- (djm) OpenBSD CVS Sync

   - markus@cvs.openbsd.org 2003/03/05 22:33:43
     [channels.c monitor.c scp.c session.c sftp-client.c sftp-int.c]
     [sftp-server.c ssh-add.c sshconnect2.c]
     fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@

10 files changed, 52 insertions, 22 deletions

diff --git a/ChangeLog b/ChangeLog
index 41c66dbd..984223fb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+20030310
+- (djm) OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2003/03/05 22:33:43
+     [channels.c monitor.c scp.c session.c sftp-client.c sftp-int.c]
+     [sftp-server.c ssh-add.c sshconnect2.c]
+     fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
+
 20030225
  - (djm) Fix some compile errors spotted by dtucker and his fabulous 
    tinderbox
@@ -1191,4 +1198,4 @@
      save auth method before monitor_reset_key_state(); bugzilla bug #284;
      ok provos@
 
-$Id: ChangeLog,v 1.2622 2003/02/24 23:22:35 djm Exp $
+$Id: ChangeLog,v 1.2623 2003/03/10 00:21:17 djm Exp $
diff --git a/channels.c b/channels.c
index ea1d46c2..1937b024 100644
--- a/channels.c
+++ b/channels.c
@@ -39,7 +39,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: channels.c,v 1.186 2003/01/10 10:32:54 djm Exp $");
+RCSID("$OpenBSD: channels.c,v 1.187 2003/03/05 22:33:43 markus Exp $");
 
 #include "ssh.h"
 #include "ssh1.h"
@@ -1997,6 +1997,7 @@ channel_input_port_open(int type, u_int32_t seq, void *ctxt)
 		c->remote_id = remote_id;
 	}
 	if (c == NULL) {
+		xfree(originator_string);
 		packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE);
 		packet_put_int(remote_id);
 		packet_send();
@@ -2609,6 +2610,7 @@ x11_input_open(int type, u_int32_t seq, void *ctxt)
 		/* Send refusal to the remote host. */
 		packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE);
 		packet_put_int(remote_id);
+		xfree(remote_host);
 	} else {
 		/* Send a confirmation to the remote host. */
 		packet_start(SSH_MSG_CHANNEL_OPEN_CONFIRMATION);
diff --git a/monitor.c b/monitor.c
index 694cd630..2b416883 100644
--- a/monitor.c
+++ b/monitor.c
@@ -25,7 +25,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: monitor.c,v 1.32 2003/02/16 17:30:33 markus Exp $");
+RCSID("$OpenBSD: monitor.c,v 1.33 2003/03/05 22:33:43 markus Exp $");
 
 #include <openssl/dh.h>
 
@@ -806,8 +806,9 @@ mm_answer_keyallowed(int socket, Buffer *m)
 			fatal("%s: unknown key type %d", __func__, type);
 			break;
 		}
-		key_free(key);
 	}
+	if (key != NULL)
+		key_free(key);
 
 	/* clear temporarily storage (used by verify) */
 	monitor_reset_key_state();
@@ -1204,8 +1205,9 @@ mm_answer_rsa_keyallowed(int socket, Buffer *m)
 		key_blob = blob;
 		key_bloblen = blen;
 		key_blobtype = MM_RSAUSERKEY;
-		key_free(key);
 	}
+	if (key != NULL)
+		key_free(key);
 
 	mm_append_debug(m);
 
@@ -1246,6 +1248,9 @@ mm_answer_rsa_challenge(int socket, Buffer *m)
 	mm_request_send(socket, MONITOR_ANS_RSACHALLENGE, m);
 
 	monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 1);
+
+	xfree(blob);
+	key_free(key);
 	return (0);
 }
 
@@ -1276,6 +1281,7 @@ mm_answer_rsa_response(int socket, Buffer *m)
 		fatal("%s: received bad response to challenge", __func__);
 	success = auth_rsa_verify_response(key, ssh1_challenge, response);
 
+	xfree(blob);
 	key_free(key);
 	xfree(response);
 
diff --git a/scp.c b/scp.c
index e44a1cf6..ab67c0bb 100644
--- a/scp.c
+++ b/scp.c
@@ -75,7 +75,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: scp.c,v 1.101 2003/02/02 10:51:13 markus Exp $");
+RCSID("$OpenBSD: scp.c,v 1.102 2003/03/05 22:33:43 markus Exp $");
 
 #include "xmalloc.h"
 #include "atomicio.h"
@@ -395,10 +395,14 @@ toremote(targ, argc, argv)
 				suser = argv[i];
 				if (*suser == '\0')
 					suser = pwd->pw_name;
-				else if (!okname(suser))
+				else if (!okname(suser)) {
+					xfree(bp);
 					continue;
-				if (tuser && !okname(tuser))
+				}
+				if (tuser && !okname(tuser)) {
+					xfree(bp);
 					continue;
+				}
 				snprintf(bp, len,
 				    "%s%s %s -n "
 				    "-l %s %s %s %s '%s%s%s:%s'",
diff --git a/session.c b/session.c
index a1586d3b..ce9db27e 100644
--- a/session.c
+++ b/session.c
@@ -33,7 +33,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.153 2003/02/06 09:26:23 markus Exp $");
+RCSID("$OpenBSD: session.c,v 1.154 2003/03/05 22:33:43 markus Exp $");
 
 #include "ssh.h"
 #include "ssh1.h"
@@ -951,7 +951,7 @@ do_setup_env(Session *s, const char *shell)
 {
 	char buf[256];
 	u_int i, envsize;
-	char **env;
+	char **env, *laddr;
 	struct passwd *pw = s->pw;
 
 	/* Initialize the environment. */
@@ -1030,9 +1030,10 @@ do_setup_env(Session *s, const char *shell)
 	    get_remote_ipaddr(), get_remote_port(), get_local_port());
 	child_set_env(&env, &envsize, "SSH_CLIENT", buf);
 
+	laddr = get_local_ipaddr(packet_get_connection_in());
 	snprintf(buf, sizeof buf, "%.50s %d %.50s %d",
-	    get_remote_ipaddr(), get_remote_port(),
-	    get_local_ipaddr(packet_get_connection_in()), get_local_port());
+	    get_remote_ipaddr(), get_remote_port(), laddr, get_local_port());
+	xfree(laddr);
 	child_set_env(&env, &envsize, "SSH_CONNECTION", buf);
 
 	if (s->ttyfd != -1)
diff --git a/sftp-client.c b/sftp-client.c
index 8c12dae1..3b3279e6 100644
--- a/sftp-client.c
+++ b/sftp-client.c
@@ -28,7 +28,7 @@
 /* XXX: copy between two remote sites */
 
 #include "includes.h"
-RCSID("$OpenBSD: sftp-client.c,v 1.41 2003/01/14 10:58:00 djm Exp $");
+RCSID("$OpenBSD: sftp-client.c,v 1.42 2003/03/05 22:33:43 markus Exp $");
 
 #include "openbsd-compat/sys-queue.h"
 
@@ -374,6 +374,7 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag,
 				error("Couldn't read directory: %s",
 				    fx2txt(status));
 				do_close(conn, handle, handle_len);
+				xfree(handle);
 				return(status);
 			}
 		} else if (type != SSH2_FXP_NAME)
@@ -1113,6 +1114,8 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
 				    remote_path, fx2txt(status));
 				do_close(conn, handle, handle_len);
 				close(local_fd);
+				xfree(data);
+				xfree(ack);
 				goto done;
 			}
 			debug3("In write loop, ack for %u %u bytes at %llu",
diff --git a/sftp-int.c b/sftp-int.c
index 013ea84e..6987de9a 100644
--- a/sftp-int.c
+++ b/sftp-int.c
@@ -25,7 +25,7 @@
 /* XXX: recursive operations */
 
 #include "includes.h"
-RCSID("$OpenBSD: sftp-int.c,v 1.56 2003/01/16 03:41:55 djm Exp $");
+RCSID("$OpenBSD: sftp-int.c,v 1.57 2003/03/05 22:33:43 markus Exp $");
 
 #include "buffer.h"
 #include "xmalloc.h"
@@ -1104,6 +1104,7 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2)
 
 			err = parse_dispatch_command(conn, cmd, &pwd, 1);
 			xfree(dir);
+			xfree(pwd);
 			return (err);
 		}
 		xfree(dir);
diff --git a/sftp-server.c b/sftp-server.c
index 4eb31d94..0c00003f 100644
--- a/sftp-server.c
+++ b/sftp-server.c
@@ -22,7 +22,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-RCSID("$OpenBSD: sftp-server.c,v 1.39 2003/02/06 09:29:18 markus Exp $");
+RCSID("$OpenBSD: sftp-server.c,v 1.40 2003/03/05 22:33:43 markus Exp $");
 
 #include "buffer.h"
 #include "bufaux.h"
@@ -158,7 +158,7 @@ handle_new(int use, char *name, int fd, DIR *dirp)
 			handles[i].use = use;
 			handles[i].dirp = dirp;
 			handles[i].fd = fd;
-			handles[i].name = name;
+			handles[i].name = xstrdup(name);
 			return i;
 		}
 	}
@@ -230,9 +230,11 @@ handle_close(int handle)
 	if (handle_is_ok(handle, HANDLE_FILE)) {
 		ret = close(handles[handle].fd);
 		handles[handle].use = HANDLE_UNUSED;
+		xfree(handles[handle].name);
 	} else if (handle_is_ok(handle, HANDLE_DIR)) {
 		ret = closedir(handles[handle].dirp);
 		handles[handle].use = HANDLE_UNUSED;
+		xfree(handles[handle].name);
 	} else {
 		errno = ENOENT;
 	}
@@ -396,7 +398,7 @@ process_open(void)
 	if (fd < 0) {
 		status = errno_to_portable(errno);
 	} else {
-		handle = handle_new(HANDLE_FILE, xstrdup(name), fd, NULL);
+		handle = handle_new(HANDLE_FILE, name, fd, NULL);
 		if (handle < 0) {
 			close(fd);
 		} else {
@@ -681,7 +683,7 @@ process_opendir(void)
 	if (dirp == NULL) {
 		status = errno_to_portable(errno);
 	} else {
-		handle = handle_new(HANDLE_DIR, xstrdup(path), 0, dirp);
+		handle = handle_new(HANDLE_DIR, path, 0, dirp);
 		if (handle < 0) {
 			closedir(dirp);
 		} else {
diff --git a/ssh-add.c b/ssh-add.c
index 0c2ce163..9adec309 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -35,7 +35,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-add.c,v 1.65 2003/01/23 13:50:27 markus Exp $");
+RCSID("$OpenBSD: ssh-add.c,v 1.66 2003/03/05 22:33:43 markus Exp $");
 
 #include <openssl/evp.h>
 
@@ -195,6 +195,7 @@ static int
 update_card(AuthenticationConnection *ac, int add, const char *id)
 {
 	char *pin;
+	int ret = -1;
 
 	pin = read_passphrase("Enter passphrase for smartcard: ", RP_ALLOW_STDIN);
 	if (pin == NULL)
@@ -203,12 +204,14 @@ update_card(AuthenticationConnection *ac, int add, const char *id)
 	if (ssh_update_card(ac, add, id, pin)) {
 		fprintf(stderr, "Card %s: %s\n",
 		    add ? "added" : "removed", id);
-		return 0;
+		ret = 0;
 	} else {
 		fprintf(stderr, "Could not %s card: %s\n",
 		    add ? "add" : "remove", id);
-		return -1;
+		ret = -1;
 	}
+	xfree(pin);
+	return ret;
 }
 
 static int
diff --git a/sshconnect2.c b/sshconnect2.c
index 81d1b91c..1f92f029 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.111 2003/02/16 17:09:57 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.112 2003/03/05 22:33:43 markus Exp $");
 
 #include "ssh.h"
 #include "ssh2.h"
@@ -1014,6 +1014,7 @@ userauth_hostbased(Authctxt *authctxt)
 	strlcpy(chost, p, len);
 	strlcat(chost, ".", len);
 	debug2("userauth_hostbased: chost %s", chost);
+	xfree(p);
 
 	service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" :
 	    authctxt->service;