summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog17
-rw-r--r--addrmatch.c6
-rw-r--r--auth-chall.c12
-rw-r--r--auth-options.c60
-rw-r--r--auth-rsa.c6
-rw-r--r--auth.c16
-rw-r--r--auth1.c14
-rw-r--r--auth2-chall.c27
-rw-r--r--auth2-gss.c17
-rw-r--r--auth2-hostbased.c14
-rw-r--r--auth2-jpake.c24
-rw-r--r--auth2-kbdint.c6
-rw-r--r--auth2-passwd.c6
-rw-r--r--auth2-pubkey.c26
-rw-r--r--auth2.c17
-rw-r--r--authfd.c10
-rw-r--r--authfile.c10
-rw-r--r--bufaux.c6
-rw-r--r--bufbn.c18
-rw-r--r--bufec.c6
-rw-r--r--buffer.c4
-rw-r--r--canohost.c10
-rw-r--r--channels.c98
-rw-r--r--cipher-3des1.c6
-rw-r--r--cipher.c10
-rw-r--r--clientloop.c55
-rw-r--r--compat.c6
-rw-r--r--dns.c10
-rw-r--r--groupaccess.c5
-rw-r--r--gss-genr.c16
-rw-r--r--hostfile.c16
-rw-r--r--jpake.c8
-rw-r--r--kex.c18
-rw-r--r--kexdhc.c8
-rw-r--r--kexdhs.c8
-rw-r--r--kexecdhc.c8
-rw-r--r--kexecdhs.c8
-rw-r--r--kexgexc.c8
-rw-r--r--kexgexs.c8
-rw-r--r--key.c57
-rw-r--r--mac.c6
-rw-r--r--match.c15
-rw-r--r--misc.c12
-rw-r--r--moduli.c10
-rw-r--r--monitor.c125
-rw-r--r--monitor_mm.c13
-rw-r--r--monitor_wrap.c30
-rw-r--r--mux.c122
-rw-r--r--packet.c30
-rw-r--r--readconf.c30
-rw-r--r--readpass.c4
-rw-r--r--roaming_client.c9
-rw-r--r--rsa.c10
-rw-r--r--schnorr.c8
-rw-r--r--scp.c22
-rw-r--r--servconf.c9
-rw-r--r--serverloop.c32
-rw-r--r--session.c92
-rw-r--r--sftp-client.c54
-rw-r--r--sftp-common.c6
-rw-r--r--sftp-glob.c6
-rw-r--r--sftp-server.c58
-rw-r--r--sftp.c92
-rw-r--r--ssh-add.c20
-rw-r--r--ssh-agent.c63
-rw-r--r--ssh-dss.c10
-rw-r--r--ssh-ecdsa.c10
-rw-r--r--ssh-keygen.c104
-rw-r--r--ssh-keyscan.c16
-rw-r--r--ssh-keysign.c20
-rw-r--r--ssh-pkcs11-client.c10
-rw-r--r--ssh-pkcs11-helper.c23
-rw-r--r--ssh-pkcs11.c27
-rw-r--r--ssh-rsa.c23
-rw-r--r--ssh.c44
-rw-r--r--sshconnect.c41
-rw-r--r--sshconnect1.c18
-rw-r--r--sshconnect2.c145
-rw-r--r--sshd.c12
-rw-r--r--umac.c4
-rw-r--r--uuencode.c7
-rw-r--r--xmalloc.c10
-rw-r--r--xmalloc.h3
83 files changed, 987 insertions, 1103 deletions
diff --git a/ChangeLog b/ChangeLog
index 3fe13dfa..1de8ff83 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,23 @@
- (dtucker) [configure.ac defines.h] Test for fd_mask, howmany and NFDBITS
rather than trying to enumerate the plaforms that don't have them.
Based on a patch from Nathan Osman, with help from tim@.
+ - (dtucker) OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2013/05/17 00:13:13
+ [xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
+ ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
+ gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
+ auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
+ servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
+ auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
+ sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
+ kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
+ kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
+ monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
+ ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
+ sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
+ ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
+ dns.c packet.c readpass.c authfd.c moduli.c]
+ bye, bye xfree(); ok markus@
20130529
- (dtucker) [configure.ac openbsd-compat/bsd-misc.h] bz#2087: Add a null
diff --git a/addrmatch.c b/addrmatch.c
index 388603ca..fb6de92e 100644
--- a/addrmatch.c
+++ b/addrmatch.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: addrmatch.c,v 1.6 2012/06/21 00:16:07 dtucker Exp $ */
+/* $OpenBSD: addrmatch.c,v 1.7 2013/05/17 00:13:13 djm Exp $ */
/*
* Copyright (c) 2004-2008 Damien Miller <djm@mindrot.org>
@@ -420,7 +420,7 @@ addr_match_list(const char *addr, const char *_list)
goto foundit;
}
}
- xfree(o);
+ free(o);
return ret;
}
@@ -494,7 +494,7 @@ addr_match_cidr_list(const char *addr, const char *_list)
continue;
}
}
- xfree(o);
+ free(o);
return ret;
}
diff --git a/auth-chall.c b/auth-chall.c
index 919b1eaa..bfc51eae 100644
--- a/auth-chall.c
+++ b/auth-chall.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-chall.c,v 1.12 2006/08/03 03:34:41 deraadt Exp $ */
+/* $OpenBSD: auth-chall.c,v 1.13 2013/05/17 00:13:13 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
@@ -69,11 +69,11 @@ get_challenge(Authctxt *authctxt)
fatal("get_challenge: numprompts < 1");
challenge = xstrdup(prompts[0]);
for (i = 0; i < numprompts; i++)
- xfree(prompts[i]);
- xfree(prompts);
- xfree(name);
- xfree(echo_on);
- xfree(info);
+ free(prompts[i]);
+ free(prompts);
+ free(name);
+ free(echo_on);
+ free(info);
return (challenge);
}
diff --git a/auth-options.c b/auth-options.c
index 23d0423e..a8d738ac 100644
--- a/auth-options.c
+++ b/auth-options.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-options.c,v 1.57 2012/12/02 20:46:11 djm Exp $ */
+/* $OpenBSD: auth-options.c,v 1.58 2013/05/17 00:13:13 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -72,15 +72,15 @@ auth_clear_options(void)
while (custom_environment) {
struct envstring *ce = custom_environment;
custom_environment = ce->next;
- xfree(ce->s);
- xfree(ce);
+ free(ce->s);
+ free(ce);
}
if (forced_command) {
- xfree(forced_command);
+ free(forced_command);
forced_command = NULL;
}
if (authorized_principals) {
- xfree(authorized_principals);
+ free(authorized_principals);
authorized_principals = NULL;
}
forced_tun_device = -1;
@@ -149,7 +149,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
if (strncasecmp(opts, cp, strlen(cp)) == 0) {
opts += strlen(cp);
if (forced_command != NULL)
- xfree(forced_command);
+ free(forced_command);
forced_command = xmalloc(strlen(opts) + 1);
i = 0;
while (*opts) {
@@ -167,7 +167,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
file, linenum);
auth_debug_add("%.100s, line %lu: missing end quote",
file, linenum);
- xfree(forced_command);
+ free(forced_command);
forced_command = NULL;
goto bad_option;
}
@@ -180,7 +180,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
if (strncasecmp(opts, cp, strlen(cp)) == 0) {
opts += strlen(cp);
if (authorized_principals != NULL)
- xfree(authorized_principals);
+ free(authorized_principals);
authorized_principals = xmalloc(strlen(opts) + 1);
i = 0;
while (*opts) {
@@ -198,7 +198,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
file, linenum);
auth_debug_add("%.100s, line %lu: missing end quote",
file, linenum);
- xfree(authorized_principals);
+ free(authorized_principals);
authorized_principals = NULL;
goto bad_option;
}
@@ -232,7 +232,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
file, linenum);
auth_debug_add("%.100s, line %lu: missing end quote",
file, linenum);
- xfree(s);
+ free(s);
goto bad_option;
}
s[i] = '\0';
@@ -269,7 +269,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
file, linenum);
auth_debug_add("%.100s, line %lu: missing end quote",
file, linenum);
- xfree(patterns);
+ free(patterns);
goto bad_option;
}
patterns[i] = '\0';
@@ -277,7 +277,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
switch (match_host_and_ip(remote_host, remote_ip,
patterns)) {
case 1:
- xfree(patterns);
+ free(patterns);
/* Host name matches. */
goto next_option;
case -1:
@@ -287,7 +287,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
"invalid criteria", file, linenum);
/* FALLTHROUGH */
case 0:
- xfree(patterns);
+ free(patterns);
logit("Authentication tried for %.100s with "
"correct key but not from a permitted "
"host (host=%.200s, ip=%.200s).",
@@ -323,7 +323,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
file, linenum);
auth_debug_add("%.100s, line %lu: missing "
"end quote", file, linenum);
- xfree(patterns);
+ free(patterns);
goto bad_option;
}
patterns[i] = '\0';
@@ -337,7 +337,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
auth_debug_add("%.100s, line %lu: "
"Bad permitopen specification", file,
linenum);
- xfree(patterns);
+ free(patterns);
goto bad_option;
}
host = cleanhostname(host);
@@ -346,12 +346,12 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
"<%.100s>", file, linenum, p ? p : "");
auth_debug_add("%.100s, line %lu: "
"Bad permitopen port", file, linenum);
- xfree(patterns);
+ free(patterns);
goto bad_option;
}
if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0)
channel_add_permitted_opens(host, port);
- xfree(patterns);
+ free(patterns);
goto next_option;
}
cp = "tunnel=\"";
@@ -370,13 +370,13 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
file, linenum);
auth_debug_add("%.100s, line %lu: missing end quote",
file, linenum);
- xfree(tun);
+ free(tun);
forced_tun_device = -1;
goto bad_option;
}
tun[i] = '\0';
forced_tun_device = a2tun(tun, NULL);
- xfree(tun);
+ free(tun);
if (forced_tun_device == SSH_TUNID_ERR) {
debug("%.100s, line %lu: invalid tun device",
file, linenum);
@@ -484,7 +484,7 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
if (*cert_forced_command != NULL) {
error("Certificate has multiple "
"force-command options");
- xfree(command);
+ free(command);
goto out;
}
*cert_forced_command = command;
@@ -500,7 +500,7 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
if ((*cert_source_address_done)++) {
error("Certificate has multiple "
"source-address options");
- xfree(allowed);
+ free(allowed);
goto out;
}
remote_ip = get_remote_ipaddr();
@@ -508,7 +508,7 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
allowed)) {
case 1:
/* accepted */
- xfree(allowed);
+ free(allowed);
break;
case 0:
/* no match */
@@ -521,12 +521,12 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
"is not permitted to use this "
"certificate for login.",
remote_ip);
- xfree(allowed);
+ free(allowed);
goto out;
case -1:
error("Certificate source-address "
"contents invalid");
- xfree(allowed);
+ free(allowed);
goto out;
}
found = 1;
@@ -548,8 +548,8 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
goto out;
}
buffer_clear(&data);
- xfree(name);
- xfree(data_blob);
+ free(name);
+ free(data_blob);
name = data_blob = NULL;
}
/* successfully parsed all options */
@@ -559,13 +559,13 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
if (ret != 0 &&
cert_forced_command != NULL &&
*cert_forced_command != NULL) {
- xfree(*cert_forced_command);
+ free(*cert_forced_command);
*cert_forced_command = NULL;
}
if (name != NULL)
- xfree(name);
+ free(name);
if (data_blob != NULL)
- xfree(data_blob);
+ free(data_blob);
buffer_free(&data);
buffer_free(&c);
return ret;
@@ -627,7 +627,7 @@ auth_cert_options(Key *k, struct passwd *pw)
/* CA-specified forced command supersedes key option */
if (cert_forced_command != NULL) {
if (forced_command != NULL)
- xfree(forced_command);
+ free(forced_command);
forced_command = cert_forced_command;
}
return 0;
diff --git a/auth-rsa.c b/auth-rsa.c
index 2c8a7cb3..748eaae0 100644
--- a/auth-rsa.c
+++ b/auth-rsa.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-rsa.c,v 1.81 2012/10/30 21:29:54 djm Exp $ */
+/* $OpenBSD: auth-rsa.c,v 1.82 2013/05/17 00:13:13 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -281,7 +281,7 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
file = expand_authorized_keys(
options.authorized_keys_files[i], pw);
allowed = rsa_key_allowed_in_file(pw, file, client_n, rkey);
- xfree(file);
+ free(file);
}
restore_uid();
@@ -331,7 +331,7 @@ auth_rsa(Authctxt *authctxt, BIGNUM *client_n)
fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
verbose("Found matching %s key: %s",
key_type(key), fp);
- xfree(fp);
+ free(fp);
key_free(key);
packet_send_debug("RSA authentication accepted.");
diff --git a/auth.c b/auth.c
index 666c493d..ac126e6f 100644
--- a/auth.c
+++ b/auth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.c,v 1.101 2013/02/06 00:22:21 dtucker Exp $ */
+/* $OpenBSD: auth.c,v 1.102 2013/05/17 00:13:13 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -165,17 +165,17 @@ allowed_user(struct passwd * pw)
if (stat(shell, &st) != 0) {
logit("User %.100s not allowed because shell %.100s "
"does not exist", pw->pw_name, shell);
- xfree(shell);
+ free(shell);
return 0;
}
if (S_ISREG(st.st_mode) == 0 ||
(st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)) == 0) {
logit("User %.100s not allowed because shell %.100s "
"is not executable", pw->pw_name, shell);
- xfree(shell);
+ free(shell);
return 0;
}
- xfree(shell);
+ free(shell);
}
if (options.num_deny_users > 0 || options.num_allow_users > 0 ||
@@ -355,7 +355,7 @@ expand_authorized_keys(const char *filename, struct passwd *pw)
i = snprintf(ret, sizeof(ret), "%s/%s", pw->pw_dir, file);
if (i < 0 || (size_t)i >= sizeof(ret))
fatal("expand_authorized_keys: path too long");
- xfree(file);
+ free(file);
return (xstrdup(ret));
}
@@ -397,7 +397,7 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host,
load_hostkeys(hostkeys, host, user_hostfile);
restore_uid();
}
- xfree(user_hostfile);
+ free(user_hostfile);
}
host_status = check_key_in_hostkeys(hostkeys, key, &found);
if (host_status == HOST_REVOKED)
@@ -666,7 +666,7 @@ auth_key_is_revoked(Key *key)
key_fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
error("WARNING: authentication attempt with a revoked "
"%s key %s ", key_type(key), key_fp);
- xfree(key_fp);
+ free(key_fp);
return 1;
}
fatal("key_in_file returned junk");
@@ -697,7 +697,7 @@ auth_debug_send(void)
while (buffer_len(&auth_debug)) {
msg = buffer_get_string(&auth_debug, NULL);
packet_send_debug("%s", msg);
- xfree(msg);
+ free(msg);
}
}
diff --git a/auth1.c b/auth1.c
index 6eea8d81..238b3c9c 100644
--- a/auth1.c
+++ b/auth1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth1.c,v 1.77 2012/12/02 20:34:09 djm Exp $ */
+/* $OpenBSD: auth1.c,v 1.78 2013/05/17 00:13:13 djm Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
@@ -130,7 +130,7 @@ auth1_process_password(Authctxt *authctxt, char *info, size_t infolen)
authenticated = PRIVSEP(auth_password(authctxt, password));
memset(password, 0, dlen);
- xfree(password);
+ free(password);
return (authenticated);
}
@@ -204,7 +204,7 @@ auth1_process_tis_challenge(Authctxt *authctxt, char *info, size_t infolen)
debug("sending challenge '%s'", challenge);
packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE);
packet_put_cstring(challenge);
- xfree(challenge);
+ free(challenge);
packet_send();
packet_write_wait();
@@ -223,7 +223,7 @@ auth1_process_tis_response(Authctxt *authctxt, char *info, size_t infolen)
packet_check_eom();
authenticated = verify_response(authctxt, response);
memset(response, 'r', dlen);
- xfree(response);
+ free(response);
return (authenticated);
}
@@ -356,10 +356,8 @@ do_authloop(Authctxt *authctxt)
auth_log(authctxt, authenticated, 0, get_authname(type),
NULL, info);
- if (client_user != NULL) {
- xfree(client_user);
- client_user = NULL;
- }
+ free(client