diff options
| author | Jacques Vidrine <nectar@FreeBSD.org> | 2003-09-17 14:52:43 +0000 |
|---|---|---|
| committer | Jacques Vidrine <nectar@FreeBSD.org> | 2003-09-17 14:52:43 +0000 |
| commit | 5232c9cc42bae75d91105ba6604d5d97ada88f0e (patch) | |
| tree | 134f8ebdf42b9819389006e6e5882391686621db | |
| parent | 971a9eeda4bd581ebab810f7c5c7f7b78cd6a77e (diff) | |
Notes
| -rw-r--r-- | UPDATING | 3 | ||||
| -rw-r--r-- | crypto/openssh/buffer.c | 13 | ||||
| -rw-r--r-- | crypto/openssh/channels.c | 5 | ||||
| -rw-r--r-- | crypto/openssh/deattack.c | 4 | ||||
| -rw-r--r-- | crypto/openssh/misc.c | 11 | ||||
| -rw-r--r-- | crypto/openssh/session.c | 16 | ||||
| -rw-r--r-- | crypto/openssh/ssh-agent.c | 15 | ||||
| -rw-r--r-- | crypto/openssh/version.h | 2 | ||||
| -rw-r--r-- | sys/conf/newvers.sh | 2 |
9 files changed, 43 insertions, 28 deletions
@@ -17,6 +17,9 @@ minimal number of processes, if possible, for that patch. For those updates that don't have an advisory, or to be safe, you can do a full build and install as described in the COMMON ITEMS section. +20030916: p16 FreeBSD-SA-03:12.openssh + Follow-up fixes for OpenSSH oversized packet buffer handling. + 20030916: p15 FreeBSD-SA-03:12.openssh OpenSSH oversized packet buffer handling corrected. diff --git a/crypto/openssh/buffer.c b/crypto/openssh/buffer.c index 9370998c97ce..d50756bdbfbc 100644 --- a/crypto/openssh/buffer.c +++ b/crypto/openssh/buffer.c @@ -23,8 +23,11 @@ RCSID("$OpenBSD: buffer.c,v 1.16 2002/06/26 08:54:18 markus Exp $"); void buffer_init(Buffer *buffer) { - buffer->alloc = 4096; - buffer->buf = xmalloc(buffer->alloc); + const u_int len = 4096; + + buffer->alloc = 0; + buffer->buf = xmalloc(len); + buffer->alloc = len; buffer->offset = 0; buffer->end = 0; } @@ -34,8 +37,10 @@ buffer_init(Buffer *buffer) void buffer_free(Buffer *buffer) { - memset(buffer->buf, 0, buffer->alloc); - xfree(buffer->buf); + if (buffer->alloc > 0) { + memset(buffer->buf, 0, buffer->alloc); + xfree(buffer->buf); + } } /* diff --git a/crypto/openssh/channels.c b/crypto/openssh/channels.c index 25d23e3ce999..89a78755012d 100644 --- a/crypto/openssh/channels.c +++ b/crypto/openssh/channels.c @@ -229,12 +229,13 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd, if (found == -1) { /* There are no free slots. Take last+1 slot and expand the array. */ found = channels_alloc; - channels_alloc += 10; if (channels_alloc > 10000) fatal("channel_new: internal error: channels_alloc %d " "too big.", channels_alloc); + channels = xrealloc(channels, + (channels_alloc + 10) * sizeof(Channel *)); + channels_alloc += 10; debug2("channel: expanding %d", channels_alloc); - channels = xrealloc(channels, channels_alloc * sizeof(Channel *)); for (i = found; i < channels_alloc; i++) channels[i] = NULL; } diff --git a/crypto/openssh/deattack.c b/crypto/openssh/deattack.c index 0442501e7a17..7bf2749fceb3 100644 --- a/crypto/openssh/deattack.c +++ b/crypto/openssh/deattack.c @@ -100,12 +100,12 @@ detect_attack(u_char *buf, u_int32_t len, u_char *IV) if (h == NULL) { debug("Installing crc compensation attack detector."); + h = (u_int16_t *) xmalloc(l * HASH_ENTRYSIZE); n = l; - h = (u_int16_t *) xmalloc(n * HASH_ENTRYSIZE); } else { if (l > n) { + h = (u_int16_t *) xrealloc(h, l * HASH_ENTRYSIZE); n = l; - h = (u_int16_t *) xrealloc(h, n * HASH_ENTRYSIZE); } } diff --git a/crypto/openssh/misc.c b/crypto/openssh/misc.c index e9fcef6ca301..1b62804b7814 100644 --- a/crypto/openssh/misc.c +++ b/crypto/openssh/misc.c @@ -308,18 +308,21 @@ addargs(arglist *args, char *fmt, ...) { va_list ap; char buf[1024]; + int nalloc; va_start(ap, fmt); vsnprintf(buf, sizeof(buf), fmt, ap); va_end(ap); + nalloc = args->nalloc; if (args->list == NULL) { - args->nalloc = 32; + nalloc = 32; args->num = 0; - } else if (args->num+2 >= args->nalloc) - args->nalloc *= 2; + } else if (args->num+2 >= nalloc) + nalloc *= 2; - args->list = xrealloc(args->list, args->nalloc * sizeof(char *)); + args->list = xrealloc(args->list, nalloc * sizeof(char *)); + args->nalloc = nalloc; args->list[args->num++] = xstrdup(buf); args->list[args->num] = NULL; } diff --git a/crypto/openssh/session.c b/crypto/openssh/session.c index 87139cf8f513..0a0bbdcf8751 100644 --- a/crypto/openssh/session.c +++ b/crypto/openssh/session.c @@ -850,8 +850,9 @@ static void child_set_env(char ***envp, u_int *envsizep, const char *name, const char *value) { - u_int i, namelen; char **env; + u_int envsize; + u_int i, namelen; /* * Find the slot where the value should be stored. If the variable @@ -868,12 +869,13 @@ child_set_env(char ***envp, u_int *envsizep, const char *name, xfree(env[i]); } else { /* New variable. Expand if necessary. */ - if (i >= (*envsizep) - 1) { - if (*envsizep >= 1000) - fatal("child_set_env: too many env vars," - " skipping: %.100s", name); - (*envsizep) += 50; - env = (*envp) = xrealloc(env, (*envsizep) * sizeof(char *)); + envsize = *envsizep; + if (i >= envsize - 1) { + if (envsize >= 1000) + fatal("child_set_env: too many env vars"); + envsize += 50; + env = (*envp) = xrealloc(env, envsize * sizeof(char *)); + *envsizep = envsize; } /* Need to set the NULL pointer at end of array beyond the new slot. */ env[i + 1] = NULL; diff --git a/crypto/openssh/ssh-agent.c b/crypto/openssh/ssh-agent.c index 4ff5b5418180..bce57431bea8 100644 --- a/crypto/openssh/ssh-agent.c +++ b/crypto/openssh/ssh-agent.c @@ -715,7 +715,7 @@ process_message(SocketEntry *e) static void new_socket(sock_type type, int fd) { - u_int i, old_alloc; + u_int i, old_alloc, new_alloc; if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0) error("fcntl O_NONBLOCK: %s", strerror(errno)); @@ -726,25 +726,26 @@ new_socket(sock_type type, int fd) for (i = 0; i < sockets_alloc; i++) if (sockets[i].type == AUTH_UNUSED) { sockets[i].fd = fd; - sockets[i].type = type; buffer_init(&sockets[i].input); buffer_init(&sockets[i].output); buffer_init(&sockets[i].request); + sockets[i].type = type; return; } old_alloc = sockets_alloc; - sockets_alloc += 10; + new_alloc = sockets_alloc + 10; if (sockets) - sockets = xrealloc(sockets, sockets_alloc * sizeof(sockets[0])); + sockets = xrealloc(sockets, new_alloc * sizeof(sockets[0])); else - sockets = xmalloc(sockets_alloc * sizeof(sockets[0])); - for (i = old_alloc; i < sockets_alloc; i++) + sockets = xmalloc(new_alloc * sizeof(sockets[0])); + for (i = old_alloc; i < new_alloc; i++) sockets[i].type = AUTH_UNUSED; - sockets[old_alloc].type = type; + sockets_alloc = new_alloc; sockets[old_alloc].fd = fd; buffer_init(&sockets[old_alloc].input); buffer_init(&sockets[old_alloc].output); buffer_init(&sockets[old_alloc].request); + sockets[old_alloc].type = type; } static int diff --git a/crypto/openssh/version.h b/crypto/openssh/version.h index fb662d25ec93..a55bbb8ea203 100644 --- a/crypto/openssh/version.h +++ b/crypto/openssh/version.h @@ -5,7 +5,7 @@ #define SSH_VERSION (ssh_version_get()) #define SSH_VERSION_BASE "OpenSSH_3.4p1" -#define SSH_VERSION_ADDENDUM "FreeBSD-20030916" +#define SSH_VERSION_ADDENDUM "FreeBSD-20030917" const char *ssh_version_get(void); void ssh_version_set_addendum(const char *add); diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh index cec247ab4dc3..347853810561 100644 --- a/sys/conf/newvers.sh +++ b/sys/conf/newvers.sh @@ -36,7 +36,7 @@ TYPE="FreeBSD" REVISION="4.7" -BRANCH="RELEASE-p15" +BRANCH="RELEASE-p16" RELEASE="${REVISION}-${BRANCH}" VERSION="${TYPE} ${RELEASE}" |