# HG changeset patch # User Matt Johnston # Date 1424789314 -28800 # Node ID b8f4b7027191b9e1c037aba662d42ea1653a534a # Parent 37c510c2ac7c337596131503c267cf1debb58d2d# Parent 31727a8abd4bace8fddf7afebf1da64e98717f8d merge diff -r 37c510c2ac7c -r b8f4b7027191 Makefile.in --- a/Makefile.in Tue Feb 10 21:47:43 2015 +0800 +++ b/Makefile.in Tue Feb 24 22:48:34 2015 +0800 @@ -140,7 +140,7 @@ $(INSTALL) -d $(DESTDIR)$(mandir)/man1 if test -e $*.1; then $(INSTALL) -m 644 $*.1 $(DESTDIR)$(mandir)/man1/$*.1; fi -# dropbear should go in sbin, so it needs a seperate rule +# dropbear should go in sbin, so it needs a separate rule inst_dropbear: dropbear $(INSTALL) -d $(DESTDIR)$(sbindir) $(INSTALL) dropbear$(EXEEXT) $(DESTDIR)$(sbindir) diff -r 37c510c2ac7c -r b8f4b7027191 agentfwd.h --- a/agentfwd.h Tue Feb 10 21:47:43 2015 +0800 +++ b/agentfwd.h Tue Feb 24 22:48:34 2015 +0800 @@ -21,8 +21,8 @@ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _AGENTFWD_H_ -#define _AGENTFWD_H_ +#ifndef DROPBEAR_AGENTFWD_H_ +#define DROPBEAR_AGENTFWD_H_ #include "includes.h" #include "chansession.h" @@ -60,4 +60,4 @@ #endif /* ENABLE_SVR_AGENTFWD */ -#endif /* _AGENTFWD_H_ */ +#endif /* DROPBEAR_AGENTFWD_H_ */ diff -r 37c510c2ac7c -r b8f4b7027191 algo.h --- a/algo.h Tue Feb 10 21:47:43 2015 +0800 +++ b/algo.h Tue Feb 24 22:48:34 2015 +0800 @@ -22,9 +22,9 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _ALGO_H_ +#ifndef DROPBEAR_ALGO_H_ -#define _ALGO_H_ +#define DROPBEAR_ALGO_H_ #include "includes.h" #include "buffer.h" @@ -134,4 +134,4 @@ DROPBEAR_COMP_ZLIB_DELAY, }; -#endif /* _ALGO_H_ */ +#endif /* DROPBEAR_ALGO_H_ */ diff -r 37c510c2ac7c -r b8f4b7027191 auth.h --- a/auth.h Tue Feb 10 21:47:43 2015 +0800 +++ b/auth.h Tue Feb 24 22:48:34 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _AUTH_H_ -#define _AUTH_H_ +#ifndef DROPBEAR_AUTH_H_ +#define DROPBEAR_AUTH_H_ #include "includes.h" #include "signkey.h" @@ -137,4 +137,4 @@ }; #endif -#endif /* _AUTH_H_ */ +#endif /* DROPBEAR_AUTH_H_ */ diff -r 37c510c2ac7c -r b8f4b7027191 bignum.h --- a/bignum.h Tue Feb 10 21:47:43 2015 +0800 +++ b/bignum.h Tue Feb 24 22:48:34 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _BIGNUM_H_ -#define _BIGNUM_H_ +#ifndef DROPBEAR_BIGNUM_H_ +#define DROPBEAR_BIGNUM_H_ #include "includes.h" #include "dbutil.h" @@ -35,4 +35,4 @@ void hash_process_mp(const struct ltc_hash_descriptor *hash_desc, hash_state *hs, mp_int *mp); -#endif /* _BIGNUM_H_ */ +#endif /* DROPBEAR_BIGNUM_H_ */ diff -r 37c510c2ac7c -r b8f4b7027191 buffer.c --- a/buffer.c Tue Feb 10 21:47:43 2015 +0800 +++ b/buffer.c Tue Feb 24 22:48:34 2015 +0800 @@ -99,7 +99,9 @@ ret = buf_new(buf->len); ret->len = buf->len; - memcpy(ret->data, buf->data, buf->len); + if (buf->len > 0) { + memcpy(ret->data, buf->data, buf->len); + } return ret; } @@ -127,7 +129,7 @@ buf->pos = pos; } -/* increment the postion by incr, increasing the buffer length if required */ +/* increment the position by incr, increasing the buffer length if required */ void buf_incrwritepos(buffer* buf, unsigned int incr) { if (incr > BUF_MAX_INCR || buf->pos + incr > buf->size) { dropbear_exit("Bad buf_incrwritepos"); diff -r 37c510c2ac7c -r b8f4b7027191 buffer.h --- a/buffer.h Tue Feb 10 21:47:43 2015 +0800 +++ b/buffer.h Tue Feb 24 22:48:34 2015 +0800 @@ -22,9 +22,9 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _BUFFER_H_ +#ifndef DROPBEAR_BUFFER_H_ -#define _BUFFER_H_ +#define DROPBEAR_BUFFER_H_ #include "includes.h" @@ -65,4 +65,4 @@ int buf_getmpint(buffer* buf, mp_int* mp); unsigned int buf_getint(buffer* buf); -#endif /* _BUFFER_H_ */ +#endif /* DROPBEAR_BUFFER_H_ */ diff -r 37c510c2ac7c -r b8f4b7027191 channel.h --- a/channel.h Tue Feb 10 21:47:43 2015 +0800 +++ b/channel.h Tue Feb 24 22:48:34 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _CHANNEL_H_ -#define _CHANNEL_H_ +#ifndef DROPBEAR_CHANNEL_H_ +#define DROPBEAR_CHANNEL_H_ #include "includes.h" #include "buffer.h" @@ -92,7 +92,7 @@ struct ChanType { - int sepfds; /* Whether this channel has seperate pipes for in/out or not */ + int sepfds; /* Whether this channel has separate pipes for in/out or not */ char *name; int (*inithandler)(struct Channel*); int (*check_close)(struct Channel*); @@ -137,4 +137,4 @@ void send_msg_request_failure(); -#endif /* _CHANNEL_H_ */ +#endif /* DROPBEAR_CHANNEL_H_ */ diff -r 37c510c2ac7c -r b8f4b7027191 chansession.h --- a/chansession.h Tue Feb 10 21:47:43 2015 +0800 +++ b/chansession.h Tue Feb 24 22:48:34 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _CHANSESSION_H_ -#define _CHANSESSION_H_ +#ifndef DROPBEAR_CHANSESSION_H_ +#define DROPBEAR_CHANSESSION_H_ #include "loginrec.h" #include "channel.h" @@ -103,4 +103,4 @@ extern const struct SigMap signames[]; -#endif /* _CHANSESSION_H_ */ +#endif /* DROPBEAR_CHANSESSION_H_ */ diff -r 37c510c2ac7c -r b8f4b7027191 circbuffer.h --- a/circbuffer.h Tue Feb 10 21:47:43 2015 +0800 +++ b/circbuffer.h Tue Feb 24 22:48:34 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _CIRCBUFFER_H_ -#define _CIRCBUFFER_H_ +#ifndef DROPBEAR_CIRCBUFFER_H_ +#define DROPBEAR_CIRCBUFFER_H_ struct circbuf { unsigned int size; diff -r 37c510c2ac7c -r b8f4b7027191 cli-main.c --- a/cli-main.c Tue Feb 10 21:47:43 2015 +0800 +++ b/cli-main.c Tue Feb 24 22:48:34 2015 +0800 @@ -72,8 +72,7 @@ } else #endif { - int sock = connect_remote(cli_opts.remotehost, cli_opts.remoteport, - 0, &error); + int sock = connect_remote(cli_opts.remotehost, cli_opts.remoteport, &error); sock_in = sock_out = sock; } diff -r 37c510c2ac7c -r b8f4b7027191 cli-session.c --- a/cli-session.c Tue Feb 10 21:47:43 2015 +0800 +++ b/cli-session.c Tue Feb 24 22:48:34 2015 +0800 @@ -38,10 +38,10 @@ #include "agentfwd.h" #include "crypto_desc.h" -static void cli_remoteclosed(); +static void cli_remoteclosed() ATTRIB_NORETURN; static void cli_sessionloop(); static void cli_session_init(); -static void cli_finished(); +static void cli_finished() ATTRIB_NORETURN; static void recv_msg_service_accept(void); static void cli_session_cleanup(void); static void recv_msg_global_request_cli(void); diff -r 37c510c2ac7c -r b8f4b7027191 cli-tcpfwd.c --- a/cli-tcpfwd.c Tue Feb 10 21:47:43 2015 +0800 +++ b/cli-tcpfwd.c Tue Feb 24 22:48:34 2015 +0800 @@ -254,7 +254,7 @@ } snprintf(portstring, sizeof(portstring), "%d", fwd->connectport); - sock = connect_remote(fwd->connectaddr, portstring, 1, NULL); + sock = connect_remote(fwd->connectaddr, portstring, NULL); if (sock < 0) { TRACE(("leave newtcpdirect: sock failed")) err = SSH_OPEN_CONNECT_FAILED; diff -r 37c510c2ac7c -r b8f4b7027191 common-algo.c --- a/common-algo.c Tue Feb 10 21:47:43 2015 +0800 +++ b/common-algo.c Tue Feb 24 22:48:34 2015 +0800 @@ -87,7 +87,7 @@ #ifdef DROPBEAR_ENABLE_CBC_MODE const struct dropbear_cipher_mode dropbear_mode_cbc = {(void*)cbc_start, (void*)cbc_encrypt, (void*)cbc_decrypt}; -#endif // DROPBEAR_ENABLE_CBC_MODE +#endif /* DROPBEAR_ENABLE_CBC_MODE */ const struct dropbear_cipher_mode dropbear_mode_none = {void_start, void_cipher, void_cipher}; @@ -102,7 +102,7 @@ } const struct dropbear_cipher_mode dropbear_mode_ctr = {(void*)dropbear_big_endian_ctr_start, (void*)ctr_encrypt, (void*)ctr_decrypt}; -#endif // DROPBEAR_ENABLE_CTR_MODE +#endif /* DROPBEAR_ENABLE_CTR_MODE */ /* Mapping of ssh hashes to libtomcrypt hashes, including keysize etc. {&hash_desc, keysize, hashsize} */ @@ -183,18 +183,18 @@ }; algo_type sshhashes[] = { +#ifdef DROPBEAR_SHA1_96_HMAC + {"hmac-sha1-96", 0, &dropbear_sha1_96, 1, NULL}, +#endif +#ifdef DROPBEAR_SHA1_HMAC + {"hmac-sha1", 0, &dropbear_sha1, 1, NULL}, +#endif #ifdef DROPBEAR_SHA2_256_HMAC {"hmac-sha2-256", 0, &dropbear_sha2_256, 1, NULL}, #endif #ifdef DROPBEAR_SHA2_512_HMAC {"hmac-sha2-512", 0, &dropbear_sha2_512, 1, NULL}, #endif -#ifdef DROPBEAR_SHA1_96_HMAC - {"hmac-sha1-96", 0, &dropbear_sha1_96, 1, NULL}, -#endif -#ifdef DROPBEAR_SHA1_HMAC - {"hmac-sha1", 0, &dropbear_sha1, 1, NULL}, -#endif #ifdef DROPBEAR_MD5_HMAC {"hmac-md5", 0, (void*)&dropbear_md5, 1, NULL}, #endif diff -r 37c510c2ac7c -r b8f4b7027191 common-channel.c --- a/common-channel.c Tue Feb 10 21:47:43 2015 +0800 +++ b/common-channel.c Tue Feb 24 22:48:34 2015 +0800 @@ -402,7 +402,7 @@ /* Send the close message and set the channel as closed */ static void send_msg_channel_close(struct Channel *channel) { - TRACE(("enter send_msg_channel_close %p", channel)) + TRACE(("enter send_msg_channel_close %p", (void*)channel)) if (channel->type->closehandler && !channel->close_handler_done) { channel->type->closehandler(channel); @@ -586,11 +586,11 @@ /* close the FDs in case they haven't been done * yet (they might have been shutdown etc) */ TRACE(("CLOSE writefd %d", channel->writefd)) - close(channel->writefd); + m_close(channel->writefd); TRACE(("CLOSE readfd %d", channel->readfd)) - close(channel->readfd); + m_close(channel->readfd); TRACE(("CLOSE errfd %d", channel->errfd)) - close(channel->errfd); + m_close(channel->errfd); } if (!channel->close_handler_done @@ -616,7 +616,7 @@ channel = getchannel(); - TRACE(("enter recv_msg_channel_request %p", channel)) + TRACE(("enter recv_msg_channel_request %p", (void*)channel)) if (channel->sent_close) { TRACE(("leave recv_msg_channel_request: already closed channel")) @@ -1001,7 +1001,7 @@ } } else { TRACE(("CLOSE some fd %d", fd)) - close(fd); + m_close(fd); closein = closeout = 1; } @@ -1024,7 +1024,7 @@ if (channel->type->sepfds && channel->readfd == FD_CLOSED && channel->writefd == FD_CLOSED && channel->errfd == FD_CLOSED) { TRACE(("CLOSE (finally) of %d", fd)) - close(fd); + m_close(fd); } } @@ -1141,10 +1141,10 @@ } struct Channel* get_any_ready_channel() { + size_t i; if (ses.chancount == 0) { return NULL; } - size_t i; for (i = 0; i < ses.chansize; i++) { struct Channel *chan = ses.channels[i]; if (chan diff -r 37c510c2ac7c -r b8f4b7027191 common-session.c --- a/common-session.c Tue Feb 10 21:47:43 2015 +0800 +++ b/common-session.c Tue Feb 24 22:48:34 2015 +0800 @@ -53,6 +53,10 @@ void common_session_init(int sock_in, int sock_out) { time_t now; +#ifdef DEBUG_TRACE + debug_start_net(); +#endif + TRACE(("enter session_init")) ses.sock_in = sock_in; @@ -236,6 +240,15 @@ /* Not reached */ } +static void cleanup_buf(buffer **buf) { + if (!*buf) { + return; + } + buf_burn(*buf); + buf_free(*buf); + *buf = NULL; +} + /* clean up a session on exit */ void session_cleanup() { @@ -247,24 +260,45 @@ return; } + /* Beware of changing order of functions here. */ + + /* Must be before extra_session_cleanup() */ + chancleanup(); + if (ses.extra_session_cleanup) { ses.extra_session_cleanup(); } - chancleanup(); - - /* Cleaning up keys must happen after other cleanup - functions which might queue packets */ - if (ses.session_id) { - buf_burn(ses.session_id); - buf_free(ses.session_id); - ses.session_id = NULL; + /* After these are freed most functions will exit */ +#ifdef DROPBEAR_CLEANUP + /* listeners call cleanup functions, this should occur before + other session state is freed. */ + remove_all_listeners(); + + while (!isempty(&ses.writequeue)) { + buf_free(dequeue(&ses.writequeue)); } - if (ses.hash) { - buf_burn(ses.hash); - buf_free(ses.hash); - ses.hash = NULL; + + m_free(ses.remoteident); + m_free(ses.authstate.pw_dir); + m_free(ses.authstate.pw_name); + m_free(ses.authstate.pw_shell); + m_free(ses.authstate.pw_passwd); + m_free(ses.authstate.username); +#endif + + cleanup_buf(&ses.session_id); + cleanup_buf(&ses.hash); + cleanup_buf(&ses.payload); + cleanup_buf(&ses.readbuf); + cleanup_buf(&ses.writepayload); + cleanup_buf(&ses.kexhashbuf); + cleanup_buf(&ses.transkexinit); + if (ses.dh_K) { + mp_clear(ses.dh_K); } + m_free(ses.dh_K); + m_burn(ses.keys, sizeof(struct key_context)); m_free(ses.keys); @@ -395,15 +429,15 @@ } void ignore_recv_response() { - // Do nothing + /* Do nothing */ TRACE(("Ignored msg_request_response")) } static void send_msg_keepalive() { + time_t old_time_idle = ses.last_packet_time_idle; + struct Channel *chan = get_any_ready_channel(); + CHECKCLEARTOWRITE(); - time_t old_time_idle = ses.last_packet_time_idle; - - struct Channel *chan = get_any_ready_channel(); if (chan) { /* Channel requests are preferable, more implementations @@ -573,7 +607,7 @@ } if (new_prio != ses.socket_prio) { - TRACE(("Dropbear priority transitioning %4.4s -> %4.4s", (char*)&ses.socket_prio, (char*)&new_prio)) + TRACE(("Dropbear priority transitioning %d -> %d", ses.socket_prio, new_prio)) set_sock_priority(ses.sock_out, new_prio); ses.socket_prio = new_prio; } diff -r 37c510c2ac7c -r b8f4b7027191 compat.h --- a/compat.h Tue Feb 10 21:47:43 2015 +0800 +++ b/compat.h Tue Feb 24 22:48:34 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _COMPAT_H_ -#define _COMPAT_H_ +#ifndef DROPBEAR_COMPAT_H_ +#define DROPBEAR_COMPAT_H_ #include "includes.h" @@ -49,8 +49,8 @@ void endusershell(); #endif -#ifndef _PATH_DEVNULL -#define _PATH_DEVNULL "/dev/null" +#ifndef DROPBEAR_PATH_DEVNULL +#define DROPBEAR_PATH_DEVNULL "/dev/null" #endif -#endif /* _COMPAT_H_ */ +#endif /* DROPBEAR_COMPAT_H_ */ diff -r 37c510c2ac7c -r b8f4b7027191 crypto_desc.h --- a/crypto_desc.h Tue Feb 10 21:47:43 2015 +0800 +++ b/crypto_desc.h Tue Feb 24 22:48:34 2015 +0800 @@ -1,9 +1,9 @@ -#ifndef _CRYPTO_DESC_H -#define _CRYPTO_DESC_H +#ifndef DROPBEAR_CRYPTO_DESC_H +#define DROPBEAR_CRYPTO_DESC_H void crypto_init(); extern int dropbear_ltc_prng; -#endif /* _CRYPTO_DESC_H */ +#endif /* DROPBEAR_CRYPTO_DESC_H */ diff -r 37c510c2ac7c -r b8f4b7027191 curve25519-donna.c --- a/curve25519-donna.c Tue Feb 10 21:47:43 2015 +0800 +++ b/curve25519-donna.c Tue Feb 24 22:48:34 2015 +0800 @@ -527,7 +527,7 @@ memcpy(origx, x, 10 * sizeof(limb)); fsum(x, z); - fdifference(z, origx); // does x - z + fdifference(z, origx); /* does x - z */ memcpy(origxprime, xprime, sizeof(limb) * 10); fsum(xprime, zprime); @@ -554,7 +554,7 @@ fproduct(x2, xx, zz); freduce_degree(x2); freduce_coefficients(x2); - fdifference(zz, xx); // does zz = xx - zz + fdifference(zz, xx); /* does zz = xx - zz */ memset(zzz + 10, 0, sizeof(limb) * 9); fscalar_product(zzz, zz, 121665); /* No need to call freduce_degree here: @@ -641,9 +641,9 @@ memcpy(resultz, nqz, sizeof(limb) * 10); } -// ----------------------------------------------------------------------------- -// Shamelessly copied from djb's code -// ----------------------------------------------------------------------------- +/* ----------------------------------------------------------------------------- + * Shamelessly copied from djb's code + * ----------------------------------------------------------------------------- */ static void crecip(limb *out, const limb *z) { limb z2[10]; diff -r 37c510c2ac7c -r b8f4b7027191 dbrandom.h --- a/dbrandom.h Tue Feb 10 21:47:43 2015 +0800 +++ b/dbrandom.h Tue Feb 24 22:48:34 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _RANDOM_H_ -#define _RANDOM_H_ +#ifndef DROPBEAR_RANDOM_H_ +#define DROPBEAR_RANDOM_H_ #include "includes.h" @@ -32,4 +32,4 @@ void addrandom(char * buf, unsigned int len); void gen_random_mpint(mp_int *max, mp_int *rand); -#endif /* _RANDOM_H_ */ +#endif /* DROPBEAR_RANDOM_H_ */ diff -r 37c510c2ac7c -r b8f4b7027191 dbutil.c --- a/dbutil.c Tue Feb 10 21:47:43 2015 +0800 +++ b/dbutil.c Tue Feb 24 22:48:34 2015 +0800 @@ -150,18 +150,44 @@ #ifdef DEBUG_TRACE + +static double debug_start_time = -1; + +void debug_start_net() +{ + if (getenv("DROPBEAR_DEBUG_NET_TIMESTAMP")) + { + /* Timestamps start from first network activity */ + struct timeval tv; + gettimeofday(&tv, NULL); + debug_start_time = tv.tv_sec + (tv.tv_usec / 1000000.0); + TRACE(("Resetting Dropbear TRACE timestamps")) + } +} + +static double time_since_start() +{ + double nowf; + struct timeval tv; + gettimeofday(&tv, NULL); + nowf = tv.tv_sec + (tv.tv_usec / 1000000.0); + if (debug_start_time < 0) + { + debug_start_time = nowf; + return 0; + } + return nowf - debug_start_time; +} + void dropbear_trace(const char* format, ...) { va_list param; - struct timeval tv; if (!debug_trace) { return; } - gettimeofday(&tv, NULL); - va_start(param, format); - fprintf(stderr, "TRACE (%d) %d.%d: ", getpid(), (int)tv.tv_sec, (int)tv.tv_usec); + fprintf(stderr, "TRACE (%d) %f: ", getpid(), time_since_start()); vfprintf(stderr, format, param); fprintf(stderr, "\n"); va_end(param); @@ -170,7 +196,6 @@ void dropbear_trace2(const char* format, ...) { static int trace_env = -1; va_list param; - struct timeval tv; if (trace_env == -1) { trace_env = getenv("DROPBEAR_TRACE2") ? 1 : 0; @@ -180,10 +205,8 @@ return; } - gettimeofday(&tv, NULL); - va_start(param, format); - fprintf(stderr, "TRACE2 (%d) %d.%d: ", getpid(), (int)tv.tv_sec, (int)tv.tv_usec); + fprintf(stderr, "TRACE2 (%d) %f: ", getpid(), time_since_start()); vfprintf(stderr, format, param); fprintf(stderr, "\n"); va_end(param); @@ -390,13 +413,29 @@ } #endif +#if defined(__linux__) && defined(TCP_DEFER_ACCEPT) +static void set_piggyback_ack(int sock) { + /* Undocumented Linux feature - set TCP_DEFER_ACCEPT and data will be piggybacked + on the 3rd packet (ack) of the TCP handshake. Saves a IP packet. + http://thread.gmane.org/gmane.linux.network/224627/focus=224727 + "Piggyback the final ACK of the three way TCP connection establishment with the data" */ + int val = 1; + /* No error checking, this is opportunistic */ + int err = setsockopt(sock, IPPROTO_TCP, TCP_DEFER_ACCEPT, (void*)&val, sizeof(val)); + if (err) + { + TRACE(("Failed setsockopt TCP_DEFER_ACCEPT: %s", strerror(errno))) + } +} +#endif + + /* Connect via TCP to a host. Connection will try ipv4 or ipv6, will * return immediately if nonblocking is set. On failure, if errstring * wasn't null, it will be a newly malloced error message */ /* TODO: maxfd */ -int connect_remote(const char* remotehost, const char* remoteport, - int nonblocking, char ** errstring) { +int connect_remote(const char* remotehost, const char* remoteport, char ** errstring) { struct addrinfo *res0 = NULL, *res = NULL, hints; int sock; @@ -435,12 +474,14 @@ continue; } - if (nonblocking) { - setnonblocking(sock); - } + setnonblocking(sock); + +#if defined(__linux__) && defined(TCP_DEFER_ACCEPT) + set_piggyback_ack(sock); +#endif if (connect(sock, res->ai_addr, res->ai_addrlen) < 0) { - if (errno == EINPROGRESS && nonblocking) { + if (errno == EINPROGRESS) { TRACE(("Connect in progress")) break; } else { @@ -454,7 +495,7 @@ break; /* Success */ } - if (sock < 0 && !(errno == EINPROGRESS && nonblocking)) { + if (sock < 0 && !(errno == EINPROGRESS)) { /* Failed */ if (errstring != NULL && *errstring == NULL) { int len; @@ -827,12 +868,12 @@ /* make sure that the socket closes */ void m_close(int fd) { + int val; if (fd == -1) { return; } - int val; do { val = close(fd); } while (val < 0 && errno == EINTR); diff -r 37c510c2ac7c -r b8f4b7027191 dbutil.h --- a/dbutil.h Tue Feb 10 21:47:43 2015 +0800 +++ b/dbutil.h Tue Feb 24 22:48:34 2015 +0800 @@ -22,9 +22,9 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _DBUTIL_H_ +#ifndef DROPBEAR_DBUTIL_H_ -#define _DBUTIL_H_ +#define DROPBEAR_DBUTIL_H_ #include "includes.h" #include "buffer.h" @@ -58,6 +58,7 @@ void dropbear_trace2(const char* format, ...) ATTRIB_PRINTF(1,2); void printhex(const char * label, const unsigned char * buf, int len); void printmpint(const char *label, mp_int *mp); +void debug_start_net(); extern int debug_trace; #endif @@ -82,8 +83,7 @@ #ifdef ENABLE_CONNECT_UNIX int connect_unix(const char* addr); #endif -int connect_remote(const char* remotehost, const char* remoteport, - int nonblocking, char ** errstring); +int connect_remote(const char* remotehost, const char* remoteport, char ** errstring); int buf_readfile(buffer* buf, const char* filename); int buf_getline(buffer * line, FILE * authfile); @@ -112,4 +112,4 @@ char * expand_tilde(const char *inpath); -#endif /* _DBUTIL_H_ */ +#endif /* DROPBEAR_DBUTIL_H_ */ diff -r 37c510c2ac7c -r b8f4b7027191 debug.h --- a/debug.h Tue Feb 10 21:47:43 2015 +0800 +++ b/debug.h Tue Feb 24 22:48:34 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _DEBUG_H_ -#define _DEBUG_H_ +#ifndef DROPBEAR_DEBUG_H_ +#define DROPBEAR_DEBUG_H_ #include "includes.h" @@ -39,7 +39,7 @@ * Caution: Don't use this in an unfriendly environment (ie unfirewalled), * since the printing may not sanitise strings etc. This will add a reasonable * amount to your executable size. */ -#define DEBUG_TRACE +/*#define DEBUG_TRACE*/ /* All functions writing to the cleartext payload buffer call * CHECKCLEARTOWRITE() before writing. This is only really useful if you're diff -r 37c510c2ac7c -r b8f4b7027191 dss.h --- a/dss.h Tue Feb 10 21:47:43 2015 +0800 +++ b/dss.h Tue Feb 24 22:48:34 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _DSS_H_ -#define _DSS_H_ +#ifndef DROPBEAR_DSS_H_ +#define DROPBEAR_DSS_H_ #include "includes.h" #include "buffer.h" @@ -53,4 +53,4 @@ #endif /* DROPBEAR_DSS */ -#endif /* _DSS_H_ */ +#endif /* DROPBEAR_DSS_H_ */ diff -r 37c510c2ac7c -r b8f4b7027191 ecc.h --- a/ecc.h Tue Feb 10 21:47:43 2015 +0800 +++ b/ecc.h Tue Feb 24 22:48:34 2015 +0800 @@ -1,5 +1,5 @@ -#ifndef _DROPBEAR_ECC_H -#define _DROPBEAR_ECC_H +#ifndef DROPBEAR_DROPBEAR_ECC_H +#define DROPBEAR_DROPBEAR_ECC_H #include "includes.h" #include "options.h" @@ -33,4 +33,4 @@ #endif -#endif /* _DROPBEAR_ECC_H */ +#endif /* DROPBEAR_DROPBEAR_ECC_H */ diff -r 37c510c2ac7c -r b8f4b7027191 ecdsa.h --- a/ecdsa.h Tue Feb 10 21:47:43 2015 +0800 +++ b/ecdsa.h Tue Feb 24 22:48:34 2015 +0800 @@ -1,5 +1,5 @@ -#ifndef _ECDSA_H_ -#define _ECDSA_H_ +#ifndef DROPBEAR_ECDSA_H_ +#define DROPBEAR_ECDSA_H_ #include "includes.h" #include "buffer.h" @@ -32,4 +32,4 @@ #endif -#endif /* _ECDSA_H_ */ +#endif /* DROPBEAR_ECDSA_H_ */ diff -r 37c510c2ac7c -r b8f4b7027191 fake-rfc2553.h --- a/fake-rfc2553.h Tue Feb 10 21:47:43 2015 +0800 +++ b/fake-rfc2553.h Tue Feb 24 22:48:34 2015 +0800 @@ -39,8 +39,8 @@ * that ai_family is AF_INET. Don't use it for another purpose. */ -#ifndef _FAKE_RFC2553_H -#define _FAKE_RFC2553_H +#ifndef DROPBEAR_FAKE_RFC2553_H +#define DROPBEAR_FAKE_RFC2553_H #include "includes.h" #include diff -r 37c510c2ac7c -r b8f4b7027191 gendss.h --- a/gendss.h Tue Feb 10 21:47:43 2015 +0800 +++ b/gendss.h Tue Feb 24 22:48:34 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _GENDSS_H_ -#define _GENDSS_H_ +#ifndef DROPBEAR_GENDSS_H_ +#define DROPBEAR_GENDSS_H_ #include "dss.h" @@ -33,4 +33,4 @@ #endif /* DROPBEAR_DSS */ -#endif /* _GENDSS_H_ */ +#endif /* DROPBEAR_GENDSS_H_ */ diff -r 37c510c2ac7c -r b8f4b7027191 genrsa.h --- a/genrsa.h Tue Feb 10 21:47:43 2015 +0800 +++ b/genrsa.h Tue Feb 24 22:48:34 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _GENRSA_H_ -#define _GENRSA_H_ +#ifndef DROPBEAR_GENRSA_H_ +#define DROPBEAR_GENRSA_H_ #include "rsa.h" @@ -33,4 +33,4 @@ #endif /* DROPBEAR_RSA */ -#endif /* _GENRSA_H_ */ +#endif /* DROPBEAR_GENRSA_H_ */ diff -r 37c510c2ac7c -r b8f4b7027191 gensignkey.h --- a/gensignkey.h Tue Feb 10 21:47:43 2015 +0800 +++ b/gensignkey.h Tue Feb 24 22:48:34 2015 +0800 @@ -1,5 +1,5 @@ -#ifndef _GENSIGNKEY_H -#define _GENSIGNKEY_H +#ifndef DROPBEAR_GENSIGNKEY_H +#define DROPBEAR_GENSIGNKEY_H #include "signkey.h" diff -r 37c510c2ac7c -r b8f4b7027191 includes.h --- a/includes.h Tue Feb 10 21:47:43 2015 +0800 +++ b/includes.h Tue Feb 24 22:48:34 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _INCLUDES_H_ -#define _INCLUDES_H_ +#ifndef DROPBEAR_INCLUDES_H_ +#define DROPBEAR_INCLUDES_H_ #include "config.h" @@ -177,4 +177,4 @@ # define UNUSED(x) x #endif -#endif /* _INCLUDES_H_ */ +#endif /* DROPBEAR_INCLUDES_H_ */ diff -r 37c510c2ac7c -r b8f4b7027191 kex.h --- a/kex.h Tue Feb 10 21:47:43 2015 +0800 +++ b/kex.h Tue Feb 24 22:48:34 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _KEX_H_ -#define _KEX_H_ +#ifndef DROPBEAR_KEX_H_ +#define DROPBEAR_KEX_H_ #include "includes.h" #include "algo.h" @@ -113,4 +113,4 @@ #define MAX_KEXHASHBUF 2000 -#endif /* _KEX_H_ */ +#endif /* DROPBEAR_KEX_H_ */ diff -r 37c510c2ac7c -r b8f4b7027191 keyimport.c --- a/keyimport.c Tue Feb 10 21:47:43 2015 +0800 +++ b/keyimport.c Tue Feb 24 22:48:34 2015 +0800 @@ -464,17 +464,16 @@ goto error; } - memset(buffer, 0, sizeof(buffer)); + m_burn(buffer, sizeof(buffer)); return ret; error: - memset(buffer, 0, sizeof(buffer)); + m_burn(buffer, sizeof(buffer)); if (ret) { if (ret->keyblob) { - memset(ret->keyblob, 0, ret->keyblob_size); + m_burn(ret->keyblob, ret->keyblob_size); m_free(ret->keyblob); } - memset(&ret, 0, sizeof(ret)); m_free(ret); } if (fp) { @@ -494,9 +493,8 @@ if (!key) return 0; ret = key->encrypted; - memset(key->keyblob, 0, key->keyblob_size); + m_burn(key->keyblob, key->keyblob_size); m_free(key->keyblob); - memset(&key, 0, sizeof(key)); m_free(key); return ret; } @@ -1046,6 +1044,7 @@ const void* curve_oid = NULL; unsigned long pubkey_size = 2*curve_size+1; unsigned int k_size; + int err = 0; /* version. less than 10 bytes */ buf_incrwritepos(seq_buf, @@ -1091,7 +1090,7 @@ buf_incrwritepos(seq_buf, ber_write_id_len(buf_getwriteptr(seq_buf, 10), 3, 1+pubkey_size, 0)); buf_putbyte(seq_buf, 0); - int err = ecc_ansi_x963_export(*eck, buf_getwriteptr(seq_buf, pubkey_size), &pubkey_size); + err = ecc_ansi_x963_export(*eck, buf_getwriteptr(seq_buf, pubkey_size), &pubkey_size); if (err != CRYPT_OK) { dropbear_exit("ECC error"); } diff -r 37c510c2ac7c -r b8f4b7027191 keyimport.h --- a/keyimport.h Tue Feb 10 21:47:43 2015 +0800 +++ b/keyimport.h Tue Feb 24 22:48:34 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _KEYIMPORT_H_ -#define _KEYIMPORT_H_ +#ifndef DROPBEAR_KEYIMPORT_H_ +#define DROPBEAR_KEYIMPORT_H_ #include "includes.h" #include "signkey.h" @@ -39,4 +39,4 @@ sign_key *import_read(const char *filename, char *passphrase, int filetype); int import_encrypted(const char* filename, int filetype); -#endif /* _KEYIMPORT_H_ */ +#endif /* DROPBEAR_KEYIMPORT_H_ */ diff -r 37c510c2ac7c -r b8f4b7027191 libtomcrypt/src/headers/tomcrypt_argchk.h --- a/libtomcrypt/src/headers/tomcrypt_argchk.h Tue Feb 10 21:47:43 2015 +0800 +++ b/libtomcrypt/src/headers/tomcrypt_argchk.h Tue Feb 24 22:48:34 2015 +0800 @@ -4,8 +4,16 @@ #include +/* portability macros for compiler-specific code attributes */ +#ifdef __GNUC__ +#define ATTRIB_NORETURN __attribute__((noreturn)) +#else +#define ATTRIB_NORETURN +#endif + + /* this is the default LibTomCrypt macro */ -void crypt_argchk(char *v, char *s, int d); +void crypt_argchk(char *v, char *s, int d) ATTRIB_NORETURN; #define LTC_ARGCHK(x) if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } #define LTC_ARGCHKVD(x) LTC_ARGCHK(x) diff -r 37c510c2ac7c -r b8f4b7027191 list.h --- a/list.h Tue Feb 10 21:47:43 2015 +0800 +++ b/list.h Tue Feb 24 22:48:34 2015 +0800 @@ -1,5 +1,5 @@ -#ifndef _DROPBEAR_LIST_H -#define _DROPBEAR_LIST_H +#ifndef DROPBEAR_DROPBEAR_LIST_H +#define DROPBEAR_DROPBEAR_LIST_H struct _m_list; @@ -25,4 +25,4 @@ void * list_remove(m_list_elem *elem); -#endif /* _DROPBEAR_LIST_H */ +#endif /* DROPBEAR_DROPBEAR_LIST_H */ diff -r 37c510c2ac7c -r b8f4b7027191 listener.c --- a/listener.c Tue Feb 10 21:47:43 2015 +0800 +++ b/listener.c Tue Feb 24 22:48:34 2015 +0800 @@ -161,5 +161,14 @@ } ses.listeners[listener->index] = NULL; m_free(listener); +} +void remove_all_listeners(void) { + unsigned int i; + for (i = 0; i < ses.listensize; i++) { + if (ses.listeners[i]) { + remove_listener(ses.listeners[i]); + } + } + m_free(ses.listeners); } diff -r 37c510c2ac7c -r b8f4b7027191 listener.h --- a/listener.h Tue Feb 10 21:47:43 2015 +0800 +++ b/listener.h Tue Feb 24 22:48:34 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _LISTENER_H -#define _LISTENER_H +#ifndef DROPBEAR_LISTENER_H +#define DROPBEAR_LISTENER_H #define MAX_LISTENERS 20 #define LISTENER_EXTEND_SIZE 1 @@ -60,4 +60,6 @@ void remove_listener(struct Listener* listener); -#endif /* _LISTENER_H */ +void remove_all_listeners(void); + +#endif /* DROPBEAR_LISTENER_H */ diff -r 37c510c2ac7c -r b8f4b7027191 loginrec.h --- a/loginrec.h Tue Feb 10 21:47:43 2015 +0800 +++ b/loginrec.h Tue Feb 24 22:48:34 2015 +0800 @@ -1,5 +1,5 @@ -#ifndef _HAVE_LOGINREC_H_ -#define _HAVE_LOGINREC_H_ +#ifndef DROPBEAR_HAVE_LOGINREC_H_ +#define DROPBEAR_HAVE_LOGINREC_H_ /* * Copyright (c) 2000 Andre Lucas. All rights reserved. @@ -182,4 +182,4 @@ char *line_stripname(char *dst, const char *src, size_t dstsize); char *line_abbrevname(char *dst, const char *src, size_t dstsize); -#endif /* _HAVE_LOGINREC_H_ */ +#endif /* DROPBEAR_HAVE_LOGINREC_H_ */ diff -r 37c510c2ac7c -r b8f4b7027191 ltc_prng.h --- a/ltc_prng.h Tue Feb 10 21:47:43 2015 +0800 +++ b/ltc_prng.h Tue Feb 24 22:48:34 2015 +0800 @@ -1,5 +1,5 @@ -#ifndef _LTC_PRNG_H_DROPBEAR -#define _LTC_PRNG_H_DROPBEAR +#ifndef DROPBEAR_LTC_PRNG_H_DROPBEAR +#define DROPBEAR_LTC_PRNG_H_DROPBEAR #include "options.h" #include "includes.h" @@ -10,4 +10,4 @@ #endif /* DROPBEAR_LTC_PRNG */ -#endif /* _LTC_PRNG_H_DROPBEAR */ +#endif /* DROPBEAR_LTC_PRNG_H_DROPBEAR */ diff -r 37c510c2ac7c -r b8f4b7027191 options.h --- a/options.h Tue Feb 10 21:47:43 2015 +0800 +++ b/options.h Tue Feb 24 22:48:34 2015 +0800 @@ -2,8 +2,8 @@ * Copyright (c) 2002,2003 Matt Johnston * All rights reserved. See LICENSE for the license. */ -#ifndef _OPTIONS_H_ -#define _OPTIONS_H_ +#ifndef DROPBEAR_OPTIONS_H_ +#define DROPBEAR_OPTIONS_H_ /* Define compile-time options below - the "#ifndef DROPBEAR_XXX .... #endif" * parts are to allow for commandline -DDROPBEAR_XXX options etc. */ @@ -289,7 +289,7 @@ /* This is used by the scp binary when used as a client binary. If you're * not using the Dropbear client, you'll need to change it */ -#define _PATH_SSH_PROGRAM "/usr/bin/dbclient" +#define DROPBEAR_PATH_SSH_PROGRAM "/usr/bin/dbclient" /* Whether to log commands executed by a client. This only logs the * (single) command sent to the server, not what a user did in a @@ -337,4 +337,4 @@ * in sysoptions.h */ #include "sysoptions.h" -#endif /* _OPTIONS_H_ */ +#endif /* DROPBEAR_OPTIONS_H_ */ diff -r 37c510c2ac7c -r b8f4b7027191 packet.h --- a/packet.h Tue Feb 10 21:47:43 2015 +0800 +++ b/packet.h Tue Feb 24 22:48:34 2015 +0800 @@ -22,9 +22,9 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _PACKET_H_ +#ifndef DROPBEAR_PACKET_H_ -#define _PACKET_H_ +#define DROPBEAR_PACKET_H_ #include "includes.h" @@ -46,4 +46,4 @@ #define INIT_READBUF 128 -#endif /* _PACKET_H_ */ +#endif /* DROPBEAR_PACKET_H_ */ diff -r 37c510c2ac7c -r b8f4b7027191 queue.h --- a/queue.h Tue Feb 10 21:47:43 2015 +0800 +++ b/queue.h Tue Feb 24 22:48:34 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _QUEUE_H_ -#define _QUEUE_H_ +#ifndef DROPBEAR_QUEUE_H_ +#define DROPBEAR_QUEUE_H_ struct Link { diff -r 37c510c2ac7c -r b8f4b7027191 rsa.h --- a/rsa.h Tue Feb 10 21:47:43 2015 +0800 +++ b/rsa.h Tue Feb 24 22:48:34 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _RSA_H_ -#define _RSA_H_ +#ifndef DROPBEAR_RSA_H_ +#define DROPBEAR_RSA_H_ #include "includes.h" #include "buffer.h" @@ -55,4 +55,4 @@ #endif /* DROPBEAR_RSA */ -#endif /* _RSA_H_ */ +#endif /* DROPBEAR_RSA_H_ */ diff -r 37c510c2ac7c -r b8f4b7027191 runopts.h --- a/runopts.h Tue Feb 10 21:47:43 2015 +0800 +++ b/runopts.h Tue Feb 24 22:48:34 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _RUNOPTS_H_ -#define _RUNOPTS_H_ +#ifndef DROPBEAR_RUNOPTS_H_ +#define DROPBEAR_RUNOPTS_H_ #include "includes.h" #include "signkey.h" @@ -170,4 +170,4 @@ void print_version(void); -#endif /* _RUNOPTS_H_ */ +#endif /* DROPBEAR_RUNOPTS_H_ */ diff -r 37c510c2ac7c -r b8f4b7027191 scp.c --- a/scp.c Tue Feb 10 21:47:43 2015 +0800 +++ b/scp.c Tue Feb 24 22:48:34 2015 +0800 @@ -437,7 +437,7 @@ } /* * Finally check the exit status of the ssh process, if one was forked - * and no error has occured yet + * and no error has occurred yet */ if (do_cmd_pid != -1 && errs == 0) { if (remin != -1) diff -r 37c510c2ac7c -r b8f4b7027191 service.h --- a/service.h Tue Feb 10 21:47:43 2015 +0800 +++ b/service.h Tue Feb 24 22:48:34 2015 +0800 @@ -22,9 +22,9 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _SERVICE_H_ -#define _SERVICE_H_ +#ifndef DROPBEAR_SERVICE_H_ +#define DROPBEAR_SERVICE_H_ void recv_msg_service_request(); /* Server */ -#endif /* _SERVICE_H_ */ +#endif /* DROPBEAR_SERVICE_H_ */ diff -r 37c510c2ac7c -r b8f4b7027191 session.h --- a/session.h Tue Feb 10 21:47:43 2015 +0800 +++ b/session.h Tue Feb 24 22:48:34 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _SESSION_H_ -#define _SESSION_H_ +#ifndef DROPBEAR_SESSION_H_ +#define DROPBEAR_SESSION_H_ #include "includes.h" #include "options.h" @@ -43,7 +43,7 @@ extern int exitflag; void common_session_init(int sock_in, int sock_out); -void session_loop(void(*loophandler)()); +void session_loop(void(*loophandler)()) ATTRIB_NORETURN; void session_cleanup(); void send_session_identification(); void send_msg_ignore(); @@ -55,12 +55,12 @@ void fill_passwd(const char* username); /* Server */ -void svr_session(int sock, int childpipe); +void svr_session(int sock, int childpipe) ATTRIB_NORETURN; void svr_dropbear_exit(int exitcode, const char* format, va_list param) ATTRIB_NORETURN; void svr_dropbear_log(int priority, const char* format, va_list param); /* Client */ -void cli_session(int sock_in, int sock_out); +void cli_session(int sock_in, int sock_out) ATTRIB_NORETURN; void cleantext(unsigned char* dirtytext); /* crypto parameters that are stored individually for transmit and receive */ @@ -309,4 +309,4 @@ extern struct clientsession cli_ses; #endif /* DROPBEAR_CLIENT */ -#endif /* _SESSION_H_ */ +#endif /* DROPBEAR_SESSION_H_ */ diff -r 37c510c2ac7c -r b8f4b7027191 signkey.h --- a/signkey.h Tue Feb 10 21:47:43 2015 +0800 +++ b/signkey.h Tue Feb 24 22:48:34 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _SIGNKEY_H_ -#define _SIGNKEY_H_ +#ifndef DROPBEAR_SIGNKEY_H_ +#define DROPBEAR_SIGNKEY_H_ #include "buffer.h" #include "dss.h" @@ -101,4 +101,4 @@ void** signkey_key_ptr(sign_key *key, enum signkey_type type); -#endif /* _SIGNKEY_H_ */ +#endif /* DROPBEAR_SIGNKEY_H_ */ diff -r 37c510c2ac7c -r b8f4b7027191 svr-agentfwd.c --- a/svr-agentfwd.c Tue Feb 10 21:47:43 2015 +0800 +++ b/svr-agentfwd.c Tue Feb 24 22:48:34 2015 +0800 @@ -117,7 +117,7 @@ } /* set up the environment variable pointing to the socket. This is called - * just before command/shell execution, after dropping priveleges */ + * just before command/shell execution, after dropping privileges */ void svr_agentset(struct ChanSess * chansess) { char *path = NULL; diff -r 37c510c2ac7c -r b8f4b7027191 svr-chansession.c --- a/svr-chansession.c Tue Feb 10 21:47:43 2015 +0800 +++ b/svr-chansession.c Tue Feb 24 22:48:34 2015 +0800 @@ -234,7 +234,7 @@ struct ChanSess *chansess; - TRACE(("new chansess %p", channel)) + TRACE(("new chansess %p", (void*)channel)) dropbear_assert(channel->typedata == NULL); diff -r 37c510c2ac7c -r b8f4b7027191 svr-session.c --- a/svr-session.c Tue Feb 10 21:47:43 2015 +0800 +++ b/svr-session.c Tue Feb 24 22:48:34 2015 +0800 @@ -78,10 +78,14 @@ }; static void -svr_session_cleanup(void) -{ +svr_session_cleanup(void) { /* free potential public key options */ svr_pubkey_options_cleanup(); + + m_free(svr_ses.addrstring); + m_free(svr_ses.remotehost); + m_free(svr_ses.childpids); + svr_ses.childpidsize = 0; } static void @@ -150,6 +154,7 @@ void svr_dropbear_exit(int exitcode, const char* format, va_list param) { char fmtbuf[300]; + int i; if (!sessinitdone) { /* before session init */ @@ -183,6 +188,15 @@ session_cleanup(); } + if (svr_opts.hostkey) { + sign_key_free(svr_opts.hostkey); + svr_opts.hostkey = NULL; + } + for (i = 0; i < DROPBEAR_MAX_PORTS; i++) { + m_free(svr_opts.addresses[i]); + m_free(svr_opts.ports[i]); + } + exit(exitcode); } diff -r 37c510c2ac7c -r b8f4b7027191 svr-tcpfwd.c --- a/svr-tcpfwd.c Tue Feb 10 21:47:43 2015 +0800 +++ b/svr-tcpfwd.c Tue Feb 24 22:48:34 2015 +0800 @@ -270,7 +270,7 @@ } snprintf(portstring, sizeof(portstring), "%d", destport); - sock = connect_remote(desthost, portstring, 1, NULL); + sock = connect_remote(desthost, portstring, NULL); if (sock < 0) { err = SSH_OPEN_CONNECT_FAILED; TRACE(("leave newtcpdirect: sock failed")) diff -r 37c510c2ac7c -r b8f4b7027191 svr-x11fwd.c --- a/svr-x11fwd.c Tue Feb 10 21:47:43 2015 +0800 +++ b/svr-x11fwd.c Tue Feb 24 22:48:34 2015 +0800 @@ -175,7 +175,7 @@ m_free(chansess->x11authprot); m_free(chansess->x11authcookie); - TRACE(("chansess %p", chansess)) + TRACE(("chansess %p", (void*)chansess)) if (chansess->x11listener != NULL) { remove_listener(chansess->x11listener); chansess->x11listener = NULL; diff -r 37c510c2ac7c -r b8f4b7027191 sysoptions.h --- a/sysoptions.h Tue Feb 10 21:47:43 2015 +0800 +++ b/sysoptions.h Tue Feb 24 22:48:34 2015 +0800 @@ -256,6 +256,9 @@ #define DROPBEAR_LISTEN_BACKLOG MAX_CHANNELS #endif +/* free memory before exiting */ +#define DROPBEAR_CLEANUP + /* Use this string since some implementations might special-case it */ #define DROPBEAR_KEEPALIVE_STRING "keepalive@openssh.com" diff -r 37c510c2ac7c -r b8f4b7027191 tcpfwd.h --- a/tcpfwd.h Tue Feb 10 21:47:43 2015 +0800 +++ b/tcpfwd.h Tue Feb 24 22:48:34 2015 +0800 @@ -21,8 +21,8 @@ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _TCPFWD_H -#define _TCPFWD_H +#ifndef DROPBEAR_TCPFWD_H +#define DROPBEAR_TCPFWD_H #include "channel.h" #include "list.h" diff -r 37c510c2ac7c -r b8f4b7027191 termcodes.h --- a/termcodes.h Tue Feb 10 21:47:43 2015 +0800 +++ b/termcodes.h Tue Feb 24 22:48:34 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _TERMCODES_H_ -#define _TERMCODES_H_ +#ifndef DROPBEAR_TERMCODES_H_ +#define DROPBEAR_TERMCODES_H_ #define TERMCODE_NONE 0 #define TERMCODE_CONTROL 1 @@ -43,4 +43,4 @@ extern const struct TermCode termcodes[]; -#endif /* _TERMCODES_H_ */ +#endif /* DROPBEAR_TERMCODES_H_ */ diff -r 37c510c2ac7c -r b8f4b7027191 x11fwd.h --- a/x11fwd.h Tue Feb 10 21:47:43 2015 +0800 +++ b/x11fwd.h Tue Feb 24 22:48:34 2015 +0800 @@ -21,8 +21,8 @@ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _X11FWD_H_ -#define _X11FWD_H_ +#ifndef DROPBEAR__X11FWD_H_ +#define DROPBEAR__X11FWD_H_ #ifndef DISABLE_X11FWD #include "includes.h" @@ -34,4 +34,4 @@ void x11cleanup(struct ChanSess *chansess); #endif /* DROPBEAR_X11FWD */ -#endif /* _X11FWD_H_ */ +#endif /* DROPBEAR__X11FWD_H_ */