# HG changeset patch # User Matt Johnston # Date 1425085600 -28800 # Node ID 01eea88963f367c5a8ac094bdf5c8d57f5c0d666 # Parent 9cec9ed503bb5b92de80fe4cf874b26a3bf4f5ef# Parent 31727a8abd4bace8fddf7afebf1da64e98717f8d merge from default diff -r 9cec9ed503bb -r 01eea88963f3 Makefile.in --- a/Makefile.in Fri Feb 27 00:02:48 2015 +0800 +++ b/Makefile.in Sat Feb 28 09:06:40 2015 +0800 @@ -140,7 +140,7 @@ $(INSTALL) -d $(DESTDIR)$(mandir)/man1 if test -e $*.1; then $(INSTALL) -m 644 $*.1 $(DESTDIR)$(mandir)/man1/$*.1; fi -# dropbear should go in sbin, so it needs a seperate rule +# dropbear should go in sbin, so it needs a separate rule inst_dropbear: dropbear $(INSTALL) -d $(DESTDIR)$(sbindir) $(INSTALL) dropbear$(EXEEXT) $(DESTDIR)$(sbindir) diff -r 9cec9ed503bb -r 01eea88963f3 agentfwd.h --- a/agentfwd.h Fri Feb 27 00:02:48 2015 +0800 +++ b/agentfwd.h Sat Feb 28 09:06:40 2015 +0800 @@ -21,8 +21,8 @@ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _AGENTFWD_H_ -#define _AGENTFWD_H_ +#ifndef DROPBEAR_AGENTFWD_H_ +#define DROPBEAR_AGENTFWD_H_ #include "includes.h" #include "chansession.h" @@ -60,4 +60,4 @@ #endif /* ENABLE_SVR_AGENTFWD */ -#endif /* _AGENTFWD_H_ */ +#endif /* DROPBEAR_AGENTFWD_H_ */ diff -r 9cec9ed503bb -r 01eea88963f3 algo.h --- a/algo.h Fri Feb 27 00:02:48 2015 +0800 +++ b/algo.h Sat Feb 28 09:06:40 2015 +0800 @@ -22,9 +22,9 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _ALGO_H_ +#ifndef DROPBEAR_ALGO_H_ -#define _ALGO_H_ +#define DROPBEAR_ALGO_H_ #include "includes.h" #include "buffer.h" @@ -134,4 +134,4 @@ DROPBEAR_COMP_ZLIB_DELAY, }; -#endif /* _ALGO_H_ */ +#endif /* DROPBEAR_ALGO_H_ */ diff -r 9cec9ed503bb -r 01eea88963f3 auth.h --- a/auth.h Fri Feb 27 00:02:48 2015 +0800 +++ b/auth.h Sat Feb 28 09:06:40 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _AUTH_H_ -#define _AUTH_H_ +#ifndef DROPBEAR_AUTH_H_ +#define DROPBEAR_AUTH_H_ #include "includes.h" #include "signkey.h" @@ -137,4 +137,4 @@ }; #endif -#endif /* _AUTH_H_ */ +#endif /* DROPBEAR_AUTH_H_ */ diff -r 9cec9ed503bb -r 01eea88963f3 bignum.h --- a/bignum.h Fri Feb 27 00:02:48 2015 +0800 +++ b/bignum.h Sat Feb 28 09:06:40 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _BIGNUM_H_ -#define _BIGNUM_H_ +#ifndef DROPBEAR_BIGNUM_H_ +#define DROPBEAR_BIGNUM_H_ #include "includes.h" #include "dbutil.h" @@ -35,4 +35,4 @@ void hash_process_mp(const struct ltc_hash_descriptor *hash_desc, hash_state *hs, mp_int *mp); -#endif /* _BIGNUM_H_ */ +#endif /* DROPBEAR_BIGNUM_H_ */ diff -r 9cec9ed503bb -r 01eea88963f3 buffer.c --- a/buffer.c Fri Feb 27 00:02:48 2015 +0800 +++ b/buffer.c Sat Feb 28 09:06:40 2015 +0800 @@ -99,7 +99,9 @@ ret = buf_new(buf->len); ret->len = buf->len; - memcpy(ret->data, buf->data, buf->len); + if (buf->len > 0) { + memcpy(ret->data, buf->data, buf->len); + } return ret; } @@ -127,7 +129,7 @@ buf->pos = pos; } -/* increment the postion by incr, increasing the buffer length if required */ +/* increment the position by incr, increasing the buffer length if required */ void buf_incrwritepos(buffer* buf, unsigned int incr) { if (incr > BUF_MAX_INCR || buf->pos + incr > buf->size) { dropbear_exit("Bad buf_incrwritepos"); diff -r 9cec9ed503bb -r 01eea88963f3 buffer.h --- a/buffer.h Fri Feb 27 00:02:48 2015 +0800 +++ b/buffer.h Sat Feb 28 09:06:40 2015 +0800 @@ -22,9 +22,9 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _BUFFER_H_ +#ifndef DROPBEAR_BUFFER_H_ -#define _BUFFER_H_ +#define DROPBEAR_BUFFER_H_ #include "includes.h" @@ -65,4 +65,4 @@ int buf_getmpint(buffer* buf, mp_int* mp); unsigned int buf_getint(buffer* buf); -#endif /* _BUFFER_H_ */ +#endif /* DROPBEAR_BUFFER_H_ */ diff -r 9cec9ed503bb -r 01eea88963f3 channel.h --- a/channel.h Fri Feb 27 00:02:48 2015 +0800 +++ b/channel.h Sat Feb 28 09:06:40 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _CHANNEL_H_ -#define _CHANNEL_H_ +#ifndef DROPBEAR_CHANNEL_H_ +#define DROPBEAR_CHANNEL_H_ #include "includes.h" #include "buffer.h" @@ -93,7 +93,7 @@ struct ChanType { - int sepfds; /* Whether this channel has seperate pipes for in/out or not */ + int sepfds; /* Whether this channel has separate pipes for in/out or not */ char *name; int (*inithandler)(struct Channel*); int (*check_close)(struct Channel*); @@ -141,4 +141,4 @@ void send_msg_request_failure(); -#endif /* _CHANNEL_H_ */ +#endif /* DROPBEAR_CHANNEL_H_ */ diff -r 9cec9ed503bb -r 01eea88963f3 chansession.h --- a/chansession.h Fri Feb 27 00:02:48 2015 +0800 +++ b/chansession.h Sat Feb 28 09:06:40 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _CHANSESSION_H_ -#define _CHANSESSION_H_ +#ifndef DROPBEAR_CHANSESSION_H_ +#define DROPBEAR_CHANSESSION_H_ #include "loginrec.h" #include "channel.h" @@ -103,4 +103,4 @@ extern const struct SigMap signames[]; -#endif /* _CHANSESSION_H_ */ +#endif /* DROPBEAR_CHANSESSION_H_ */ diff -r 9cec9ed503bb -r 01eea88963f3 circbuffer.h --- a/circbuffer.h Fri Feb 27 00:02:48 2015 +0800 +++ b/circbuffer.h Sat Feb 28 09:06:40 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _CIRCBUFFER_H_ -#define _CIRCBUFFER_H_ +#ifndef DROPBEAR_CIRCBUFFER_H_ +#define DROPBEAR_CIRCBUFFER_H_ struct circbuf { unsigned int size; diff -r 9cec9ed503bb -r 01eea88963f3 cli-session.c --- a/cli-session.c Fri Feb 27 00:02:48 2015 +0800 +++ b/cli-session.c Sat Feb 28 09:06:40 2015 +0800 @@ -39,10 +39,10 @@ #include "crypto_desc.h" #include "netio.h" -static void cli_remoteclosed(); +static void cli_remoteclosed() ATTRIB_NORETURN; static void cli_sessionloop(); static void cli_session_init(); -static void cli_finished(); +static void cli_finished() ATTRIB_NORETURN; static void recv_msg_service_accept(void); static void cli_session_cleanup(void); static void recv_msg_global_request_cli(void); diff -r 9cec9ed503bb -r 01eea88963f3 common-algo.c --- a/common-algo.c Fri Feb 27 00:02:48 2015 +0800 +++ b/common-algo.c Sat Feb 28 09:06:40 2015 +0800 @@ -87,7 +87,7 @@ #ifdef DROPBEAR_ENABLE_CBC_MODE const struct dropbear_cipher_mode dropbear_mode_cbc = {(void*)cbc_start, (void*)cbc_encrypt, (void*)cbc_decrypt}; -#endif // DROPBEAR_ENABLE_CBC_MODE +#endif /* DROPBEAR_ENABLE_CBC_MODE */ const struct dropbear_cipher_mode dropbear_mode_none = {void_start, void_cipher, void_cipher}; @@ -102,7 +102,7 @@ } const struct dropbear_cipher_mode dropbear_mode_ctr = {(void*)dropbear_big_endian_ctr_start, (void*)ctr_encrypt, (void*)ctr_decrypt}; -#endif // DROPBEAR_ENABLE_CTR_MODE +#endif /* DROPBEAR_ENABLE_CTR_MODE */ /* Mapping of ssh hashes to libtomcrypt hashes, including keysize etc. {&hash_desc, keysize, hashsize} */ diff -r 9cec9ed503bb -r 01eea88963f3 common-channel.c --- a/common-channel.c Fri Feb 27 00:02:48 2015 +0800 +++ b/common-channel.c Sat Feb 28 09:06:40 2015 +0800 @@ -395,7 +395,7 @@ /* Send the close message and set the channel as closed */ static void send_msg_channel_close(struct Channel *channel) { - TRACE(("enter send_msg_channel_close %p", channel)) + TRACE(("enter send_msg_channel_close %p", (void*)channel)) if (channel->type->closehandler && !channel->close_handler_done) { channel->type->closehandler(channel); @@ -578,11 +578,11 @@ /* close the FDs in case they haven't been done * yet (they might have been shutdown etc) */ TRACE(("CLOSE writefd %d", channel->writefd)) - close(channel->writefd); + m_close(channel->writefd); TRACE(("CLOSE readfd %d", channel->readfd)) - close(channel->readfd); + m_close(channel->readfd); TRACE(("CLOSE errfd %d", channel->errfd)) - close(channel->errfd); + m_close(channel->errfd); } if (!channel->close_handler_done @@ -612,7 +612,7 @@ channel = getchannel(); - TRACE(("enter recv_msg_channel_request %p", channel)) + TRACE(("enter recv_msg_channel_request %p", (void*)channel)) if (channel->sent_close) { TRACE(("leave recv_msg_channel_request: already closed channel")) @@ -997,7 +997,7 @@ } } else { TRACE(("CLOSE some fd %d", fd)) - close(fd); + m_close(fd); closein = closeout = 1; } @@ -1020,7 +1020,7 @@ if (channel->type->sepfds && channel->readfd == FD_CLOSED && channel->writefd == FD_CLOSED && channel->errfd == FD_CLOSED) { TRACE(("CLOSE (finally) of %d", fd)) - close(fd); + m_close(fd); } } @@ -1137,10 +1137,10 @@ } struct Channel* get_any_ready_channel() { + size_t i; if (ses.chancount == 0) { return NULL; } - size_t i; for (i = 0; i < ses.chansize; i++) { struct Channel *chan = ses.channels[i]; if (chan diff -r 9cec9ed503bb -r 01eea88963f3 common-session.c --- a/common-session.c Fri Feb 27 00:02:48 2015 +0800 +++ b/common-session.c Sat Feb 28 09:06:40 2015 +0800 @@ -246,6 +246,15 @@ /* Not reached */ } +static void cleanup_buf(buffer **buf) { + if (!*buf) { + return; + } + buf_burn(*buf); + buf_free(*buf); + *buf = NULL; +} + /* clean up a session on exit */ void session_cleanup() { @@ -257,24 +266,45 @@ return; } + /* Beware of changing order of functions here. */ + + /* Must be before extra_session_cleanup() */ + chancleanup(); + if (ses.extra_session_cleanup) { ses.extra_session_cleanup(); } - chancleanup(); - - /* Cleaning up keys must happen after other cleanup - functions which might queue packets */ - if (ses.session_id) { - buf_burn(ses.session_id); - buf_free(ses.session_id); - ses.session_id = NULL; + /* After these are freed most functions will exit */ +#ifdef DROPBEAR_CLEANUP + /* listeners call cleanup functions, this should occur before + other session state is freed. */ + remove_all_listeners(); + + while (!isempty(&ses.writequeue)) { + buf_free(dequeue(&ses.writequeue)); } - if (ses.hash) { - buf_burn(ses.hash); - buf_free(ses.hash); - ses.hash = NULL; + + m_free(ses.remoteident); + m_free(ses.authstate.pw_dir); + m_free(ses.authstate.pw_name); + m_free(ses.authstate.pw_shell); + m_free(ses.authstate.pw_passwd); + m_free(ses.authstate.username); +#endif + + cleanup_buf(&ses.session_id); + cleanup_buf(&ses.hash); + cleanup_buf(&ses.payload); + cleanup_buf(&ses.readbuf); + cleanup_buf(&ses.writepayload); + cleanup_buf(&ses.kexhashbuf); + cleanup_buf(&ses.transkexinit); + if (ses.dh_K) { + mp_clear(ses.dh_K); } + m_free(ses.dh_K); + m_burn(ses.keys, sizeof(struct key_context)); m_free(ses.keys); @@ -405,15 +435,15 @@ } void ignore_recv_response() { - // Do nothing + /* Do nothing */ TRACE(("Ignored msg_request_response")) } static void send_msg_keepalive() { + time_t old_time_idle = ses.last_packet_time_idle; + struct Channel *chan = get_any_ready_channel(); + CHECKCLEARTOWRITE(); - time_t old_time_idle = ses.last_packet_time_idle; - - struct Channel *chan = get_any_ready_channel(); if (chan) { /* Channel requests are preferable, more implementations diff -r 9cec9ed503bb -r 01eea88963f3 compat.h --- a/compat.h Fri Feb 27 00:02:48 2015 +0800 +++ b/compat.h Sat Feb 28 09:06:40 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _COMPAT_H_ -#define _COMPAT_H_ +#ifndef DROPBEAR_COMPAT_H_ +#define DROPBEAR_COMPAT_H_ #include "includes.h" @@ -49,8 +49,8 @@ void endusershell(); #endif -#ifndef _PATH_DEVNULL -#define _PATH_DEVNULL "/dev/null" +#ifndef DROPBEAR_PATH_DEVNULL +#define DROPBEAR_PATH_DEVNULL "/dev/null" #endif -#endif /* _COMPAT_H_ */ +#endif /* DROPBEAR_COMPAT_H_ */ diff -r 9cec9ed503bb -r 01eea88963f3 crypto_desc.h --- a/crypto_desc.h Fri Feb 27 00:02:48 2015 +0800 +++ b/crypto_desc.h Sat Feb 28 09:06:40 2015 +0800 @@ -1,9 +1,9 @@ -#ifndef _CRYPTO_DESC_H -#define _CRYPTO_DESC_H +#ifndef DROPBEAR_CRYPTO_DESC_H +#define DROPBEAR_CRYPTO_DESC_H void crypto_init(); extern int dropbear_ltc_prng; -#endif /* _CRYPTO_DESC_H */ +#endif /* DROPBEAR_CRYPTO_DESC_H */ diff -r 9cec9ed503bb -r 01eea88963f3 curve25519-donna.c --- a/curve25519-donna.c Fri Feb 27 00:02:48 2015 +0800 +++ b/curve25519-donna.c Sat Feb 28 09:06:40 2015 +0800 @@ -527,7 +527,7 @@ memcpy(origx, x, 10 * sizeof(limb)); fsum(x, z); - fdifference(z, origx); // does x - z + fdifference(z, origx); /* does x - z */ memcpy(origxprime, xprime, sizeof(limb) * 10); fsum(xprime, zprime); @@ -554,7 +554,7 @@ fproduct(x2, xx, zz); freduce_degree(x2); freduce_coefficients(x2); - fdifference(zz, xx); // does zz = xx - zz + fdifference(zz, xx); /* does zz = xx - zz */ memset(zzz + 10, 0, sizeof(limb) * 9); fscalar_product(zzz, zz, 121665); /* No need to call freduce_degree here: @@ -641,9 +641,9 @@ memcpy(resultz, nqz, sizeof(limb) * 10); } -// ----------------------------------------------------------------------------- -// Shamelessly copied from djb's code -// ----------------------------------------------------------------------------- +/* ----------------------------------------------------------------------------- + * Shamelessly copied from djb's code + * ----------------------------------------------------------------------------- */ static void crecip(limb *out, const limb *z) { limb z2[10]; diff -r 9cec9ed503bb -r 01eea88963f3 dbrandom.h --- a/dbrandom.h Fri Feb 27 00:02:48 2015 +0800 +++ b/dbrandom.h Sat Feb 28 09:06:40 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _RANDOM_H_ -#define _RANDOM_H_ +#ifndef DROPBEAR_RANDOM_H_ +#define DROPBEAR_RANDOM_H_ #include "includes.h" @@ -32,4 +32,4 @@ void addrandom(char * buf, unsigned int len); void gen_random_mpint(mp_int *max, mp_int *rand); -#endif /* _RANDOM_H_ */ +#endif /* DROPBEAR_RANDOM_H_ */ diff -r 9cec9ed503bb -r 01eea88963f3 dbutil.c --- a/dbutil.c Fri Feb 27 00:02:48 2015 +0800 +++ b/dbutil.c Sat Feb 28 09:06:40 2015 +0800 @@ -504,12 +504,12 @@ /* make sure that the socket closes */ void m_close(int fd) { + int val; if (fd == -1) { return; } - int val; do { val = close(fd); } while (val < 0 && errno == EINTR); diff -r 9cec9ed503bb -r 01eea88963f3 dbutil.h --- a/dbutil.h Fri Feb 27 00:02:48 2015 +0800 +++ b/dbutil.h Sat Feb 28 09:06:40 2015 +0800 @@ -22,9 +22,9 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _DBUTIL_H_ +#ifndef DROPBEAR_DBUTIL_H_ -#define _DBUTIL_H_ +#define DROPBEAR_DBUTIL_H_ #include "includes.h" #include "buffer.h" @@ -99,5 +99,4 @@ char * expand_tilde(const char *inpath); - -#endif /* _DBUTIL_H_ */ +#endif /* DROPBEAR_DBUTIL_H_ */ diff -r 9cec9ed503bb -r 01eea88963f3 debug.h --- a/debug.h Fri Feb 27 00:02:48 2015 +0800 +++ b/debug.h Sat Feb 28 09:06:40 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _DEBUG_H_ -#define _DEBUG_H_ +#ifndef DROPBEAR_DEBUG_H_ +#define DROPBEAR_DEBUG_H_ #include "includes.h" diff -r 9cec9ed503bb -r 01eea88963f3 dss.h --- a/dss.h Fri Feb 27 00:02:48 2015 +0800 +++ b/dss.h Sat Feb 28 09:06:40 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _DSS_H_ -#define _DSS_H_ +#ifndef DROPBEAR_DSS_H_ +#define DROPBEAR_DSS_H_ #include "includes.h" #include "buffer.h" @@ -53,4 +53,4 @@ #endif /* DROPBEAR_DSS */ -#endif /* _DSS_H_ */ +#endif /* DROPBEAR_DSS_H_ */ diff -r 9cec9ed503bb -r 01eea88963f3 ecc.h --- a/ecc.h Fri Feb 27 00:02:48 2015 +0800 +++ b/ecc.h Sat Feb 28 09:06:40 2015 +0800 @@ -1,5 +1,5 @@ -#ifndef _DROPBEAR_ECC_H -#define _DROPBEAR_ECC_H +#ifndef DROPBEAR_DROPBEAR_ECC_H +#define DROPBEAR_DROPBEAR_ECC_H #include "includes.h" #include "options.h" @@ -33,4 +33,4 @@ #endif -#endif /* _DROPBEAR_ECC_H */ +#endif /* DROPBEAR_DROPBEAR_ECC_H */ diff -r 9cec9ed503bb -r 01eea88963f3 ecdsa.h --- a/ecdsa.h Fri Feb 27 00:02:48 2015 +0800 +++ b/ecdsa.h Sat Feb 28 09:06:40 2015 +0800 @@ -1,5 +1,5 @@ -#ifndef _ECDSA_H_ -#define _ECDSA_H_ +#ifndef DROPBEAR_ECDSA_H_ +#define DROPBEAR_ECDSA_H_ #include "includes.h" #include "buffer.h" @@ -32,4 +32,4 @@ #endif -#endif /* _ECDSA_H_ */ +#endif /* DROPBEAR_ECDSA_H_ */ diff -r 9cec9ed503bb -r 01eea88963f3 fake-rfc2553.h --- a/fake-rfc2553.h Fri Feb 27 00:02:48 2015 +0800 +++ b/fake-rfc2553.h Sat Feb 28 09:06:40 2015 +0800 @@ -39,8 +39,8 @@ * that ai_family is AF_INET. Don't use it for another purpose. */ -#ifndef _FAKE_RFC2553_H -#define _FAKE_RFC2553_H +#ifndef DROPBEAR_FAKE_RFC2553_H +#define DROPBEAR_FAKE_RFC2553_H #include "includes.h" #include diff -r 9cec9ed503bb -r 01eea88963f3 gendss.h --- a/gendss.h Fri Feb 27 00:02:48 2015 +0800 +++ b/gendss.h Sat Feb 28 09:06:40 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _GENDSS_H_ -#define _GENDSS_H_ +#ifndef DROPBEAR_GENDSS_H_ +#define DROPBEAR_GENDSS_H_ #include "dss.h" @@ -33,4 +33,4 @@ #endif /* DROPBEAR_DSS */ -#endif /* _GENDSS_H_ */ +#endif /* DROPBEAR_GENDSS_H_ */ diff -r 9cec9ed503bb -r 01eea88963f3 genrsa.h --- a/genrsa.h Fri Feb 27 00:02:48 2015 +0800 +++ b/genrsa.h Sat Feb 28 09:06:40 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _GENRSA_H_ -#define _GENRSA_H_ +#ifndef DROPBEAR_GENRSA_H_ +#define DROPBEAR_GENRSA_H_ #include "rsa.h" @@ -33,4 +33,4 @@ #endif /* DROPBEAR_RSA */ -#endif /* _GENRSA_H_ */ +#endif /* DROPBEAR_GENRSA_H_ */ diff -r 9cec9ed503bb -r 01eea88963f3 gensignkey.h --- a/gensignkey.h Fri Feb 27 00:02:48 2015 +0800 +++ b/gensignkey.h Sat Feb 28 09:06:40 2015 +0800 @@ -1,5 +1,5 @@ -#ifndef _GENSIGNKEY_H -#define _GENSIGNKEY_H +#ifndef DROPBEAR_GENSIGNKEY_H +#define DROPBEAR_GENSIGNKEY_H #include "signkey.h" diff -r 9cec9ed503bb -r 01eea88963f3 includes.h --- a/includes.h Fri Feb 27 00:02:48 2015 +0800 +++ b/includes.h Sat Feb 28 09:06:40 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _INCLUDES_H_ -#define _INCLUDES_H_ +#ifndef DROPBEAR_INCLUDES_H_ +#define DROPBEAR_INCLUDES_H_ #include "config.h" @@ -177,4 +177,4 @@ # define UNUSED(x) x #endif -#endif /* _INCLUDES_H_ */ +#endif /* DROPBEAR_INCLUDES_H_ */ diff -r 9cec9ed503bb -r 01eea88963f3 kex.h --- a/kex.h Fri Feb 27 00:02:48 2015 +0800 +++ b/kex.h Sat Feb 28 09:06:40 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _KEX_H_ -#define _KEX_H_ +#ifndef DROPBEAR_KEX_H_ +#define DROPBEAR_KEX_H_ #include "includes.h" #include "algo.h" @@ -113,4 +113,4 @@ #define MAX_KEXHASHBUF 2000 -#endif /* _KEX_H_ */ +#endif /* DROPBEAR_KEX_H_ */ diff -r 9cec9ed503bb -r 01eea88963f3 keyimport.c --- a/keyimport.c Fri Feb 27 00:02:48 2015 +0800 +++ b/keyimport.c Sat Feb 28 09:06:40 2015 +0800 @@ -464,17 +464,16 @@ goto error; } - memset(buffer, 0, sizeof(buffer)); + m_burn(buffer, sizeof(buffer)); return ret; error: - memset(buffer, 0, sizeof(buffer)); + m_burn(buffer, sizeof(buffer)); if (ret) { if (ret->keyblob) { - memset(ret->keyblob, 0, ret->keyblob_size); + m_burn(ret->keyblob, ret->keyblob_size); m_free(ret->keyblob); } - memset(&ret, 0, sizeof(ret)); m_free(ret); } if (fp) { @@ -494,9 +493,8 @@ if (!key) return 0; ret = key->encrypted; - memset(key->keyblob, 0, key->keyblob_size); + m_burn(key->keyblob, key->keyblob_size); m_free(key->keyblob); - memset(&key, 0, sizeof(key)); m_free(key); return ret; } @@ -1046,6 +1044,7 @@ const void* curve_oid = NULL; unsigned long pubkey_size = 2*curve_size+1; unsigned int k_size; + int err = 0; /* version. less than 10 bytes */ buf_incrwritepos(seq_buf, @@ -1091,7 +1090,7 @@ buf_incrwritepos(seq_buf, ber_write_id_len(buf_getwriteptr(seq_buf, 10), 3, 1+pubkey_size, 0)); buf_putbyte(seq_buf, 0); - int err = ecc_ansi_x963_export(*eck, buf_getwriteptr(seq_buf, pubkey_size), &pubkey_size); + err = ecc_ansi_x963_export(*eck, buf_getwriteptr(seq_buf, pubkey_size), &pubkey_size); if (err != CRYPT_OK) { dropbear_exit("ECC error"); } diff -r 9cec9ed503bb -r 01eea88963f3 keyimport.h --- a/keyimport.h Fri Feb 27 00:02:48 2015 +0800 +++ b/keyimport.h Sat Feb 28 09:06:40 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _KEYIMPORT_H_ -#define _KEYIMPORT_H_ +#ifndef DROPBEAR_KEYIMPORT_H_ +#define DROPBEAR_KEYIMPORT_H_ #include "includes.h" #include "signkey.h" @@ -39,4 +39,4 @@ sign_key *import_read(const char *filename, char *passphrase, int filetype); int import_encrypted(const char* filename, int filetype); -#endif /* _KEYIMPORT_H_ */ +#endif /* DROPBEAR_KEYIMPORT_H_ */ diff -r 9cec9ed503bb -r 01eea88963f3 libtomcrypt/src/headers/tomcrypt_argchk.h --- a/libtomcrypt/src/headers/tomcrypt_argchk.h Fri Feb 27 00:02:48 2015 +0800 +++ b/libtomcrypt/src/headers/tomcrypt_argchk.h Sat Feb 28 09:06:40 2015 +0800 @@ -4,8 +4,16 @@ #include +/* portability macros for compiler-specific code attributes */ +#ifdef __GNUC__ +#define ATTRIB_NORETURN __attribute__((noreturn)) +#else +#define ATTRIB_NORETURN +#endif + + /* this is the default LibTomCrypt macro */ -void crypt_argchk(char *v, char *s, int d); +void crypt_argchk(char *v, char *s, int d) ATTRIB_NORETURN; #define LTC_ARGCHK(x) if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } #define LTC_ARGCHKVD(x) LTC_ARGCHK(x) diff -r 9cec9ed503bb -r 01eea88963f3 list.h --- a/list.h Fri Feb 27 00:02:48 2015 +0800 +++ b/list.h Sat Feb 28 09:06:40 2015 +0800 @@ -1,5 +1,5 @@ -#ifndef _DROPBEAR_LIST_H -#define _DROPBEAR_LIST_H +#ifndef DROPBEAR_DROPBEAR_LIST_H +#define DROPBEAR_DROPBEAR_LIST_H struct _m_list; @@ -25,4 +25,4 @@ void * list_remove(m_list_elem *elem); -#endif /* _DROPBEAR_LIST_H */ +#endif /* DROPBEAR_DROPBEAR_LIST_H */ diff -r 9cec9ed503bb -r 01eea88963f3 listener.c --- a/listener.c Fri Feb 27 00:02:48 2015 +0800 +++ b/listener.c Sat Feb 28 09:06:40 2015 +0800 @@ -161,5 +161,14 @@ } ses.listeners[listener->index] = NULL; m_free(listener); +} +void remove_all_listeners(void) { + unsigned int i; + for (i = 0; i < ses.listensize; i++) { + if (ses.listeners[i]) { + remove_listener(ses.listeners[i]); + } + } + m_free(ses.listeners); } diff -r 9cec9ed503bb -r 01eea88963f3 listener.h --- a/listener.h Fri Feb 27 00:02:48 2015 +0800 +++ b/listener.h Sat Feb 28 09:06:40 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _LISTENER_H -#define _LISTENER_H +#ifndef DROPBEAR_LISTENER_H +#define DROPBEAR_LISTENER_H #define MAX_LISTENERS 20 #define LISTENER_EXTEND_SIZE 1 @@ -60,4 +60,6 @@ void remove_listener(struct Listener* listener); -#endif /* _LISTENER_H */ +void remove_all_listeners(void); + +#endif /* DROPBEAR_LISTENER_H */ diff -r 9cec9ed503bb -r 01eea88963f3 loginrec.h --- a/loginrec.h Fri Feb 27 00:02:48 2015 +0800 +++ b/loginrec.h Sat Feb 28 09:06:40 2015 +0800 @@ -1,5 +1,5 @@ -#ifndef _HAVE_LOGINREC_H_ -#define _HAVE_LOGINREC_H_ +#ifndef DROPBEAR_HAVE_LOGINREC_H_ +#define DROPBEAR_HAVE_LOGINREC_H_ /* * Copyright (c) 2000 Andre Lucas. All rights reserved. @@ -182,4 +182,4 @@ char *line_stripname(char *dst, const char *src, size_t dstsize); char *line_abbrevname(char *dst, const char *src, size_t dstsize); -#endif /* _HAVE_LOGINREC_H_ */ +#endif /* DROPBEAR_HAVE_LOGINREC_H_ */ diff -r 9cec9ed503bb -r 01eea88963f3 ltc_prng.h --- a/ltc_prng.h Fri Feb 27 00:02:48 2015 +0800 +++ b/ltc_prng.h Sat Feb 28 09:06:40 2015 +0800 @@ -1,5 +1,5 @@ -#ifndef _LTC_PRNG_H_DROPBEAR -#define _LTC_PRNG_H_DROPBEAR +#ifndef DROPBEAR_LTC_PRNG_H_DROPBEAR +#define DROPBEAR_LTC_PRNG_H_DROPBEAR #include "options.h" #include "includes.h" @@ -10,4 +10,4 @@ #endif /* DROPBEAR_LTC_PRNG */ -#endif /* _LTC_PRNG_H_DROPBEAR */ +#endif /* DROPBEAR_LTC_PRNG_H_DROPBEAR */ diff -r 9cec9ed503bb -r 01eea88963f3 options.h --- a/options.h Fri Feb 27 00:02:48 2015 +0800 +++ b/options.h Sat Feb 28 09:06:40 2015 +0800 @@ -2,8 +2,8 @@ * Copyright (c) 2002,2003 Matt Johnston * All rights reserved. See LICENSE for the license. */ -#ifndef _OPTIONS_H_ -#define _OPTIONS_H_ +#ifndef DROPBEAR_OPTIONS_H_ +#define DROPBEAR_OPTIONS_H_ /* Define compile-time options below - the "#ifndef DROPBEAR_XXX .... #endif" * parts are to allow for commandline -DDROPBEAR_XXX options etc. */ @@ -289,7 +289,7 @@ /* This is used by the scp binary when used as a client binary. If you're * not using the Dropbear client, you'll need to change it */ -#define _PATH_SSH_PROGRAM "/usr/bin/dbclient" +#define DROPBEAR_PATH_SSH_PROGRAM "/usr/bin/dbclient" /* Whether to log commands executed by a client. This only logs the * (single) command sent to the server, not what a user did in a @@ -337,4 +337,4 @@ * in sysoptions.h */ #include "sysoptions.h" -#endif /* _OPTIONS_H_ */ +#endif /* DROPBEAR_OPTIONS_H_ */ diff -r 9cec9ed503bb -r 01eea88963f3 packet.h --- a/packet.h Fri Feb 27 00:02:48 2015 +0800 +++ b/packet.h Sat Feb 28 09:06:40 2015 +0800 @@ -22,9 +22,9 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _PACKET_H_ +#ifndef DROPBEAR_PACKET_H_ -#define _PACKET_H_ +#define DROPBEAR_PACKET_H_ #include "includes.h" #include "queue.h" @@ -47,4 +47,4 @@ #define INIT_READBUF 128 -#endif /* _PACKET_H_ */ +#endif /* DROPBEAR_PACKET_H_ */ diff -r 9cec9ed503bb -r 01eea88963f3 queue.h --- a/queue.h Fri Feb 27 00:02:48 2015 +0800 +++ b/queue.h Sat Feb 28 09:06:40 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _QUEUE_H_ -#define _QUEUE_H_ +#ifndef DROPBEAR_QUEUE_H_ +#define DROPBEAR_QUEUE_H_ struct Link { diff -r 9cec9ed503bb -r 01eea88963f3 rsa.h --- a/rsa.h Fri Feb 27 00:02:48 2015 +0800 +++ b/rsa.h Sat Feb 28 09:06:40 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _RSA_H_ -#define _RSA_H_ +#ifndef DROPBEAR_RSA_H_ +#define DROPBEAR_RSA_H_ #include "includes.h" #include "buffer.h" @@ -55,4 +55,4 @@ #endif /* DROPBEAR_RSA */ -#endif /* _RSA_H_ */ +#endif /* DROPBEAR_RSA_H_ */ diff -r 9cec9ed503bb -r 01eea88963f3 runopts.h --- a/runopts.h Fri Feb 27 00:02:48 2015 +0800 +++ b/runopts.h Sat Feb 28 09:06:40 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _RUNOPTS_H_ -#define _RUNOPTS_H_ +#ifndef DROPBEAR_RUNOPTS_H_ +#define DROPBEAR_RUNOPTS_H_ #include "includes.h" #include "signkey.h" @@ -170,4 +170,4 @@ void print_version(void); -#endif /* _RUNOPTS_H_ */ +#endif /* DROPBEAR_RUNOPTS_H_ */ diff -r 9cec9ed503bb -r 01eea88963f3 scp.c --- a/scp.c Fri Feb 27 00:02:48 2015 +0800 +++ b/scp.c Sat Feb 28 09:06:40 2015 +0800 @@ -437,7 +437,7 @@ } /* * Finally check the exit status of the ssh process, if one was forked - * and no error has occured yet + * and no error has occurred yet */ if (do_cmd_pid != -1 && errs == 0) { if (remin != -1) diff -r 9cec9ed503bb -r 01eea88963f3 service.h --- a/service.h Fri Feb 27 00:02:48 2015 +0800 +++ b/service.h Sat Feb 28 09:06:40 2015 +0800 @@ -22,9 +22,9 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _SERVICE_H_ -#define _SERVICE_H_ +#ifndef DROPBEAR_SERVICE_H_ +#define DROPBEAR_SERVICE_H_ void recv_msg_service_request(); /* Server */ -#endif /* _SERVICE_H_ */ +#endif /* DROPBEAR_SERVICE_H_ */ diff -r 9cec9ed503bb -r 01eea88963f3 session.h --- a/session.h Fri Feb 27 00:02:48 2015 +0800 +++ b/session.h Sat Feb 28 09:06:40 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _SESSION_H_ -#define _SESSION_H_ +#ifndef DROPBEAR_SESSION_H_ +#define DROPBEAR_SESSION_H_ #include "includes.h" #include "options.h" @@ -44,7 +44,7 @@ extern int exitflag; void common_session_init(int sock_in, int sock_out); -void session_loop(void(*loophandler)()); +void session_loop(void(*loophandler)()) ATTRIB_NORETURN; void session_cleanup(); void send_session_identification(); void send_msg_ignore(); @@ -56,12 +56,12 @@ void fill_passwd(const char* username); /* Server */ -void svr_session(int sock, int childpipe); +void svr_session(int sock, int childpipe) ATTRIB_NORETURN; void svr_dropbear_exit(int exitcode, const char* format, va_list param) ATTRIB_NORETURN; void svr_dropbear_log(int priority, const char* format, va_list param); /* Client */ -void cli_session(int sock_in, int sock_out, struct dropbear_progress_connection *progress); +void cli_session(int sock_in, int sock_out, struct dropbear_progress_connection *progress) ATTRIB_NORETURN; void cli_connected(int result, int sock, void* userdata, const char *errstring); void cleantext(unsigned char* dirtytext); @@ -313,4 +313,4 @@ extern struct clientsession cli_ses; #endif /* DROPBEAR_CLIENT */ -#endif /* _SESSION_H_ */ +#endif /* DROPBEAR_SESSION_H_ */ diff -r 9cec9ed503bb -r 01eea88963f3 signkey.h --- a/signkey.h Fri Feb 27 00:02:48 2015 +0800 +++ b/signkey.h Sat Feb 28 09:06:40 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _SIGNKEY_H_ -#define _SIGNKEY_H_ +#ifndef DROPBEAR_SIGNKEY_H_ +#define DROPBEAR_SIGNKEY_H_ #include "buffer.h" #include "dss.h" @@ -101,4 +101,4 @@ void** signkey_key_ptr(sign_key *key, enum signkey_type type); -#endif /* _SIGNKEY_H_ */ +#endif /* DROPBEAR_SIGNKEY_H_ */ diff -r 9cec9ed503bb -r 01eea88963f3 svr-agentfwd.c --- a/svr-agentfwd.c Fri Feb 27 00:02:48 2015 +0800 +++ b/svr-agentfwd.c Sat Feb 28 09:06:40 2015 +0800 @@ -117,7 +117,7 @@ } /* set up the environment variable pointing to the socket. This is called - * just before command/shell execution, after dropping priveleges */ + * just before command/shell execution, after dropping privileges */ void svr_agentset(struct ChanSess * chansess) { char *path = NULL; diff -r 9cec9ed503bb -r 01eea88963f3 svr-chansession.c --- a/svr-chansession.c Fri Feb 27 00:02:48 2015 +0800 +++ b/svr-chansession.c Sat Feb 28 09:06:40 2015 +0800 @@ -234,7 +234,7 @@ struct ChanSess *chansess; - TRACE(("new chansess %p", channel)) + TRACE(("new chansess %p", (void*)channel)) dropbear_assert(channel->typedata == NULL); diff -r 9cec9ed503bb -r 01eea88963f3 svr-session.c --- a/svr-session.c Fri Feb 27 00:02:48 2015 +0800 +++ b/svr-session.c Sat Feb 28 09:06:40 2015 +0800 @@ -78,10 +78,14 @@ }; static void -svr_session_cleanup(void) -{ +svr_session_cleanup(void) { /* free potential public key options */ svr_pubkey_options_cleanup(); + + m_free(svr_ses.addrstring); + m_free(svr_ses.remotehost); + m_free(svr_ses.childpids); + svr_ses.childpidsize = 0; } static void @@ -150,6 +154,7 @@ void svr_dropbear_exit(int exitcode, const char* format, va_list param) { char fmtbuf[300]; + int i; if (!sessinitdone) { /* before session init */ @@ -183,6 +188,15 @@ session_cleanup(); } + if (svr_opts.hostkey) { + sign_key_free(svr_opts.hostkey); + svr_opts.hostkey = NULL; + } + for (i = 0; i < DROPBEAR_MAX_PORTS; i++) { + m_free(svr_opts.addresses[i]); + m_free(svr_opts.ports[i]); + } + exit(exitcode); } diff -r 9cec9ed503bb -r 01eea88963f3 svr-x11fwd.c --- a/svr-x11fwd.c Fri Feb 27 00:02:48 2015 +0800 +++ b/svr-x11fwd.c Sat Feb 28 09:06:40 2015 +0800 @@ -175,7 +175,7 @@ m_free(chansess->x11authprot); m_free(chansess->x11authcookie); - TRACE(("chansess %p", chansess)) + TRACE(("chansess %p", (void*)chansess)) if (chansess->x11listener != NULL) { remove_listener(chansess->x11listener); chansess->x11listener = NULL; diff -r 9cec9ed503bb -r 01eea88963f3 sysoptions.h --- a/sysoptions.h Fri Feb 27 00:02:48 2015 +0800 +++ b/sysoptions.h Sat Feb 28 09:06:40 2015 +0800 @@ -256,6 +256,9 @@ #define DROPBEAR_LISTEN_BACKLOG MAX_CHANNELS #endif +/* free memory before exiting */ +#define DROPBEAR_CLEANUP + /* Use this string since some implementations might special-case it */ #define DROPBEAR_KEEPALIVE_STRING "keepalive@openssh.com" diff -r 9cec9ed503bb -r 01eea88963f3 tcpfwd.h --- a/tcpfwd.h Fri Feb 27 00:02:48 2015 +0800 +++ b/tcpfwd.h Sat Feb 28 09:06:40 2015 +0800 @@ -21,8 +21,8 @@ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _TCPFWD_H -#define _TCPFWD_H +#ifndef DROPBEAR_TCPFWD_H +#define DROPBEAR_TCPFWD_H #include "channel.h" #include "list.h" diff -r 9cec9ed503bb -r 01eea88963f3 termcodes.h --- a/termcodes.h Fri Feb 27 00:02:48 2015 +0800 +++ b/termcodes.h Sat Feb 28 09:06:40 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _TERMCODES_H_ -#define _TERMCODES_H_ +#ifndef DROPBEAR_TERMCODES_H_ +#define DROPBEAR_TERMCODES_H_ #define TERMCODE_NONE 0 #define TERMCODE_CONTROL 1 @@ -43,4 +43,4 @@ extern const struct TermCode termcodes[]; -#endif /* _TERMCODES_H_ */ +#endif /* DROPBEAR_TERMCODES_H_ */ diff -r 9cec9ed503bb -r 01eea88963f3 x11fwd.h --- a/x11fwd.h Fri Feb 27 00:02:48 2015 +0800 +++ b/x11fwd.h Sat Feb 28 09:06:40 2015 +0800 @@ -21,8 +21,8 @@ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _X11FWD_H_ -#define _X11FWD_H_ +#ifndef DROPBEAR__X11FWD_H_ +#define DROPBEAR__X11FWD_H_ #ifndef DISABLE_X11FWD #include "includes.h" @@ -34,4 +34,4 @@ void x11cleanup(struct ChanSess *chansess); #endif /* DROPBEAR_X11FWD */ -#endif /* _X11FWD_H_ */ +#endif /* DROPBEAR__X11FWD_H_ */