diff options
| author | Darren Tucker <dtucker@cvs.openbsd.org> | 2016-02-15 09:47:50 +0000 |
|---|---|---|
| committer | Darren Tucker <dtucker@cvs.openbsd.org> | 2016-02-15 09:47:50 +0000 |
| commit | 98fba69e0d9a5b781f4a2e0f863bc85c2c46248f (patch) | |
| tree | 1bb383438e25f0e0d3425d372ea5782082901db2 | |
| parent | 0f6af553e94b205cddf287a90d4fac6b885e5ec4 (diff) | |
Add a function to enable security-related malloc_options. With and ok
deraadt@, something similar has been in the snaps for a while.
| -rw-r--r-- | usr.bin/ssh/sftp-server-main.c | 4 | ||||
| -rw-r--r-- | usr.bin/ssh/sftp-server.c | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/sftp.c | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh-add.c | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh-agent.c | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh-keygen.c | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh-keyscan.c | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh-keysign.c | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh-pkcs11-helper.c | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh.c | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/sshd.c | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/xmalloc.c | 10 | ||||
| -rw-r--r-- | usr.bin/ssh/xmalloc.h | 3 |
13 files changed, 34 insertions, 13 deletions
diff --git a/usr.bin/ssh/sftp-server-main.c b/usr.bin/ssh/sftp-server-main.c index d17e834932b..4998263a75e 100644 --- a/usr.bin/ssh/sftp-server-main.c +++ b/usr.bin/ssh/sftp-server-main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-server-main.c,v 1.4 2009/02/21 19:32:04 tobias Exp $ */ +/* $OpenBSD: sftp-server-main.c,v 1.5 2016/02/15 09:47:49 dtucker Exp $ */ /* * Copyright (c) 2008 Markus Friedl. All rights reserved. * @@ -24,6 +24,7 @@ #include "log.h" #include "sftp.h" #include "misc.h" +#include "xmalloc.h" void cleanup_exit(int i) @@ -36,6 +37,7 @@ main(int argc, char **argv) { struct passwd *user_pw; + ssh_malloc_init(); /* must be called before any mallocs */ /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); diff --git a/usr.bin/ssh/sftp-server.c b/usr.bin/ssh/sftp-server.c index 19fbeaa85a6..cc1e5e2f2fe 100644 --- a/usr.bin/ssh/sftp-server.c +++ b/usr.bin/ssh/sftp-server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-server.c,v 1.108 2015/11/16 06:13:04 logan Exp $ */ +/* $OpenBSD: sftp-server.c,v 1.109 2016/02/15 09:47:49 dtucker Exp $ */ /* * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. * @@ -1483,6 +1483,7 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) extern char *optarg; extern char *__progname; + ssh_malloc_init(); /* must be called before any mallocs */ log_init(__progname, log_level, log_facility, log_stderr); pw = pwcopy(user_pw); diff --git a/usr.bin/ssh/sftp.c b/usr.bin/ssh/sftp.c index 50e2f5843ce..fbe8bacfc83 100644 --- a/usr.bin/ssh/sftp.c +++ b/usr.bin/ssh/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.171 2015/08/20 22:32:42 deraadt Exp $ */ +/* $OpenBSD: sftp.c,v 1.172 2016/02/15 09:47:49 dtucker Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> * @@ -2206,6 +2206,7 @@ main(int argc, char **argv) size_t num_requests = DEFAULT_NUM_REQUESTS; long long limit_kbps = 0; + ssh_malloc_init(); /* must be called before any mallocs */ /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); setlocale(LC_CTYPE, ""); diff --git a/usr.bin/ssh/ssh-add.c b/usr.bin/ssh/ssh-add.c index d45f64f4f93..c64f8d56edc 100644 --- a/usr.bin/ssh/ssh-add.c +++ b/usr.bin/ssh/ssh-add.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-add.c,v 1.127 2015/12/11 02:31:47 mmcc Exp $ */ +/* $OpenBSD: ssh-add.c,v 1.128 2016/02/15 09:47:49 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -473,6 +473,7 @@ main(int argc, char **argv) int r, i, ch, deleting = 0, ret = 0, key_only = 0; int xflag = 0, lflag = 0, Dflag = 0; + ssh_malloc_init(); /* must be called before any mallocs */ /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); diff --git a/usr.bin/ssh/ssh-agent.c b/usr.bin/ssh/ssh-agent.c index 771c4191f36..9b60b3857dc 100644 --- a/usr.bin/ssh/ssh-agent.c +++ b/usr.bin/ssh/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.211 2015/12/11 17:41:37 doug Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.212 2016/02/15 09:47:49 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -1179,6 +1179,7 @@ main(int ac, char **av) size_t len; mode_t prev_mask; + ssh_malloc_init(); /* must be called before any mallocs */ /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); diff --git a/usr.bin/ssh/ssh-keygen.c b/usr.bin/ssh/ssh-keygen.c index 34596ef2ea7..ab8d804b4df 100644 --- a/usr.bin/ssh/ssh-keygen.c +++ b/usr.bin/ssh/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.287 2015/12/11 03:19:09 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.288 2016/02/15 09:47:49 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -2248,6 +2248,7 @@ main(int argc, char **argv) extern int optind; extern char *optarg; + ssh_malloc_init(); /* must be called before any mallocs */ /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); diff --git a/usr.bin/ssh/ssh-keyscan.c b/usr.bin/ssh/ssh-keyscan.c index 570b34dd744..81c47110190 100644 --- a/usr.bin/ssh/ssh-keyscan.c +++ b/usr.bin/ssh/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.104 2015/11/08 23:24:03 jmc Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.105 2016/02/15 09:47:49 dtucker Exp $ */ /* * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. * @@ -676,6 +676,7 @@ main(int argc, char **argv) extern int optind; extern char *optarg; + ssh_malloc_init(); /* must be called before any mallocs */ TAILQ_INIT(&tq); /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ diff --git a/usr.bin/ssh/ssh-keysign.c b/usr.bin/ssh/ssh-keysign.c index 4f69cb0484d..c40bad96b3f 100644 --- a/usr.bin/ssh/ssh-keysign.c +++ b/usr.bin/ssh/ssh-keysign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keysign.c,v 1.51 2015/12/04 16:41:28 markus Exp $ */ +/* $OpenBSD: ssh-keysign.c,v 1.52 2016/02/15 09:47:49 dtucker Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. * @@ -169,6 +169,7 @@ main(int argc, char **argv) char *host, *fp; size_t slen, dlen; + ssh_malloc_init(); /* must be called before any mallocs */ if (pledge("stdio rpath getpw dns id", NULL) != 0) fatal("%s: pledge: %s", __progname, strerror(errno)); diff --git a/usr.bin/ssh/ssh-pkcs11-helper.c b/usr.bin/ssh/ssh-pkcs11-helper.c index 5e239882e20..5e0b64a6ad7 100644 --- a/usr.bin/ssh/ssh-pkcs11-helper.c +++ b/usr.bin/ssh/ssh-pkcs11-helper.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11-helper.c,v 1.11 2015/08/20 22:32:42 deraadt Exp $ */ +/* $OpenBSD: ssh-pkcs11-helper.c,v 1.12 2016/02/15 09:47:49 dtucker Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * @@ -272,6 +272,7 @@ main(int argc, char **argv) char buf[4*4096]; extern char *__progname; + ssh_malloc_init(); /* must be called before any mallocs */ TAILQ_INIT(&pkcs11_keylist); pkcs11_init(0); diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index 1215d720576..f7d6fa00717 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.435 2016/01/14 16:17:40 markus Exp $ */ +/* $OpenBSD: ssh.c,v 1.436 2016/02/15 09:47:49 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -512,6 +512,7 @@ main(int ac, char **av) struct ssh_digest_ctx *md; u_char conn_hash[SSH_DIGEST_MAX_LENGTH]; + ssh_malloc_init(); /* must be called before any mallocs */ /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c index f5c4442683e..6ec2b1790bd 100644 --- a/usr.bin/ssh/sshd.c +++ b/usr.bin/ssh/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.464 2016/01/29 02:54:45 dtucker Exp $ */ +/* $OpenBSD: sshd.c,v 1.465 2016/02/15 09:47:49 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -1407,6 +1407,7 @@ main(int ac, char **av) Authctxt *authctxt; struct connection_info *connection_info = get_connection_info(0, 0); + ssh_malloc_init(); /* must be called before any mallocs */ /* Save argv. */ saved_argv = av; rexec_argc = ac; diff --git a/usr.bin/ssh/xmalloc.c b/usr.bin/ssh/xmalloc.c index 0f37c616951..039cae2598e 100644 --- a/usr.bin/ssh/xmalloc.c +++ b/usr.bin/ssh/xmalloc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: xmalloc.c,v 1.32 2015/04/24 01:36:01 deraadt Exp $ */ +/* $OpenBSD: xmalloc.c,v 1.33 2016/02/15 09:47:49 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -22,6 +22,14 @@ #include "xmalloc.h" #include "log.h" +void +ssh_malloc_init(void) +{ + extern char *malloc_options; + + malloc_options = "S"; +} + void * xmalloc(size_t size) { diff --git a/usr.bin/ssh/xmalloc.h b/usr.bin/ssh/xmalloc.h index 2bec77ba8d3..e4992893276 100644 --- a/usr.bin/ssh/xmalloc.h +++ b/usr.bin/ssh/xmalloc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: xmalloc.h,v 1.15 2015/04/24 01:36:01 deraadt Exp $ */ +/* $OpenBSD: xmalloc.h,v 1.16 2016/02/15 09:47:49 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -16,6 +16,7 @@ * called by a name other than "ssh" or "Secure Shell". */ +void ssh_malloc_init(void); void *xmalloc(size_t); void *xcalloc(size_t, size_t); void *xreallocarray(void *, size_t, size_t); |