].val);
}
xfree(s->env);
free(s->env);
}
session_proctitle(s);
session_unused(s->self);

145
crypto/external/bsd/openssh/dist/sftp-client.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sftp-client.c,v 1.97 2012/07/02 12:13:26 dtucker Exp $ */
/* $OpenBSD: sftp-client.c,v 1.101.2.1 2013/11/08 01:33:56 djm Exp $ */
/*
* Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
*
@ -105,7 +105,7 @@ send_msg(struct sftp_conn *conn, Buffer *m)
iov[1].iov_len = buffer_len(m);
if (atomiciov6(writev, conn->fd_out, iov, 2,
conn->limit_kbps > 0 ? sftpio : NULL, &conn->bwlimit_out) !=
conn->limit_kbps > 0 ? sftpio : NULL, &conn->bwlimit_out) !=
buffer_len(m) + sizeof(mlen))
fatal("Couldn't send packet: %s", strerror(errno));
@ -387,8 +387,8 @@ do_init(int fd_in, int fd_out, u_int transfer_buflen, u_int num_requests,
} else {
debug2("Unrecognised server extension \"%s\"", name);
}
xfree(name);
xfree(value);
free(name);
free(value);
}
buffer_free(&msg);
@ -464,7 +464,7 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag,
if (dir) {
ents = 0;
*dir = xmalloc(sizeof(**dir));
*dir = xcalloc(1, sizeof(**dir));
(*dir)[0] = NULL;
}
@ -502,7 +502,7 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag,
error("Couldn't read directory: %s",
fx2txt(status));
do_close(conn, handle, handle_len);
xfree(handle);
free(handle);
buffer_free(&msg);
return(status);
}
@ -538,26 +538,26 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag,
if (dir) {
*dir = xrealloc(*dir, ents + 2, sizeof(**dir));
(*dir)[ents] = xmalloc(sizeof(***dir));
(*dir)[ents] = xcalloc(1, sizeof(***dir));
(*dir)[ents]->filename = xstrdup(filename);
(*dir)[ents]->longname = xstrdup(longname);
memcpy(&(*dir)[ents]->a, a, sizeof(*a));
(*dir)[++ents] = NULL;
}
next:
xfree(filename);
xfree(longname);
free(filename);
free(longname);
}
}
buffer_free(&msg);
do_close(conn, handle, handle_len);
xfree(handle);
free(handle);
/* Don't return partial matches on interrupt */
if (interrupted && dir != NULL && *dir != NULL) {
free_sftp_dirents(*dir);
*dir = xmalloc(sizeof(**dir));
*dir = xcalloc(1, sizeof(**dir));
**dir = NULL;
}
@ -575,11 +575,11 @@ void free_sftp_dirents(SFTP_DIRENT **s)
int i;
for (i = 0; s[i]; i++) {
xfree(s[i]->filename);
xfree(s[i]->longname);
xfree(s[i]);
free(s[i]->filename);
free(s[i]->longname);
free(s[i]);
}
xfree(s);
free(s);
}
int
@ -753,7 +753,7 @@ do_realpath(struct sftp_conn *conn, char *path)
debug3("SSH_FXP_REALPATH %s -> %s size %lu", path, filename,
(unsigned long)a->size);
xfree(longname);
free(longname);
buffer_free(&msg);
@ -900,7 +900,7 @@ do_readlink(struct sftp_conn *conn, char *path)
debug3("SSH_FXP_READLINK %s -> %s", path, filename);
xfree(longname);
free(longname);
buffer_free(&msg);
@ -981,16 +981,17 @@ send_read_request(struct sftp_conn *conn, u_int id, u_int64_t offset,
int
do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
Attrib *a, int pflag)
Attrib *a, int pflag, int resume)
{
Attrib junk;
Buffer msg;
char *handle;
int local_fd, status = 0, write_error;
int read_error, write_errno;
u_int64_t offset, size;
int local_fd = -1, status = 0, write_error;
int read_error, write_errno, reordered = 0;
u_int64_t offset = 0, size, highwater;
u_int handle_len, mode, type, id, buflen, num_req, max_req;
off_t progress_counter;
struct stat st;
struct request {
u_int id;
u_int len;
@ -1043,21 +1044,36 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
return(-1);
}
local_fd = open(local_path, O_WRONLY | O_CREAT | O_TRUNC,
mode | S_IWRITE);
local_fd = open(local_path, O_WRONLY | O_CREAT | (resume ? : O_TRUNC),
mode | S_IWUSR);
if (local_fd == -1) {
error("Couldn't open local file \"%s\" for writing: %s",
local_path, strerror(errno));
do_close(conn, handle, handle_len);
buffer_free(&msg);
xfree(handle);
return(-1);
goto fail;
}
offset = highwater = 0;
if (resume) {
if (fstat(local_fd, &st) == -1) {
error("Unable to stat local file \"%s\": %s",
local_path, strerror(errno));
goto fail;
}
if ((size_t)st.st_size > size) {
error("Unable to resume download of \"%s\": "
"local file is larger than remote", local_path);
fail:
do_close(conn, handle, handle_len);
buffer_free(&msg);
free(handle);
return -1;
}
offset = highwater = st.st_size;
}
/* Read from remote and write to local */
write_error = read_error = write_errno = num_req = offset = 0;
write_error = read_error = write_errno = num_req = 0;
max_req = 1;
progress_counter = 0;
progress_counter = offset;
if (showprogress && size != 0)
start_progress_meter(remote_path, size, &progress_counter);
@ -1082,7 +1098,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
(unsigned long long)offset,
(unsigned long long)offset + buflen - 1,
num_req, max_req);
req = xmalloc(sizeof(*req));
req = xcalloc(1, sizeof(*req));
req->id = conn->msg_id++;
req->len = buflen;
req->offset = offset;
@ -1114,7 +1130,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
read_error = 1;
max_req = 0;
TAILQ_REMOVE(&requests, req, tq);
xfree(req);
free(req);
num_req--;
break;
case SSH2_FXP_DATA:
@ -1132,12 +1148,16 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
write_error = 1;
max_req = 0;
}
else if (!reordered && req->offset <= highwater)
highwater = req->offset + len;
else if (!reordered && req->offset > highwater)
reordered = 1;
progress_counter += len;
xfree(data);
free(data);
if (len == req->len) {
TAILQ_REMOVE(&requests, req, tq);
xfree(req);
free(req);
num_req--;
} else {
/* Resend the request for the missing data */
@ -1180,7 +1200,15 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
/* Sanity check */
if (TAILQ_FIRST(&requests) != NULL)
fatal("Transfer complete, but requests still in queue");
/* Truncate at highest contiguous point to avoid holes on interrupt */
if (read_error || write_error || interrupted) {
if (reordered && resume) {
error("Unable to resume download of \"%s\": "
"server reordered requests", local_path);
}
debug("truncating at %llu", (unsigned long long)highwater);
ftruncate(local_fd, highwater);
}
if (read_error) {
error("Couldn't read from remote file \"%s\" : %s",
remote_path, fx2txt(status));
@ -1192,7 +1220,8 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
do_close(conn, handle, handle_len);
} else {
status = do_close(conn, handle, handle_len);
if (interrupted)
status = -1;
/* Override umask and utimes if asked */
if (pflag && fchmod(local_fd, mode) == -1)
error("Couldn't set mode on \"%s\": %s", local_path,
@ -1209,14 +1238,14 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
}
close(local_fd);
buffer_free(&msg);
xfree(handle);
free(handle);
return(status);
}
static int
download_dir_internal(struct sftp_conn *conn, char *src, char *dst,
Attrib *dirattrib, int pflag, int printflag, int depth)
Attrib *dirattrib, int pflag, int printflag, int depth, int resume)
{
int i, ret = 0;
SFTP_DIRENT **dir_entries;
@ -1269,11 +1298,11 @@ download_dir_internal(struct sftp_conn *conn, char *src, char *dst,
continue;
if (download_dir_internal(conn, new_src, new_dst,
&(dir_entries[i]->a), pflag, printflag,
depth + 1) == -1)
depth + 1, resume) == -1)
ret = -1;
} else if (S_ISREG(dir_entries[i]->a.perm) ) {
if (do_download(conn, new_src, new_dst,
&(dir_entries[i]->a), pflag) == -1) {
&(dir_entries[i]->a), pflag, resume) == -1) {
error("Download of file %s to %s failed",
new_src, new_dst);
ret = -1;
@ -1281,8 +1310,8 @@ download_dir_internal(struct sftp_conn *conn, char *src, char *dst,
} else
logit("%s: not a regular file\n", new_src);
xfree(new_dst);
xfree(new_src);
free(new_dst);
free(new_src);
}
if (pflag) {
@ -1306,7 +1335,7 @@ download_dir_internal(struct sftp_conn *conn, char *src, char *dst,
int
download_dir(struct sftp_conn *conn, char *src, char *dst,
Attrib *dirattrib, int pflag, int printflag)
Attrib *dirattrib, int pflag, int printflag, int resume)
{
char *src_canon;
int ret;
@ -1317,8 +1346,8 @@ download_dir(struct sftp_conn *conn, char *src, char *dst,
}
ret = download_dir_internal(conn, src_canon, dst,
dirattrib, pflag, printflag, 0);
xfree(src_canon);
dirattrib, pflag, printflag, 0, resume);
free(src_canon);
return ret;
}
@ -1329,7 +1358,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
int local_fd;
int status = SSH2_FX_OK;
u_int handle_len, id, type;
off_t offset;
off_t offset, progress_counter;
char *handle, *data;
Buffer msg;
struct stat sb;
@ -1397,9 +1426,10 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
data = xmalloc(conn->transfer_buflen);
/* Read from local and write to remote */
offset = 0;
offset = progress_counter = 0;
if (showprogress)
start_progress_meter(local_path, sb.st_size, &offset);
start_progress_meter(local_path, sb.st_size,
&progress_counter);
for (;;) {
int len;
@ -1421,7 +1451,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
strerror(errno));
if (len != 0) {
ack = xmalloc(sizeof(*ack));
ack = xcalloc(1, sizeof(*ack));
ack->id = ++id;
ack->offset = offset;
ack->len = len;
@ -1469,7 +1499,8 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
debug3("In write loop, ack for %u %u bytes at %lld",
ack->id, ack->len, (long long)ack->offset);
++ackid;
xfree(ack);
progress_counter += ack->len;
free(ack);
}
offset += len;
if (offset < 0)
@ -1479,7 +1510,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
if (showprogress)
stop_progress_meter();
xfree(data);
free(data);
if (status != SSH2_FX_OK) {
error("Couldn't write to remote file \"%s\": %s",
@ -1499,7 +1530,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
if (do_close(conn, handle, handle_len) != SSH2_FX_OK)
status = -1;
xfree(handle);
free(handle);
return status;
}
@ -1539,7 +1570,7 @@ upload_dir_internal(struct sftp_conn *conn, char *src, char *dst,
a.perm &= 01777;
if (!pflag)
a.flags &= ~SSH2_FILEXFER_ATTR_ACMODTIME;
status = do_mkdir(conn, dst, &a, 0);
/*
* we lack a portable status for errno EEXIST,
@ -1549,7 +1580,7 @@ upload_dir_internal(struct sftp_conn *conn, char *src, char *dst,
if (status != SSH2_FX_OK) {
if (status != SSH2_FX_FAILURE)
return -1;
if (do_stat(conn, dst, 0) == NULL)
if (do_stat(conn, dst, 0) == NULL)
return -1;
}
@ -1557,7 +1588,7 @@ upload_dir_internal(struct sftp_conn *conn, char *src, char *dst,
error("Failed to open dir \"%s\": %s", src, strerror(errno));
return -1;
}
while (((dp = readdir(dirp)) != NULL) && !interrupted) {
if (dp->d_ino == 0)
continue;
@ -1585,8 +1616,8 @@ upload_dir_internal(struct sftp_conn *conn, char *src, char *dst,
}
} else
logit("%s: not a regular file\n", filename);
xfree(new_dst);
xfree(new_src);
free(new_dst);
free(new_src);
}
do_setstat(conn, dst, &a);
@ -1608,7 +1639,7 @@ upload_dir(struct sftp_conn *conn, char *src, char *dst, int printflag,
}
ret = upload_dir_internal(conn, src, dst_canon, pflag, printflag, 0);
xfree(dst_canon);
free(dst_canon);
return ret;
}

6
crypto/external/bsd/openssh/dist/sftp-client.h vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sftp-client.h,v 1.20 2010/12/04 00:18:01 djm Exp $ */
/* $OpenBSD: sftp-client.h,v 1.21 2013/07/25 00:56:51 djm Exp $ */
/*
* Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
@ -106,13 +106,13 @@ int do_symlink(struct sftp_conn *, char *, char *);
* Download 'remote_path' to 'local_path'. Preserve permissions and times
* if 'pflag' is set
*/
int do_download(struct sftp_conn *, char *, char *, Attrib *, int);
int do_download(struct sftp_conn *, char *, char *, Attrib *, int, int);
/*
* Recursively download 'remote_directory' to 'local_directory'. Preserve
* times if 'pflag' is set
*/
int download_dir(struct sftp_conn *, char *, char *, Attrib *, int, int);
int download_dir(struct sftp_conn *, char *, char *, Attrib *, int, int, int);
/*
* Upload 'local_path' to 'remote_path'. Preserve permissions and times

6
crypto/external/bsd/openssh/dist/sftp-common.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sftp-common.c,v 1.23 2010/01/15 09:24:23 markus Exp $ */
/* $OpenBSD: sftp-common.c,v 1.24 2013/05/17 00:13:14 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2001 Damien Miller. All rights reserved.
@ -124,8 +124,8 @@ decode_attrib(Buffer *b)
type = buffer_get_string(b, NULL);
data = buffer_get_string(b, NULL);
debug3("Got file attribute \"%s\"", type);
xfree(type);
xfree(data);
free(type);
free(data);
}
}
return &a;

8
crypto/external/bsd/openssh/dist/sftp-glob.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sftp-glob.c,v 1.23 2011/10/04 14:17:32 djm Exp $ */
/* $OpenBSD: sftp-glob.c,v 1.24.2.1 2013/11/08 01:33:56 djm Exp $ */
/*
* Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
*
@ -45,10 +45,10 @@ fudge_opendir(const char *path)
{
struct SFTP_OPENDIR *r;
r = xmalloc(sizeof(*r));
r = xcalloc(1, sizeof(*r));
if (do_readdir(cur.conn, (char *)path, &r->dir)) {
xfree(r);
free(r);
return(NULL);
}
@ -76,7 +76,7 @@ static void
fudge_closedir(struct SFTP_OPENDIR *od)
{
free_sftp_dirents(od->dir);
xfree(od);
free(od);
}
static int

10
crypto/external/bsd/openssh/dist/sftp-server.8 vendored
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: sftp-server.8,v 1.21 2013/01/04 19:26:38 jmc Exp $
.\" $OpenBSD: sftp-server.8,v 1.23 2013/07/16 00:07:52 schwarze Exp $
.\"
.\" Copyright (c) 2000 Markus Friedl. All rights reserved.
.\"
@ -22,7 +22,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: January 4 2013 $
.Dd $Mdocdate: July 16 2013 $
.Dt SFTP-SERVER 8
.Os
.Sh NAME
@ -124,8 +124,8 @@ establish a logging socket inside the chroot directory.
.%A T. Ylonen
.%A S. Lehtinen
.%T "SSH File Transfer Protocol"
.%N draft-ietf-secsh-filexfer-00.txt
.%D January 2001
.%N draft-ietf-secsh-filexfer-02.txt
.%D October 2001
.%O work in progress material
.Re
.Sh HISTORY
@ -133,4 +133,4 @@ establish a logging socket inside the chroot directory.
first appeared in
.Ox 2.8 .
.Sh AUTHORS
.An Markus Friedl Aq markus@openbsd.org
.An Markus Friedl Aq Mt markus@openbsd.org

58
crypto/external/bsd/openssh/dist/sftp-server.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sftp-server.c,v 1.96 2013/01/04 19:26:38 jmc Exp $ */
/* $OpenBSD: sftp-server.c,v 1.97 2013/05/17 00:13:14 djm Exp $ */
/*
* Copyright (c) 2000-2004 Markus Friedl. All rights reserved.
*
@ -310,11 +310,11 @@ handle_close(int handle)
if (handle_is_ok(handle, HANDLE_FILE)) {
ret = close(handles[handle].fd);
xfree(handles[handle].name);
free(handles[handle].name);
handle_unused(handle);
} else if (handle_is_ok(handle, HANDLE_DIR)) {
ret = closedir(handles[handle].dirp);
xfree(handles[handle].name);
free(handles[handle].name);
handle_unused(handle);
} else {
errno = ENOENT;
@ -358,7 +358,7 @@ get_handle(void)
handle = get_string(&hlen);
if (hlen < 256)
val = handle_from_string(handle, hlen);
xfree(handle);
free(handle);
return val;
}
@ -441,7 +441,7 @@ send_handle(u_int32_t id, int handle)
handle_to_string(handle, &string, &hlen);
debug("request %u: sent handle handle %d", id, handle);
send_data_or_handle(SSH2_FXP_HANDLE, id, string, hlen);
xfree(string);
free(string);
}
static void
@ -569,7 +569,7 @@ process_open(void)
}
if (status != SSH2_FX_OK)
send_status(id, status);
xfree(name);
free(name);
}
static void
@ -670,7 +670,7 @@ process_write(void)
}
}
send_status(id, status);
xfree(data);
free(data);
}
static void
@ -696,7 +696,7 @@ process_do_stat(int do_lstat)
}
if (status != SSH2_FX_OK)
send_status(id, status);
xfree(name);
free(name);
}
static void
@ -798,7 +798,7 @@ process_setstat(void)
status = errno_to_portable(errno);
}
send_status(id, status);
xfree(name);
free(name);
}
static void
@ -883,7 +883,7 @@ process_opendir(void)
}
if (status != SSH2_FX_OK)
send_status(id, status);
xfree(path);
free(path);
}
static void
@ -932,13 +932,13 @@ process_readdir(void)
if (count > 0) {
send_names(id, count, stats);
for (i = 0; i < count; i++) {
xfree(stats[i].name);
xfree(stats[i].long_name);
free(stats[i].name);
free(stats[i].long_name);
}
} else {
send_status(id, SSH2_FX_EOF);
}
xfree(stats);
free(stats);
}
}
@ -961,7 +961,7 @@ process_remove(void)
status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
}
send_status(id, status);
xfree(name);
free(name);
}
static void
@ -986,7 +986,7 @@ process_mkdir(void)
status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
}
send_status(id, status);
xfree(name);
free(name);
}
static void
@ -1007,7 +1007,7 @@ process_rmdir(void)
status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
}
send_status(id, status);
xfree(name);
free(name);
}
static void
@ -1020,7 +1020,7 @@ process_realpath(void)
id = get_int();
path = get_string(NULL);
if (path[0] == '\0') {
xfree(path);
free(path);
path = xstrdup(".");
}
debug3("request %u: realpath", id);
@ -1033,7 +1033,7 @@ process_realpath(void)
s.name = s.long_name = resolvedname;
send_names(id, 1, &s);
}
xfree(path);
free(path);
}
static void
@ -1087,8 +1087,8 @@ process_rename(void)
status = SSH2_FX_OK;
}
send_status(id, status);
xfree(oldpath);
xfree(newpath);
free(oldpath);
free(newpath);
}
static void
@ -1113,7 +1113,7 @@ process_readlink(void)
s.name = s.long_name = buf;
send_names(id, 1, &s);
}
xfree(path);
free(path);
}
static void
@ -1136,8 +1136,8 @@ process_symlink(void)
status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
}
send_status(id, status);
xfree(oldpath);
xfree(newpath);
free(oldpath);
free(newpath);
}
static void
@ -1157,8 +1157,8 @@ process_extended_posix_rename(u_int32_t id)
status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
}
send_status(id, status);
xfree(oldpath);
xfree(newpath);
free(oldpath);
free(newpath);
}
static void
@ -1175,7 +1175,7 @@ process_extended_statvfs(u_int32_t id)
send_status(id, errno_to_portable(errno));
else
send_statvfs(id, &st);
xfree(path);
free(path);
}
static void
@ -1214,8 +1214,8 @@ process_extended_hardlink(u_int32_t id)
status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
}
send_status(id, status);
xfree(oldpath);
xfree(newpath);
free(oldpath);
free(newpath);
}
static void
@ -1236,7 +1236,7 @@ process_extended(void)
process_extended_hardlink(id);
else
send_status(id, SSH2_FX_OP_UNSUPPORTED); /* MUST */
xfree(request);
free(request);
}
/* stolen from ssh-agent */

28
crypto/external/bsd/openssh/dist/sftp.1 vendored
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: sftp.1,v 1.91 2011/09/05 05:56:13 djm Exp $
.\" $OpenBSD: sftp.1,v 1.92 2013/07/25 00:56:51 djm Exp $
.\"
.\" Copyright (c) 2001 Damien Miller. All rights reserved.
.\"
@ -22,7 +22,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: September 5 2011 $
.Dd $Mdocdate: July 25 2013 $
.Dt SFTP 1
.Os
.Sh NAME
@ -129,7 +129,7 @@ may be used to indicate standard input.
.Nm
will abort if any of the following
commands fail:
.Ic get , put , rename , ln ,
.Ic get , put , reget , rename , ln ,
.Ic rm , mkdir , chdir , ls ,
.Ic lchdir , chmod , chown ,
.Ic chgrp , lpwd , df , symlink ,
@ -343,7 +343,7 @@ extension.
Quit
.Nm sftp .
.It Xo Ic get
.Op Fl Ppr
.Op Fl aPpr
.Ar remote-path
.Op Ar local-path
.Xc
@ -363,6 +363,14 @@ is specified, then
.Ar local-path
must specify a directory.
.Pp
If the
.Fl a
flag is specified, then attempt to resume partial transfers of existing files.
Note that resumption assumes that any partial copy of the local file matches
the remote copy.
If the remote file differs from the partial local copy then the resultant file
is likely to be corrupt.
.Pp
If either the
.Fl P
or
@ -503,6 +511,18 @@ Display remote working directory.
.It Ic quit
Quit
.Nm sftp .
.It Xo Ic reget
.Op Fl Ppr
.Ar remote-path
.Op Ar local-path
.Xc
Resume download of
.Ar remote-path .
Equivalent to
.Ic get
with the
.Fl a
flag set.
.It Ic rename Ar oldpath Ar newpath
Rename remote file from
.Ar oldpath

215
crypto/external/bsd/openssh/dist/sftp.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sftp.c,v 1.142 2013/02/08 00:41:12 djm Exp $ */
/* $OpenBSD: sftp.c,v 1.148 2013/07/25 00:56:52 djm Exp $ */
/*
* Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
*
@ -29,6 +29,7 @@
#include <histedit.h>
#include <paths.h>
#include <libgen.h>
#include <locale.h>
#include <signal.h>
#include <stdlib.h>
#include <stdio.h>
@ -59,12 +60,18 @@ int batchmode = 0;
/* PID of ssh transport process */
static pid_t sshpid = -1;
/* Suppress diagnositic messages */
int quiet = 0;
/* This is set to 0 if the progressmeter is not desired. */
int showprogress = 1;
/* When this option is set, we always recursively download/upload directories */
int global_rflag = 0;
/* When this option is set, we resume download if possible */
int global_aflag = 0;
/* When this option is set, the file transfers will always preserve times */
int global_pflag = 0;
@ -126,6 +133,7 @@ int remote_glob(struct sftp_conn *, const char *, int,
#define I_SYMLINK 21
#define I_VERSION 22
#define I_PROGRESS 23
#define I_REGET 26
struct CMD {
const char *c;
@ -165,6 +173,7 @@ static const struct CMD cmds[] = {
{ "put", I_PUT, LOCAL },
{ "pwd", I_PWD, REMOTE },
{ "quit", I_QUIT, NOARGS },
{ "reget", I_REGET, REMOTE },
{ "rename", I_RENAME, REMOTE },
{ "rm", I_RM, REMOTE },
{ "rmdir", I_RMDIR, REMOTE },
@ -196,7 +205,7 @@ cmd_interrupt(int signo)
const char msg[] = "\rInterrupt \n";
int olderrno = errno;
write(STDERR_FILENO, msg, sizeof(msg) - 1);
(void)write(STDERR_FILENO, msg, sizeof(msg) - 1);
interrupted = 1;
errno = olderrno;
}
@ -214,6 +223,7 @@ help(void)
" filesystem containing 'path'\n"
"exit Quit sftp\n"
"get [-Ppr] remote [local] Download file\n"
"reget remote [local] Resume download file\n"
"help Display this help text\n"
"lcd path Change local directory to 'path'\n"
"lls [ls-options [path]] Display local directory listing\n"
@ -287,7 +297,7 @@ local_do_ls(const char *args)
/* XXX: quoting - rip quoting code from ftp? */
snprintf(buf, len, _PATH_LS " %s", args);
local_do_shell(buf);
xfree(buf);
free(buf);
}
}
@ -318,15 +328,15 @@ make_absolute(char *p, char *pwd)
/* Derelativise */
if (p && p[0] != '/') {
abs_str = path_append(pwd, p);
xfree(p);
free(p);
return(abs_str);
} else
return(p);
}
static int
parse_getput_flags(const char *cmd, char **argv, int argc, int *pflag,
int *rflag)
parse_getput_flags(const char *cmd, char **argv, int argc,
int *aflag, int *pflag, int *rflag)
{
extern int opterr, optind, optopt, optreset;
int ch;
@ -334,9 +344,12 @@ parse_getput_flags(const char *cmd, char **argv, int argc, int *pflag,
optind = optreset = 1;
opterr = 0;
*rflag = *pflag = 0;
while ((ch = getopt(argc, argv, "PpRr")) != -1) {
*aflag = *rflag = *pflag = 0;
while ((ch = getopt(argc, argv, "aPpRr")) != -1) {
switch (ch) {
case 'a':
*aflag = 1;
break;
case 'p':
case 'P':
*pflag = 1;
@ -494,7 +507,7 @@ pathname_is_dir(char *pathname)
static int
process_get(struct sftp_conn *conn, char *src, char *dst, char *pwd,
int pflag, int rflag)
int pflag, int rflag, int resume)
{
char *abs_src = NULL;
char *abs_dst = NULL;
@ -528,7 +541,7 @@ process_get(struct sftp_conn *conn, char *src, char *dst, char *pwd,
tmp = xstrdup(g.gl_pathv[i]);
if ((filename = basename(tmp)) == NULL) {
error("basename %s: %s", tmp, strerror(errno));
xfree(tmp);
free(tmp);
err = -1;
goto out;
}
@ -544,24 +557,28 @@ process_get(struct sftp_conn *conn, char *src, char *dst, char *pwd,
} else {
abs_dst = xstrdup(filename);
}
xfree(tmp);
free(tmp);
printf("Fetching %s to %s\n", g.gl_pathv[i], abs_dst);
resume |= global_aflag;
if (!quiet && resume)
printf("Resuming %s to %s\n", g.gl_pathv[i], abs_dst);
else if (!quiet && !resume)
printf("Fetching %s to %s\n", g.gl_pathv[i], abs_dst);
if (pathname_is_dir(g.gl_pathv[i]) && (rflag || global_rflag)) {
if (download_dir(conn, g.gl_pathv[i], abs_dst, NULL,
pflag || global_pflag, 1) == -1)
if (download_dir(conn, g.gl_pathv[i], abs_dst, NULL,
pflag || global_pflag, 1, resume) == -1)
err = -1;
} else {
if (do_download(conn, g.gl_pathv[i], abs_dst, NULL,
pflag || global_pflag) == -1)
pflag || global_pflag, resume) == -1)
err = -1;
}
xfree(abs_dst);
free(abs_dst);
abs_dst = NULL;
}
out:
xfree(abs_src);
free(abs_src);
globfree(&g);
return(err);
}
@ -613,7 +630,7 @@ process_put(struct sftp_conn *conn, char *src, char *dst, char *pwd,
tmp = xstrdup(g.gl_pathv[i]);
if ((filename = basename(tmp)) == NULL) {
error("basename %s: %s", tmp, strerror(errno));
xfree(tmp);
free(tmp);
err = -1;
goto out;
}
@ -629,9 +646,10 @@ process_put(struct sftp_conn *conn, char *src, char *dst, char *pwd,
} else {
abs_dst = make_absolute(xstrdup(filename), pwd);
}
xfree(tmp);
free(tmp);
printf("Uploading %s to %s\n", g.gl_pathv[i], abs_dst);
if (!quiet)
printf("Uploading %s to %s\n", g.gl_pathv[i], abs_dst);
if (pathname_is_dir(g.gl_pathv[i]) && (rflag || global_rflag)) {
if (upload_dir(conn, g.gl_pathv[i], abs_dst,
pflag || global_pflag, 1) == -1)
@ -644,10 +662,8 @@ process_put(struct sftp_conn *conn, char *src, char *dst, char *pwd,
}
out:
if (abs_dst)
xfree(abs_dst);
if (tmp_dst)
xfree(tmp_dst);
free(abs_dst);
free(tmp_dst);
globfree(&g);
return(err);
}
@ -695,7 +711,7 @@ do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag)
/* Add any subpath that also needs to be counted */
tmp = path_strip(path, strip_path);
m += strlen(tmp);
xfree(tmp);
free(tmp);
if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) != -1)
width = ws.ws_col;
@ -721,7 +737,7 @@ do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag)
tmp = path_append(path, d[n]->filename);
fname = path_strip(tmp, strip_path);
xfree(tmp);
free(tmp);
if (lflag & LS_LONG_VIEW) {
if (lflag & (LS_NUMERIC_VIEW|LS_SI_UNITS)) {
@ -733,7 +749,7 @@ do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag)
lname = ls_file(fname, &sb, 1,
(lflag & LS_SI_UNITS));
printf("%s\n", lname);
xfree(lname);
free(lname);
} else
printf("%s\n", d[n]->longname);
} else {
@ -745,7 +761,7 @@ do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag)
c++;
}
xfree(fname);
free(fname);
}
if (!(lflag & LS_LONG_VIEW) && (c != 1))
@ -815,7 +831,7 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path,
lname = ls_file(fname, g.gl_statv[i], 1,
(lflag & LS_SI_UNITS));
printf("%s\n", lname);
xfree(lname);
free(lname);
} else {
printf("%-*s", colspace, fname);
if (c >= columns) {
@ -824,7 +840,7 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path,
} else
c++;
}
xfree(fname);
free(fname);
}
if (!(lflag & LS_LONG_VIEW) && (c != 1))
@ -1093,8 +1109,9 @@ makeargv(const char *arg, int *argcp, int sloppy, char *lastquote,
}
static int
parse_args(const char **cpp, int *pflag, int *rflag, int *lflag, int *iflag,
int *hflag, int *sflag, unsigned long *n_arg, char **path1, char **path2)
parse_args(const char **cpp, int *aflag, int *hflag, int *iflag, int *lflag,
int *pflag, int *rflag, int *sflag, unsigned long *n_arg,
char **path1, char **path2)
{
const char *cmd, *cp = *cpp;
char *cp2, **argv;
@ -1138,14 +1155,15 @@ parse_args(const char **cpp, int *pflag, int *rflag, int *lflag, int *iflag,
}
/* Get arguments and parse flags */
*lflag = *pflag = *rflag = *hflag = *n_arg = 0;
*aflag = *lflag = *pflag = *rflag = *hflag = *n_arg = 0;
*path1 = *path2 = NULL;
optidx = 1;
switch (cmdnum) {
case I_GET:
case I_REGET:
case I_PUT:
if ((optidx = parse_getput_flags(cmd, argv, argc,
pflag, rflag)) == -1)
aflag, pflag, rflag)) == -1)
return -1;
/* Get first pathname (mandatory) */
if (argc - optidx < 1) {
@ -1160,6 +1178,11 @@ parse_args(const char **cpp, int *pflag, int *rflag, int *lflag, int *iflag,
/* Destination is not globbed */
undo_glob_escape(*path2);
}
if (*aflag && cmdnum == I_PUT) {
/* XXX implement resume for uploads */
error("Resume is not supported for uploads");
return -1;
}
break;
case I_LINK:
if ((optidx = parse_link_flags(cmd, argv, argc, sflag)) == -1)
@ -1268,7 +1291,8 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd,
int err_abort)
{
char *path1, *path2, *tmp;
int pflag = 0, rflag = 0, lflag = 0, iflag = 0, hflag = 0, sflag = 0;
int aflag = 0, hflag = 0, iflag = 0, lflag = 0, pflag = 0;
int rflag = 0, sflag = 0;
int cmdnum, i;
unsigned long n_arg = 0;
Attrib a, *aa;
@ -1277,9 +1301,8 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd,
glob_t g;
path1 = path2 = NULL;
cmdnum = parse_args(&cmd, &pflag, &rflag, &lflag, &iflag, &hflag,
&sflag, &n_arg, &path1, &path2);
cmdnum = parse_args(&cmd, &aflag, &hflag, &iflag, &lflag, &pflag,
&rflag, &sflag, &n_arg, &path1, &path2);
if (iflag != 0)
err_abort = 0;
@ -1294,8 +1317,12 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd,
/* Unrecognized command */
err = -1;
break;
case I_REGET:
aflag = 1;
/* FALLTHROUGH */
case I_GET:
err = process_get(conn, path1, path2, *pwd, pflag, rflag);
err = process_get(conn, path1, path2, *pwd, pflag,
rflag, aflag);
break;
case I_PUT:
err = process_put(conn, path1, path2, *pwd, pflag, rflag);
@ -1316,7 +1343,8 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd,
path1 = make_absolute(path1, *pwd);
remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g);
for (i = 0; g.gl_pathv[i] && !interrupted; i++) {
printf("Removing %s\n", g.gl_pathv[i]);
if (!quiet)
printf("Removing %s\n", g.gl_pathv[i]);
err = do_rm(conn, g.gl_pathv[i]);
if (err != 0 && err_abort)
break;
@ -1340,24 +1368,24 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd,
break;
}
if ((aa = do_stat(conn, tmp, 0)) == NULL) {
xfree(tmp);
free(tmp);
err = 1;
break;
}
if (!(aa->flags & SSH2_FILEXFER_ATTR_PERMISSIONS)) {
error("Can't change directory: Can't check target");
xfree(tmp);
free(tmp);
err = 1;
break;
}
if (!S_ISDIR(aa->perm)) {
error("Can't change directory: \"%s\" is not "
"a directory", tmp);
xfree(tmp);
free(tmp);
err = 1;
break;
}
xfree(*pwd);
free(*pwd);
*pwd = tmp;
break;
case I_LS:
@ -1412,7 +1440,8 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd,
a.perm = n_arg;
remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g);
for (i = 0; g.gl_pathv[i] && !interrupted; i++) {
printf("Changing mode on %s\n", g.gl_pathv[i]);
if (!quiet)
printf("Changing mode on %s\n", g.gl_pathv[i]);
err = do_setstat(conn, g.gl_pathv[i], &a);
if (err != 0 && err_abort)
break;
@ -1441,10 +1470,14 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd,
}
aa->flags &= SSH2_FILEXFER_ATTR_UIDGID;
if (cmdnum == I_CHOWN) {
printf("Changing owner on %s\n", g.gl_pathv[i]);
if (!quiet)
printf("Changing owner on %s\n",
g.gl_pathv[i]);
aa->uid = n_arg;
} else {
printf("Changing group on %s\n", g.gl_pathv[i]);
if (!quiet)
printf("Changing group on %s\n",
g.gl_pathv[i]);
aa->gid = n_arg;
}
err = do_setstat(conn, g.gl_pathv[i], aa);
@ -1485,10 +1518,8 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd,
if (g.gl_pathc)
globfree(&g);
if (path1)
xfree(path1);
if (path2)
xfree(path2);
free(path1);
free(path2);
/* If an unignored error occurs in batch mode we should abort. */
if (err_abort && err != 0)
@ -1597,8 +1628,8 @@ complete_cmd_parse(EditLine *el, char *cmd, int lastarg, char quote,
complete_display(list, 0);
for (y = 0; list[y] != NULL; y++)
xfree(list[y]);
xfree(list);
free(list[y]);
free(list);
return count;
}
@ -1611,7 +1642,7 @@ complete_cmd_parse(EditLine *el, char *cmd, int lastarg, char quote,
list[count] = NULL;
if (count == 0) {
xfree(list);
free(list);
return 0;
}
@ -1621,8 +1652,8 @@ complete_cmd_parse(EditLine *el, char *cmd, int lastarg, char quote,
complete_display(list, 0);
for (y = 0; list[y]; y++)
xfree(list[y]);
xfree(list);
free(list[y]);
free(list);
if (tmp != NULL) {
tmplen = strlen(tmp);
@ -1643,7 +1674,7 @@ complete_cmd_parse(EditLine *el, char *cmd, int lastarg, char quote,
if (y > 0 && el_insertstr(el, argterm) == -1)
fatal("el_insertstr failed.");
}
xfree(tmp);
free(tmp);
}
return count;
@ -1674,8 +1705,9 @@ complete_match(EditLine *el, struct sftp_conn *conn, char *remote_path,
char *file, int remote, int lastarg, char quote, int terminated)
{
glob_t g;
char *tmp, *tmp2, ins[3];
char *tmp, *tmp2, ins[8];
u_int i, hadglob, pwdlen, len, tmplen, filelen, cesc, isesc, isabs;
int clen;
const LineInfo *lf;
/* Glob from "file" location */
@ -1707,7 +1739,7 @@ complete_match(EditLine *el, struct sftp_conn *conn, char *remote_path,
if (tmp[tmplen] == '/')
pwdlen = tmplen + 1; /* track last seen '/' */
}
xfree(tmp);
free(tmp);
if (g.gl_matchc == 0)
goto out;
@ -1722,7 +1754,7 @@ complete_match(EditLine *el, struct sftp_conn *conn, char *remote_path,
tmp2 = complete_ambiguous(file, g.gl_pathv, g.gl_matchc);
tmp = path_strip(tmp2, isabs ? NULL : remote_path);
xfree(tmp2);
free(tmp2);
if (tmp == NULL)
goto out;
@ -1744,10 +1776,13 @@ complete_match(EditLine *el, struct sftp_conn *conn, char *remote_path,
tmp2 = tmp + filelen - cesc;
len = strlen(tmp2);
/* quote argument on way out */
for (i = 0; i < len; i++) {
for (i = 0; i < len; i += clen) {
if ((clen = mblen(tmp2 + i, len - i)) < 0 ||
(size_t)clen > sizeof(ins) - 2)
fatal("invalid multibyte character");
ins[0] = '\\';
ins[1] = tmp2[i];
ins[2] = '\0';
memcpy(ins + 1, tmp2 + i, clen);
ins[clen + 1] = '\0';
switch (tmp2[i]) {
case '\'':
case '"':
@ -1784,7 +1819,7 @@ complete_match(EditLine *el, struct sftp_conn *conn, char *remote_path,
if (i > 0 && el_insertstr(el, ins) == -1)
fatal("el_insertstr failed.");
}
xfree(tmp);
free(tmp);
out:
globfree(&g);
@ -1796,7 +1831,8 @@ static unsigned char
complete(EditLine *el, int ch)
{
char **argv, *line, quote;
u_int argc, carg, cursor, len, terminated, ret = CC_ERROR;
int argc, carg;
u_int cursor, len, terminated, ret = CC_ERROR;
const LineInfo *lf;
struct complete_ctx *complete_ctx;
@ -1810,7 +1846,7 @@ complete(EditLine *el, int ch)
memcpy(line, lf->buffer, cursor);
line[cursor] = '\0';
argv = makeargv(line, &carg, 1, &quote, &terminated);
xfree(line);
free(line);
/* Get all the arguments on the line */
len = lf->lastchar - lf->buffer;
@ -1822,7 +1858,7 @@ complete(EditLine *el, int ch)
/* Ensure cursor is at EOL or a argument boundary */
if (line[cursor] != ' ' && line[cursor] != '\0' &&
line[cursor] != '\n') {
xfree(line);
free(line);
return ret;
}
@ -1850,7 +1886,7 @@ complete(EditLine *el, int ch)
ret = CC_REDISPLAY;
}
xfree(line);
free(line);
return ret;
}
@ -1899,31 +1935,30 @@ interactive_loop(struct sftp_conn *conn, char *file1, char *file2)
dir = make_absolute(dir, remote_path);
if (remote_is_dir(conn, dir) && file2 == NULL) {
printf("Changing to: %s\n", dir);
if (!quiet)
printf("Changing to: %s\n", dir);
snprintf(cmd, sizeof cmd, "cd \"%s\"", dir);
if (parse_dispatch_command(conn, cmd,
&remote_path, 1) != 0) {
xfree(dir);
xfree(remote_path);
xfree(conn);
free(dir);
free(remote_path);
free(conn);
return (-1);
}
} else {
/* XXX this is wrong wrt quoting */
if (file2 == NULL)
snprintf(cmd, sizeof cmd, "get %s", dir);
else
snprintf(cmd, sizeof cmd, "get %s %s", dir,
file2);
snprintf(cmd, sizeof cmd, "get%s %s%s%s",
global_aflag ? " -a" : "", dir,
file2 == NULL ? "" : " ",
file2 == NULL ? "" : file2);
err = parse_dispatch_command(conn, cmd,
&remote_path, 1);
xfree(dir);
xfree(remote_path);
xfree(conn);
free(dir);
free(remote_path);
free(conn);
return (err);
}
xfree(dir);
free(dir);
}
setlinebuf(stdout);
@ -1978,8 +2013,8 @@ interactive_loop(struct sftp_conn *conn, char *file1, char *file2)
if (err != 0)
break;
}
xfree(remote_path);
xfree(conn);
free(remote_path);
free(conn);
if (el != NULL)
el_end(el);
@ -2073,6 +2108,7 @@ main(int argc, char **argv)
/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
sanitise_stdfd();
setlocale(LC_CTYPE, "");
memset(&args, '\0', sizeof(args));
args.list = NULL;
@ -2086,7 +2122,7 @@ main(int argc, char **argv)
infile = stdin;
while ((ch = getopt(argc, argv,
"1246hpqrvCc:D:i:l:o:s:S:b:B:F:P:R:")) != -1) {
"1246ahpqrvCc:D:i:l:o:s:S:b:B:F:P:R:")) != -1) {
switch (ch) {
/* Passed through to ssh(1) */
case '4':
@ -2103,6 +2139,8 @@ main(int argc, char **argv)
addargs(&args, "%s", optarg);
break;
case 'q':
ll = SYSLOG_LEVEL_ERROR;
quiet = 1;
showprogress = 0;
addargs(&args, "-%c", ch);
break;
@ -2124,6 +2162,9 @@ main(int argc, char **argv)
case '2':
sshver = 2;
break;
case 'a':
global_aflag = 1;
break;
case 'B':
copy_buffer_len = strtol(optarg, &cp, 10);
if (copy_buffer_len == 0 || *cp != '\0')
@ -2138,7 +2179,7 @@ main(int argc, char **argv)
(infile = fopen(optarg, "r")) == NULL)
fatal("%s (%s).", strerror(errno), optarg);
showprogress = 0;
batchmode = 1;
quiet = batchmode = 1;
addargs(&args, "-obatchmode yes");
break;
case 'p':
@ -2235,7 +2276,7 @@ main(int argc, char **argv)
if (conn == NULL)
fatal("Couldn't initialise connection to server");
if (!batchmode) {
if (!quiet) {
if (sftp_direct == NULL)
fprintf(stderr, "Connected to %s.\n", host);
else

20
crypto/external/bsd/openssh/dist/ssh-add.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-add.c,v 1.105 2012/12/05 15:42:52 markus Exp $ */
/* $OpenBSD: ssh-add.c,v 1.106 2013/05/17 00:13:14 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -84,7 +84,7 @@ clear_pass(void)
{
if (pass) {
memset(pass, 0, strlen(pass));
xfree(pass);
free(pass);
pass = NULL;
}
}
@ -209,7 +209,7 @@ add_file(AuthenticationConnection *ac, const char *filename, int key_only)
pass = read_passphrase(msg, RP_ALLOW_STDIN);
if (strcmp(pass, "") == 0) {
clear_pass();
xfree(comment);
free(comment);
buffer_free(&keyblob);
return -1;
}
@ -276,8 +276,8 @@ add_file(AuthenticationConnection *ac, const char *filename, int key_only)
fprintf(stderr, "The user must confirm each use of the key\n");
out:
if (certpath != NULL)
xfree(certpath);
xfree(comment);
free(certpath);
free(comment);
key_free(private);
return ret;
@ -302,7 +302,7 @@ update_card(AuthenticationConnection *ac, int add, const char *id)
add ? "add" : "remove", id);
ret = -1;
}
xfree(pin);
free(pin);
return ret;
}
@ -324,14 +324,14 @@ list_identities(AuthenticationConnection *ac, int do_fp)
SSH_FP_HEX);
printf("%d %s %s (%s)\n",
key_size(key), fp, comment, key_type(key));
xfree(fp);
free(fp);
} else {
if (!key_write(key, stdout))
fprintf(stderr, "key_write failed");
fprintf(stdout, " %s\n", comment);
}
key_free(key);
xfree(comment);
free(comment);
}
}
if (!had_identities) {
@ -357,7 +357,7 @@ lock_agent(AuthenticationConnection *ac, int lock)
passok = 0;
}
memset(p2, 0, strlen(p2));
xfree(p2);
free(p2);
}
if (passok && ssh_lock_agent(ac, lock, p1)) {
fprintf(stderr, "Agent %slocked.\n", lock ? "" : "un");
@ -365,7 +365,7 @@ lock_agent(AuthenticationConnection *ac, int lock)
} else
fprintf(stderr, "Failed to %slock agent.\n", lock ? "" : "un");
memset(p1, 0, strlen(p1));
xfree(p1);
free(p1);
return (ret);
}

95
crypto/external/bsd/openssh/dist/ssh-agent.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-agent.c,v 1.172 2011/06/03 01:37:40 dtucker Exp $ */
/* $OpenBSD: ssh-agent.c,v 1.177 2013/07/20 01:50:20 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -92,7 +92,7 @@ typedef struct identity {
Key *key;
char *comment;
char *provider;
u_int death;
time_t death;
u_int confirm;
} Identity;
@ -108,7 +108,7 @@ int max_fd = 0;
/* pid of shell == parent of agent */
pid_t parent_pid = -1;
u_int parent_alive_interval = 0;
time_t parent_alive_interval = 0;
/* pathname and directory for AUTH_SOCKET */
char socket_name[MAXPATHLEN];
@ -120,8 +120,8 @@ char *lock_passwd = NULL;
extern char *__progname;
/* Default lifetime (0 == forever) */
static int lifetime = 0;
/* Default lifetime in seconds (0 == forever) */
static long lifetime = 0;
static void
close_socket(SocketEntry *e)
@ -158,10 +158,9 @@ static void
free_identity(Identity *id)
{
key_free(id->key);
if (id->provider != NULL)
xfree(id->provider);
xfree(id->comment);
xfree(id);
free(id->provider);
free(id->comment);
free(id);
}
/* return matching private key for given public key */
@ -189,7 +188,7 @@ confirm_key(Identity *id)
if (ask_permission("Allow use of key %s?\nKey fingerprint %s.",
id->comment, p))
ret = 0;
xfree(p);
free(p);
return (ret);
}
@ -216,7 +215,7 @@ process_request_identities(SocketEntry *e, int version)
u_int blen;
key_to_blob(id->key, &blob, &blen);
buffer_put_string(&msg, blob, blen);
xfree(blob);
free(blob);
}
buffer_put_cstring(&msg, id->comment);
}
@ -334,10 +333,9 @@ process_sign_request2(SocketEntry *e)
buffer_append(&e->output, buffer_ptr(&msg),
buffer_len(&msg));
buffer_free(&msg);
xfree(data);
xfree(blob);
if (signature != NULL)
xfree(signature);
free(data);
free(blob);
free(signature);
datafellows = odatafellows;
}
@ -364,7 +362,7 @@ process_remove_identity(SocketEntry *e, int version)
case 2:
blob = buffer_get_string(&e->request, &blen);
key = key_from_blob(blob, blen);
xfree(blob);
free(blob);
break;
}
if (key != NULL) {
@ -416,10 +414,10 @@ process_remove_all_identities(SocketEntry *e, int version)
}
/* removes expired keys and returns number of seconds until the next expiry */
static u_int
static time_t
reaper(void)
{
u_int deadline = 0, now = time(NULL);
time_t deadline = 0, now = monotime();
Identity *id, *nxt;
int version;
Idtab *tab;
@ -451,8 +449,9 @@ process_add_identity(SocketEntry *e, int version)
{
Idtab *tab = idtab_lookup(version);
Identity *id;
int type, success = 0, death = 0, confirm = 0;
int type, success = 0, confirm = 0;
char *type_name, *comment, *curve;
time_t death = 0;
Key *k = NULL;
BIGNUM *exponent;
EC_POINT *q;
@ -492,7 +491,7 @@ process_add_identity(SocketEntry *e, int version)
cert = buffer_get_string(&e->request, &len);
if ((k = key_from_blob(cert, len)) == NULL)
fatal("Certificate parse failed");
xfree(cert);
free(cert);
key_add_private(k);
buffer_get_bignum2(&e->request, k->dsa->priv_key);
break;
@ -502,7 +501,7 @@ process_add_identity(SocketEntry *e, int version)
curve = buffer_get_string(&e->request, NULL);
if (k->ecdsa_nid != key_curve_name_to_nid(curve))
fatal("%s: curve names mismatch", __func__);
xfree(curve);
free(curve);
k->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid);
if (k->ecdsa == NULL)
fatal("%s: EC_KEY_new_by_curve_name failed",
@ -533,7 +532,7 @@ process_add_identity(SocketEntry *e, int version)
cert = buffer_get_string(&e->request, &len);
if ((k = key_from_blob(cert, len)) == NULL)
fatal("Certificate parse failed");
xfree(cert);
free(cert);
key_add_private(k);
if ((exponent = BN_new()) == NULL)
fatal("%s: BN_new failed", __func__);
@ -564,7 +563,7 @@ process_add_identity(SocketEntry *e, int version)
cert = buffer_get_string(&e->request, &len);
if ((k = key_from_blob(cert, len)) == NULL)
fatal("Certificate parse failed");
xfree(cert);
free(cert);
key_add_private(k);
buffer_get_bignum2(&e->request, k->rsa->d);
buffer_get_bignum2(&e->request, k->rsa->iqmp);
@ -572,11 +571,11 @@ process_add_identity(SocketEntry *e, int version)
buffer_get_bignum2(&e->request, k->rsa->q);
break;
default:
xfree(type_name);
free(type_name);
buffer_clear(&e->request);
goto send;
}
xfree(type_name);
free(type_name);
break;
}
/* enable blinding */
@ -594,13 +593,13 @@ process_add_identity(SocketEntry *e, int version)
}
comment = buffer_get_string(&e->request, NULL);
if (k == NULL) {
xfree(comment);
free(comment);
goto send;
}
while (buffer_len(&e->request)) {
switch ((type = buffer_get_char(&e->request))) {
case SSH_AGENT_CONSTRAIN_LIFETIME:
death = time(NULL) + buffer_get_int(&e->request);
death = monotime() + buffer_get_int(&e->request);
break;
case SSH_AGENT_CONSTRAIN_CONFIRM:
confirm = 1;
@ -608,14 +607,14 @@ process_add_identity(SocketEntry *e, int version)
default:
error("process_add_identity: "
"Unknown constraint type %d", type);
xfree(comment);
free(comment);
key_free(k);
goto send;
}
}
success = 1;
if (lifetime && !death)
death = time(NULL) + lifetime;
death = monotime() + lifetime;
if ((id = lookup_identity(k, version)) == NULL) {
id = xcalloc(1, sizeof(Identity));
id->key = k;
@ -624,7 +623,7 @@ process_add_identity(SocketEntry *e, int version)
tab->nentries++;
} else {
key_free(k);
xfree(id->comment);
free(id->comment);
}
id->comment = comment;
id->death = death;
@ -646,7 +645,7 @@ process_lock_agent(SocketEntry *e, int lock)
if (locked && !lock && strcmp(passwd, lock_passwd) == 0) {
locked = 0;
memset(lock_passwd, 0, strlen(lock_passwd));
xfree(lock_passwd);
free(lock_passwd);
lock_passwd = NULL;
success = 1;
} else if (!locked && lock) {
@ -655,7 +654,7 @@ process_lock_agent(SocketEntry *e, int lock)
success = 1;
}
memset(passwd, 0, strlen(passwd));
xfree(passwd);
free(passwd);
buffer_put_int(&e->output, 1);
buffer_put_char(&e->output,
@ -682,7 +681,8 @@ static void
process_add_smartcard_key(SocketEntry *e)
{
char *provider = NULL, *pin;
int i, type, version, count = 0, success = 0, death = 0, confirm = 0;
int i, type, version, count = 0, success = 0, confirm = 0;
time_t death = 0;
Key **keys = NULL, *k;
Identity *id;
Idtab *tab;
@ -693,7 +693,7 @@ process_add_smartcard_key(SocketEntry *e)
while (buffer_len(&e->request)) {
switch ((type = buffer_get_char(&e->request))) {
case SSH_AGENT_CONSTRAIN_LIFETIME:
death = time(NULL) + buffer_get_int(&e->request);
death = monotime() + buffer_get_int(&e->request);
break;
case SSH_AGENT_CONSTRAIN_CONFIRM:
confirm = 1;
@ -705,7 +705,7 @@ process_add_smartcard_key(SocketEntry *e)
}
}
if (lifetime && !death)
death = time(NULL) + lifetime;
death = monotime() + lifetime;
count = pkcs11_add_provider(provider, pin, &keys);
for (i = 0; i < count; i++) {
@ -728,12 +728,9 @@ process_add_smartcard_key(SocketEntry *e)
keys[i] = NULL;
}
send:
if (pin)
xfree(pin);
if (provider)
xfree(provider);
if (keys)
xfree(keys);
free(pin);
free(provider);
free(keys);
buffer_put_int(&e->output, 1);
buffer_put_char(&e->output,
success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE);
@ -749,7 +746,7 @@ process_remove_smartcard_key(SocketEntry *e)
provider = buffer_get_string(&e->request, NULL);
pin = buffer_get_string(&e->request, NULL);
xfree(pin);
free(pin);
for (version = 1; version < 3; version++) {
tab = idtab_lookup(version);
@ -767,7 +764,7 @@ process_remove_smartcard_key(SocketEntry *e)
else
error("process_remove_smartcard_key:"
" pkcs11_del_provider failed");
xfree(provider);
free(provider);
buffer_put_int(&e->output, 1);
buffer_put_char(&e->output,
success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE);
@ -912,9 +909,10 @@ static int
prepare_select(fd_set **fdrp, fd_set **fdwp, int *fdl, u_int *nallocp,
struct timeval **tvpp)
{
u_int i, sz, deadline;
u_int i, sz;
int n = 0;
static struct timeval tv;
time_t deadline;
for (i = 0; i < sockets_alloc; i++) {
switch (sockets[i].type) {
@ -932,10 +930,8 @@ prepare_select(fd_set **fdrp, fd_set **fdwp, int *fdl, u_int *nallocp,
sz = howmany(n+1, NFDBITS) * sizeof(fd_mask);
if (*fdrp == NULL || sz > *nallocp) {
if (*fdrp)
xfree(*fdrp);
if (*fdwp)
xfree(*fdwp);
free(*fdrp);
free(*fdwp);
*fdrp = xmalloc(sz);
*fdwp = xmalloc(sz);
*nallocp = sz;
@ -1311,9 +1307,8 @@ skip:
if (ac > 0)
parent_alive_interval = 10;
idtab_init();
if (!d_flag)
signal(SIGINT, SIG_IGN);
signal(SIGPIPE, SIG_IGN);
signal(SIGINT, d_flag ? cleanup_handler : SIG_IGN);
signal(SIGHUP, cleanup_handler);
signal(SIGTERM, cleanup_handler);
nalloc = 0;

10
crypto/external/bsd/openssh/dist/ssh-dss.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-dss.c,v 1.27 2010/08/31 09:58:37 djm Exp $ */
/* $OpenBSD: ssh-dss.c,v 1.28 2013/05/17 00:13:14 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@ -134,17 +134,17 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen,
if (strcmp("ssh-dss", ktype) != 0) {
error("ssh_dss_verify: cannot handle type %s", ktype);
buffer_free(&b);
xfree(ktype);
free(ktype);
return -1;
}
xfree(ktype);
free(ktype);
sigblob = buffer_get_string(&b, &len);
rlen = buffer_len(&b);
buffer_free(&b);
if (rlen != 0) {
error("ssh_dss_verify: "
"remaining bytes in signature %d", rlen);
xfree(sigblob);
free(sigblob);
return -1;
}
}
@ -166,7 +166,7 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen,
/* clean up */
memset(sigblob, 0, len);
xfree(sigblob);
free(sigblob);
/* sha1 the data */
EVP_DigestInit(&md, evp_md);

10
crypto/external/bsd/openssh/dist/ssh-ecdsa.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-ecdsa.c,v 1.5 2012/01/08 13:17:11 miod Exp $ */
/* $OpenBSD: ssh-ecdsa.c,v 1.6 2013/05/17 00:13:14 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2010 Damien Miller. All rights reserved.
@ -115,16 +115,16 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen,
if (strcmp(key_ssh_name_plain(key), ktype) != 0) {
error("%s: cannot handle type %s", __func__, ktype);
buffer_free(&b);
xfree(ktype);
free(ktype);
return -1;
}
xfree(ktype);
free(ktype);
sigblob = buffer_get_string(&b, &len);
rlen = buffer_len(&b);
buffer_free(&b);
if (rlen != 0) {
error("%s: remaining bytes in signature %d", __func__, rlen);
xfree(sigblob);
free(sigblob);
return -1;
}
@ -145,7 +145,7 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen,
/* clean up */
memset(sigblob, 0, len);
xfree(sigblob);
free(sigblob);
/* hash the data */
EVP_DigestInit(&md, evp_md);

7
crypto/external/bsd/openssh/dist/ssh-keygen.1 vendored
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: ssh-keygen.1,v 1.115 2013/01/19 07:13:25 jmc Exp $
.\" $OpenBSD: ssh-keygen.1,v 1.116 2013/06/27 14:05:37 jmc Exp $
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -35,7 +35,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: January 19 2013 $
.Dd $Mdocdate: June 27 2013 $
.Dt SSH-KEYGEN 1
.Os
.Sh NAME
@ -516,8 +516,7 @@ of two times separated by a colon to indicate an explicit time interval.
The start time may be specified as a date in YYYYMMDD format, a time
in YYYYMMDDHHMMSS format or a relative time (to the current time) consisting
of a minus sign followed by a relative time in the format described in the
.Sx TIME FORMATS
section of
TIME FORMATS section of
.Xr sshd_config 5 .
The end time may be specified as a YYYYMMDD date, a YYYYMMDDHHMMSS time or
a relative time starting with a plus character.

116
crypto/external/bsd/openssh/dist/ssh-keygen.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-keygen.c,v 1.225 2013/02/10 23:32:10 djm Exp $ */
/* $OpenBSD: ssh-keygen.c,v 1.230 2013/07/20 01:44:37 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -245,7 +245,7 @@ load_identity(char *filename)
RP_ALLOW_STDIN);
prv = key_load_private(filename, pass, NULL);
memset(pass, 0, strlen(pass));
xfree(pass);
free(pass);
}
return prv;
}
@ -281,7 +281,7 @@ do_convert_to_ssh2(struct passwd *pw, Key *k)
dump_base64(stdout, blob, len);
fprintf(stdout, "%s\n", SSH_COM_PUBLIC_END);
key_free(k);
xfree(blob);
free(blob);
exit(0);
}
@ -406,12 +406,12 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen)
debug("ignore (%d %d %d %d)", i1, i2, i3, i4);
if (strcmp(cipher, "none") != 0) {
error("unsupported cipher %s", cipher);
xfree(cipher);
free(cipher);
buffer_free(&b);
xfree(type);
free(type);
return NULL;
}
xfree(cipher);
free(cipher);
if (strstr(type, "dsa")) {
ktype = KEY_DSA;
@ -419,11 +419,11 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen)
ktype = KEY_RSA;
} else {
buffer_free(&b);
xfree(type);
free(type);
return NULL;
}
key = key_new_private(ktype);
xfree(type);
free(type);
switch (key->type) {
case KEY_DSA:
@ -466,7 +466,7 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen)
/* try the key */
key_sign(key, &sig, &slen, data, sizeof(data));
key_verify(key, sig, slen, data, sizeof(data));
xfree(sig);
free(sig);
return key;
}
@ -515,7 +515,7 @@ do_convert_from_ssh2(struct passwd *pw, Key **k, int *private)
fatal("%s: %s: %s", __progname, identity_file, strerror(errno));
encoded[0] = '\0';
while ((blen = get_line(fp, line, sizeof(line))) != -1) {
if (line[blen - 1] == '\\')
if (blen > 0 && line[blen - 1] == '\\')
escaped++;
if (strncmp(line, "----", 4) == 0 ||
strstr(line, ": ") != NULL) {
@ -733,15 +733,15 @@ do_download(struct passwd *pw)
fp, key_type(keys[i]));
if (log_level >= SYSLOG_LEVEL_VERBOSE)
printf("%s\n", ra);
xfree(ra);
xfree(fp);
free(ra);
free(fp);
} else {
key_write(keys[i], stdout);
fprintf(stdout, "\n");
}
key_free(keys[i]);
}
xfree(keys);
free(keys);
pkcs11_terminate();
exit(0);
#else
@ -778,13 +778,13 @@ do_fingerprint(struct passwd *pw)
if (log_level >= SYSLOG_LEVEL_VERBOSE)
printf("%s\n", ra);
key_free(public);
xfree(comment);
xfree(ra);
xfree(fp);
free(comment);
free(ra);
free(fp);
exit(0);
}
if (comment) {
xfree(comment);
free(comment);
comment = NULL;
}
@ -843,8 +843,8 @@ do_fingerprint(struct passwd *pw)
comment ? comment : "no comment", key_type(public));
if (log_level >= SYSLOG_LEVEL_VERBOSE)
printf("%s\n", ra);
xfree(ra);
xfree(fp);
free(ra);
free(fp);
key_free(public);
invalid = 0;
}
@ -965,8 +965,8 @@ printhost(FILE *f, const char *name, Key *public, int ca, int hash)
key_type(public));
if (log_level >= SYSLOG_LEVEL_VERBOSE)
printf("%s\n", ra);
xfree(ra);
xfree(fp);
free(ra);
free(fp);
} else {
if (hash && (name = host_hash(name, NULL, 0)) == NULL)
fatal("hash_host failed");
@ -992,7 +992,7 @@ do_known_hosts(struct passwd *pw, const char *name)
if (strlcpy(identity_file, cp, sizeof(identity_file)) >=
sizeof(identity_file))
fatal("Specified known hosts path too long");
xfree(cp);
free(cp);
have_identity = 1;
}
if ((in = fopen(identity_file, "r")) == NULL)
@ -1223,7 +1223,7 @@ do_change_passphrase(struct passwd *pw)
private = key_load_private(identity_file, old_passphrase,
&comment);
memset(old_passphrase, 0, strlen(old_passphrase));
xfree(old_passphrase);
free(old_passphrase);
if (private == NULL) {
printf("Bad passphrase.\n");
exit(1);
@ -1246,30 +1246,30 @@ do_change_passphrase(struct passwd *pw)
if (strcmp(passphrase1, passphrase2) != 0) {
memset(passphrase1, 0, strlen(passphrase1));
memset(passphrase2, 0, strlen(passphrase2));
xfree(passphrase1);
xfree(passphrase2);
free(passphrase1);
free(passphrase2);
printf("Pass phrases do not match. Try again.\n");
exit(1);
}
/* Destroy the other copy. */
memset(passphrase2, 0, strlen(passphrase2));
xfree(passphrase2);
free(passphrase2);
}
/* Save the file using the new passphrase. */
if (!key_save_private(private, identity_file, passphrase1, comment)) {
printf("Saving the key failed: %s.\n", identity_file);
memset(passphrase1, 0, strlen(passphrase1));
xfree(passphrase1);
free(passphrase1);
key_free(private);
xfree(comment);
free(comment);
exit(1);
}
/* Destroy the passphrase and the copy of the key in memory. */
memset(passphrase1, 0, strlen(passphrase1));
xfree(passphrase1);
free(passphrase1);
key_free(private); /* Destroys contents */
xfree(comment);
free(comment);
printf("Your identification has been saved with the new passphrase.\n");
exit(0);
@ -1286,7 +1286,7 @@ do_print_resource_record(struct passwd *pw, char *fname, char *hname)
struct stat st;
if (fname == NULL)
ask_filename(pw, "Enter file in which the key is");
fatal("%s: no filename", __func__);
if (stat(fname, &st) < 0) {
if (errno == ENOENT)
return 0;
@ -1297,11 +1297,11 @@ do_print_resource_record(struct passwd *pw, char *fname, char *hname)
if (public != NULL) {
export_dns_rr(hname, public, stdout, print_generic);
key_free(public);
xfree(comment);
free(comment);
return 1;
}
if (comment)
xfree(comment);
free(comment);
printf("failed to read v2 public key from %s.\n", fname);
exit(1);
@ -1339,7 +1339,7 @@ do_change_comment(struct passwd *pw)
private = key_load_private(identity_file, passphrase, &comment);
if (private == NULL) {
memset(passphrase, 0, strlen(passphrase));
xfree(passphrase);
free(passphrase);
printf("Bad passphrase.\n");
exit(1);
}
@ -1370,13 +1370,13 @@ do_change_comment(struct passwd *pw)
if (!key_save_private(private, identity_file, passphrase, new_comment)) {
printf("Saving the key failed: %s.\n", identity_file);
memset(passphrase, 0, strlen(passphrase));
xfree(passphrase);
free(passphrase);
key_free(private);
xfree(comment);
free(comment);
exit(1);
}
memset(passphrase, 0, strlen(passphrase));
xfree(passphrase);
free(passphrase);
public = key_from_private(private);
key_free(private);
@ -1397,7 +1397,7 @@ do_change_comment(struct passwd *pw)
fprintf(f, " %s\n", new_comment);
fclose(f);
xfree(comment);
free(comment);
printf("The comment in your key file has been changed.\n");
exit(0);
@ -1514,7 +1514,7 @@ load_pkcs11_key(char *path)
}
key_free(keys[i]);
}
xfree(keys);
free(keys);
key_free(public);
return private;
#else
@ -1558,7 +1558,7 @@ do_ca_sign(struct passwd *pw, int argc, char **argv)
fatal("No PKCS#11 key matching %s found", ca_key_path);
} else if ((ca = load_identity(tmp)) == NULL)
fatal("Couldn't load CA key \"%s\"", tmp);
xfree(tmp);
free(tmp);
for (i = 0; i < argc; i++) {
/* Split list of principals */
@ -1571,7 +1571,7 @@ do_ca_sign(struct passwd *pw, int argc, char **argv)
if (*(plist[n] = xstrdup(cp)) == '\0')
fatal("Empty principal name");
}
xfree(otmp);
free(otmp);
}
tmp = tilde_expand_filename(argv[i], pw->pw_uid);
@ -1609,7 +1609,7 @@ do_ca_sign(struct passwd *pw, int argc, char **argv)
if ((cp = strrchr(tmp, '.')) != NULL && strcmp(cp, ".pub") == 0)
*cp = '\0';
xasprintf(&out, "%s-cert.pub", tmp);
xfree(tmp);
free(tmp);
if ((fd = open(out, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1)
fatal("Could not open \"%s\" for writing: %s", out,
@ -1632,7 +1632,7 @@ do_ca_sign(struct passwd *pw, int argc, char **argv)
}
key_free(public);
xfree(out);
free(out);
}
pkcs11_terminate();
exit(0);
@ -1729,7 +1729,7 @@ parse_cert_times(char *timespec)
if (cert_valid_to <= cert_valid_from)
fatal("Empty certificate validity interval");
xfree(from);
free(from);
}
static void
@ -1782,7 +1782,8 @@ add_cert_option(char *opt)
static void
show_options(const Buffer *optbuf, int v00, int in_critical)
{
u_char *name, *data;
char *name;
u_char *data;
u_int dlen;
Buffer options, option;
@ -1807,13 +1808,13 @@ show_options(const Buffer *optbuf, int v00, int in_critical)
strcmp(name, "source-address") == 0)) {
data = buffer_get_string(&option, NULL);
printf(" %s\n", data);
xfree(data);
free(data);
} else {
printf(" UNKNOWN OPTION (len %u)\n",
buffer_len(&option));
buffer_clear(&option);
}
xfree(name);
free(name);
if (buffer_len(&option) != 0)
fatal("Option corrupt: extra data at end");
}
@ -2023,6 +2024,7 @@ update_krl_from_file(struct passwd *pw, const char *file, const Key *ca,
}
if (strcmp(path, "-") != 0)
fclose(krl_spec);
free(path);
}
static void
@ -2048,7 +2050,7 @@ do_gen_krl(struct passwd *pw, int updating, int argc, char **argv)
tmp = tilde_expand_filename(ca_key_path, pw->pw_uid);
if ((ca = key_load_public(tmp, NULL)) == NULL)
fatal("Cannot load CA public key %s", tmp);
xfree(tmp);
free(tmp);
}
if (updating)
@ -2075,6 +2077,8 @@ do_gen_krl(struct passwd *pw, int updating, int argc, char **argv)
close(fd);
buffer_free(&kbuf);
ssh_krl_free(krl);
if (ca != NULL)
key_free(ca);
}
static void
@ -2191,7 +2195,7 @@ main(int argc, char **argv)
/* we need this for the home * directory. */
pw = getpwuid(getuid());
if (!pw) {
printf("You don't exist, go away!\n");
printf("No user exists for uid %lu\n", (u_long)getuid());
exit(1);
}
if (gethostname(hostname, sizeof(hostname)) < 0) {
@ -2580,14 +2584,14 @@ passphrase_again:
*/
memset(passphrase1, 0, strlen(passphrase1));
memset(passphrase2, 0, strlen(passphrase2));
xfree(passphrase1);
xfree(passphrase2);
free(passphrase1);
free(passphrase2);
printf("Passphrases do not match. Try again.\n");
goto passphrase_again;
}
/* Clear the other copy of the passphrase. */
memset(passphrase2, 0, strlen(passphrase2));
xfree(passphrase2);
free(passphrase2);
}
if (identity_comment) {
@ -2601,12 +2605,12 @@ passphrase_again:
if (!key_save_private(private, identity_file, passphrase1, comment)) {
printf("Saving the key failed: %s.\n", identity_file);
memset(passphrase1, 0, strlen(passphrase1));
xfree(passphrase1);
free(passphrase1);
exit(1);
}
/* Clear the passphrase. */
memset(passphrase1, 0, strlen(passphrase1));
xfree(passphrase1);
free(passphrase1);
/* Clear the private key and the random number generator. */
key_free(private);
@ -2641,8 +2645,8 @@ passphrase_again:
printf("%s %s\n", fp, comment);
printf("The key's randomart image is:\n");
printf("%s\n", ra);
xfree(ra);
xfree(fp);
free(ra);
free(fp);
}
key_free(public);

8
crypto/external/bsd/openssh/dist/ssh-keyscan.1 vendored
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: ssh-keyscan.1,v 1.30 2012/04/11 13:34:17 djm Exp $
.\" $OpenBSD: ssh-keyscan.1,v 1.31 2013/07/16 00:07:52 schwarze Exp $
.\"
.\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
.\"
@ -6,7 +6,7 @@
.\" permitted provided that due credit is given to the author and the
.\" OpenBSD project by leaving this copyright notice intact.
.\"
.Dd $Mdocdate: April 11 2012 $
.Dd $Mdocdate: July 16 2013 $
.Dt SSH-KEYSCAN 1
.Os
.Sh NAME
@ -164,9 +164,9 @@ $ ssh-keyscan -t rsa,dsa,ecdsa -f ssh_hosts | \e
.Xr sshd 8
.Sh AUTHORS
.An -nosplit
.An David Mazieres Aq dm@lcs.mit.edu
.An David Mazieres Aq Mt dm@lcs.mit.edu
wrote the initial version, and
.An Wayne Davison Aq wayned@users.sourceforge.net
.An Wayne Davison Aq Mt wayned@users.sourceforge.net
added support for protocol version 2.
.Sh BUGS
It generates "Connection closed by remote host" messages on the consoles

16
crypto/external/bsd/openssh/dist/ssh-keyscan.c vendored
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-keyscan.c,v 1.86 2012/04/11 13:34:17 djm Exp $ */
/* $OpenBSD: ssh-keyscan.c,v 1.87 2013/05/17 00:13:14 djm Exp $ */
/*
* Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
*
@ -248,7 +248,7 @@ keygrab_ssh2(con *c)
exit(1);
}
nonfatal_fatal = 0;
xfree(c->c_kex);
free(c->c_kex);
c->c_kex = NULL;
packet_close();
@ -314,7 +314,7 @@ conalloc(char *iname, char *oname, int keytype)
do {
name = xstrsep(&namelist, ",");
if (!name) {
xfree(namebase);
free(namebase);
return (-1);
}
} while ((s = tcpconnect(name)) < 0);
@ -348,10 +348,10 @@ confree(int s)
if (s >= maxfd || fdcon[s].c_status == CS_UNUSED)
fatal("confree: attempt to free bad fdno %d", s);
close(s);
xfree(fdcon[s].c_namebase);
xfree(fdcon[s].c_output_name);
free(fdcon[s].c_namebase);
free(fdcon[s].c_output_name);
if (fdcon[s].c_status == CS_KEYS)
xfree(fdcon[s].c_data);
free(fdcon[s].c_data);
fdcon[s].c_status = CS_UNUSED;
fdcon[s].c_keytype = 0;
TAILQ_REMOVE(&tq, &fdcon[s], c_link);
@ -538,8 +538,8 @@ conloop(void)
} else if (FD_ISSET(i, r))
conread(i);
}
xfree(r);
xfree(e);
free(r);
free(e);
c = TAILQ_FIRST(&tq);
while (c && (c->c_tv.tv_sec < now.tv_sec ||

6
crypto/external/bsd/openssh/dist/ssh-keysign.8 vendored
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: ssh-keysign.8,v 1.12 2010/08/31 11:54:45 djm Exp $
.\" $OpenBSD: ssh-keysign.8,v 1.13 2013/07/16 00:07:52 schwarze Exp $
.\"
.\" Copyright (c) 2002 Markus Friedl. All rights reserved.
.\"
@ -22,7 +22,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: August 31 2010 $
.Dd $Mdocdate: July 16 2013 $
.Dt SSH-KEYSIGN 8
.Os
.Sh NAME
@ -88,4 +88,4 @@ information corresponding with the private keys above.
first appeared in
.Ox 3.2 .
.Sh AUTHORS
.An Markus Friedl Aq markus@openbsd.org
.An Markus Friedl Aq Mt markus@openbsd.org

Some files were not shown because too many files have changed in this diff Show More