summaryrefslogtreecommitdiff
path: root/usr.bin/ssh
diff options
context:
space:
mode:
authorDamien Miller <djm@cvs.openbsd.org>2006-03-25 00:05:42 +0000
committerDamien Miller <djm@cvs.openbsd.org>2006-03-25 00:05:42 +0000
commit2deaa1649526d4ce68eed29e66d89d32fea75950 (patch)
treed92b455fbeda76727a52c07da67f7c2fbf210a5e /usr.bin/ssh
parent8748ab126c563a181843be1e20e74225a6c34369 (diff)
introduce xcalloc() and xasprintf() failure-checked allocations functions
and use them throughout openssh xcalloc is particularly important because malloc(nmemb * size) is a dangerous idiom (subject to integer overflow) and it is time for it to die feedback and ok deraadt@
Diffstat (limited to 'usr.bin/ssh')
-rw-r--r--usr.bin/ssh/auth-bsdauth.c5
-rw-r--r--usr.bin/ssh/auth-skey.c11
-rw-r--r--usr.bin/ssh/auth.c12
-rw-r--r--usr.bin/ssh/auth2-chall.c2
-rw-r--r--usr.bin/ssh/channels.c7
-rw-r--r--usr.bin/ssh/clientloop.c5
-rw-r--r--usr.bin/ssh/deattack.c2
-rw-r--r--usr.bin/ssh/gss-genr.c6
-rw-r--r--usr.bin/ssh/kex.c8
-rw-r--r--usr.bin/ssh/key.c10
-rw-r--r--usr.bin/ssh/misc.c6
-rw-r--r--usr.bin/ssh/moduli.c17
-rw-r--r--usr.bin/ssh/monitor.c6
-rw-r--r--usr.bin/ssh/monitor_wrap.c10
-rw-r--r--usr.bin/ssh/packet.c4
-rw-r--r--usr.bin/ssh/scard.c2
-rw-r--r--usr.bin/ssh/sftp-server.c2
-rw-r--r--usr.bin/ssh/ssh-agent.c9
-rw-r--r--usr.bin/ssh/ssh-keyscan.c18
-rw-r--r--usr.bin/ssh/ssh.c5
-rw-r--r--usr.bin/ssh/sshconnect.c17
-rw-r--r--usr.bin/ssh/sshconnect2.c10
-rw-r--r--usr.bin/ssh/sshd.c16
-rw-r--r--usr.bin/ssh/uuencode.c7
-rw-r--r--usr.bin/ssh/xmalloc.c32
-rw-r--r--usr.bin/ssh/xmalloc.h6
26 files changed, 112 insertions, 123 deletions
diff --git a/usr.bin/ssh/auth-bsdauth.c b/usr.bin/ssh/auth-bsdauth.c
index f48b43174de..2ccbc9d4356 100644
--- a/usr.bin/ssh/auth-bsdauth.c
+++ b/usr.bin/ssh/auth-bsdauth.c
@@ -68,9 +68,8 @@ bsdauth_query(void *ctx, char **name, char **infotxt,
*name = xstrdup("");
*infotxt = xstrdup("");
*numprompts = 1;
- *prompts = xmalloc(*numprompts * sizeof(char *));
- *echo_on = xmalloc(*numprompts * sizeof(u_int));
- (*echo_on)[0] = 0;
+ *prompts = xcalloc(*numprompts, sizeof(char *));
+ *echo_on = xcalloc(*numprompts, sizeof(u_int));
(*prompts)[0] = xstrdup(challenge);
return 0;
diff --git a/usr.bin/ssh/auth-skey.c b/usr.bin/ssh/auth-skey.c
index 030e59ae793..81f6f5e6e18 100644
--- a/usr.bin/ssh/auth-skey.c
+++ b/usr.bin/ssh/auth-skey.c
@@ -52,15 +52,10 @@ skey_query(void *ctx, char **name, char **infotxt,
*name = xstrdup("");
*infotxt = xstrdup("");
*numprompts = 1;
- *prompts = xmalloc(*numprompts * sizeof(char *));
- *echo_on = xmalloc(*numprompts * sizeof(u_int));
- (*echo_on)[0] = 0;
+ *prompts = xcalloc(*numprompts, sizeof(char *));
+ *echo_on = xcalloc(*numprompts, sizeof(u_int));
- len = strlen(challenge) + strlen(SKEY_PROMPT) + 1;
- p = xmalloc(len);
- strlcpy(p, challenge, len);
- strlcat(p, SKEY_PROMPT, len);
- (*prompts)[0] = p;
+ xasprintf(*prompts, "%s%s", challenge, SKEY_PROMPT);
return 0;
}
diff --git a/usr.bin/ssh/auth.c b/usr.bin/ssh/auth.c
index da28d388a70..9112f712337 100644
--- a/usr.bin/ssh/auth.c
+++ b/usr.bin/ssh/auth.c
@@ -222,7 +222,8 @@ auth_root_allowed(char *method)
static char *
expand_authorized_keys(const char *filename, struct passwd *pw)
{
- char *file, *ret;
+ char *file, ret[MAXPATHLEN];
+ int i;
file = percent_expand(filename, "h", pw->pw_dir,
"u", pw->pw_name, (char *)NULL);
@@ -234,14 +235,11 @@ expand_authorized_keys(const char *filename, struct passwd *pw)
if (*file == '/')
return (file);
- ret = xmalloc(MAXPATHLEN);
- if (strlcpy(ret, pw->pw_dir, MAXPATHLEN) >= MAXPATHLEN ||
- strlcat(ret, "/", MAXPATHLEN) >= MAXPATHLEN ||
- strlcat(ret, file, MAXPATHLEN) >= MAXPATHLEN)
+ i = snprintf(ret, sizeof(ret), "%s/%s", pw->pw_dir, file);
+ if (i < 0 || (size_t)i >= sizeof(ret))
fatal("expand_authorized_keys: path too long");
-
xfree(file);
- return (ret);
+ return (xstrdup(ret));
}
char *
diff --git a/usr.bin/ssh/auth2-chall.c b/usr.bin/ssh/auth2-chall.c
index 7c7012625b6..be27677d4d2 100644
--- a/usr.bin/ssh/auth2-chall.c
+++ b/usr.bin/ssh/auth2-chall.c
@@ -260,7 +260,7 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
if (nresp > 100)
fatal("input_userauth_info_response: too many replies");
if (nresp > 0) {
- response = xmalloc(nresp * sizeof(char *));
+ response = xcalloc(nresp, sizeof(char *));
for (i = 0; i < nresp; i++)
response[i] = packet_get_string(NULL);
}
diff --git a/usr.bin/ssh/channels.c b/usr.bin/ssh/channels.c
index a27269c2645..ce863f00e53 100644
--- a/usr.bin/ssh/channels.c
+++ b/usr.bin/ssh/channels.c
@@ -248,7 +248,7 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd,
/* Do initial allocation if this is the first call. */
if (channels_alloc == 0) {
channels_alloc = 10;
- channels = xmalloc(channels_alloc * sizeof(Channel *));
+ channels = xcalloc(channels_alloc, sizeof(Channel *));
for (i = 0; i < channels_alloc; i++)
channels[i] = NULL;
}
@@ -273,8 +273,7 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd,
channels[i] = NULL;
}
/* Initialize and return new channel. */
- c = channels[found] = xmalloc(sizeof(Channel));
- memset(c, 0, sizeof(Channel));
+ c = channels[found] = xcalloc(1, sizeof(Channel));
buffer_init(&c->input);
buffer_init(&c->output);
buffer_init(&c->extended);
@@ -2808,7 +2807,7 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
}
/* Allocate a channel for each socket. */
- *chanids = xmalloc(sizeof(**chanids) * (num_socks + 1));
+ *chanids = xcalloc(num_socks + 1, sizeof(**chanids));
for (n = 0; n < num_socks; n++) {
sock = socks[n];
nc = channel_new("x11 listener",
diff --git a/usr.bin/ssh/clientloop.c b/usr.bin/ssh/clientloop.c
index 89d7af88017..ebc002918ff 100644
--- a/usr.bin/ssh/clientloop.c
+++ b/usr.bin/ssh/clientloop.c
@@ -816,8 +816,7 @@ client_process_control(fd_set * readset)
return;
}
- cctx = xmalloc(sizeof(*cctx));
- memset(cctx, 0, sizeof(*cctx));
+ cctx = xcalloc(1, sizeof(*cctx));
cctx->want_tty = (flags & SSHMUX_FLAG_TTY) != 0;
cctx->want_subsys = (flags & SSHMUX_FLAG_SUBSYS) != 0;
cctx->want_x_fwd = (flags & SSHMUX_FLAG_X11_FWD) != 0;
@@ -832,7 +831,7 @@ client_process_control(fd_set * readset)
env_len = MIN(env_len, 4096);
debug3("%s: receiving %d env vars", __func__, env_len);
if (env_len != 0) {
- cctx->env = xmalloc(sizeof(*cctx->env) * (env_len + 1));
+ cctx->env = xcalloc(env_len + 1, sizeof(*cctx->env));
for (i = 0; i < env_len; i++)
cctx->env[i] = buffer_get_string(&m, &len);
cctx->env[i] = NULL;
diff --git a/usr.bin/ssh/deattack.c b/usr.bin/ssh/deattack.c
index bf4451b8814..746ff5d43ad 100644
--- a/usr.bin/ssh/deattack.c
+++ b/usr.bin/ssh/deattack.c
@@ -93,7 +93,7 @@ detect_attack(u_char *buf, u_int32_t len)
if (h == NULL) {
debug("Installing crc compensation attack detector.");
- h = (u_int16_t *) xmalloc(l * HASH_ENTRYSIZE);
+ h = (u_int16_t *) xcalloc(l, HASH_ENTRYSIZE);
n = l;
} else {
if (l > n) {
diff --git a/usr.bin/ssh/gss-genr.c b/usr.bin/ssh/gss-genr.c
index 8d75ee5c7bb..9cedfcdc356 100644
--- a/usr.bin/ssh/gss-genr.c
+++ b/usr.bin/ssh/gss-genr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: gss-genr.c,v 1.7 2006/03/20 04:07:49 djm Exp $ */
+/* $OpenBSD: gss-genr.c,v 1.8 2006/03/25 00:05:41 djm Exp $ */
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -135,9 +135,7 @@ ssh_gssapi_last_error(Gssctxt *ctxt, OM_uint32 *major_status,
void
ssh_gssapi_build_ctx(Gssctxt **ctx)
{
- *ctx = xmalloc(sizeof (Gssctxt));
- (*ctx)->major = 0;
- (*ctx)->minor = 0;
+ *ctx = xcalloc(1, sizeof (Gssctxt));
(*ctx)->context = GSS_C_NO_CONTEXT;
(*ctx)->name = GSS_C_NO_NAME;
(*ctx)->oid = GSS_C_NO_OID;
diff --git a/usr.bin/ssh/kex.c b/usr.bin/ssh/kex.c
index b32dbc8114e..ec40e439dc0 100644
--- a/usr.bin/ssh/kex.c
+++ b/usr.bin/ssh/kex.c
@@ -76,7 +76,7 @@ kex_buf2prop(Buffer *raw, int *first_kex_follows)
int i;
char **proposal;
- proposal = xmalloc(PROPOSAL_MAX * sizeof(char *));
+ proposal = xcalloc(PROPOSAL_MAX, sizeof(char *));
buffer_init(&b);
buffer_append(&b, buffer_ptr(raw), buffer_len(raw));
@@ -211,8 +211,7 @@ kex_setup(char *proposal[PROPOSAL_MAX])
{
Kex *kex;
- kex = xmalloc(sizeof(*kex));
- memset(kex, 0, sizeof(*kex));
+ kex = xcalloc(1, sizeof(*kex));
buffer_init(&kex->peer);
buffer_init(&kex->my);
kex_prop2buf(&kex->my, proposal);
@@ -371,8 +370,7 @@ kex_choose_conf(Kex *kex)
/* Algorithm Negotiation */
for (mode = 0; mode < MODE_MAX; mode++) {
- newkeys = xmalloc(sizeof(*newkeys));
- memset(newkeys, 0, sizeof(*newkeys));
+ newkeys = xcalloc(1, sizeof(*newkeys));
kex->newkeys[mode] = newkeys;
ctos = (!kex->server && mode == MODE_OUT) || (kex->server && mode == MODE_IN);
nenc = ctos ? PROPOSAL_ENC_ALGS_CTOS : PROPOSAL_ENC_ALGS_STOC;
diff --git a/usr.bin/ssh/key.c b/usr.bin/ssh/key.c
index d6dd3abea5b..0d29593b0f5 100644
--- a/usr.bin/ssh/key.c
+++ b/usr.bin/ssh/key.c
@@ -49,9 +49,8 @@ key_new(int type)
Key *k;
RSA *rsa;
DSA *dsa;
- k = xmalloc(sizeof(*k));
+ k = xcalloc(1, sizeof(*k));
k->type = type;
- k->flags = 0;
k->dsa = NULL;
k->rsa = NULL;
switch (k->type) {
@@ -231,8 +230,7 @@ key_fingerprint_hex(u_char *dgst_raw, u_int dgst_raw_len)
char *retval;
u_int i;
- retval = xmalloc(dgst_raw_len * 3 + 1);
- retval[0] = '\0';
+ retval = xcalloc(1, dgst_raw_len * 3 + 1);
for (i = 0; i < dgst_raw_len; i++) {
char hex[4];
snprintf(hex, sizeof(hex), "%02x:", dgst_raw[i]);
@@ -254,7 +252,7 @@ key_fingerprint_bubblebabble(u_char *dgst_raw, u_int dgst_raw_len)
char *retval;
rounds = (dgst_raw_len / 2) + 1;
- retval = xmalloc(sizeof(char) * (rounds*6));
+ retval = xcalloc((rounds * 6), sizeof(char));
retval[j++] = 'x';
for (i = 0; i < rounds; i++) {
u_int idx0, idx1, idx2, idx3, idx4;
@@ -824,7 +822,7 @@ key_demote(const Key *k)
{
Key *pk;
- pk = xmalloc(sizeof(*pk));
+ pk = xcalloc(1, sizeof(*pk));
pk->type = k->type;
pk->flags = k->flags;
pk->dsa = NULL;
diff --git a/usr.bin/ssh/misc.c b/usr.bin/ssh/misc.c
index 11e3285a391..d92ffe0462e 100644
--- a/usr.bin/ssh/misc.c
+++ b/usr.bin/ssh/misc.c
@@ -170,9 +170,8 @@ strdelim(char **s)
struct passwd *
pwcopy(struct passwd *pw)
{
- struct passwd *copy = xmalloc(sizeof(*copy));
+ struct passwd *copy = xcalloc(1, sizeof(*copy));
- memset(copy, 0, sizeof(*copy));
copy->pw_name = xstrdup(pw->pw_name);
copy->pw_passwd = xstrdup(pw->pw_passwd);
copy->pw_gecos = xstrdup(pw->pw_gecos);
@@ -682,8 +681,7 @@ tohex(const u_char *d, u_int l)
u_int i, hl;
hl = l * 2 + 1;
- r = xmalloc(hl);
- *r = '\0';
+ r = xcalloc(1, hl);
for (i = 0; i < l; i++) {
snprintf(b, sizeof(b), "%02x", d[i]);
strlcat(r, b, hl);
diff --git a/usr.bin/ssh/moduli.c b/usr.bin/ssh/moduli.c
index d53806ea6bd..f6f15a2a40c 100644
--- a/usr.bin/ssh/moduli.c
+++ b/usr.bin/ssh/moduli.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: moduli.c,v 1.12 2005/07/17 07:17:55 djm Exp $ */
+/* $OpenBSD: moduli.c,v 1.13 2006/03/25 00:05:41 djm Exp $ */
/*
* Copyright 1994 Phil Karn <karn@qualcomm.com>
* Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com>
@@ -301,21 +301,10 @@ gen_candidates(FILE *out, u_int32_t memory, u_int32_t power, BIGNUM *start)
largewords = (largememory << SHIFT_MEGAWORD);
}
- TinySieve = calloc(tinywords, sizeof(u_int32_t));
- if (TinySieve == NULL) {
- error("Insufficient memory for tiny sieve: need %u bytes",
- tinywords << SHIFT_BYTE);
- exit(1);
- }
+ TinySieve = xcalloc(tinywords, sizeof(u_int32_t));
tinybits = tinywords << SHIFT_WORD;
- SmallSieve = calloc(smallwords, sizeof(u_int32_t));
- if (SmallSieve == NULL) {
- error("Insufficient memory for small sieve: need %u bytes",
- smallwords << SHIFT_BYTE);
- xfree(TinySieve);
- exit(1);
- }
+ SmallSieve = xcalloc(smallwords, sizeof(u_int32_t));
smallbits = smallwords << SHIFT_WORD;
/*
diff --git a/usr.bin/ssh/monitor.c b/usr.bin/ssh/monitor.c
index 18eb5a51072..92ae8875d27 100644
--- a/usr.bin/ssh/monitor.c
+++ b/usr.bin/ssh/monitor.c
@@ -1377,8 +1377,7 @@ mm_get_kex(Buffer *m)
void *blob;
u_int bloblen;
- kex = xmalloc(sizeof(*kex));
- memset(kex, 0, sizeof(*kex));
+ kex = xcalloc(1, sizeof(*kex));
kex->session_id = buffer_get_string(m, &kex->session_id_len);
if ((session_id2 == NULL) ||
(kex->session_id_len != session_id2_len) ||
@@ -1543,9 +1542,8 @@ monitor_init(void)
struct monitor *mon;
int pair[2];
- mon = xmalloc(sizeof(*mon));
+ mon = xcalloc(1, sizeof(*mon));
- mon->m_pid = 0;
monitor_socketpair(pair);
mon->m_recvfd = pair[0];
diff --git a/usr.bin/ssh/monitor_wrap.c b/usr.bin/ssh/monitor_wrap.c
index 61728270f65..425a619233c 100644
--- a/usr.bin/ssh/monitor_wrap.c
+++ b/usr.bin/ssh/monitor_wrap.c
@@ -720,8 +720,8 @@ mm_chall_setup(char **name, char **infotxt, u_int *numprompts,
*name = xstrdup("");
*infotxt = xstrdup("");
*numprompts = 1;
- *prompts = xmalloc(*numprompts * sizeof(char *));
- *echo_on = xmalloc(*numprompts * sizeof(u_int));
+ *prompts = xcalloc(*numprompts, sizeof(char *));
+ *echo_on = xcalloc(*numprompts, sizeof(u_int));
(*echo_on)[0] = 0;
}
@@ -814,11 +814,7 @@ mm_skey_query(void *ctx, char **name, char **infotxt,
mm_chall_setup(name, infotxt, numprompts, prompts, echo_on);
- len = strlen(challenge) + strlen(SKEY_PROMPT) + 1;
- p = xmalloc(len);
- strlcpy(p, challenge, len);
- strlcat(p, SKEY_PROMPT, len);
- (*prompts)[0] = p;
+ xasprintf(*prompts, "%s%s", challenge, SKEY_PROMPT);
xfree(challenge);
return (0);
diff --git a/usr.bin/ssh/packet.c b/usr.bin/ssh/packet.c
index 6e5721ad5d0..86da8847b76 100644
--- a/usr.bin/ssh/packet.c
+++ b/usr.bin/ssh/packet.c
@@ -873,7 +873,7 @@ packet_read_seqnr(u_int32_t *seqnr_p)
char buf[8192];
DBG(debug("packet_read()"));
- setp = (fd_set *)xmalloc(howmany(connection_in+1, NFDBITS) *
+ setp = (fd_set *)xcalloc(howmany(connection_in+1, NFDBITS),
sizeof(fd_mask));
/* Since we are blocking, ensure that all written packets have been sent. */
@@ -1415,7 +1415,7 @@ packet_write_wait(void)
{
fd_set *setp;
- setp = (fd_set *)xmalloc(howmany(connection_out + 1, NFDBITS) *
+ setp = (fd_set *)xcalloc(howmany(connection_out + 1, NFDBITS),
sizeof(fd_mask));
packet_write_poll();
while (packet_have_data_to_write()) {
diff --git a/usr.bin/ssh/scard.c b/usr.bin/ssh/scard.c
index bbcaa281537..d79322684d3 100644
--- a/usr.bin/ssh/scard.c
+++ b/usr.bin/ssh/scard.c
@@ -382,7 +382,7 @@ sc_get_keys(const char *id, const char *pin)
key_free(k);
return NULL;
}
- keys = xmalloc((nkeys+1) * sizeof(Key *));
+ keys = xcalloc((nkeys+1), sizeof(Key *));
n = key_new(KEY_RSA1);
BN_copy(n->rsa->n, k->rsa->n);
diff --git a/usr.bin/ssh/sftp-server.c b/usr.bin/ssh/sftp-server.c
index 60c77b08ad2..7ea3eda68c2 100644
--- a/usr.bin/ssh/sftp-server.c
+++ b/usr.bin/ssh/sftp-server.c
@@ -696,7 +696,7 @@ process_readdir(void)
Stat *stats;
int nstats = 10, count = 0, i;
- stats = xmalloc(nstats * sizeof(Stat));
+ stats = xcalloc(nstats, sizeof(Stat));
while ((dp = readdir(dirp)) != NULL) {
if (count >= nstats) {
nstats *= 2;
diff --git a/usr.bin/ssh/ssh-agent.c b/usr.bin/ssh/ssh-agent.c
index 9e555a1c17c..e9d30c181d2 100644
--- a/usr.bin/ssh/ssh-agent.c
+++ b/usr.bin/ssh/ssh-agent.c
@@ -101,8 +101,8 @@ int max_fd = 0;
pid_t parent_pid = -1;
/* pathname and directory for AUTH_SOCKET */
-char socket_name[1024];
-char socket_dir[1024];
+char socket_name[MAXPATHLEN];
+char socket_dir[MAXPATHLEN];
/* locking */
int locked = 0;
@@ -795,10 +795,7 @@ new_socket(sock_type type, int fd)
}
old_alloc = sockets_alloc;
new_alloc = sockets_alloc + 10;
- if (sockets)
- sockets = xrealloc(sockets, new_alloc * sizeof(sockets[0]));
- else
- sockets = xmalloc(new_alloc * sizeof(sockets[0]));
+ sockets = xrealloc(sockets, new_alloc * sizeof(sockets[0]));
for (i = old_alloc; i < new_alloc; i++)
sockets[i].type = AUTH_UNUSED;
sockets_alloc = new_alloc;
diff --git a/usr.bin/ssh/ssh-keyscan.c b/usr.bin/ssh/ssh-keyscan.c
index 94e10da8ac8..795b1b5d809 100644
--- a/usr.bin/ssh/ssh-keyscan.c
+++ b/usr.bin/ssh/ssh-keyscan.c
@@ -56,7 +56,7 @@ int maxfd;
extern char *__progname;
fd_set *read_wait;
-size_t read_wait_size;
+size_t read_wait_nfdset;
int ncon;
int nonfatal_fatal = 0;
jmp_buf kexjmp;
@@ -626,10 +626,10 @@ conloop(void)
} else
seltime.tv_sec = seltime.tv_usec = 0;
- r = xmalloc(read_wait_size);
- memcpy(r, read_wait, read_wait_size);
- e = xmalloc(read_wait_size);
- memcpy(e, read_wait, read_wait_size);
+ r = xcalloc(read_wait_nfdset, sizeof(fd_mask));
+ e = xcalloc(read_wait_nfdset, sizeof(fd_mask));
+ memcpy(r, read_wait, read_wait_nfdset * sizeof(fd_mask));
+ memcpy(e, read_wait, read_wait_nfdset * sizeof(fd_mask));
while (select(maxfd, r, NULL, e, &seltime) == -1 &&
(errno == EAGAIN || errno == EINTR))
@@ -793,12 +793,10 @@ main(int argc, char **argv)
fatal("%s: not enough file descriptors", __progname);
if (maxfd > fdlim_get(0))
fdlim_set(maxfd);
- fdcon = xmalloc(maxfd * sizeof(con));
- memset(fdcon, 0, maxfd * sizeof(con));
+ fdcon = xcalloc(maxfd, sizeof(con));
- read_wait_size = howmany(maxfd, NFDBITS) * sizeof(fd_mask);
- read_wait = xmalloc(read_wait_size);
- memset(read_wait, 0, read_wait_size);
+ read_wait_nfdset = howmany(maxfd, NFDBITS);
+ read_wait = xcalloc(read_wait_nfdset, sizeof(fd_mask));
if (fopt_count) {
Linebuf *lb;
diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c
index e0838d9bb0a..4be85c6f4a0 100644
--- a/usr.bin/ssh/ssh.c
+++ b/usr.bin/ssh/ssh.c
@@ -672,7 +672,7 @@ main(int ac, char **av)
if (options.rhosts_rsa_authentication ||
options.hostbased_authentication) {
sensitive_data.nkeys = 3;
- sensitive_data.keys = xmalloc(sensitive_data.nkeys *
+ sensitive_data.keys = xcalloc(sensitive_data.nkeys,
sizeof(Key));
PRIV_START;
@@ -1229,7 +1229,8 @@ env_permitted(char *env)
int i;
char name[1024], *cp;
- strlcpy(name, env, sizeof(name));
+ if (strlcpy(name, env, sizeof(name)) >= sizeof(name))
+ fatal("env_permitted: name too long");
if ((cp = strchr(name, '=')) == NULL)
return (0);
diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c
index 8ec5e8df8b4..19b074627c7 100644
--- a/usr.bin/ssh/sshconnect.c
+++ b/usr.bin/ssh/sshconnect.c
@@ -62,7 +62,6 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command)
int pin[2], pout[2];
pid_t pid;
char strport[NI_MAXSERV];
- size_t len;
/* Convert the port number into a string. */
snprintf(strport, sizeof strport, "%hu", port);
@@ -74,10 +73,7 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command)
* Use "exec" to avoid "sh -c" processes on some platforms
* (e.g. Solaris)
*/
- len = strlen(proxy_command) + 6;
- tmp = xmalloc(len);
- strlcpy(tmp, "exec ", len);
- strlcat(tmp, proxy_command, len);
+ xasprintf(&tmp, "exec %s", proxy_command);
command_string = percent_expand(tmp, "h", host,
"p", strport, (char *)NULL);
xfree(tmp);
@@ -205,7 +201,7 @@ timeout_connect(int sockfd, const struct sockaddr *serv_addr,
fd_set *fdset;
struct timeval tv;
socklen_t optlen;
- int fdsetsz, optval, rc, result = -1;
+ int optval, rc, result = -1;
if (timeout <= 0)
return (connect(sockfd, serv_addr, addrlen));
@@ -219,10 +215,8 @@ timeout_connect(int sockfd, const struct sockaddr *serv_addr,
if (errno != EINPROGRESS)
return (-1);
- fdsetsz = howmany(sockfd + 1, NFDBITS) * sizeof(fd_mask);
- fdset = (fd_set *)xmalloc(fdsetsz);
-
- memset(fdset, 0, fdsetsz);
+ fdset = (fd_set *)xcalloc(howmany(sockfd + 1, NFDBITS),
+ sizeof(fd_mask));
FD_SET(sockfd, fdset);
tv.tv_sec = timeout;
tv.tv_usec = 0;
@@ -947,8 +941,7 @@ ssh_put_password(char *password)
return;
}
size = roundup(strlen(password) + 1, 32);
- padded = xmalloc(size);
- memset(padded, 0, size);
+ padded = xcalloc(1, size);
strlcpy(padded, password, size);
packet_put_string(padded, size);
memset(padded, 0, size);
diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c
index 668801cfacb..1ed72801e1f 100644
--- a/usr.bin/ssh/sshconnect2.c
+++ b/usr.bin/ssh/sshconnect2.c
@@ -1028,8 +1028,7 @@ pubkey_prepare(Authctxt *authctxt)
if (key && key->type == KEY_RSA1)
continue;
options.identity_keys[i] = NULL;
- id = xmalloc(sizeof(*id));
- memset(id, 0, sizeof(*id));
+ id = xcalloc(1, sizeof(*id));
id->key = key;
id->filename = xstrdup(options.identity_files[i]);
TAILQ_INSERT_TAIL(&files, id, next);
@@ -1053,8 +1052,7 @@ pubkey_prepare(Authctxt *authctxt)
}
}
if (!found && !options.identities_only) {
- id = xmalloc(sizeof(*id));
- memset(id, 0, sizeof(*id));
+ id = xcalloc(1, sizeof(*id));
id->key = key;
id->filename = comment;
id->ac = ac;
@@ -1335,9 +1333,7 @@ userauth_hostbased(Authctxt *authctxt)
return 0;
}
len = strlen(p) + 2;
- chost = xmalloc(len);
- strlcpy(chost, p, len);
- strlcat(chost, ".", len);
+ xasprintf(&chost, "%s.", p);
debug2("userauth_hostbased: chost %s", chost);
xfree(p);
diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c
index 717539359a4..7d800f07796 100644
--- a/usr.bin/ssh/sshd.c
+++ b/usr.bin/ssh/sshd.c
@@ -868,7 +868,7 @@ main(int ac, char **av)
{
extern char *optarg;
extern int optind;
- int opt, j, i, fdsetsz, on = 1;
+ int opt, j, i, on = 1;
int sock_in = -1, sock_out = -1, newsock = -1;
pid_t pid;
socklen_t fromlen;
@@ -1052,7 +1052,7 @@ main(int ac, char **av)
debug("sshd version %.100s", SSH_VERSION);
/* load private host keys */
- sensitive_data.host_keys = xmalloc(options.num_host_key_files *
+ sensitive_data.host_keys = xcalloc(options.num_host_key_files,
sizeof(Key *));
for (i = 0; i < options.num_host_key_files; i++)
sensitive_data.host_keys[i] = NULL;
@@ -1137,7 +1137,7 @@ main(int ac, char **av)
exit(0);
if (rexec_flag) {
- rexec_argv = xmalloc(sizeof(char *) * (rexec_argc + 2));
+ rexec_argv = xcalloc(rexec_argc + 2, sizeof(char *));
for (i = 0; i < rexec_argc; i++) {
debug("rexec_argv[%d]='%s'", i, saved_argv[i]);
rexec_argv[i] = saved_argv[i];
@@ -1315,7 +1315,7 @@ main(int ac, char **av)
if (listen_socks[i] > maxfd)
maxfd = listen_socks[i];
/* pipes connected to unauthenticated childs */
- startup_pipes = xmalloc(options.max_startups * sizeof(int));
+ startup_pipes = xcalloc(options.max_startups, sizeof(int));
for (i = 0; i < options.max_startups; i++)
startup_pipes[i] = -1;
@@ -1328,9 +1328,8 @@ main(int ac, char **av)
sighup_restart();
if (fdset != NULL)
xfree(fdset);
- fdsetsz = howmany(maxfd+1, NFDBITS) * sizeof(fd_mask);
- fdset = (fd_set *)xmalloc(fdsetsz);
- memset(fdset, 0, fdsetsz);
+ fdset = (fd_set *)xcalloc(howmany(maxfd + 1, NFDBITS),
+ sizeof(fd_mask));
for (i = 0; i < num_listen_socks; i++)
FD_SET(listen_socks[i], fdset);
@@ -1626,8 +1625,7 @@ main(int ac, char **av)
packet_set_nonblocking();
/* allocate authentication context */
- authctxt = xmalloc(sizeof(*authctxt));
- memset(authctxt, 0, sizeof(*authctxt));
+ authctxt = xcalloc(1, sizeof(*authctxt));
/* XXX global for cleanup, access from other modules */
the_authctxt = authctxt;
diff --git a/usr.bin/ssh/uuencode.c b/usr.bin/ssh/uuencode.c
index c24cb27a43e..2b38b840531 100644
--- a/usr.bin/ssh/uuencode.c
+++ b/usr.bin/ssh/uuencode.c
@@ -59,9 +59,14 @@ uudecode(const char *src, u_char *target, size_t targsize)
void
dump_base64(FILE *fp, u_char *data, u_int len)
{
- char *buf = xmalloc(2*len);
+ char *buf;;
int i, n;
+ if (len > 65536) {
+ fprintf(fp, "dump_base64: len > 65536\n");
+ return;
+ }
+ buf = xmalloc(2*len);
n = uuencode(data, len, buf, 2*len);
for (i = 0; i < n; i++) {
fprintf(fp, "%c", buf[i]);
diff --git a/usr.bin/ssh/xmalloc.c b/usr.bin/ssh/xmalloc.c
index 64e439853e0..6d56781d921 100644
--- a/usr.bin/ssh/xmalloc.c
+++ b/usr.bin/ssh/xmalloc.c
@@ -31,6 +31,22 @@ xmalloc(size_t size)
}
void *
+xcalloc(size_t nmemb, size_t size)
+{
+ void *ptr;
+
+ if (nmemb && size && SIZE_T_MAX / nmemb < size)
+ fatal("xcalloc: nmemb * size > SIZE_T_MAX");
+ if (size == 0 || nmemb == 0)
+ fatal("xcalloc: zero size");
+ ptr = calloc(nmemb, size);
+ if (ptr == NULL)
+ fatal("xcalloc: out of memory (allocating %lu bytes)",
+ (u_long)(size * nmemb));
+ return ptr;
+}
+
+void *
xrealloc(void *ptr, size_t new_size)
{
void *new_ptr;
@@ -65,3 +81,19 @@ xstrdup(const char *str)
strlcpy(cp, str, len);
return cp;
}
+
+int
+xasprintf(char **ret, const char *fmt, ...)
+{
+ va_list ap;
+ int i;
+
+ va_start(ap, fmt);
+ i = vasprintf(ret, fmt, ap);
+ va_end(ap);
+
+ if (i < 0 || *ret == NULL)
+ fatal("xasprintf: could not allocate memory");
+
+ return (i);
+}
diff --git a/usr.bin/ssh/xmalloc.h b/usr.bin/ssh/xmalloc.h
index 7ac4b13d64c..b6d521a66db 100644
--- a/usr.bin/ssh/xmalloc.h
+++ b/usr.bin/ssh/xmalloc.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: xmalloc.h,v 1.9 2002/06/19 00:27:55 deraadt Exp $ */
+/* $OpenBSD: xmalloc.h,v 1.10 2006/03/25 00:05:41 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -20,8 +20,12 @@
#define XMALLOC_H
void *xmalloc(size_t);
+void *xcalloc(size_t, size_t);
void *xrealloc(void *, size_t);
void xfree(void *);
char *xstrdup(const char *);
+int xasprintf(char **, const char *, ...)
+ __attribute__((__format__ (printf, 2, 3)))
+ __attribute__((__nonnull__ (2)));
#endif /* XMALLOC_H */