Mercurial > dropbear
comparison svr-chansession.c @ 654:818108bf7749
- Fix use-after-free if multiple command requests were sent. Move
the original_command into chansess struct since that makes more sense
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Sun, 04 Dec 2011 05:31:25 +0800 |
| parents | 306a907d23e7 |
| children | 16af1decaf4c |
comparison
equal
deleted
inserted
replaced
| 653:5e8d84f3ee72 | 654:818108bf7749 |
|---|---|
| 215 /* set up a session channel */ | 215 /* set up a session channel */ |
| 216 static int newchansess(struct Channel *channel) { | 216 static int newchansess(struct Channel *channel) { |
| 217 | 217 |
| 218 struct ChanSess *chansess; | 218 struct ChanSess *chansess; |
| 219 | 219 |
| 220 TRACE(("new chansess %p", channel)) | |
| 221 | |
| 220 dropbear_assert(channel->typedata == NULL); | 222 dropbear_assert(channel->typedata == NULL); |
| 221 | 223 |
| 222 chansess = (struct ChanSess*)m_malloc(sizeof(struct ChanSess)); | 224 chansess = (struct ChanSess*)m_malloc(sizeof(struct ChanSess)); |
| 223 chansess->cmd = NULL; | 225 chansess->cmd = NULL; |
| 224 chansess->connection_string = NULL; | 226 chansess->connection_string = NULL; |
| 276 | 278 |
| 277 send_exitsignalstatus(channel); | 279 send_exitsignalstatus(channel); |
| 278 | 280 |
| 279 m_free(chansess->cmd); | 281 m_free(chansess->cmd); |
| 280 m_free(chansess->term); | 282 m_free(chansess->term); |
| 283 | |
| 284 #ifdef ENABLE_SVR_PUBKEY_OPTIONS | |
| 285 m_free(chansess->original_command); | |
| 286 #endif | |
| 281 | 287 |
| 282 if (chansess->tty) { | 288 if (chansess->tty) { |
| 283 /* write the utmp/wtmp login record */ | 289 /* write the utmp/wtmp login record */ |
| 284 li = chansess_login_alloc(chansess); | 290 li = chansess_login_alloc(chansess); |
| 285 login_logout(li); | 291 login_logout(li); |
| 922 if (chansess->connection_string) { | 928 if (chansess->connection_string) { |
| 923 addnewvar("SSH_CONNECTION", chansess->connection_string); | 929 addnewvar("SSH_CONNECTION", chansess->connection_string); |
| 924 } | 930 } |
| 925 | 931 |
| 926 #ifdef ENABLE_SVR_PUBKEY_OPTIONS | 932 #ifdef ENABLE_SVR_PUBKEY_OPTIONS |
| 927 if (ses.authstate.pubkey_options && | 933 if (chansess->original_command) { |
| 928 ses.authstate.pubkey_options->original_command) { | 934 addnewvar("SSH_ORIGINAL_COMMAND", chansess->original_command); |
| 929 addnewvar("SSH_ORIGINAL_COMMAND", | |
| 930 ses.authstate.pubkey_options->original_command); | |
| 931 } | 935 } |
| 932 #endif | 936 #endif |
| 933 | 937 |
| 934 /* change directory */ | 938 /* change directory */ |
| 935 if (chdir(ses.authstate.pw_dir) < 0) { | 939 if (chdir(ses.authstate.pw_dir) < 0) { |