From c22e01cd33fdcfb6cf0177c833600fe3b3e2234b Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 11 Feb 2015 01:20:39 +0000 Subject: Some packet error messages show the address of the peer, but might be generated after the socket to the peer has suffered a TCP reset. In these cases, getpeername() won't work so cache the address earlier. spotted in the wild via deraadt@ and tedu@ --- usr.bin/ssh/packet.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) (limited to 'usr.bin/ssh') diff --git a/usr.bin/ssh/packet.c b/usr.bin/ssh/packet.c index e0100e9aedd..3e38e889e5b 100644 --- a/usr.bin/ssh/packet.c +++ b/usr.bin/ssh/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.206 2015/02/09 23:22:37 jsg Exp $ */ +/* $OpenBSD: packet.c,v 1.207 2015/02/11 01:20:38 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -284,11 +284,15 @@ ssh_packet_set_connection(struct ssh *ssh, int fd_in, int fd_out) (r = cipher_init(&state->receive_context, none, (const u_char *)"", 0, NULL, 0, CIPHER_DECRYPT)) != 0) { error("%s: cipher_init failed: %s", __func__, ssh_err(r)); - free(ssh); return NULL; } state->newkeys[MODE_IN] = state->newkeys[MODE_OUT] = NULL; deattack_init(&state->deattack); + /* + * Cache the IP address of the remote connection for use in error + * messages that might be generated after the connection has closed. + */ + (void)ssh_remote_ipaddr(ssh); return ssh; } @@ -1263,10 +1267,8 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) * Since we are blocking, ensure that all written packets have * been sent. */ - if ((r = ssh_packet_write_wait(ssh)) != 0) { - free(setp); + if ((r = ssh_packet_write_wait(ssh)) != 0) return r; - } /* Stay in the loop until we have received a complete packet. */ for (;;) { -- cgit v1.2.3