diff options
Diffstat (limited to 'usr.bin')
-rw-r--r-- | usr.bin/ssh/ssh-agent.c | 73 | ||||
-rw-r--r-- | usr.bin/ssh/sshd.c | 24 |
2 files changed, 53 insertions, 44 deletions
diff --git a/usr.bin/ssh/ssh-agent.c b/usr.bin/ssh/ssh-agent.c index 84f75fd8b94..bb46d3caaa0 100644 --- a/usr.bin/ssh/ssh-agent.c +++ b/usr.bin/ssh/ssh-agent.c @@ -35,7 +35,7 @@ #include "includes.h" #include <sys/queue.h> -RCSID("$OpenBSD: ssh-agent.c,v 1.95 2002/06/19 00:27:55 deraadt Exp $"); +RCSID("$OpenBSD: ssh-agent.c,v 1.96 2002/06/23 10:29:52 deraadt Exp $"); #include <openssl/evp.h> #include <openssl/md5.h> @@ -106,6 +106,7 @@ static void idtab_init(void) { int i; + for (i = 0; i <=2; i++) { TAILQ_INIT(&idtable[i].idlist); idtable[i].nentries = 0; @@ -148,8 +149,8 @@ static void process_request_identities(SocketEntry *e, int version) { Idtab *tab = idtab_lookup(version); - Buffer msg; Identity *id; + Buffer msg; buffer_init(&msg); buffer_put_char(&msg, (version == 1) ? @@ -178,14 +179,14 @@ process_request_identities(SocketEntry *e, int version) static void process_authentication_challenge1(SocketEntry *e) { - Identity *id; - Key *key; + u_char buf[32], mdbuf[16], session_id[16]; + u_int response_type; BIGNUM *challenge; + Identity *id; int i, len; Buffer msg; MD5_CTX md; - u_char buf[32], mdbuf[16], session_id[16]; - u_int response_type; + Key *key; buffer_init(&msg); key = key_new(KEY_RSA1); @@ -247,13 +248,12 @@ send: static void process_sign_request2(SocketEntry *e) { - extern int datafellows; - Key *key; u_char *blob, *data, *signature = NULL; u_int blen, dlen, slen = 0; - int flags; + extern int datafellows; + int ok = -1, flags; Buffer msg; - int ok = -1; + Key *key; datafellows = 0; @@ -292,11 +292,10 @@ process_sign_request2(SocketEntry *e) static void process_remove_identity(SocketEntry *e, int version) { + u_int blen, bits; + int success = 0; Key *key = NULL; u_char *blob; - u_int blen; - u_int bits; - int success = 0; switch (version) { case 1: @@ -306,7 +305,7 @@ process_remove_identity(SocketEntry *e, int version) buffer_get_bignum(&e->request, key->rsa->n); if (bits != key_size(key)) - log("Warning: identity keysize mismatch: actual %d, announced %d", + log("Warning: identity keysize mismatch: actual %u, announced %u", key_size(key), bits); break; case 2: @@ -366,10 +365,10 @@ process_remove_all_identities(SocketEntry *e, int version) static void reaper(void) { - Idtab *tab; + u_int now = time(NULL); Identity *id, *nxt; int version; - u_int now = time(NULL); + Idtab *tab; for (version = 1; version < 3; version++) { tab = idtab_lookup(version); @@ -387,11 +386,10 @@ reaper(void) static void process_add_identity(SocketEntry *e, int version) { - Key *k = NULL; - char *type_name; - char *comment; - int type, success = 0, death = 0; Idtab *tab = idtab_lookup(version); + int type, success = 0, death = 0; + char *type_name, *comment; + Key *k = NULL; switch (version) { case 1: @@ -477,8 +475,8 @@ send: static void process_lock_agent(SocketEntry *e, int lock) { - char *passwd; int success = 0; + char *passwd; passwd = buffer_get_string(&e->request, NULL); if (locked && !lock && strcmp(passwd, lock_passwd) == 0) { @@ -519,11 +517,11 @@ no_identities(SocketEntry *e, u_int type) static void process_add_smartcard_key (SocketEntry *e) { - Identity *id; - Idtab *tab; - Key **keys, *k; char *sc_reader_id = NULL, *pin; int i, version, success = 0; + Key **keys, *k; + Identity *id; + Idtab *tab; sc_reader_id = buffer_get_string(&e->request, NULL); pin = buffer_get_string(&e->request, NULL); @@ -562,11 +560,11 @@ send: static void process_remove_smartcard_key(SocketEntry *e) { - Identity *id; - Idtab *tab; - Key **keys, *k = NULL; char *sc_reader_id = NULL, *pin; int i, version, success = 0; + Key **keys, *k = NULL; + Identity *id; + Idtab *tab; sc_reader_id = buffer_get_string(&e->request, NULL); pin = buffer_get_string(&e->request, NULL); @@ -604,8 +602,7 @@ send: static void process_message(SocketEntry *e) { - u_int msg_len; - u_int type; + u_int msg_len, type; u_char *cp; /* kill dead keys */ @@ -618,6 +615,7 @@ process_message(SocketEntry *e) if (msg_len > 256 * 1024) { shutdown(e->fd, SHUT_RDWR); close(e->fd); + e->fd = -1; e->type = AUTH_UNUSED; buffer_free(&e->input); buffer_free(&e->output); @@ -713,6 +711,7 @@ static void new_socket(sock_type type, int fd) { u_int i, old_alloc; + if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0) error("fcntl O_NONBLOCK: %s", strerror(errno)); @@ -797,11 +796,11 @@ prepare_select(fd_set **fdrp, fd_set **fdwp, int *fdl, int *nallocp) static void after_select(fd_set *readset, fd_set *writeset) { - u_int i; - int len, sock; + struct sockaddr_un sunaddr; socklen_t slen; char buf[1024]; - struct sockaddr_un sunaddr; + int len, sock; + u_int i; for (i = 0; i < sockets_alloc; i++) switch (sockets[i].type) { @@ -835,6 +834,7 @@ after_select(fd_set *readset, fd_set *writeset) if (len <= 0) { shutdown(sockets[i].fd, SHUT_RDWR); close(sockets[i].fd); + sockets[i].fd = -1; sockets[i].type = AUTH_UNUSED; buffer_free(&sockets[i].input); buffer_free(&sockets[i].output); @@ -854,6 +854,7 @@ after_select(fd_set *readset, fd_set *writeset) if (len <= 0) { shutdown(sockets[i].fd, SHUT_RDWR); close(sockets[i].fd); + sockets[i].fd = -1; sockets[i].type = AUTH_UNUSED; buffer_free(&sockets[i].input); buffer_free(&sockets[i].output); @@ -924,13 +925,13 @@ int main(int ac, char **av) { int sock, c_flag = 0, d_flag = 0, k_flag = 0, s_flag = 0, ch, nalloc; + char *shell, *format, *pidstr, *agentsocket = NULL; + fd_set *readsetp = NULL, *writesetp = NULL; struct sockaddr_un sunaddr; struct rlimit rlim; - pid_t pid; - char *shell, *format, *pidstr, pidstrbuf[1 + 3 * sizeof pid]; - char *agentsocket = NULL; extern int optind; - fd_set *readsetp = NULL, *writesetp = NULL; + pid_t pid; + char pidstrbuf[1 + 3 * sizeof pid]; SSLeay_add_all_algorithms(); diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c index 505d834cd8e..a458e324dfd 100644 --- a/usr.bin/ssh/sshd.c +++ b/usr.bin/ssh/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.249 2002/06/23 03:30:17 deraadt Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.250 2002/06/23 10:29:52 deraadt Exp $"); #include <openssl/dh.h> #include <openssl/bn.h> @@ -206,6 +206,7 @@ static void close_listen_socks(void) { int i; + for (i = 0; i < num_listen_socks; i++) close(listen_socks[i]); num_listen_socks = -1; @@ -215,6 +216,7 @@ static void close_startup_pipes(void) { int i; + if (startup_pipes) for (i = 0; i < options.max_startups; i++) if (startup_pipes[i] != -1) @@ -247,7 +249,8 @@ sighup_restart(void) close_listen_socks(); close_startup_pipes(); execv(saved_argv[0], saved_argv); - log("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0], strerror(errno)); + log("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0], + strerror(errno)); exit(1); } @@ -267,8 +270,8 @@ sigterm_handler(int sig) static void main_sigchld_handler(int sig) { - pid_t pid; int save_errno = errno; + pid_t pid; int status; while ((pid = waitpid(-1, &status, WNOHANG)) > 0 || @@ -328,6 +331,7 @@ static void key_regeneration_alarm(int sig) { int save_errno = errno; + signal(SIGALRM, SIG_DFL); errno = save_errno; key_do_regen = 1; @@ -513,8 +517,8 @@ static void privsep_preauth_child(void) { u_int32_t rand[256]; - int i; struct passwd *pw; + int i; /* Enable challenge-response authentication for privilege separation */ privsep_challenge_enable(); @@ -670,6 +674,7 @@ Key * get_hostkey_by_type(int type) { int i; + for (i = 0; i < options.num_host_key_files; i++) { Key *key = sensitive_data.host_keys[i]; if (key != NULL && key->type == type) @@ -690,6 +695,7 @@ int get_hostkey_index(Key *key) { int i; + for (i = 0; i < options.num_host_key_files; i++) { if (key == sensitive_data.host_keys[i]) return (i); @@ -962,11 +968,13 @@ main(int ac, char **av) * hate software patents. I dont know if this can go? Niels */ if (options.server_key_bits > - BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) - SSH_KEY_BITS_RESERVED && - options.server_key_bits < - BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) + SSH_KEY_BITS_RESERVED) { + BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) - + SSH_KEY_BITS_RESERVED && options.server_key_bits < + BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) + + SSH_KEY_BITS_RESERVED) { options.server_key_bits = - BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) + SSH_KEY_BITS_RESERVED; + BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) + + SSH_KEY_BITS_RESERVED; debug("Forcing server key to %d bits to make it differ from host key.", options.server_key_bits); } |