dropbear: common-session.c comparison

Free memory before exiting. Based on patch from Thorsten Horstmann. Client side is not complete.

comparison

equal deleted inserted replaced

-:d0e6dd5af46e
+:2b4fd440399d
 	} /* for(;;) */
 	/* Not reached */
 }
+static void cleanup_buf(buffer **buf) {
+	if (!*buf) {
+		return;
+	}
+	buf_burn(*buf);
+	buf_free(*buf);
+	*buf = NULL;
+}
 /* clean up a session on exit */
 void session_cleanup() {
 	TRACE(("enter session_cleanup"))
 	if (ses.extra_session_cleanup) {
 		ses.extra_session_cleanup();
 	}
 	chancleanup();
-	/* Cleaning up keys must happen after other cleanup
+	/* Most dropbear functions are unsafe to run after this point */
-	functions which might queue packets */
+#ifdef DROPBEAR_CLEANUP
-	if (ses.session_id) {
+	/* listeners call cleanup functions, this should occur before
-		buf_burn(ses.session_id);
+	other session state is freed. */
-		buf_free(ses.session_id);
+	remove_all_listeners();
-		ses.session_id = NULL;
-	}
+	while (!isempty(&ses.writequeue)) {
-	if (ses.hash) {
+		buf_free(dequeue(&ses.writequeue));
-		buf_burn(ses.hash);
+	}
-		buf_free(ses.hash);
-		ses.hash = NULL;
+	m_free(ses.remoteident);
-	}
+	m_free(ses.authstate.pw_dir);
+	m_free(ses.authstate.pw_name);
+	m_free(ses.authstate.pw_shell);
+	m_free(ses.authstate.pw_passwd);
+	m_free(ses.authstate.username);
+#endif
+	cleanup_buf(&ses.session_id);
+	cleanup_buf(&ses.hash);
+	cleanup_buf(&ses.payload);
+	cleanup_buf(&ses.readbuf);
+	cleanup_buf(&ses.writepayload);
 	m_burn(ses.keys, sizeof(struct key_context));
 	m_free(ses.keys);
 	TRACE(("leave session_cleanup"))
 }

Mercurial > dropbear