diff options
author | Markus Friedl <markus@cvs.openbsd.org> | 2003-09-18 08:49:46 +0000 |
---|---|---|
committer | Markus Friedl <markus@cvs.openbsd.org> | 2003-09-18 08:49:46 +0000 |
commit | 542416f990be470d79311bc4cf1bc8477edd9396 (patch) | |
tree | 43af1afb8ba6f585fd1e0ee137afb666822d28cc /usr.bin/ssh | |
parent | 5812a5bf57ae0811c582a45039f9ff7cacb8cec2 (diff) |
more buffer allocation fixes; from Solar Designer; CAN-2003-0682; ok millert@
Diffstat (limited to 'usr.bin/ssh')
-rw-r--r-- | usr.bin/ssh/Makefile.inc | 4 | ||||
-rw-r--r-- | usr.bin/ssh/deattack.c | 6 | ||||
-rw-r--r-- | usr.bin/ssh/misc.c | 13 | ||||
-rw-r--r-- | usr.bin/ssh/session.c | 18 | ||||
-rw-r--r-- | usr.bin/ssh/ssh-agent.c | 17 |
5 files changed, 33 insertions, 25 deletions
diff --git a/usr.bin/ssh/Makefile.inc b/usr.bin/ssh/Makefile.inc index 764b0617e83..1b8106733c0 100644 --- a/usr.bin/ssh/Makefile.inc +++ b/usr.bin/ssh/Makefile.inc @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.inc,v 1.24 2003/05/14 18:16:20 jakob Exp $ +# $OpenBSD: Makefile.inc,v 1.25 2003/09/18 08:49:45 markus Exp $ CFLAGS+= -I${.CURDIR}/.. @@ -9,6 +9,8 @@ CDIAGFLAGS+= -Wno-uninitialized #CDIAGFLAGS+= -Wstrict-prototypes CDIAGFLAGS+= -Wmissing-prototypes CDIAGFLAGS+= -Wunused +#CDIAGFLAGS+= -Wsign-compare +#CDIAGFLAGS+= -Wbounded #DEBUG=-g diff --git a/usr.bin/ssh/deattack.c b/usr.bin/ssh/deattack.c index 0442501e7a1..8b55d668681 100644 --- a/usr.bin/ssh/deattack.c +++ b/usr.bin/ssh/deattack.c @@ -18,7 +18,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: deattack.c,v 1.18 2002/03/04 17:27:39 stevesk Exp $"); +RCSID("$OpenBSD: deattack.c,v 1.19 2003/09/18 08:49:45 markus Exp $"); #include "deattack.h" #include "log.h" @@ -100,12 +100,12 @@ detect_attack(u_char *buf, u_int32_t len, u_char *IV) if (h == NULL) { debug("Installing crc compensation attack detector."); + h = (u_int16_t *) xmalloc(l * HASH_ENTRYSIZE); n = l; - h = (u_int16_t *) xmalloc(n * HASH_ENTRYSIZE); } else { if (l > n) { + h = (u_int16_t *) xrealloc(h, l * HASH_ENTRYSIZE); n = l; - h = (u_int16_t *) xrealloc(h, n * HASH_ENTRYSIZE); } } diff --git a/usr.bin/ssh/misc.c b/usr.bin/ssh/misc.c index b3ceb056385..3a075af0b2b 100644 --- a/usr.bin/ssh/misc.c +++ b/usr.bin/ssh/misc.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: misc.c,v 1.21 2003/04/12 10:15:36 markus Exp $"); +RCSID("$OpenBSD: misc.c,v 1.22 2003/09/18 08:49:45 markus Exp $"); #include "misc.h" #include "log.h" @@ -302,18 +302,21 @@ addargs(arglist *args, char *fmt, ...) { va_list ap; char buf[1024]; + int nalloc; va_start(ap, fmt); vsnprintf(buf, sizeof(buf), fmt, ap); va_end(ap); + nalloc = args->nalloc; if (args->list == NULL) { - args->nalloc = 32; + nalloc = 32; args->num = 0; - } else if (args->num+2 >= args->nalloc) - args->nalloc *= 2; + } else if (args->num+2 >= nalloc) + nalloc *= 2; - args->list = xrealloc(args->list, args->nalloc * sizeof(char *)); + args->list = xrealloc(args->list, nalloc * sizeof(char *)); + args->nalloc = nalloc; args->list[args->num++] = xstrdup(buf); args->list[args->num] = NULL; } diff --git a/usr.bin/ssh/session.c b/usr.bin/ssh/session.c index b5be7d1aef0..0b4592a1378 100644 --- a/usr.bin/ssh/session.c +++ b/usr.bin/ssh/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.163 2003/08/31 13:29:05 markus Exp $"); +RCSID("$OpenBSD: session.c,v 1.164 2003/09/18 08:49:45 markus Exp $"); #include "ssh.h" #include "ssh1.h" @@ -695,8 +695,9 @@ void child_set_env(char ***envp, u_int *envsizep, const char *name, const char *value) { - u_int i, namelen; char **env; + u_int envsize; + u_int i, namelen; /* * Find the slot where the value should be stored. If the variable @@ -713,12 +714,13 @@ child_set_env(char ***envp, u_int *envsizep, const char *name, xfree(env[i]); } else { /* New variable. Expand if necessary. */ - if (i >= (*envsizep) - 1) { - if (*envsizep >= 1000) - fatal("child_set_env: too many env vars," - " skipping: %.100s", name); - (*envsizep) += 50; - env = (*envp) = xrealloc(env, (*envsizep) * sizeof(char *)); + envsize = *envsizep; + if (i >= envsize - 1) { + if (envsize >= 1000) + fatal("child_set_env: too many env vars"); + envsize += 50; + env = (*envp) = xrealloc(env, envsize * sizeof(char *)); + *envsizep = envsize; } /* Need to set the NULL pointer at end of array beyond the new slot. */ env[i + 1] = NULL; diff --git a/usr.bin/ssh/ssh-agent.c b/usr.bin/ssh/ssh-agent.c index 1a703c847b2..344dcd0deea 100644 --- a/usr.bin/ssh/ssh-agent.c +++ b/usr.bin/ssh/ssh-agent.c @@ -35,7 +35,7 @@ #include "includes.h" #include <sys/queue.h> -RCSID("$OpenBSD: ssh-agent.c,v 1.111 2003/06/12 19:12:03 markus Exp $"); +RCSID("$OpenBSD: ssh-agent.c,v 1.112 2003/09/18 08:49:45 markus Exp $"); #include <openssl/evp.h> #include <openssl/md5.h> @@ -780,7 +780,7 @@ process_message(SocketEntry *e) static void new_socket(sock_type type, int fd) { - u_int i, old_alloc; + u_int i, old_alloc, new_alloc; if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0) error("fcntl O_NONBLOCK: %s", strerror(errno)); @@ -791,25 +791,26 @@ new_socket(sock_type type, int fd) for (i = 0; i < sockets_alloc; i++) if (sockets[i].type == AUTH_UNUSED) { sockets[i].fd = fd; - sockets[i].type = type; buffer_init(&sockets[i].input); buffer_init(&sockets[i].output); buffer_init(&sockets[i].request); + sockets[i].type = type; return; } old_alloc = sockets_alloc; - sockets_alloc += 10; + new_alloc = sockets_alloc + 10; if (sockets) - sockets = xrealloc(sockets, sockets_alloc * sizeof(sockets[0])); + sockets = xrealloc(sockets, new_alloc * sizeof(sockets[0])); else - sockets = xmalloc(sockets_alloc * sizeof(sockets[0])); - for (i = old_alloc; i < sockets_alloc; i++) + sockets = xmalloc(new_alloc * sizeof(sockets[0])); + for (i = old_alloc; i < new_alloc; i++) sockets[i].type = AUTH_UNUSED; - sockets[old_alloc].type = type; + sockets_alloc = new_alloc; sockets[old_alloc].fd = fd; buffer_init(&sockets[old_alloc].input); buffer_init(&sockets[old_alloc].output); buffer_init(&sockets[old_alloc].request); + sockets[old_alloc].type = type; } static int |