summaryrefslogtreecommitdiffstats
path: root/sshconnect2.c
diff options
context:
space:
mode:
Diffstat (limited to 'sshconnect2.c')
-rw-r--r--sshconnect2.c145
1 files changed, 68 insertions, 77 deletions
diff --git a/sshconnect2.c b/sshconnect2.c
index 7b83c591..19ed3459 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.196 2013/05/16 02:00:34 dtucker Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.197 2013/05/17 00:13:14 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Damien Miller. All rights reserved.
@@ -146,10 +146,10 @@ order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port)
if (*first != '\0')
debug3("%s: prefer hostkeyalgs: %s", __func__, first);
- xfree(first);
- xfree(last);
- xfree(hostname);
- xfree(oavail);
+ free(first);
+ free(last);
+ free(hostname);
+ free(oavail);
free_hostkeys(hostkeys);
return ret;
@@ -384,7 +384,7 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host,
if (packet_remaining() > 0) {
char *reply = packet_get_string(NULL);
debug2("service_accept: %s", reply);
- xfree(reply);
+ free(reply);
} else {
debug2("buggy server: service_accept w/o service");
}
@@ -431,15 +431,12 @@ userauth(Authctxt *authctxt, char *authlist)
if (authctxt->method != NULL && authctxt->method->cleanup != NULL)
authctxt->method->cleanup(authctxt);
- if (authctxt->methoddata) {
- xfree(authctxt->methoddata);
- authctxt->methoddata = NULL;
- }
+ free(authctxt->methoddata);
+ authctxt->methoddata = NULL;
if (authlist == NULL) {
authlist = authctxt->authlist;
} else {
- if (authctxt->authlist)
- xfree(authctxt->authlist);
+ free(authctxt->authlist);
authctxt->authlist = authlist;
}
for (;;) {
@@ -487,10 +484,10 @@ input_userauth_banner(int type, u_int32_t seq, void *ctxt)
msg = xmalloc(len * 4 + 1); /* max expansion from strnvis() */
strnvis(msg, raw, len * 4 + 1, VIS_SAFE|VIS_OCTAL|VIS_NOSLASH);
fprintf(stderr, "%s", msg);
- xfree(msg);
+ free(msg);
}
- xfree(raw);
- xfree(lang);
+ free(raw);
+ free(lang);
}
/* ARGSUSED */
@@ -501,16 +498,12 @@ input_userauth_success(int type, u_int32_t seq, void *ctxt)
if (authctxt == NULL)
fatal("input_userauth_success: no authentication context");
- if (authctxt->authlist) {
- xfree(authctxt->authlist);
- authctxt->authlist = NULL;
- }
+ free(authctxt->authlist);
+ authctxt->authlist = NULL;
if (authctxt->method != NULL && authctxt->method->cleanup != NULL)
authctxt->method->cleanup(authctxt);
- if (authctxt->methoddata) {
- xfree(authctxt->methoddata);
- authctxt->methoddata = NULL;
- }
+ free(authctxt->methoddata);
+ authctxt->methoddata = NULL;
authctxt->success = 1; /* break out */
}
@@ -599,7 +592,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt)
}
fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
debug2("input_userauth_pk_ok: fp %s", fp);
- xfree(fp);
+ free(fp);
/*
* search keys in the reverse order, because last candidate has been
@@ -615,8 +608,8 @@ input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt)
done:
if (key != NULL)
key_free(key);
- xfree(pkalg);
- xfree(pkblob);
+ free(pkalg);
+ free(pkblob);
/* try another method if we did not send a packet */
if (sent == 0)
@@ -754,7 +747,7 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt)
if (oidlen <= 2 ||
oidv[0] != SSH_GSS_OIDTYPE ||
oidv[1] != oidlen - 2) {
- xfree(oidv);
+ free(oidv);
debug("Badly encoded mechanism OID received");
userauth(authctxt, NULL);
return;
@@ -765,7 +758,7 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt)
packet_check_eom();
- xfree(oidv);
+ free(oidv);
if (GSS_ERROR(process_gssapi_token(ctxt, GSS_C_NO_BUFFER))) {
/* Start again with next method on list */
@@ -794,7 +787,7 @@ input_gssapi_token(int type, u_int32_t plen, void *ctxt)
status = process_gssapi_token(ctxt, &recv_tok);
- xfree(recv_tok.value);
+ free(recv_tok.value);
if (GSS_ERROR(status)) {
/* Start again with the next method in the list */
@@ -827,7 +820,7 @@ input_gssapi_errtok(int type, u_int32_t plen, void *ctxt)
(void)ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds,
&recv_tok, &send_tok, NULL);
- xfree(recv_tok.value);
+ free(recv_tok.value);
gss_release_buffer(&ms, &send_tok);
/* Server will be returning a failed packet after this one */
@@ -848,8 +841,8 @@ input_gssapi_error(int type, u_int32_t plen, void *ctxt)
packet_check_eom();
debug("Server GSSAPI Error:\n%s", msg);
- xfree(msg);
- xfree(lang);
+ free(msg);
+ free(lang);
}
#endif /* GSSAPI */
@@ -890,7 +883,7 @@ userauth_passwd(Authctxt *authctxt)
packet_put_char(0);
packet_put_cstring(password);
memset(password, 0, strlen(password));
- xfree(password);
+ free(password);
packet_add_padding(64);
packet_send();
@@ -923,8 +916,8 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt)
lang = packet_get_string(NULL);
if (strlen(info) > 0)
logit("%s", info);
- xfree(info);
- xfree(lang);
+ free(info);
+ free(lang);
packet_start(SSH2_MSG_USERAUTH_REQUEST);
packet_put_cstring(authctxt->server_user);
packet_put_cstring(authctxt->service);
@@ -936,7 +929,7 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt)
password = read_passphrase(prompt, 0);
packet_put_cstring(password);
memset(password, 0, strlen(password));
- xfree(password);
+ free(password);
password = NULL;
while (password == NULL) {
snprintf(prompt, sizeof(prompt),
@@ -953,16 +946,16 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt)
retype = read_passphrase(prompt, 0);
if (strcmp(password, retype) != 0) {
memset(password, 0, strlen(password));
- xfree(password);
+ free(password);
logit("Mismatch; try again, EOF to quit.");
password = NULL;
}
memset(retype, 0, strlen(retype));
- xfree(retype);
+ free(retype);
}
packet_put_cstring(password);
memset(password, 0, strlen(password));
- xfree(password);
+ free(password);
packet_add_padding(64);
packet_send();
@@ -1017,13 +1010,13 @@ jpake_password_to_secret(Authctxt *authctxt, const char *crypt_scheme,
bzero(password, strlen(password));
bzero(crypted, strlen(crypted));
- xfree(password);
- xfree(crypted);
+ free(password);
+ free(crypted);
if ((ret = BN_bin2bn(secret, secret_len, NULL)) == NULL)
fatal("%s: BN_bin2bn (secret)", __func__);
bzero(secret, secret_len);
- xfree(secret);
+ free(secret);
return ret;
}
@@ -1061,8 +1054,8 @@ input_userauth_jpake_server_step1(int type, u_int32_t seq, void *ctxt)
pctx->s = jpake_password_to_secret(authctxt, crypt_scheme, salt);
bzero(crypt_scheme, strlen(crypt_scheme));
bzero(salt, strlen(salt));
- xfree(crypt_scheme);
- xfree(salt);
+ free(crypt_scheme);
+ free(salt);
JPAKE_DEBUG_BN((pctx->s, "%s: s = ", __func__));
/* Calculate step 2 values */
@@ -1077,8 +1070,8 @@ input_userauth_jpake_server_step1(int type, u_int32_t seq, void *ctxt)
bzero(x3_proof, x3_proof_len);
bzero(x4_proof, x4_proof_len);
- xfree(x3_proof);
- xfree(x4_proof);
+ free(x3_proof);
+ free(x4_proof);
JPAKE_DEBUG_CTX((pctx, "step 2 sending in %s", __func__));
@@ -1089,7 +1082,7 @@ input_userauth_jpake_server_step1(int type, u_int32_t seq, void *ctxt)
packet_send();
bzero(x2_s_proof, x2_s_proof_len);
- xfree(x2_s_proof);
+ free(x2_s_proof);
/* Expect step 2 packet from peer */
dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP2,
@@ -1129,7 +1122,7 @@ input_userauth_jpake_server_step2(int type, u_int32_t seq, void *ctxt)
&pctx->h_k_cid_sessid, &pctx->h_k_cid_sessid_len);
bzero(x4_s_proof, x4_s_proof_len);
- xfree(x4_s_proof);
+ free(x4_s_proof);
JPAKE_DEBUG_CTX((pctx, "confirm sending in %s", __func__));
@@ -1211,7 +1204,7 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
fp = key_fingerprint(id->key, SSH_FP_MD5, SSH_FP_HEX);
debug3("sign_and_send_pubkey: %s %s", key_type(id->key), fp);
- xfree(fp);
+ free(fp);
if (key_to_blob(id->key, &blob, &bloblen) == 0) {
/* we cannot handle this key */
@@ -1246,7 +1239,7 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
ret = identity_sign(id, &signature, &slen,
buffer_ptr(&b), buffer_len(&b));
if (ret == -1) {
- xfree(blob);
+ free(blob);
buffer_free(&b);
return 0;
}
@@ -1266,11 +1259,11 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
buffer_put_cstring(&b, key_ssh_name(id->key));
buffer_put_string(&b, blob, bloblen);
}
- xfree(blob);
+ free(blob);
/* append signature */
buffer_put_string(&b, signature, slen);
- xfree(signature);
+ free(signature);
/* skip session id and packet type */
if (buffer_len(&b) < skip + 1)
@@ -1310,7 +1303,7 @@ send_pubkey_test(Authctxt *authctxt, Identity *id)
if (!(datafellows & SSH_BUG_PKAUTH))
packet_put_cstring(key_ssh_name(id->key));
packet_put_string(blob, bloblen);
- xfree(blob);
+ free(blob);
packet_send();
return 1;
}
@@ -1347,7 +1340,7 @@ load_identity_file(char *filename, int userprovided)
quit = 1;
}
memset(passphrase, 0, strlen(passphrase));
- xfree(passphrase);
+ free(passphrase);
if (private != NULL || quit)
break;
debug2("bad passphrase given, try again...");
@@ -1424,7 +1417,7 @@ pubkey_prepare(Authctxt *authctxt)
/* agent keys from the config file are preferred */
if (key_equal(key, id->key)) {
key_free(key);
- xfree(comment);
+ free(comment);
TAILQ_REMOVE(&files, id, next);
TAILQ_INSERT_TAIL(preferred, id, next);
id->ac = ac;
@@ -1470,9 +1463,8 @@ pubkey_cleanup(Authctxt *authctxt)
TAILQ_REMOVE(&authctxt->keys, id, next);
if (id->key)
key_free(id->key);
- if (id->filename)
- xfree(id->filename);
- xfree(id);
+ free(id->filename);
+ free(id);
}
}
@@ -1570,9 +1562,9 @@ input_userauth_info_req(int type, u_int32_t seq, void *ctxt)
logit("%s", name);
if (strlen(inst) > 0)
logit("%s", inst);
- xfree(name);
- xfree(inst);
- xfree(lang);
+ free(name);
+ free(inst);
+ free(lang);
num_prompts = packet_get_int();
/*
@@ -1593,8 +1585,8 @@ input_userauth_info_req(int type, u_int32_t seq, void *ctxt)
packet_put_cstring(response);
memset(response, 0, strlen(response));
- xfree(response);
- xfree(prompt);
+ free(response);
+ free(prompt);
}
packet_check_eom(); /* done with parsing incoming message. */
@@ -1714,12 +1706,12 @@ userauth_hostbased(Authctxt *authctxt)
if (p == NULL) {
error("userauth_hostbased: cannot get local ipaddr/name");
key_free(private);
- xfree(blob);
+ free(blob);
return 0;
}
xasprintf(&chost, "%s.", p);
debug2("userauth_hostbased: chost %s", chost);
- xfree(p);
+ free(p);
service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" :
authctxt->service;
@@ -1748,9 +1740,9 @@ userauth_hostbased(Authctxt *authctxt)
buffer_free(&b);
if (ok != 0) {
error("key_sign failed");
- xfree(chost);
- xfree(pkalg);
- xfree(blob);
+ free(chost);
+ free(pkalg);
+ free(blob);
return 0;
}
packet_start(SSH2_MSG_USERAUTH_REQUEST);
@@ -1763,10 +1755,10 @@ userauth_hostbased(Authctxt *authctxt)
packet_put_cstring(authctxt->local_user);
packet_put_string(signature, slen);
memset(signature, 's', slen);
- xfree(signature);
- xfree(chost);
- xfree(pkalg);
- xfree(blob);
+ free(signature);
+ free(chost);
+ free(pkalg);
+ free(blob);
packet_send();
return 1;
@@ -1821,8 +1813,8 @@ userauth_jpake(Authctxt *authctxt)
bzero(x1_proof, x1_proof_len);
bzero(x2_proof, x2_proof_len);
- xfree(x1_proof);
- xfree(x2_proof);
+ free(x1_proof);
+ free(x2_proof);
/* Expect step 1 packet from peer */
dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP1,
@@ -1899,8 +1891,7 @@ authmethod_get(char *authlist)
if (supported == NULL || strcmp(authlist, supported) != 0) {
debug3("start over, passed a different list %s", authlist);
- if (supported != NULL)
- xfree(supported);
+ free(supported);
supported = xstrdup(authlist);
preferred = options.preferred_authentications;
debug3("preferred %s", preferred);
@@ -1921,7 +1912,7 @@ authmethod_get(char *authlist)
authmethod_is_enabled(current)) {
debug3("authmethod_is_enabled %s", name);
debug("Next authentication method: %s", name);
- xfree(name);
+ free(name);
return current;
}
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-03 20:57:24 +0000