Mercurial > dropbear

changeset 378:a124aff0cbf1

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
merge of '182c2d8dbd5321ef4d1df8758936f4dc7127015f' and '31dcd7a22983ef19d6c63248e415e71d292dd0ec'
author Matt Johnston <matt@ucc.asn.au>
date Wed, 06 Dec 2006 13:11:41 +0000
parents 1bfa65fed772 (diff) 59531221b846 (current diff)
children b66a00272a90
files dss.c includes.h rsa.c svr-chansession.c tcp-accept.c
diffstat 6 files changed, 40 insertions(+), 19 deletions(-) [+]
line wrap: on
line diff
--- a/LICENSE	Wed Oct 11 16:00:50 2006 +0000
+++ b/LICENSE	Wed Dec 06 13:11:41 2006 +0000
@@ -8,7 +8,7 @@
 Portions of the client-mode work are (c) 2004 Mihnea Stoenescu, under the
 same license:
 
-Copyright (c) 2002-2004 Matt Johnston
+Copyright (c) 2002-2006 Matt Johnston
 Portions copyright (c) 2004 Mihnea Stoenescu
 All rights reserved.
 
--- a/dss.c	Wed Oct 11 16:00:50 2006 +0000
+++ b/dss.c	Wed Dec 06 13:11:41 2006 +0000
@@ -90,6 +90,9 @@
 	key->x = m_malloc(sizeof(mp_int));
 	m_mp_init(key->x);
 	ret = buf_getmpint(buf, key->x);
+	if (ret == DROPBEAR_FAILURE) {
+		m_free(key->x);
+	}
 
 	return ret;
 }
--- a/includes.h	Wed Oct 11 16:00:50 2006 +0000
+++ b/includes.h	Wed Dec 06 13:11:41 2006 +0000
@@ -72,12 +72,12 @@
 #include <lastlog.h>
 #endif
 
-#include <arpa/inet.h>
-
 #ifdef HAVE_NETINET_IN_H
 #include <netinet/in.h>
 #endif
 
+#include <arpa/inet.h>
+
 /* netbsd 1.6 needs this to be included before netinet/ip.h for some
  * undocumented reason */
 #ifdef HAVE_NETINET_IN_SYSTM_H
--- a/rsa.c	Wed Oct 11 16:00:50 2006 +0000
+++ b/rsa.c	Wed Dec 06 13:11:41 2006 +0000
@@ -48,6 +48,7 @@
  * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
 int buf_get_rsa_pub_key(buffer* buf, rsa_key *key) {
 
+    int ret = DROPBEAR_FAILURE;
 	TRACE(("enter buf_get_rsa_pub_key"))
 	dropbear_assert(key != NULL);
 	key->e = m_malloc(sizeof(mp_int));
@@ -62,44 +63,51 @@
 	if (buf_getmpint(buf, key->e) == DROPBEAR_FAILURE
 	 || buf_getmpint(buf, key->n) == DROPBEAR_FAILURE) {
 		TRACE(("leave buf_get_rsa_pub_key: failure"))
-		return DROPBEAR_FAILURE;
+	    goto out;
 	}
 
 	if (mp_count_bits(key->n) < MIN_RSA_KEYLEN) {
 		dropbear_log(LOG_WARNING, "rsa key too short");
-		return DROPBEAR_FAILURE;
+	    goto out;
 	}
 
 	TRACE(("leave buf_get_rsa_pub_key: success"))
-	return DROPBEAR_SUCCESS;
-
+    ret = DROPBEAR_SUCCESS;
+out:
+    if (ret == DROPBEAR_FAILURE) {
+        m_free(key->e);
+        m_free(key->n);
+    }
+	return ret;
 }
 
-/* Same as buf_get_rsa_pub_key, but reads a private "x" key at the end.
+/* Same as buf_get_rsa_pub_key, but reads private bits at the end.
  * Loads a private rsa key from a buffer
  * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
 int buf_get_rsa_priv_key(buffer* buf, rsa_key *key) {
-
-	dropbear_assert(key != NULL);
+    int ret = DROPBEAR_FAILURE;
 
 	TRACE(("enter buf_get_rsa_priv_key"))
+	dropbear_assert(key != NULL);
 
 	if (buf_get_rsa_pub_key(buf, key) == DROPBEAR_FAILURE) {
 		TRACE(("leave buf_get_rsa_priv_key: pub: ret == DROPBEAR_FAILURE"))
 		return DROPBEAR_FAILURE;
 	}
+	
+	key->d = NULL;
+	key->p = NULL;
+	key->q = NULL;
 
 	key->d = m_malloc(sizeof(mp_int));
 	m_mp_init(key->d);
 	if (buf_getmpint(buf, key->d) == DROPBEAR_FAILURE) {
 		TRACE(("leave buf_get_rsa_priv_key: d: ret == DROPBEAR_FAILURE"))
-		return DROPBEAR_FAILURE;
+	    goto out;
 	}
 
-	/* old Dropbear private keys didn't keep p and q, so we will ignore them*/
 	if (buf->pos == buf->len) {
-		key->p = NULL;
-		key->q = NULL;
+    	/* old Dropbear private keys didn't keep p and q, so we will ignore them*/
 	} else {
 		key->p = m_malloc(sizeof(mp_int));
 		key->q = m_malloc(sizeof(mp_int));
@@ -107,17 +115,24 @@
 
 		if (buf_getmpint(buf, key->p) == DROPBEAR_FAILURE) {
 			TRACE(("leave buf_get_rsa_priv_key: p: ret == DROPBEAR_FAILURE"))
-			return DROPBEAR_FAILURE;
+		    goto out;
 		}
 
 		if (buf_getmpint(buf, key->q) == DROPBEAR_FAILURE) {
 			TRACE(("leave buf_get_rsa_priv_key: q: ret == DROPBEAR_FAILURE"))
-			return DROPBEAR_FAILURE;
+		    goto out;
 		}
 	}
 
+    ret = DROPBEAR_SUCCESS;
+out:
+    if (ret == DROPBEAR_FAILURE) {
+        m_free(key->d);
+        m_free(key->p);
+        m_free(key->q);
+    }
 	TRACE(("leave buf_get_rsa_priv_key"))
-	return DROPBEAR_SUCCESS;
+    return ret;
 }
 	
 
--- a/svr-chansession.c	Wed Oct 11 16:00:50 2006 +0000
+++ b/svr-chansession.c	Wed Dec 06 13:11:41 2006 +0000
@@ -101,7 +101,7 @@
 
 		/* If the pid wasn't matched, then we might have hit the race mentioned
 		 * above. So we just store the info for the parent to deal with */
-		if (!exit) {
+		if (exit == NULL) {
 			exit = &svr_ses.lastexit;
 		}
 
@@ -1007,6 +1007,7 @@
 	newvar[plen] = '=';
 	memcpy(&newvar[plen+1], var, vlen);
 	newvar[plen+vlen+1] = '\0';
+	/* newvar is leaked here, but that's part of putenv()'s semantics */
 	if (putenv(newvar) < 0) {
 		dropbear_exit("environ error");
 	}
--- a/tcp-accept.c	Wed Oct 11 16:00:50 2006 +0000
+++ b/tcp-accept.c	Wed Dec 06 13:11:41 2006 +0000
@@ -126,7 +126,9 @@
 		TRACE(("leave listen_tcpfwd: dropbear_listen failed"))
 		return DROPBEAR_FAILURE;
 	}
-
+	m_free(errstring);
+	
+	/* new_listener will close the socks if it fails */
 	listener = new_listener(socks, nsocks, CHANNEL_ID_TCPFORWARDED, tcpinfo, 
 			tcp_acceptor, cleanup_tcp);