diff common-session.c @ 1046:b8f4b7027191 coverity

merge
author Matt Johnston <matt@ucc.asn.au>
date Tue, 24 Feb 2015 22:48:34 +0800
parents 3fb883a6aa81
children 01eea88963f3
line wrap: on
line diff
--- a/common-session.c	Tue Feb 10 21:47:43 2015 +0800
+++ b/common-session.c	Tue Feb 24 22:48:34 2015 +0800
@@ -53,6 +53,10 @@
 void common_session_init(int sock_in, int sock_out) {
 	time_t now;
 
+#ifdef DEBUG_TRACE
+	debug_start_net();
+#endif
+
 	TRACE(("enter session_init"))
 
 	ses.sock_in = sock_in;
@@ -236,6 +240,15 @@
 	/* Not reached */
 }
 
+static void cleanup_buf(buffer **buf) {
+	if (!*buf) {
+		return;
+	}
+	buf_burn(*buf);
+	buf_free(*buf);
+	*buf = NULL;
+}
+
 /* clean up a session on exit */
 void session_cleanup() {
 	
@@ -247,24 +260,45 @@
 		return;
 	}
 
+	/* Beware of changing order of functions here. */
+
+	/* Must be before extra_session_cleanup() */
+	chancleanup();
+
 	if (ses.extra_session_cleanup) {
 		ses.extra_session_cleanup();
 	}
 
-	chancleanup();
-	
-	/* Cleaning up keys must happen after other cleanup
-	functions which might queue packets */
-	if (ses.session_id) {
-		buf_burn(ses.session_id);
-		buf_free(ses.session_id);
-		ses.session_id = NULL;
+	/* After these are freed most functions will exit */
+#ifdef DROPBEAR_CLEANUP
+	/* listeners call cleanup functions, this should occur before
+	other session state is freed. */
+	remove_all_listeners();
+
+	while (!isempty(&ses.writequeue)) {
+		buf_free(dequeue(&ses.writequeue));
 	}
-	if (ses.hash) {
-		buf_burn(ses.hash);
-		buf_free(ses.hash);
-		ses.hash = NULL;
+
+	m_free(ses.remoteident);
+	m_free(ses.authstate.pw_dir);
+	m_free(ses.authstate.pw_name);
+	m_free(ses.authstate.pw_shell);
+	m_free(ses.authstate.pw_passwd);
+	m_free(ses.authstate.username);
+#endif
+
+	cleanup_buf(&ses.session_id);
+	cleanup_buf(&ses.hash);
+	cleanup_buf(&ses.payload);
+	cleanup_buf(&ses.readbuf);
+	cleanup_buf(&ses.writepayload);
+	cleanup_buf(&ses.kexhashbuf);
+	cleanup_buf(&ses.transkexinit);
+	if (ses.dh_K) {
+		mp_clear(ses.dh_K);
 	}
+	m_free(ses.dh_K);
+
 	m_burn(ses.keys, sizeof(struct key_context));
 	m_free(ses.keys);
 
@@ -395,15 +429,15 @@
 }
 
 void ignore_recv_response() {
-	// Do nothing
+	/* Do nothing */
 	TRACE(("Ignored msg_request_response"))
 }
 
 static void send_msg_keepalive() {
+	time_t old_time_idle = ses.last_packet_time_idle;
+	struct Channel *chan = get_any_ready_channel();
+
 	CHECKCLEARTOWRITE();
-	time_t old_time_idle = ses.last_packet_time_idle;
-
-	struct Channel *chan = get_any_ready_channel();
 
 	if (chan) {
 		/* Channel requests are preferable, more implementations
@@ -573,7 +607,7 @@
 	}
 
 	if (new_prio != ses.socket_prio) {
-		TRACE(("Dropbear priority transitioning %4.4s -> %4.4s", (char*)&ses.socket_prio, (char*)&new_prio))
+		TRACE(("Dropbear priority transitioning %d -> %d", ses.socket_prio, new_prio))
 		set_sock_priority(ses.sock_out, new_prio);
 		ses.socket_prio = new_prio;
 	}