diff options
author | Damien Miller <djm@cvs.openbsd.org> | 2006-03-25 00:05:42 +0000 |
---|---|---|
committer | Damien Miller <djm@cvs.openbsd.org> | 2006-03-25 00:05:42 +0000 |
commit | 2deaa1649526d4ce68eed29e66d89d32fea75950 (patch) | |
tree | d92b455fbeda76727a52c07da67f7c2fbf210a5e /usr.bin/ssh | |
parent | 8748ab126c563a181843be1e20e74225a6c34369 (diff) |
introduce xcalloc() and xasprintf() failure-checked allocations functions
and use them throughout openssh
xcalloc is particularly important because malloc(nmemb * size) is a
dangerous idiom (subject to integer overflow) and it is time for it to
die
feedback and ok deraadt@
Diffstat (limited to 'usr.bin/ssh')
-rw-r--r-- | usr.bin/ssh/auth-bsdauth.c | 5 | ||||
-rw-r--r-- | usr.bin/ssh/auth-skey.c | 11 | ||||
-rw-r--r-- | usr.bin/ssh/auth.c | 12 | ||||
-rw-r--r-- | usr.bin/ssh/auth2-chall.c | 2 | ||||
-rw-r--r-- | usr.bin/ssh/channels.c | 7 | ||||
-rw-r--r-- | usr.bin/ssh/clientloop.c | 5 | ||||
-rw-r--r-- | usr.bin/ssh/deattack.c | 2 | ||||
-rw-r--r-- | usr.bin/ssh/gss-genr.c | 6 | ||||
-rw-r--r-- | usr.bin/ssh/kex.c | 8 | ||||
-rw-r--r-- | usr.bin/ssh/key.c | 10 | ||||
-rw-r--r-- | usr.bin/ssh/misc.c | 6 | ||||
-rw-r--r-- | usr.bin/ssh/moduli.c | 17 | ||||
-rw-r--r-- | usr.bin/ssh/monitor.c | 6 | ||||
-rw-r--r-- | usr.bin/ssh/monitor_wrap.c | 10 | ||||
-rw-r--r-- | usr.bin/ssh/packet.c | 4 | ||||
-rw-r--r-- | usr.bin/ssh/scard.c | 2 | ||||
-rw-r--r-- | usr.bin/ssh/sftp-server.c | 2 | ||||
-rw-r--r-- | usr.bin/ssh/ssh-agent.c | 9 | ||||
-rw-r--r-- | usr.bin/ssh/ssh-keyscan.c | 18 | ||||
-rw-r--r-- | usr.bin/ssh/ssh.c | 5 | ||||
-rw-r--r-- | usr.bin/ssh/sshconnect.c | 17 | ||||
-rw-r--r-- | usr.bin/ssh/sshconnect2.c | 10 | ||||
-rw-r--r-- | usr.bin/ssh/sshd.c | 16 | ||||
-rw-r--r-- | usr.bin/ssh/uuencode.c | 7 | ||||
-rw-r--r-- | usr.bin/ssh/xmalloc.c | 32 | ||||
-rw-r--r-- | usr.bin/ssh/xmalloc.h | 6 |
26 files changed, 112 insertions, 123 deletions
diff --git a/usr.bin/ssh/auth-bsdauth.c b/usr.bin/ssh/auth-bsdauth.c index f48b43174de..2ccbc9d4356 100644 --- a/usr.bin/ssh/auth-bsdauth.c +++ b/usr.bin/ssh/auth-bsdauth.c @@ -68,9 +68,8 @@ bsdauth_query(void *ctx, char **name, char **infotxt, *name = xstrdup(""); *infotxt = xstrdup(""); *numprompts = 1; - *prompts = xmalloc(*numprompts * sizeof(char *)); - *echo_on = xmalloc(*numprompts * sizeof(u_int)); - (*echo_on)[0] = 0; + *prompts = xcalloc(*numprompts, sizeof(char *)); + *echo_on = xcalloc(*numprompts, sizeof(u_int)); (*prompts)[0] = xstrdup(challenge); return 0; diff --git a/usr.bin/ssh/auth-skey.c b/usr.bin/ssh/auth-skey.c index 030e59ae793..81f6f5e6e18 100644 --- a/usr.bin/ssh/auth-skey.c +++ b/usr.bin/ssh/auth-skey.c @@ -52,15 +52,10 @@ skey_query(void *ctx, char **name, char **infotxt, *name = xstrdup(""); *infotxt = xstrdup(""); *numprompts = 1; - *prompts = xmalloc(*numprompts * sizeof(char *)); - *echo_on = xmalloc(*numprompts * sizeof(u_int)); - (*echo_on)[0] = 0; + *prompts = xcalloc(*numprompts, sizeof(char *)); + *echo_on = xcalloc(*numprompts, sizeof(u_int)); - len = strlen(challenge) + strlen(SKEY_PROMPT) + 1; - p = xmalloc(len); - strlcpy(p, challenge, len); - strlcat(p, SKEY_PROMPT, len); - (*prompts)[0] = p; + xasprintf(*prompts, "%s%s", challenge, SKEY_PROMPT); return 0; } diff --git a/usr.bin/ssh/auth.c b/usr.bin/ssh/auth.c index da28d388a70..9112f712337 100644 --- a/usr.bin/ssh/auth.c +++ b/usr.bin/ssh/auth.c @@ -222,7 +222,8 @@ auth_root_allowed(char *method) static char * expand_authorized_keys(const char *filename, struct passwd *pw) { - char *file, *ret; + char *file, ret[MAXPATHLEN]; + int i; file = percent_expand(filename, "h", pw->pw_dir, "u", pw->pw_name, (char *)NULL); @@ -234,14 +235,11 @@ expand_authorized_keys(const char *filename, struct passwd *pw) if (*file == '/') return (file); - ret = xmalloc(MAXPATHLEN); - if (strlcpy(ret, pw->pw_dir, MAXPATHLEN) >= MAXPATHLEN || - strlcat(ret, "/", MAXPATHLEN) >= MAXPATHLEN || - strlcat(ret, file, MAXPATHLEN) >= MAXPATHLEN) + i = snprintf(ret, sizeof(ret), "%s/%s", pw->pw_dir, file); + if (i < 0 || (size_t)i >= sizeof(ret)) fatal("expand_authorized_keys: path too long"); - xfree(file); - return (ret); + return (xstrdup(ret)); } char * diff --git a/usr.bin/ssh/auth2-chall.c b/usr.bin/ssh/auth2-chall.c index 7c7012625b6..be27677d4d2 100644 --- a/usr.bin/ssh/auth2-chall.c +++ b/usr.bin/ssh/auth2-chall.c @@ -260,7 +260,7 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt) if (nresp > 100) fatal("input_userauth_info_response: too many replies"); if (nresp > 0) { - response = xmalloc(nresp * sizeof(char *)); + response = xcalloc(nresp, sizeof(char *)); for (i = 0; i < nresp; i++) response[i] = packet_get_string(NULL); } diff --git a/usr.bin/ssh/channels.c b/usr.bin/ssh/channels.c index a27269c2645..ce863f00e53 100644 --- a/usr.bin/ssh/channels.c +++ b/usr.bin/ssh/channels.c @@ -248,7 +248,7 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd, /* Do initial allocation if this is the first call. */ if (channels_alloc == 0) { channels_alloc = 10; - channels = xmalloc(channels_alloc * sizeof(Channel *)); + channels = xcalloc(channels_alloc, sizeof(Channel *)); for (i = 0; i < channels_alloc; i++) channels[i] = NULL; } @@ -273,8 +273,7 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd, channels[i] = NULL; } /* Initialize and return new channel. */ - c = channels[found] = xmalloc(sizeof(Channel)); - memset(c, 0, sizeof(Channel)); + c = channels[found] = xcalloc(1, sizeof(Channel)); buffer_init(&c->input); buffer_init(&c->output); buffer_init(&c->extended); @@ -2808,7 +2807,7 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost, } /* Allocate a channel for each socket. */ - *chanids = xmalloc(sizeof(**chanids) * (num_socks + 1)); + *chanids = xcalloc(num_socks + 1, sizeof(**chanids)); for (n = 0; n < num_socks; n++) { sock = socks[n]; nc = channel_new("x11 listener", diff --git a/usr.bin/ssh/clientloop.c b/usr.bin/ssh/clientloop.c index 89d7af88017..ebc002918ff 100644 --- a/usr.bin/ssh/clientloop.c +++ b/usr.bin/ssh/clientloop.c @@ -816,8 +816,7 @@ client_process_control(fd_set * readset) return; } - cctx = xmalloc(sizeof(*cctx)); - memset(cctx, 0, sizeof(*cctx)); + cctx = xcalloc(1, sizeof(*cctx)); cctx->want_tty = (flags & SSHMUX_FLAG_TTY) != 0; cctx->want_subsys = (flags & SSHMUX_FLAG_SUBSYS) != 0; cctx->want_x_fwd = (flags & SSHMUX_FLAG_X11_FWD) != 0; @@ -832,7 +831,7 @@ client_process_control(fd_set * readset) env_len = MIN(env_len, 4096); debug3("%s: receiving %d env vars", __func__, env_len); if (env_len != 0) { - cctx->env = xmalloc(sizeof(*cctx->env) * (env_len + 1)); + cctx->env = xcalloc(env_len + 1, sizeof(*cctx->env)); for (i = 0; i < env_len; i++) cctx->env[i] = buffer_get_string(&m, &len); cctx->env[i] = NULL; diff --git a/usr.bin/ssh/deattack.c b/usr.bin/ssh/deattack.c index bf4451b8814..746ff5d43ad 100644 --- a/usr.bin/ssh/deattack.c +++ b/usr.bin/ssh/deattack.c @@ -93,7 +93,7 @@ detect_attack(u_char *buf, u_int32_t len) if (h == NULL) { debug("Installing crc compensation attack detector."); - h = (u_int16_t *) xmalloc(l * HASH_ENTRYSIZE); + h = (u_int16_t *) xcalloc(l, HASH_ENTRYSIZE); n = l; } else { if (l > n) { diff --git a/usr.bin/ssh/gss-genr.c b/usr.bin/ssh/gss-genr.c index 8d75ee5c7bb..9cedfcdc356 100644 --- a/usr.bin/ssh/gss-genr.c +++ b/usr.bin/ssh/gss-genr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-genr.c,v 1.7 2006/03/20 04:07:49 djm Exp $ */ +/* $OpenBSD: gss-genr.c,v 1.8 2006/03/25 00:05:41 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -135,9 +135,7 @@ ssh_gssapi_last_error(Gssctxt *ctxt, OM_uint32 *major_status, void ssh_gssapi_build_ctx(Gssctxt **ctx) { - *ctx = xmalloc(sizeof (Gssctxt)); - (*ctx)->major = 0; - (*ctx)->minor = 0; + *ctx = xcalloc(1, sizeof (Gssctxt)); (*ctx)->context = GSS_C_NO_CONTEXT; (*ctx)->name = GSS_C_NO_NAME; (*ctx)->oid = GSS_C_NO_OID; diff --git a/usr.bin/ssh/kex.c b/usr.bin/ssh/kex.c index b32dbc8114e..ec40e439dc0 100644 --- a/usr.bin/ssh/kex.c +++ b/usr.bin/ssh/kex.c @@ -76,7 +76,7 @@ kex_buf2prop(Buffer *raw, int *first_kex_follows) int i; char **proposal; - proposal = xmalloc(PROPOSAL_MAX * sizeof(char *)); + proposal = xcalloc(PROPOSAL_MAX, sizeof(char *)); buffer_init(&b); buffer_append(&b, buffer_ptr(raw), buffer_len(raw)); @@ -211,8 +211,7 @@ kex_setup(char *proposal[PROPOSAL_MAX]) { Kex *kex; - kex = xmalloc(sizeof(*kex)); - memset(kex, 0, sizeof(*kex)); + kex = xcalloc(1, sizeof(*kex)); buffer_init(&kex->peer); buffer_init(&kex->my); kex_prop2buf(&kex->my, proposal); @@ -371,8 +370,7 @@ kex_choose_conf(Kex *kex) /* Algorithm Negotiation */ for (mode = 0; mode < MODE_MAX; mode++) { - newkeys = xmalloc(sizeof(*newkeys)); - memset(newkeys, 0, sizeof(*newkeys)); + newkeys = xcalloc(1, sizeof(*newkeys)); kex->newkeys[mode] = newkeys; ctos = (!kex->server && mode == MODE_OUT) || (kex->server && mode == MODE_IN); nenc = ctos ? PROPOSAL_ENC_ALGS_CTOS : PROPOSAL_ENC_ALGS_STOC; diff --git a/usr.bin/ssh/key.c b/usr.bin/ssh/key.c index d6dd3abea5b..0d29593b0f5 100644 --- a/usr.bin/ssh/key.c +++ b/usr.bin/ssh/key.c @@ -49,9 +49,8 @@ key_new(int type) Key *k; RSA *rsa; DSA *dsa; - k = xmalloc(sizeof(*k)); + k = xcalloc(1, sizeof(*k)); k->type = type; - k->flags = 0; k->dsa = NULL; k->rsa = NULL; switch (k->type) { @@ -231,8 +230,7 @@ key_fingerprint_hex(u_char *dgst_raw, u_int dgst_raw_len) char *retval; u_int i; - retval = xmalloc(dgst_raw_len * 3 + 1); - retval[0] = '\0'; + retval = xcalloc(1, dgst_raw_len * 3 + 1); for (i = 0; i < dgst_raw_len; i++) { char hex[4]; snprintf(hex, sizeof(hex), "%02x:", dgst_raw[i]); @@ -254,7 +252,7 @@ key_fingerprint_bubblebabble(u_char *dgst_raw, u_int dgst_raw_len) char *retval; rounds = (dgst_raw_len / 2) + 1; - retval = xmalloc(sizeof(char) * (rounds*6)); + retval = xcalloc((rounds * 6), sizeof(char)); retval[j++] = 'x'; for (i = 0; i < rounds; i++) { u_int idx0, idx1, idx2, idx3, idx4; @@ -824,7 +822,7 @@ key_demote(const Key *k) { Key *pk; - pk = xmalloc(sizeof(*pk)); + pk = xcalloc(1, sizeof(*pk)); pk->type = k->type; pk->flags = k->flags; pk->dsa = NULL; diff --git a/usr.bin/ssh/misc.c b/usr.bin/ssh/misc.c index 11e3285a391..d92ffe0462e 100644 --- a/usr.bin/ssh/misc.c +++ b/usr.bin/ssh/misc.c @@ -170,9 +170,8 @@ strdelim(char **s) struct passwd * pwcopy(struct passwd *pw) { - struct passwd *copy = xmalloc(sizeof(*copy)); + struct passwd *copy = xcalloc(1, sizeof(*copy)); - memset(copy, 0, sizeof(*copy)); copy->pw_name = xstrdup(pw->pw_name); copy->pw_passwd = xstrdup(pw->pw_passwd); copy->pw_gecos = xstrdup(pw->pw_gecos); @@ -682,8 +681,7 @@ tohex(const u_char *d, u_int l) u_int i, hl; hl = l * 2 + 1; - r = xmalloc(hl); - *r = '\0'; + r = xcalloc(1, hl); for (i = 0; i < l; i++) { snprintf(b, sizeof(b), "%02x", d[i]); strlcat(r, b, hl); diff --git a/usr.bin/ssh/moduli.c b/usr.bin/ssh/moduli.c index d53806ea6bd..f6f15a2a40c 100644 --- a/usr.bin/ssh/moduli.c +++ b/usr.bin/ssh/moduli.c @@ -1,4 +1,4 @@ -/* $OpenBSD: moduli.c,v 1.12 2005/07/17 07:17:55 djm Exp $ */ +/* $OpenBSD: moduli.c,v 1.13 2006/03/25 00:05:41 djm Exp $ */ /* * Copyright 1994 Phil Karn <karn@qualcomm.com> * Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com> @@ -301,21 +301,10 @@ gen_candidates(FILE *out, u_int32_t memory, u_int32_t power, BIGNUM *start) largewords = (largememory << SHIFT_MEGAWORD); } - TinySieve = calloc(tinywords, sizeof(u_int32_t)); - if (TinySieve == NULL) { - error("Insufficient memory for tiny sieve: need %u bytes", - tinywords << SHIFT_BYTE); - exit(1); - } + TinySieve = xcalloc(tinywords, sizeof(u_int32_t)); tinybits = tinywords << SHIFT_WORD; - SmallSieve = calloc(smallwords, sizeof(u_int32_t)); - if (SmallSieve == NULL) { - error("Insufficient memory for small sieve: need %u bytes", - smallwords << SHIFT_BYTE); - xfree(TinySieve); - exit(1); - } + SmallSieve = xcalloc(smallwords, sizeof(u_int32_t)); smallbits = smallwords << SHIFT_WORD; /* diff --git a/usr.bin/ssh/monitor.c b/usr.bin/ssh/monitor.c index 18eb5a51072..92ae8875d27 100644 --- a/usr.bin/ssh/monitor.c +++ b/usr.bin/ssh/monitor.c @@ -1377,8 +1377,7 @@ mm_get_kex(Buffer *m) void *blob; u_int bloblen; - kex = xmalloc(sizeof(*kex)); - memset(kex, 0, sizeof(*kex)); + kex = xcalloc(1, sizeof(*kex)); kex->session_id = buffer_get_string(m, &kex->session_id_len); if ((session_id2 == NULL) || (kex->session_id_len != session_id2_len) || @@ -1543,9 +1542,8 @@ monitor_init(void) struct monitor *mon; int pair[2]; - mon = xmalloc(sizeof(*mon)); + mon = xcalloc(1, sizeof(*mon)); - mon->m_pid = 0; monitor_socketpair(pair); mon->m_recvfd = pair[0]; diff --git a/usr.bin/ssh/monitor_wrap.c b/usr.bin/ssh/monitor_wrap.c index 61728270f65..425a619233c 100644 --- a/usr.bin/ssh/monitor_wrap.c +++ b/usr.bin/ssh/monitor_wrap.c @@ -720,8 +720,8 @@ mm_chall_setup(char **name, char **infotxt, u_int *numprompts, *name = xstrdup(""); *infotxt = xstrdup(""); *numprompts = 1; - *prompts = xmalloc(*numprompts * sizeof(char *)); - *echo_on = xmalloc(*numprompts * sizeof(u_int)); + *prompts = xcalloc(*numprompts, sizeof(char *)); + *echo_on = xcalloc(*numprompts, sizeof(u_int)); (*echo_on)[0] = 0; } @@ -814,11 +814,7 @@ mm_skey_query(void *ctx, char **name, char **infotxt, mm_chall_setup(name, infotxt, numprompts, prompts, echo_on); - len = strlen(challenge) + strlen(SKEY_PROMPT) + 1; - p = xmalloc(len); - strlcpy(p, challenge, len); - strlcat(p, SKEY_PROMPT, len); - (*prompts)[0] = p; + xasprintf(*prompts, "%s%s", challenge, SKEY_PROMPT); xfree(challenge); return (0); diff --git a/usr.bin/ssh/packet.c b/usr.bin/ssh/packet.c index 6e5721ad5d0..86da8847b76 100644 --- a/usr.bin/ssh/packet.c +++ b/usr.bin/ssh/packet.c @@ -873,7 +873,7 @@ packet_read_seqnr(u_int32_t *seqnr_p) char buf[8192]; DBG(debug("packet_read()")); - setp = (fd_set *)xmalloc(howmany(connection_in+1, NFDBITS) * + setp = (fd_set *)xcalloc(howmany(connection_in+1, NFDBITS), sizeof(fd_mask)); /* Since we are blocking, ensure that all written packets have been sent. */ @@ -1415,7 +1415,7 @@ packet_write_wait(void) { fd_set *setp; - setp = (fd_set *)xmalloc(howmany(connection_out + 1, NFDBITS) * + setp = (fd_set *)xcalloc(howmany(connection_out + 1, NFDBITS), sizeof(fd_mask)); packet_write_poll(); while (packet_have_data_to_write()) { diff --git a/usr.bin/ssh/scard.c b/usr.bin/ssh/scard.c index bbcaa281537..d79322684d3 100644 --- a/usr.bin/ssh/scard.c +++ b/usr.bin/ssh/scard.c @@ -382,7 +382,7 @@ sc_get_keys(const char *id, const char *pin) key_free(k); return NULL; } - keys = xmalloc((nkeys+1) * sizeof(Key *)); + keys = xcalloc((nkeys+1), sizeof(Key *)); n = key_new(KEY_RSA1); BN_copy(n->rsa->n, k->rsa->n); diff --git a/usr.bin/ssh/sftp-server.c b/usr.bin/ssh/sftp-server.c index 60c77b08ad2..7ea3eda68c2 100644 --- a/usr.bin/ssh/sftp-server.c +++ b/usr.bin/ssh/sftp-server.c @@ -696,7 +696,7 @@ process_readdir(void) Stat *stats; int nstats = 10, count = 0, i; - stats = xmalloc(nstats * sizeof(Stat)); + stats = xcalloc(nstats, sizeof(Stat)); while ((dp = readdir(dirp)) != NULL) { if (count >= nstats) { nstats *= 2; diff --git a/usr.bin/ssh/ssh-agent.c b/usr.bin/ssh/ssh-agent.c index 9e555a1c17c..e9d30c181d2 100644 --- a/usr.bin/ssh/ssh-agent.c +++ b/usr.bin/ssh/ssh-agent.c @@ -101,8 +101,8 @@ int max_fd = 0; pid_t parent_pid = -1; /* pathname and directory for AUTH_SOCKET */ -char socket_name[1024]; -char socket_dir[1024]; +char socket_name[MAXPATHLEN]; +char socket_dir[MAXPATHLEN]; /* locking */ int locked = 0; @@ -795,10 +795,7 @@ new_socket(sock_type type, int fd) } old_alloc = sockets_alloc; new_alloc = sockets_alloc + 10; - if (sockets) - sockets = xrealloc(sockets, new_alloc * sizeof(sockets[0])); - else - sockets = xmalloc(new_alloc * sizeof(sockets[0])); + sockets = xrealloc(sockets, new_alloc * sizeof(sockets[0])); for (i = old_alloc; i < new_alloc; i++) sockets[i].type = AUTH_UNUSED; sockets_alloc = new_alloc; diff --git a/usr.bin/ssh/ssh-keyscan.c b/usr.bin/ssh/ssh-keyscan.c index 94e10da8ac8..795b1b5d809 100644 --- a/usr.bin/ssh/ssh-keyscan.c +++ b/usr.bin/ssh/ssh-keyscan.c @@ -56,7 +56,7 @@ int maxfd; extern char *__progname; fd_set *read_wait; -size_t read_wait_size; +size_t read_wait_nfdset; int ncon; int nonfatal_fatal = 0; jmp_buf kexjmp; @@ -626,10 +626,10 @@ conloop(void) } else seltime.tv_sec = seltime.tv_usec = 0; - r = xmalloc(read_wait_size); - memcpy(r, read_wait, read_wait_size); - e = xmalloc(read_wait_size); - memcpy(e, read_wait, read_wait_size); + r = xcalloc(read_wait_nfdset, sizeof(fd_mask)); + e = xcalloc(read_wait_nfdset, sizeof(fd_mask)); + memcpy(r, read_wait, read_wait_nfdset * sizeof(fd_mask)); + memcpy(e, read_wait, read_wait_nfdset * sizeof(fd_mask)); while (select(maxfd, r, NULL, e, &seltime) == -1 && (errno == EAGAIN || errno == EINTR)) @@ -793,12 +793,10 @@ main(int argc, char **argv) fatal("%s: not enough file descriptors", __progname); if (maxfd > fdlim_get(0)) fdlim_set(maxfd); - fdcon = xmalloc(maxfd * sizeof(con)); - memset(fdcon, 0, maxfd * sizeof(con)); + fdcon = xcalloc(maxfd, sizeof(con)); - read_wait_size = howmany(maxfd, NFDBITS) * sizeof(fd_mask); - read_wait = xmalloc(read_wait_size); - memset(read_wait, 0, read_wait_size); + read_wait_nfdset = howmany(maxfd, NFDBITS); + read_wait = xcalloc(read_wait_nfdset, sizeof(fd_mask)); if (fopt_count) { Linebuf *lb; diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index e0838d9bb0a..4be85c6f4a0 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -672,7 +672,7 @@ main(int ac, char **av) if (options.rhosts_rsa_authentication || options.hostbased_authentication) { sensitive_data.nkeys = 3; - sensitive_data.keys = xmalloc(sensitive_data.nkeys * + sensitive_data.keys = xcalloc(sensitive_data.nkeys, sizeof(Key)); PRIV_START; @@ -1229,7 +1229,8 @@ env_permitted(char *env) int i; char name[1024], *cp; - strlcpy(name, env, sizeof(name)); + if (strlcpy(name, env, sizeof(name)) >= sizeof(name)) + fatal("env_permitted: name too long"); if ((cp = strchr(name, '=')) == NULL) return (0); diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c index 8ec5e8df8b4..19b074627c7 100644 --- a/usr.bin/ssh/sshconnect.c +++ b/usr.bin/ssh/sshconnect.c @@ -62,7 +62,6 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command) int pin[2], pout[2]; pid_t pid; char strport[NI_MAXSERV]; - size_t len; /* Convert the port number into a string. */ snprintf(strport, sizeof strport, "%hu", port); @@ -74,10 +73,7 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command) * Use "exec" to avoid "sh -c" processes on some platforms * (e.g. Solaris) */ - len = strlen(proxy_command) + 6; - tmp = xmalloc(len); - strlcpy(tmp, "exec ", len); - strlcat(tmp, proxy_command, len); + xasprintf(&tmp, "exec %s", proxy_command); command_string = percent_expand(tmp, "h", host, "p", strport, (char *)NULL); xfree(tmp); @@ -205,7 +201,7 @@ timeout_connect(int sockfd, const struct sockaddr *serv_addr, fd_set *fdset; struct timeval tv; socklen_t optlen; - int fdsetsz, optval, rc, result = -1; + int optval, rc, result = -1; if (timeout <= 0) return (connect(sockfd, serv_addr, addrlen)); @@ -219,10 +215,8 @@ timeout_connect(int sockfd, const struct sockaddr *serv_addr, if (errno != EINPROGRESS) return (-1); - fdsetsz = howmany(sockfd + 1, NFDBITS) * sizeof(fd_mask); - fdset = (fd_set *)xmalloc(fdsetsz); - - memset(fdset, 0, fdsetsz); + fdset = (fd_set *)xcalloc(howmany(sockfd + 1, NFDBITS), + sizeof(fd_mask)); FD_SET(sockfd, fdset); tv.tv_sec = timeout; tv.tv_usec = 0; @@ -947,8 +941,7 @@ ssh_put_password(char *password) return; } size = roundup(strlen(password) + 1, 32); - padded = xmalloc(size); - memset(padded, 0, size); + padded = xcalloc(1, size); strlcpy(padded, password, size); packet_put_string(padded, size); memset(padded, 0, size); diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c index 668801cfacb..1ed72801e1f 100644 --- a/usr.bin/ssh/sshconnect2.c +++ b/usr.bin/ssh/sshconnect2.c @@ -1028,8 +1028,7 @@ pubkey_prepare(Authctxt *authctxt) if (key && key->type == KEY_RSA1) continue; options.identity_keys[i] = NULL; - id = xmalloc(sizeof(*id)); - memset(id, 0, sizeof(*id)); + id = xcalloc(1, sizeof(*id)); id->key = key; id->filename = xstrdup(options.identity_files[i]); TAILQ_INSERT_TAIL(&files, id, next); @@ -1053,8 +1052,7 @@ pubkey_prepare(Authctxt *authctxt) } } if (!found && !options.identities_only) { - id = xmalloc(sizeof(*id)); - memset(id, 0, sizeof(*id)); + id = xcalloc(1, sizeof(*id)); id->key = key; id->filename = comment; id->ac = ac; @@ -1335,9 +1333,7 @@ userauth_hostbased(Authctxt *authctxt) return 0; } len = strlen(p) + 2; - chost = xmalloc(len); - strlcpy(chost, p, len); - strlcat(chost, ".", len); + xasprintf(&chost, "%s.", p); debug2("userauth_hostbased: chost %s", chost); xfree(p); diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c index 717539359a4..7d800f07796 100644 --- a/usr.bin/ssh/sshd.c +++ b/usr.bin/ssh/sshd.c @@ -868,7 +868,7 @@ main(int ac, char **av) { extern char *optarg; extern int optind; - int opt, j, i, fdsetsz, on = 1; + int opt, j, i, on = 1; int sock_in = -1, sock_out = -1, newsock = -1; pid_t pid; socklen_t fromlen; @@ -1052,7 +1052,7 @@ main(int ac, char **av) debug("sshd version %.100s", SSH_VERSION); /* load private host keys */ - sensitive_data.host_keys = xmalloc(options.num_host_key_files * + sensitive_data.host_keys = xcalloc(options.num_host_key_files, sizeof(Key *)); for (i = 0; i < options.num_host_key_files; i++) sensitive_data.host_keys[i] = NULL; @@ -1137,7 +1137,7 @@ main(int ac, char **av) exit(0); if (rexec_flag) { - rexec_argv = xmalloc(sizeof(char *) * (rexec_argc + 2)); + rexec_argv = xcalloc(rexec_argc + 2, sizeof(char *)); for (i = 0; i < rexec_argc; i++) { debug("rexec_argv[%d]='%s'", i, saved_argv[i]); rexec_argv[i] = saved_argv[i]; @@ -1315,7 +1315,7 @@ main(int ac, char **av) if (listen_socks[i] > maxfd) maxfd = listen_socks[i]; /* pipes connected to unauthenticated childs */ - startup_pipes = xmalloc(options.max_startups * sizeof(int)); + startup_pipes = xcalloc(options.max_startups, sizeof(int)); for (i = 0; i < options.max_startups; i++) startup_pipes[i] = -1; @@ -1328,9 +1328,8 @@ main(int ac, char **av) sighup_restart(); if (fdset != NULL) xfree(fdset); - fdsetsz = howmany(maxfd+1, NFDBITS) * sizeof(fd_mask); - fdset = (fd_set *)xmalloc(fdsetsz); - memset(fdset, 0, fdsetsz); + fdset = (fd_set *)xcalloc(howmany(maxfd + 1, NFDBITS), + sizeof(fd_mask)); for (i = 0; i < num_listen_socks; i++) FD_SET(listen_socks[i], fdset); @@ -1626,8 +1625,7 @@ main(int ac, char **av) packet_set_nonblocking(); /* allocate authentication context */ - authctxt = xmalloc(sizeof(*authctxt)); - memset(authctxt, 0, sizeof(*authctxt)); + authctxt = xcalloc(1, sizeof(*authctxt)); /* XXX global for cleanup, access from other modules */ the_authctxt = authctxt; diff --git a/usr.bin/ssh/uuencode.c b/usr.bin/ssh/uuencode.c index c24cb27a43e..2b38b840531 100644 --- a/usr.bin/ssh/uuencode.c +++ b/usr.bin/ssh/uuencode.c @@ -59,9 +59,14 @@ uudecode(const char *src, u_char *target, size_t targsize) void dump_base64(FILE *fp, u_char *data, u_int len) { - char *buf = xmalloc(2*len); + char *buf;; int i, n; + if (len > 65536) { + fprintf(fp, "dump_base64: len > 65536\n"); + return; + } + buf = xmalloc(2*len); n = uuencode(data, len, buf, 2*len); for (i = 0; i < n; i++) { fprintf(fp, "%c", buf[i]); diff --git a/usr.bin/ssh/xmalloc.c b/usr.bin/ssh/xmalloc.c index 64e439853e0..6d56781d921 100644 --- a/usr.bin/ssh/xmalloc.c +++ b/usr.bin/ssh/xmalloc.c @@ -31,6 +31,22 @@ xmalloc(size_t size) } void * +xcalloc(size_t nmemb, size_t size) +{ + void *ptr; + + if (nmemb && size && SIZE_T_MAX / nmemb < size) + fatal("xcalloc: nmemb * size > SIZE_T_MAX"); + if (size == 0 || nmemb == 0) + fatal("xcalloc: zero size"); + ptr = calloc(nmemb, size); + if (ptr == NULL) + fatal("xcalloc: out of memory (allocating %lu bytes)", + (u_long)(size * nmemb)); + return ptr; +} + +void * xrealloc(void *ptr, size_t new_size) { void *new_ptr; @@ -65,3 +81,19 @@ xstrdup(const char *str) strlcpy(cp, str, len); return cp; } + +int +xasprintf(char **ret, const char *fmt, ...) +{ + va_list ap; + int i; + + va_start(ap, fmt); + i = vasprintf(ret, fmt, ap); + va_end(ap); + + if (i < 0 || *ret == NULL) + fatal("xasprintf: could not allocate memory"); + + return (i); +} diff --git a/usr.bin/ssh/xmalloc.h b/usr.bin/ssh/xmalloc.h index 7ac4b13d64c..b6d521a66db 100644 --- a/usr.bin/ssh/xmalloc.h +++ b/usr.bin/ssh/xmalloc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: xmalloc.h,v 1.9 2002/06/19 00:27:55 deraadt Exp $ */ +/* $OpenBSD: xmalloc.h,v 1.10 2006/03/25 00:05:41 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -20,8 +20,12 @@ #define XMALLOC_H void *xmalloc(size_t); +void *xcalloc(size_t, size_t); void *xrealloc(void *, size_t); void xfree(void *); char *xstrdup(const char *); +int xasprintf(char **, const char *, ...) + __attribute__((__format__ (printf, 2, 3))) + __attribute__((__nonnull__ (2))); #endif /* XMALLOC_H */ |