RepoMirrors
/
openssh
mirror of git://anongit.mindrot.org/openssh.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

upstream: Plug mem leaks on error paths, based in part on github 

pr#120 from David Carlier.  ok djm@.

OpenBSD-Commit-ID: c57adeb1022a8148fc86e5a88837b3b156dbdb7e
This commit is contained in:
dtucker@openbsd.org 2019-09-13 04:36:43 +00:00 committed by Damien Miller
parent 2aefdf1aef
commit b36ee3fcb2
2 changed files with 21 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
auth-options.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth-options.c,v 1.88 2019/09/06 04:53:27 djm Exp $ */
/* $OpenBSD: auth-options.c,v 1.89 2019/09/13 04:36:43 dtucker Exp $ */
/*
* Copyright (c) 2018 Damien Miller <djm@mindrot.org>
*
@ -266,6 +266,7 @@ handle_permit(const char **optsp, int allow_bare_port,
* listen_host wildcard.
*/
if (asprintf(&tmp, "*:%s", opt) == -1) {
free(opt);
*errstrp = "memory allocation failed";
return -1;
}

34
ssh_api.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh_api.c,v 1.17 2019/09/06 05:23:55 djm Exp $ */
/* $OpenBSD: ssh_api.c,v 1.18 2019/09/13 04:36:43 dtucker Exp $ */
/*
* Copyright (c) 2012 Markus Friedl. All rights reserved.
*
@ -330,8 +330,8 @@ _ssh_read_banner(struct ssh *ssh, struct sshbuf *banner)
const char *mismatch = "Protocol mismatch.\r\n";
const u_char *s = sshbuf_ptr(input);
u_char c;
char *cp, *remote_version;
int r, remote_major, remote_minor, expect_nl;
char *cp = NULL, *remote_version = NULL;
int r = 0, remote_major, remote_minor, expect_nl;
size_t n, j;
for (j = n = 0;;) {
@ -357,10 +357,8 @@ _ssh_read_banner(struct ssh *ssh, struct sshbuf *banner)
if (sshbuf_len(banner) >= 4 &&
memcmp(sshbuf_ptr(banner), "SSH-", 4) == 0)
break;
if ((cp = sshbuf_dup_string(banner)) == NULL)
return SSH_ERR_ALLOC_FAIL;
debug("%s: %s", __func__, cp);
free(cp);
debug("%s: %.*s", __func__, (int)sshbuf_len(banner),
sshbuf_ptr(banner));
/* Accept lines before banner only on client */
if (ssh->kex->server || ++n > SSH_MAX_PRE_BANNER_LINES) {
bad:
@ -373,19 +371,22 @@ _ssh_read_banner(struct ssh *ssh, struct sshbuf *banner)
if ((r = sshbuf_consume(input, j)) != 0)
return r;
if ((cp = sshbuf_dup_string(banner)) == NULL)
return SSH_ERR_ALLOC_FAIL;
/* XXX remote version must be the same size as banner for sscanf */
if ((remote_version = calloc(1, sshbuf_len(banner))) == NULL)
return SSH_ERR_ALLOC_FAIL;
if ((cp = sshbuf_dup_string(banner)) == NULL ||
(remote_version = calloc(1, sshbuf_len(banner))) == NULL) {
r = SSH_ERR_ALLOC_FAIL;
goto out;
}
/*
* Check that the versions match. In future this might accept
* several versions and set appropriate flags to handle them.
*/
if (sscanf(cp, "SSH-%d.%d-%[^\n]\n",
&remote_major, &remote_minor, remote_version) != 3)
return SSH_ERR_INVALID_FORMAT;
&remote_major, &remote_minor, remote_version) != 3) {
r = SSH_ERR_INVALID_FORMAT;
goto out;
}
debug("Remote protocol version %d.%d, remote software version %.100s",
remote_major, remote_minor, remote_version);
@ -395,10 +396,13 @@ _ssh_read_banner(struct ssh *ssh, struct sshbuf *banner)
remote_minor = 0;
}
if (remote_major != 2)
return SSH_ERR_PROTOCOL_MISMATCH;
r = SSH_ERR_PROTOCOL_MISMATCH;
debug("Remote version string %.100s", cp);
out:
free(cp);
return 0;
free(remote_version);
return r;
}
/* Send our own protocol version identification. */