changeset 971:763979a9c1f1 coverity

merge
author Matt Johnston <matt@ucc.asn.au>
date Tue, 19 Aug 2014 23:36:46 +0800
parents 67ff2be856ff (current diff) 0bb16232e7c4 (diff)
children bfc8e66ceacf
files
diffstat 19 files changed, 120 insertions(+), 38 deletions(-) [+]
line wrap: on
line diff
--- a/.hgsigs	Fri Aug 08 21:26:07 2014 +0800
+++ b/.hgsigs	Tue Aug 19 23:36:46 2014 +0800
@@ -11,3 +11,4 @@
 3d1d7d151c0ce3a79da62e86463f5632fa2b144a 0 iEYEABECAAYFAlKd5AEACgkQjPn4sExkf7wzWgCfdvPEEIdlMPqcbOQMJ7b+eAyy164An2ip1lPh1eS5g26/gSfruvWBVym4
 277429102f1337bd10c89107d3e01de509cc1a7e 0 iEYEABECAAYFAlMEvF4ACgkQjPn4sExkf7xeVQCgtbxJ4G3hsFwUOM0K1WGr1J2vsbEAoMM8dEyr1mdrbgO1tzNLfD1nxbyn
 96584b934d04ebab443f603e78d38fe692d36313 0 iEYEABECAAYFAlPVFrQACgkQjPn4sExkf7xr6ACglRiLE21vRrS1rJ809o2yMADIKtwAn1f5SyZUngSde8eE55JxCMwtMC5m
+caac692b366c153cea0e9cd59aa2d79a7d843d4e 0 iEYEABECAAYFAlPk1mcACgkQjPn4sExkf7wLpgCeOqMYqpkf4lYUuyrn9VYThNpc7PkAn3JOSNgIqkKUcmSy6FstrI8jwJzq
--- a/.hgtags	Fri Aug 08 21:26:07 2014 +0800
+++ b/.hgtags	Tue Aug 19 23:36:46 2014 +0800
@@ -44,3 +44,4 @@
 3d1d7d151c0ce3a79da62e86463f5632fa2b144a DROPBEAR_2013.62
 2351b2da8e0d08dcc6e64fcc328b53b9630bda68 DROPBEAR_2014.63
 0d2d39957c029adb7f4327d37fe6b4900f0736d9 DROPBEAR_2014.64
+e9579816f20ea85affc6135e87f8477992808948 DROPBEAR_2014.65
--- a/CHANGES	Fri Aug 08 21:26:07 2014 +0800
+++ b/CHANGES	Tue Aug 19 23:36:46 2014 +0800
@@ -1,3 +1,20 @@
+2014.65 - Friday 8 August 2014
+
+- Fix 2014.64 regression, server session hang on exit with scp (and probably
+  others), thanks to NiLuJe for tracking it down
+
+- Fix 2014.64 regression, clock_gettime() error handling which broke on older
+  Linux kernels, reported by NiLuJe
+
+- Fix 2014.64 regression, writev() could occassionally fail with EAGAIN which
+  wasn't caught
+
+- Avoid error message when trying to set QoS on proxycommand or multihop pipes
+
+- Use /usr/bin/xauth, thanks to Mike Frysinger
+
+- Don't exit the client if the local user entry can't be found, thanks to iquaba
+
 2014.64 - Sunday 27 July 2014
 
 - Fix compiling with ECDSA and DSS disabled
--- a/LICENSE	Fri Aug 08 21:26:07 2014 +0800
+++ b/LICENSE	Tue Aug 19 23:36:46 2014 +0800
@@ -8,7 +8,7 @@
 Portions of the client-mode work are (c) 2004 Mihnea Stoenescu, under the
 same license:
 
-Copyright (c) 2002-2013 Matt Johnston
+Copyright (c) 2002-2014 Matt Johnston
 Portions copyright (c) 2004 Mihnea Stoenescu
 All rights reserved.
 
--- a/auth.h	Fri Aug 08 21:26:07 2014 +0800
+++ b/auth.h	Tue Aug 19 23:36:46 2014 +0800
@@ -106,7 +106,7 @@
 								valid */
 	unsigned int failcount; /* Number of (failed) authentication attempts.*/
 	unsigned authdone : 1; /* 0 if we haven't authed, 1 if we have. Applies for
-							  client and server (though has differing [obvious]
+							  client and server (though has differing 
 							  meanings). */
 	unsigned perm_warn : 1; /* Server only, set if bad permissions on 
 							   ~/.ssh/authorized_keys have already been
--- a/channel.h	Fri Aug 08 21:26:07 2014 +0800
+++ b/channel.h	Tue Aug 19 23:36:46 2014 +0800
@@ -105,6 +105,9 @@
 void setchannelfds(fd_set *readfd, fd_set *writefd);
 void channelio(fd_set *readfd, fd_set *writefd);
 struct Channel* getchannel();
+/* Returns an arbitrary channel that is in a ready state - not
+being initialised and no EOF in either direction. NULL if none. */
+struct Channel* get_any_ready_channel();
 
 void recv_msg_channel_open();
 void recv_msg_channel_request();
@@ -128,8 +131,10 @@
 void recv_msg_channel_open_confirmation();
 void recv_msg_channel_open_failure();
 #endif
+void start_send_channel_request(struct Channel *channel, unsigned char *type);
 
 void send_msg_request_success();
 void send_msg_request_failure();
 
+
 #endif /* _CHANNEL_H_ */
--- a/chansession.h	Fri Aug 08 21:26:07 2014 +0800
+++ b/chansession.h	Tue Aug 19 23:36:46 2014 +0800
@@ -89,7 +89,6 @@
 #ifdef ENABLE_CLI_NETCAT
 void cli_send_netcat_request();
 #endif
-void cli_start_send_channel_request(struct Channel *channel, unsigned char *type);
 
 void svr_chansessinitialise();
 extern const struct ChanType svrchansess;
--- a/cli-agentfwd.c	Fri Aug 08 21:26:07 2014 +0800
+++ b/cli-agentfwd.c	Tue Aug 19 23:36:46 2014 +0800
@@ -234,7 +234,7 @@
 		return;
 	}
 	
-	cli_start_send_channel_request(channel, "[email protected]");
+	start_send_channel_request(channel, "[email protected]");
 	/* Don't want replies */
 	buf_putbyte(ses.writepayload, 0);
 	encrypt_packet();
--- a/cli-chansession.c	Fri Aug 08 21:26:07 2014 +0800
+++ b/cli-chansession.c	Tue Aug 19 23:36:46 2014 +0800
@@ -92,17 +92,6 @@
 	}
 }
 
-void cli_start_send_channel_request(struct Channel *channel, 
-		unsigned char *type) {
-
-	CHECKCLEARTOWRITE();
-	buf_putbyte(ses.writepayload, SSH_MSG_CHANNEL_REQUEST);
-	buf_putint(ses.writepayload, channel->remotechan);
-
-	buf_putstring(ses.writepayload, type, strlen(type));
-
-}
-
 /* Taken from OpenSSH's sshtty.c:
  * RCSID("OpenBSD: sshtty.c,v 1.5 2003/09/19 17:43:35 markus Exp "); */
 static void cli_tty_setup() {
@@ -287,7 +276,7 @@
 
 	TRACE(("enter send_chansess_pty_req"))
 
-	cli_start_send_channel_request(channel, "pty-req");
+	start_send_channel_request(channel, "pty-req");
 
 	/* Don't want replies */
 	buf_putbyte(ses.writepayload, 0);
@@ -330,7 +319,7 @@
 		reqtype = "shell";
 	}
 
-	cli_start_send_channel_request(channel, reqtype);
+	start_send_channel_request(channel, reqtype);
 
 	/* XXX TODO */
 	buf_putbyte(ses.writepayload, 0); /* Don't want replies */
--- a/cli-session.c	Fri Aug 08 21:26:07 2014 +0800
+++ b/cli-session.c	Tue Aug 19 23:36:46 2014 +0800
@@ -70,9 +70,15 @@
 	{SSH_MSG_USERAUTH_BANNER, recv_msg_userauth_banner}, /* client */
 	{SSH_MSG_USERAUTH_SPECIFIC_60, recv_msg_userauth_specific_60}, /* client */
 	{SSH_MSG_GLOBAL_REQUEST, recv_msg_global_request_cli},
+	{SSH_MSG_CHANNEL_SUCCESS, ignore_recv_response},
+	{SSH_MSG_CHANNEL_FAILURE, ignore_recv_response},
 #ifdef  ENABLE_CLI_REMOTETCPFWD
 	{SSH_MSG_REQUEST_SUCCESS, cli_recv_msg_request_success}, /* client */
 	{SSH_MSG_REQUEST_FAILURE, cli_recv_msg_request_failure}, /* client */
+#else
+	/* For keepalive */
+	{SSH_MSG_REQUEST_SUCCESS, ignore_recv_response},
+	{SSH_MSG_REQUEST_FAILURE, ignore_recv_response},
 #endif
 	{0, 0} /* End */
 };
--- a/common-channel.c	Fri Aug 08 21:26:07 2014 +0800
+++ b/common-channel.c	Tue Aug 19 23:36:46 2014 +0800
@@ -627,7 +627,12 @@
 			&& !channel->close_handler_done) {
 		channel->type->reqhandler(channel);
 	} else {
-		send_msg_channel_failure(channel);
+		int wantreply;
+		buf_eatstring(ses.payload);
+		wantreply = buf_getbool(ses.payload);
+		if (wantreply) {
+			send_msg_channel_failure(channel);
+		}
 	}
 
 	TRACE(("leave recv_msg_channel_request"))
@@ -1134,3 +1139,30 @@
 	buf_putbyte(ses.writepayload, SSH_MSG_REQUEST_FAILURE);
 	encrypt_packet();
 }
+
+struct Channel* get_any_ready_channel() {
+	if (ses.chancount == 0) {
+		return NULL;
+	}
+	size_t i;
+	for (i = 0; i < ses.chansize; i++) {
+		struct Channel *chan = ses.channels[i];
+		if (chan
+				&& !(chan->sent_eof || chan->recv_eof)
+				&& !(chan->await_open || chan->initconn)) {
+			return chan;
+		}
+	}
+	return NULL;
+}
+
+void start_send_channel_request(struct Channel *channel, 
+		unsigned char *type) {
+
+	CHECKCLEARTOWRITE();
+	buf_putbyte(ses.writepayload, SSH_MSG_CHANNEL_REQUEST);
+	buf_putint(ses.writepayload, channel->remotechan);
+
+	buf_putstring(ses.writepayload, type, strlen(type));
+
+}
--- a/common-session.c	Fri Aug 08 21:26:07 2014 +0800
+++ b/common-session.c	Tue Aug 19 23:36:46 2014 +0800
@@ -394,14 +394,30 @@
 	return pos+1;
 }
 
+void ignore_recv_response() {
+	// Do nothing
+	TRACE(("Ignored msg_request_response"))
+}
+
 static void send_msg_keepalive() {
 	CHECKCLEARTOWRITE();
 	time_t old_time_idle = ses.last_packet_time_idle;
-	/* Try to force a response from the other end. Some peers will
-	reply with SSH_MSG_REQUEST_FAILURE, some will reply with SSH_MSG_UNIMPLEMENTED */
-	buf_putbyte(ses.writepayload, SSH_MSG_GLOBAL_REQUEST);
-	/* A short string */
-	buf_putstring(ses.writepayload, "[email protected]", 0);
+
+	struct Channel *chan = get_any_ready_channel();
+
+	if (chan) {
+		/* Channel requests are preferable, more implementations
+		handle them than SSH_MSG_GLOBAL_REQUEST */
+		TRACE(("keepalive channel request %d", chan->index))
+		start_send_channel_request(chan, DROPBEAR_KEEPALIVE_STRING);
+	} else {
+		TRACE(("keepalive global request"))
+		/* Some peers will reply with SSH_MSG_REQUEST_FAILURE, 
+		some will reply with SSH_MSG_UNIMPLEMENTED, some will exit. */
+		buf_putbyte(ses.writepayload, SSH_MSG_GLOBAL_REQUEST); 
+		buf_putstring(ses.writepayload, DROPBEAR_KEEPALIVE_STRING,
+			strlen(DROPBEAR_KEEPALIVE_STRING));
+	}
 	buf_putbyte(ses.writepayload, 1); /* want_reply */
 	encrypt_packet();
 
@@ -430,7 +446,10 @@
 		send_msg_kexinit();
 	}
 	
-	if (opts.keepalive_secs > 0) {
+	if (opts.keepalive_secs > 0 && ses.authstate.authdone) {
+		/* Avoid sending keepalives prior to auth - those are
+		not valid pre-auth packet types */
+
 		/* Send keepalives if we've been idle */
 		if (now - ses.last_packet_time_any_sent >= opts.keepalive_secs) {
 			send_msg_keepalive();
--- a/debian/changelog	Fri Aug 08 21:26:07 2014 +0800
+++ b/debian/changelog	Tue Aug 19 23:36:46 2014 +0800
@@ -1,3 +1,9 @@
+dropbear (2014.65-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <[email protected]>  Fri, 8 Aug 2014 22:54:00 +0800
+
 dropbear (2014.64-0.1) unstable; urgency=low
 
   * New upstream release.
--- a/loginrec.h	Fri Aug 08 21:26:07 2014 +0800
+++ b/loginrec.h	Tue Aug 19 23:36:46 2014 +0800
@@ -79,10 +79,10 @@
 #  if defined(HAVE_UTMP_H) && defined(UTMP_FILE) && !defined(DISABLE_UTMP)
 #    define USE_UTMP
 #  endif
-#  if defined(HAVE_WTMPX_H) && defined(WTMPX_FILE) && !defined(DISABLE_WTMPX)
+#  if defined(WTMPX_FILE) && !defined(DISABLE_WTMPX)
 #    define USE_WTMPX
 #  endif
-#  if defined(HAVE_WTMP_H) && defined(WTMP_FILE) && !defined(DISABLE_WTMP)
+#  if defined(WTMP_FILE) && !defined(DISABLE_WTMP)
 #    define USE_WTMP
 #  endif
 
--- a/session.h	Fri Aug 08 21:26:07 2014 +0800
+++ b/session.h	Tue Aug 19 23:36:46 2014 +0800
@@ -47,6 +47,7 @@
 void session_cleanup();
 void send_session_identification();
 void send_msg_ignore();
+void ignore_recv_response();
 
 void update_channel_prio();
 
--- a/svr-chansession.c	Fri Aug 08 21:26:07 2014 +0800
+++ b/svr-chansession.c	Tue Aug 19 23:36:46 2014 +0800
@@ -53,6 +53,7 @@
 static void closechansess(struct Channel *channel);
 static int newchansess(struct Channel *channel);
 static void chansessionrequest(struct Channel *channel);
+static int sesscheckclose(struct Channel *channel);
 
 static void send_exitsignalstatus(struct Channel *channel);
 static void send_msg_chansess_exitstatus(struct Channel * channel,
@@ -61,6 +62,14 @@
 		struct ChanSess * chansess);
 static void get_termmodes(struct ChanSess *chansess);
 
+const struct ChanType svrchansess = {
+	0, /* sepfds */
+	"session", /* name */
+	newchansess, /* inithandler */
+	sesscheckclose, /* checkclosehandler */
+	chansessionrequest, /* reqhandler */
+	closechansess, /* closehandler */
+};
 
 /* required to clear environment */
 extern char** environ;
@@ -968,16 +977,6 @@
 	dropbear_exit("Child failed");
 }
 
-const struct ChanType svrchansess = {
-	0, /* sepfds */
-	"session", /* name */
-	newchansess, /* inithandler */
-	sesscheckclose, /* checkclosehandler */
-	chansessionrequest, /* reqhandler */
-	closechansess, /* closehandler */
-};
-
-
 /* Set up the general chansession environment, in particular child-exit
  * handling */
 void svr_chansessinitialise() {
--- a/svr-main.c	Fri Aug 08 21:26:07 2014 +0800
+++ b/svr-main.c	Tue Aug 19 23:36:46 2014 +0800
@@ -409,7 +409,7 @@
 	size_t sockpos = 0;
 	int nsock;
 
-	TRACE(("listensockets: %d to try\n", svr_opts.portcount))
+	TRACE(("listensockets: %d to try", svr_opts.portcount))
 
 	for (i = 0; i < svr_opts.portcount; i++) {
 
--- a/svr-session.c	Fri Aug 08 21:26:07 2014 +0800
+++ b/svr-session.c	Tue Aug 19 23:36:46 2014 +0800
@@ -58,6 +58,10 @@
 	{SSH_MSG_CHANNEL_OPEN, recv_msg_channel_open},
 	{SSH_MSG_CHANNEL_EOF, recv_msg_channel_eof},
 	{SSH_MSG_CHANNEL_CLOSE, recv_msg_channel_close},
+	{SSH_MSG_CHANNEL_SUCCESS, ignore_recv_response},
+	{SSH_MSG_CHANNEL_FAILURE, ignore_recv_response},
+	{SSH_MSG_REQUEST_FAILURE, ignore_recv_response}, /* for keepalive */
+	{SSH_MSG_REQUEST_SUCCESS, ignore_recv_response}, /* client */
 #ifdef USING_LISTENERS
 	{SSH_MSG_CHANNEL_OPEN_CONFIRMATION, recv_msg_channel_open_confirmation},
 	{SSH_MSG_CHANNEL_OPEN_FAILURE, recv_msg_channel_open_failure},
--- a/sysoptions.h	Fri Aug 08 21:26:07 2014 +0800
+++ b/sysoptions.h	Tue Aug 19 23:36:46 2014 +0800
@@ -4,7 +4,7 @@
  *******************************************************************/
 
 #ifndef DROPBEAR_VERSION
-#define DROPBEAR_VERSION "2014.64"
+#define DROPBEAR_VERSION "2014.65"
 #endif
 
 #define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION
@@ -257,4 +257,7 @@
 #define DROPBEAR_LISTEN_BACKLOG MAX_CHANNELS
 #endif
 
+/* Use this string since some implementations might special-case it */
+#define DROPBEAR_KEEPALIVE_STRING "[email protected]"
+
 /* no include guard for this file */