diff options
-rw-r--r-- | Makefile.in | 2 | ||||
-rw-r--r-- | agentfwd.h | 6 | ||||
-rw-r--r-- | algo.h | 6 | ||||
-rw-r--r-- | auth.h | 6 | ||||
-rw-r--r-- | bignum.h | 6 | ||||
-rw-r--r-- | buffer.c | 6 | ||||
-rw-r--r-- | buffer.h | 6 | ||||
-rw-r--r-- | channel.h | 8 | ||||
-rw-r--r-- | chansession.h | 6 | ||||
-rw-r--r-- | circbuffer.h | 4 | ||||
-rw-r--r-- | cli-session.c | 4 | ||||
-rw-r--r-- | common-algo.c | 4 | ||||
-rw-r--r-- | common-channel.c | 16 | ||||
-rw-r--r-- | common-session.c | 60 | ||||
-rw-r--r-- | compat.h | 10 | ||||
-rw-r--r-- | crypto_desc.h | 6 | ||||
-rw-r--r-- | curve25519-donna.c | 10 | ||||
-rw-r--r-- | dbrandom.h | 6 | ||||
-rw-r--r-- | dbutil.c | 2 | ||||
-rw-r--r-- | dbutil.h | 7 | ||||
-rw-r--r-- | debug.h | 4 | ||||
-rw-r--r-- | dss.h | 6 | ||||
-rw-r--r-- | ecc.h | 6 | ||||
-rw-r--r-- | ecdsa.h | 6 | ||||
-rw-r--r-- | fake-rfc2553.h | 4 | ||||
-rw-r--r-- | gendss.h | 6 | ||||
-rw-r--r-- | genrsa.h | 6 | ||||
-rw-r--r-- | gensignkey.h | 4 | ||||
-rw-r--r-- | includes.h | 6 | ||||
-rw-r--r-- | kex.h | 6 | ||||
-rw-r--r-- | keyimport.c | 13 | ||||
-rw-r--r-- | keyimport.h | 6 | ||||
-rw-r--r-- | libtomcrypt/src/headers/tomcrypt_argchk.h | 10 | ||||
-rw-r--r-- | list.h | 6 | ||||
-rw-r--r-- | listener.c | 9 | ||||
-rw-r--r-- | listener.h | 8 | ||||
-rw-r--r-- | loginrec.h | 6 | ||||
-rw-r--r-- | ltc_prng.h | 6 | ||||
-rw-r--r-- | options.h | 8 | ||||
-rw-r--r-- | packet.h | 6 | ||||
-rw-r--r-- | queue.h | 4 | ||||
-rw-r--r-- | rsa.h | 6 | ||||
-rw-r--r-- | runopts.h | 6 | ||||
-rw-r--r-- | scp.c | 2 | ||||
-rw-r--r-- | service.h | 6 | ||||
-rw-r--r-- | session.h | 12 | ||||
-rw-r--r-- | signkey.h | 6 | ||||
-rw-r--r-- | svr-agentfwd.c | 2 | ||||
-rw-r--r-- | svr-chansession.c | 2 | ||||
-rw-r--r-- | svr-session.c | 18 | ||||
-rw-r--r-- | svr-x11fwd.c | 2 | ||||
-rw-r--r-- | sysoptions.h | 3 | ||||
-rw-r--r-- | tcpfwd.h | 4 | ||||
-rw-r--r-- | termcodes.h | 6 | ||||
-rw-r--r-- | x11fwd.h | 6 |
55 files changed, 232 insertions, 166 deletions
diff --git a/Makefile.in b/Makefile.in index 452ef8d..b2e7a27 100644 --- a/Makefile.in +++ b/Makefile.in @@ -140,7 +140,7 @@ insmulti%: dropbearmulti $(INSTALL) -d $(DESTDIR)$(mandir)/man1 if test -e $*.1; then $(INSTALL) -m 644 $*.1 $(DESTDIR)$(mandir)/man1/$*.1; fi -# dropbear should go in sbin, so it needs a seperate rule +# dropbear should go in sbin, so it needs a separate rule inst_dropbear: dropbear $(INSTALL) -d $(DESTDIR)$(sbindir) $(INSTALL) dropbear$(EXEEXT) $(DESTDIR)$(sbindir) @@ -21,8 +21,8 @@ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _AGENTFWD_H_ -#define _AGENTFWD_H_ +#ifndef DROPBEAR_AGENTFWD_H_ +#define DROPBEAR_AGENTFWD_H_ #include "includes.h" #include "chansession.h" @@ -60,4 +60,4 @@ void svr_agentset(struct ChanSess *chansess); #endif /* ENABLE_SVR_AGENTFWD */ -#endif /* _AGENTFWD_H_ */ +#endif /* DROPBEAR_AGENTFWD_H_ */ @@ -22,9 +22,9 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _ALGO_H_ +#ifndef DROPBEAR_ALGO_H_ -#define _ALGO_H_ +#define DROPBEAR_ALGO_H_ #include "includes.h" #include "buffer.h" @@ -134,4 +134,4 @@ enum { DROPBEAR_COMP_ZLIB_DELAY, }; -#endif /* _ALGO_H_ */ +#endif /* DROPBEAR_ALGO_H_ */ @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _AUTH_H_ -#define _AUTH_H_ +#ifndef DROPBEAR_AUTH_H_ +#define DROPBEAR_AUTH_H_ #include "includes.h" #include "signkey.h" @@ -137,4 +137,4 @@ struct PubKeyOptions { }; #endif -#endif /* _AUTH_H_ */ +#endif /* DROPBEAR_AUTH_H_ */ @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _BIGNUM_H_ -#define _BIGNUM_H_ +#ifndef DROPBEAR_BIGNUM_H_ +#define DROPBEAR_BIGNUM_H_ #include "includes.h" #include "dbutil.h" @@ -35,4 +35,4 @@ void bytes_to_mp(mp_int *mp, const unsigned char* bytes, unsigned int len); void hash_process_mp(const struct ltc_hash_descriptor *hash_desc, hash_state *hs, mp_int *mp); -#endif /* _BIGNUM_H_ */ +#endif /* DROPBEAR_BIGNUM_H_ */ @@ -99,7 +99,9 @@ buffer* buf_newcopy(buffer* buf) { ret = buf_new(buf->len); ret->len = buf->len; - memcpy(ret->data, buf->data, buf->len); + if (buf->len > 0) { + memcpy(ret->data, buf->data, buf->len); + } return ret; } @@ -127,7 +129,7 @@ void buf_setpos(buffer* buf, unsigned int pos) { buf->pos = pos; } -/* increment the postion by incr, increasing the buffer length if required */ +/* increment the position by incr, increasing the buffer length if required */ void buf_incrwritepos(buffer* buf, unsigned int incr) { if (incr > BUF_MAX_INCR || buf->pos + incr > buf->size) { dropbear_exit("Bad buf_incrwritepos"); @@ -22,9 +22,9 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _BUFFER_H_ +#ifndef DROPBEAR_BUFFER_H_ -#define _BUFFER_H_ +#define DROPBEAR_BUFFER_H_ #include "includes.h" @@ -65,4 +65,4 @@ void buf_putmpint(buffer* buf, mp_int * mp); int buf_getmpint(buffer* buf, mp_int* mp); unsigned int buf_getint(buffer* buf); -#endif /* _BUFFER_H_ */ +#endif /* DROPBEAR_BUFFER_H_ */ @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _CHANNEL_H_ -#define _CHANNEL_H_ +#ifndef DROPBEAR_CHANNEL_H_ +#define DROPBEAR_CHANNEL_H_ #include "includes.h" #include "buffer.h" @@ -93,7 +93,7 @@ struct Channel { struct ChanType { - int sepfds; /* Whether this channel has seperate pipes for in/out or not */ + int sepfds; /* Whether this channel has separate pipes for in/out or not */ char *name; int (*inithandler)(struct Channel*); int (*check_close)(struct Channel*); @@ -141,4 +141,4 @@ void send_msg_request_success(); void send_msg_request_failure(); -#endif /* _CHANNEL_H_ */ +#endif /* DROPBEAR_CHANNEL_H_ */ diff --git a/chansession.h b/chansession.h index 4078123..3dd58ac 100644 --- a/chansession.h +++ b/chansession.h @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _CHANSESSION_H_ -#define _CHANSESSION_H_ +#ifndef DROPBEAR_CHANSESSION_H_ +#define DROPBEAR_CHANSESSION_H_ #include "loginrec.h" #include "channel.h" @@ -103,4 +103,4 @@ struct SigMap { extern const struct SigMap signames[]; -#endif /* _CHANSESSION_H_ */ +#endif /* DROPBEAR_CHANSESSION_H_ */ diff --git a/circbuffer.h b/circbuffer.h index 21c5134..32ed13c 100644 --- a/circbuffer.h +++ b/circbuffer.h @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _CIRCBUFFER_H_ -#define _CIRCBUFFER_H_ +#ifndef DROPBEAR_CIRCBUFFER_H_ +#define DROPBEAR_CIRCBUFFER_H_ struct circbuf { unsigned int size; diff --git a/cli-session.c b/cli-session.c index 08f4ff5..815f5b6 100644 --- a/cli-session.c +++ b/cli-session.c @@ -39,10 +39,10 @@ #include "crypto_desc.h" #include "netio.h" -static void cli_remoteclosed(); +static void cli_remoteclosed() ATTRIB_NORETURN; static void cli_sessionloop(); static void cli_session_init(); -static void cli_finished(); +static void cli_finished() ATTRIB_NORETURN; static void recv_msg_service_accept(void); static void cli_session_cleanup(void); static void recv_msg_global_request_cli(void); diff --git a/common-algo.c b/common-algo.c index 9a3664b..a3e9d78 100644 --- a/common-algo.c +++ b/common-algo.c @@ -87,7 +87,7 @@ const struct dropbear_cipher dropbear_nocipher = #ifdef DROPBEAR_ENABLE_CBC_MODE const struct dropbear_cipher_mode dropbear_mode_cbc = {(void*)cbc_start, (void*)cbc_encrypt, (void*)cbc_decrypt}; -#endif // DROPBEAR_ENABLE_CBC_MODE +#endif /* DROPBEAR_ENABLE_CBC_MODE */ const struct dropbear_cipher_mode dropbear_mode_none = {void_start, void_cipher, void_cipher}; @@ -102,7 +102,7 @@ static int dropbear_big_endian_ctr_start(int cipher, } const struct dropbear_cipher_mode dropbear_mode_ctr = {(void*)dropbear_big_endian_ctr_start, (void*)ctr_encrypt, (void*)ctr_decrypt}; -#endif // DROPBEAR_ENABLE_CTR_MODE +#endif /* DROPBEAR_ENABLE_CTR_MODE */ /* Mapping of ssh hashes to libtomcrypt hashes, including keysize etc. {&hash_desc, keysize, hashsize} */ diff --git a/common-channel.c b/common-channel.c index 5e32cc3..3622729 100644 --- a/common-channel.c +++ b/common-channel.c @@ -395,7 +395,7 @@ void channel_connect_done(int result, int sock, void* user_data, const char* UNU /* Send the close message and set the channel as closed */ static void send_msg_channel_close(struct Channel *channel) { - TRACE(("enter send_msg_channel_close %p", channel)) + TRACE(("enter send_msg_channel_close %p", (void*)channel)) if (channel->type->closehandler && !channel->close_handler_done) { channel->type->closehandler(channel); @@ -578,11 +578,11 @@ static void remove_channel(struct Channel * channel) { /* close the FDs in case they haven't been done * yet (they might have been shutdown etc) */ TRACE(("CLOSE writefd %d", channel->writefd)) - close(channel->writefd); + m_close(channel->writefd); TRACE(("CLOSE readfd %d", channel->readfd)) - close(channel->readfd); + m_close(channel->readfd); TRACE(("CLOSE errfd %d", channel->errfd)) - close(channel->errfd); + m_close(channel->errfd); } if (!channel->close_handler_done @@ -612,7 +612,7 @@ void recv_msg_channel_request() { channel = getchannel(); - TRACE(("enter recv_msg_channel_request %p", channel)) + TRACE(("enter recv_msg_channel_request %p", (void*)channel)) if (channel->sent_close) { TRACE(("leave recv_msg_channel_request: already closed channel")) @@ -997,7 +997,7 @@ static void close_chan_fd(struct Channel *channel, int fd, int how) { } } else { TRACE(("CLOSE some fd %d", fd)) - close(fd); + m_close(fd); closein = closeout = 1; } @@ -1020,7 +1020,7 @@ static void close_chan_fd(struct Channel *channel, int fd, int how) { if (channel->type->sepfds && channel->readfd == FD_CLOSED && channel->writefd == FD_CLOSED && channel->errfd == FD_CLOSED) { TRACE(("CLOSE (finally) of %d", fd)) - close(fd); + m_close(fd); } } @@ -1137,10 +1137,10 @@ void send_msg_request_failure() { } struct Channel* get_any_ready_channel() { + size_t i; if (ses.chancount == 0) { return NULL; } - size_t i; for (i = 0; i < ses.chansize; i++) { struct Channel *chan = ses.channels[i]; if (chan diff --git a/common-session.c b/common-session.c index 46aef0d..19247a8 100644 --- a/common-session.c +++ b/common-session.c @@ -246,6 +246,15 @@ void session_loop(void(*loophandler)()) { /* Not reached */ } +static void cleanup_buf(buffer **buf) { + if (!*buf) { + return; + } + buf_burn(*buf); + buf_free(*buf); + *buf = NULL; +} + /* clean up a session on exit */ void session_cleanup() { @@ -257,24 +266,45 @@ void session_cleanup() { return; } + /* Beware of changing order of functions here. */ + + /* Must be before extra_session_cleanup() */ + chancleanup(); + if (ses.extra_session_cleanup) { ses.extra_session_cleanup(); } - chancleanup(); - - /* Cleaning up keys must happen after other cleanup - functions which might queue packets */ - if (ses.session_id) { - buf_burn(ses.session_id); - buf_free(ses.session_id); - ses.session_id = NULL; + /* After these are freed most functions will exit */ +#ifdef DROPBEAR_CLEANUP + /* listeners call cleanup functions, this should occur before + other session state is freed. */ + remove_all_listeners(); + + while (!isempty(&ses.writequeue)) { + buf_free(dequeue(&ses.writequeue)); } - if (ses.hash) { - buf_burn(ses.hash); - buf_free(ses.hash); - ses.hash = NULL; + + m_free(ses.remoteident); + m_free(ses.authstate.pw_dir); + m_free(ses.authstate.pw_name); + m_free(ses.authstate.pw_shell); + m_free(ses.authstate.pw_passwd); + m_free(ses.authstate.username); +#endif + + cleanup_buf(&ses.session_id); + cleanup_buf(&ses.hash); + cleanup_buf(&ses.payload); + cleanup_buf(&ses.readbuf); + cleanup_buf(&ses.writepayload); + cleanup_buf(&ses.kexhashbuf); + cleanup_buf(&ses.transkexinit); + if (ses.dh_K) { + mp_clear(ses.dh_K); } + m_free(ses.dh_K); + m_burn(ses.keys, sizeof(struct key_context)); m_free(ses.keys); @@ -405,16 +435,16 @@ static int ident_readln(int fd, char* buf, int count) { } void ignore_recv_response() { - // Do nothing + /* Do nothing */ TRACE(("Ignored msg_request_response")) } static void send_msg_keepalive() { - CHECKCLEARTOWRITE(); time_t old_time_idle = ses.last_packet_time_idle; - struct Channel *chan = get_any_ready_channel(); + CHECKCLEARTOWRITE(); + if (chan) { /* Channel requests are preferable, more implementations handle them than SSH_MSG_GLOBAL_REQUEST */ @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _COMPAT_H_ -#define _COMPAT_H_ +#ifndef DROPBEAR_COMPAT_H_ +#define DROPBEAR_COMPAT_H_ #include "includes.h" @@ -49,8 +49,8 @@ void setusershell(); void endusershell(); #endif -#ifndef _PATH_DEVNULL -#define _PATH_DEVNULL "/dev/null" +#ifndef DROPBEAR_PATH_DEVNULL +#define DROPBEAR_PATH_DEVNULL "/dev/null" #endif -#endif /* _COMPAT_H_ */ +#endif /* DROPBEAR_COMPAT_H_ */ diff --git a/crypto_desc.h b/crypto_desc.h index d05096b..54da734 100644 --- a/crypto_desc.h +++ b/crypto_desc.h @@ -1,9 +1,9 @@ -#ifndef _CRYPTO_DESC_H -#define _CRYPTO_DESC_H +#ifndef DROPBEAR_CRYPTO_DESC_H +#define DROPBEAR_CRYPTO_DESC_H void crypto_init(); extern int dropbear_ltc_prng; -#endif /* _CRYPTO_DESC_H */ +#endif /* DROPBEAR_CRYPTO_DESC_H */ diff --git a/curve25519-donna.c b/curve25519-donna.c index bb1262e..3309610 100644 --- a/curve25519-donna.c +++ b/curve25519-donna.c @@ -527,7 +527,7 @@ static void fmonty(limb *x2, limb *z2, /* output 2Q */ memcpy(origx, x, 10 * sizeof(limb)); fsum(x, z); - fdifference(z, origx); // does x - z + fdifference(z, origx); /* does x - z */ memcpy(origxprime, xprime, sizeof(limb) * 10); fsum(xprime, zprime); @@ -554,7 +554,7 @@ static void fmonty(limb *x2, limb *z2, /* output 2Q */ fproduct(x2, xx, zz); freduce_degree(x2); freduce_coefficients(x2); - fdifference(zz, xx); // does zz = xx - zz + fdifference(zz, xx); /* does zz = xx - zz */ memset(zzz + 10, 0, sizeof(limb) * 9); fscalar_product(zzz, zz, 121665); /* No need to call freduce_degree here: @@ -641,9 +641,9 @@ cmult(limb *resultx, limb *resultz, const u8 *n, const limb *q) { memcpy(resultz, nqz, sizeof(limb) * 10); } -// ----------------------------------------------------------------------------- -// Shamelessly copied from djb's code -// ----------------------------------------------------------------------------- +/* ----------------------------------------------------------------------------- + * Shamelessly copied from djb's code + * ----------------------------------------------------------------------------- */ static void crecip(limb *out, const limb *z) { limb z2[10]; @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _RANDOM_H_ -#define _RANDOM_H_ +#ifndef DROPBEAR_RANDOM_H_ +#define DROPBEAR_RANDOM_H_ #include "includes.h" @@ -32,4 +32,4 @@ void genrandom(unsigned char* buf, unsigned int len); void addrandom(char * buf, unsigned int len); void gen_random_mpint(mp_int *max, mp_int *rand); -#endif /* _RANDOM_H_ */ +#endif /* DROPBEAR_RANDOM_H_ */ @@ -504,12 +504,12 @@ out: /* make sure that the socket closes */ void m_close(int fd) { + int val; if (fd == -1) { return; } - int val; do { val = close(fd); } while (val < 0 && errno == EINTR); @@ -22,9 +22,9 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _DBUTIL_H_ +#ifndef DROPBEAR_DBUTIL_H_ -#define _DBUTIL_H_ +#define DROPBEAR_DBUTIL_H_ #include "includes.h" #include "buffer.h" @@ -99,5 +99,4 @@ time_t monotonic_now(); char * expand_tilde(const char *inpath); - -#endif /* _DBUTIL_H_ */ +#endif /* DROPBEAR_DBUTIL_H_ */ @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _DEBUG_H_ -#define _DEBUG_H_ +#ifndef DROPBEAR_DEBUG_H_ +#define DROPBEAR_DEBUG_H_ #include "includes.h" @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _DSS_H_ -#define _DSS_H_ +#ifndef DROPBEAR_DSS_H_ +#define DROPBEAR_DSS_H_ #include "includes.h" #include "buffer.h" @@ -53,4 +53,4 @@ void dss_key_free(dropbear_dss_key *key); #endif /* DROPBEAR_DSS */ -#endif /* _DSS_H_ */ +#endif /* DROPBEAR_DSS_H_ */ @@ -1,5 +1,5 @@ -#ifndef _DROPBEAR_ECC_H -#define _DROPBEAR_ECC_H +#ifndef DROPBEAR_DROPBEAR_ECC_H +#define DROPBEAR_DROPBEAR_ECC_H #include "includes.h" #include "options.h" @@ -33,4 +33,4 @@ mp_int * dropbear_ecc_shared_secret(ecc_key *pub_key, ecc_key *priv_key); #endif -#endif /* _DROPBEAR_ECC_H */ +#endif /* DROPBEAR_DROPBEAR_ECC_H */ @@ -1,5 +1,5 @@ -#ifndef _ECDSA_H_ -#define _ECDSA_H_ +#ifndef DROPBEAR_ECDSA_H_ +#define DROPBEAR_ECDSA_H_ #include "includes.h" #include "buffer.h" @@ -32,4 +32,4 @@ int signkey_is_ecdsa(enum signkey_type type); #endif -#endif /* _ECDSA_H_ */ +#endif /* DROPBEAR_ECDSA_H_ */ diff --git a/fake-rfc2553.h b/fake-rfc2553.h index 876fa14..c64136c 100644 --- a/fake-rfc2553.h +++ b/fake-rfc2553.h @@ -39,8 +39,8 @@ * that ai_family is AF_INET. Don't use it for another purpose. */ -#ifndef _FAKE_RFC2553_H -#define _FAKE_RFC2553_H +#ifndef DROPBEAR_FAKE_RFC2553_H +#define DROPBEAR_FAKE_RFC2553_H #include "includes.h" #include <sys/types.h> @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _GENDSS_H_ -#define _GENDSS_H_ +#ifndef DROPBEAR_GENDSS_H_ +#define DROPBEAR_GENDSS_H_ #include "dss.h" @@ -33,4 +33,4 @@ dropbear_dss_key * gen_dss_priv_key(unsigned int size); #endif /* DROPBEAR_DSS */ -#endif /* _GENDSS_H_ */ +#endif /* DROPBEAR_GENDSS_H_ */ @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _GENRSA_H_ -#define _GENRSA_H_ +#ifndef DROPBEAR_GENRSA_H_ +#define DROPBEAR_GENRSA_H_ #include "rsa.h" @@ -33,4 +33,4 @@ dropbear_rsa_key * gen_rsa_priv_key(unsigned int size); #endif /* DROPBEAR_RSA */ -#endif /* _GENRSA_H_ */ +#endif /* DROPBEAR_GENRSA_H_ */ diff --git a/gensignkey.h b/gensignkey.h index b463a42..508eca0 100644 --- a/gensignkey.h +++ b/gensignkey.h @@ -1,5 +1,5 @@ -#ifndef _GENSIGNKEY_H -#define _GENSIGNKEY_H +#ifndef DROPBEAR_GENSIGNKEY_H +#define DROPBEAR_GENSIGNKEY_H #include "signkey.h" @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _INCLUDES_H_ -#define _INCLUDES_H_ +#ifndef DROPBEAR_INCLUDES_H_ +#define DROPBEAR_INCLUDES_H_ #include "config.h" @@ -177,4 +177,4 @@ typedef u_int32_t uint32_t; # define UNUSED(x) x #endif -#endif /* _INCLUDES_H_ */ +#endif /* DROPBEAR_INCLUDES_H_ */ @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _KEX_H_ -#define _KEX_H_ +#ifndef DROPBEAR_KEX_H_ +#define DROPBEAR_KEX_H_ #include "includes.h" #include "algo.h" @@ -113,4 +113,4 @@ int curve25519_donna(unsigned char *out, const unsigned char *secret, const unsi #define MAX_KEXHASHBUF 2000 -#endif /* _KEX_H_ */ +#endif /* DROPBEAR_KEX_H_ */ diff --git a/keyimport.c b/keyimport.c index 6f2634f..8a0d525 100644 --- a/keyimport.c +++ b/keyimport.c @@ -464,17 +464,16 @@ static struct openssh_key *load_openssh_key(const char *filename) goto error; } - memset(buffer, 0, sizeof(buffer)); + m_burn(buffer, sizeof(buffer)); return ret; error: - memset(buffer, 0, sizeof(buffer)); + m_burn(buffer, sizeof(buffer)); if (ret) { if (ret->keyblob) { - memset(ret->keyblob, 0, ret->keyblob_size); + m_burn(ret->keyblob, ret->keyblob_size); m_free(ret->keyblob); } - memset(&ret, 0, sizeof(ret)); m_free(ret); } if (fp) { @@ -494,9 +493,8 @@ static int openssh_encrypted(const char *filename) if (!key) return 0; ret = key->encrypted; - memset(key->keyblob, 0, key->keyblob_size); + m_burn(key->keyblob, key->keyblob_size); m_free(key->keyblob); - memset(&key, 0, sizeof(key)); m_free(key); return ret; } @@ -1046,6 +1044,7 @@ static int openssh_write(const char *filename, sign_key *key, const void* curve_oid = NULL; unsigned long pubkey_size = 2*curve_size+1; unsigned int k_size; + int err = 0; /* version. less than 10 bytes */ buf_incrwritepos(seq_buf, @@ -1091,7 +1090,7 @@ static int openssh_write(const char *filename, sign_key *key, buf_incrwritepos(seq_buf, ber_write_id_len(buf_getwriteptr(seq_buf, 10), 3, 1+pubkey_size, 0)); buf_putbyte(seq_buf, 0); - int err = ecc_ansi_x963_export(*eck, buf_getwriteptr(seq_buf, pubkey_size), &pubkey_size); + err = ecc_ansi_x963_export(*eck, buf_getwriteptr(seq_buf, pubkey_size), &pubkey_size); if (err != CRYPT_OK) { dropbear_exit("ECC error"); } diff --git a/keyimport.h b/keyimport.h index 19f212f..af9a300 100644 --- a/keyimport.h +++ b/keyimport.h @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _KEYIMPORT_H_ -#define _KEYIMPORT_H_ +#ifndef DROPBEAR_KEYIMPORT_H_ +#define DROPBEAR_KEYIMPORT_H_ #include "includes.h" #include "signkey.h" @@ -39,4 +39,4 @@ int import_write(const char *filename, sign_key *key, char *passphrase, sign_key *import_read(const char *filename, char *passphrase, int filetype); int import_encrypted(const char* filename, int filetype); -#endif /* _KEYIMPORT_H_ */ +#endif /* DROPBEAR_KEYIMPORT_H_ */ diff --git a/libtomcrypt/src/headers/tomcrypt_argchk.h b/libtomcrypt/src/headers/tomcrypt_argchk.h index cfc93ad..38e1bdd 100644 --- a/libtomcrypt/src/headers/tomcrypt_argchk.h +++ b/libtomcrypt/src/headers/tomcrypt_argchk.h @@ -4,8 +4,16 @@ #include <signal.h> +/* portability macros for compiler-specific code attributes */ +#ifdef __GNUC__ +#define ATTRIB_NORETURN __attribute__((noreturn)) +#else +#define ATTRIB_NORETURN +#endif + + /* this is the default LibTomCrypt macro */ -void crypt_argchk(char *v, char *s, int d); +void crypt_argchk(char *v, char *s, int d) ATTRIB_NORETURN; #define LTC_ARGCHK(x) if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } #define LTC_ARGCHKVD(x) LTC_ARGCHK(x) @@ -1,5 +1,5 @@ -#ifndef _DROPBEAR_LIST_H -#define _DROPBEAR_LIST_H +#ifndef DROPBEAR_DROPBEAR_LIST_H +#define DROPBEAR_DROPBEAR_LIST_H struct _m_list; @@ -25,4 +25,4 @@ void list_append(m_list *list, void *item); void * list_remove(m_list_elem *elem); -#endif /* _DROPBEAR_LIST_H */ +#endif /* DROPBEAR_DROPBEAR_LIST_H */ @@ -161,5 +161,14 @@ void remove_listener(struct Listener* listener) { } ses.listeners[listener->index] = NULL; m_free(listener); +} +void remove_all_listeners(void) { + unsigned int i; + for (i = 0; i < ses.listensize; i++) { + if (ses.listeners[i]) { + remove_listener(ses.listeners[i]); + } + } + m_free(ses.listeners); } @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _LISTENER_H -#define _LISTENER_H +#ifndef DROPBEAR_LISTENER_H +#define DROPBEAR_LISTENER_H #define MAX_LISTENERS 20 #define LISTENER_EXTEND_SIZE 1 @@ -60,4 +60,6 @@ struct Listener * get_listener(int type, void* typedata, void remove_listener(struct Listener* listener); -#endif /* _LISTENER_H */ +void remove_all_listeners(void); + +#endif /* DROPBEAR_LISTENER_H */ @@ -1,5 +1,5 @@ -#ifndef _HAVE_LOGINREC_H_ -#define _HAVE_LOGINREC_H_ +#ifndef DROPBEAR_HAVE_LOGINREC_H_ +#define DROPBEAR_HAVE_LOGINREC_H_ /* * Copyright (c) 2000 Andre Lucas. All rights reserved. @@ -182,4 +182,4 @@ char *line_fullname(char *dst, const char *src, size_t dstsize); char *line_stripname(char *dst, const char *src, size_t dstsize); char *line_abbrevname(char *dst, const char *src, size_t dstsize); -#endif /* _HAVE_LOGINREC_H_ */ +#endif /* DROPBEAR_HAVE_LOGINREC_H_ */ @@ -1,5 +1,5 @@ -#ifndef _LTC_PRNG_H_DROPBEAR -#define _LTC_PRNG_H_DROPBEAR +#ifndef DROPBEAR_LTC_PRNG_H_DROPBEAR +#define DROPBEAR_LTC_PRNG_H_DROPBEAR #include "options.h" #include "includes.h" @@ -10,4 +10,4 @@ extern const struct ltc_prng_descriptor dropbear_prng_desc; #endif /* DROPBEAR_LTC_PRNG */ -#endif /* _LTC_PRNG_H_DROPBEAR */ +#endif /* DROPBEAR_LTC_PRNG_H_DROPBEAR */ @@ -2,8 +2,8 @@ * Copyright (c) 2002,2003 Matt Johnston * All rights reserved. See LICENSE for the license. */ -#ifndef _OPTIONS_H_ -#define _OPTIONS_H_ +#ifndef DROPBEAR_OPTIONS_H_ +#define DROPBEAR_OPTIONS_H_ /* Define compile-time options below - the "#ifndef DROPBEAR_XXX .... #endif" * parts are to allow for commandline -DDROPBEAR_XXX options etc. */ @@ -289,7 +289,7 @@ much traffic. */ /* This is used by the scp binary when used as a client binary. If you're * not using the Dropbear client, you'll need to change it */ -#define _PATH_SSH_PROGRAM "/usr/bin/dbclient" +#define DROPBEAR_PATH_SSH_PROGRAM "/usr/bin/dbclient" /* Whether to log commands executed by a client. This only logs the * (single) command sent to the server, not what a user did in a @@ -337,4 +337,4 @@ be overridden at runtime with -I. 0 disables idle timeouts */ * in sysoptions.h */ #include "sysoptions.h" -#endif /* _OPTIONS_H_ */ +#endif /* DROPBEAR_OPTIONS_H_ */ @@ -22,9 +22,9 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _PACKET_H_ +#ifndef DROPBEAR_PACKET_H_ -#define _PACKET_H_ +#define DROPBEAR_PACKET_H_ #include "includes.h" #include "queue.h" @@ -47,4 +47,4 @@ typedef struct PacketType { #define INIT_READBUF 128 -#endif /* _PACKET_H_ */ +#endif /* DROPBEAR_PACKET_H_ */ @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _QUEUE_H_ -#define _QUEUE_H_ +#ifndef DROPBEAR_QUEUE_H_ +#define DROPBEAR_QUEUE_H_ struct Link { @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _RSA_H_ -#define _RSA_H_ +#ifndef DROPBEAR_RSA_H_ +#define DROPBEAR_RSA_H_ #include "includes.h" #include "buffer.h" @@ -55,4 +55,4 @@ void rsa_key_free(dropbear_rsa_key *key); #endif /* DROPBEAR_RSA */ -#endif /* _RSA_H_ */ +#endif /* DROPBEAR_RSA_H_ */ @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _RUNOPTS_H_ -#define _RUNOPTS_H_ +#ifndef DROPBEAR_RUNOPTS_H_ +#define DROPBEAR_RUNOPTS_H_ #include "includes.h" #include "signkey.h" @@ -170,4 +170,4 @@ void parse_ciphers_macs(); void print_version(void); -#endif /* _RUNOPTS_H_ */ +#endif /* DROPBEAR_RUNOPTS_H_ */ @@ -437,7 +437,7 @@ main(int argc, char **argv) } /* * Finally check the exit status of the ssh process, if one was forked - * and no error has occured yet + * and no error has occurred yet */ if (do_cmd_pid != -1 && errs == 0) { if (remin != -1) @@ -22,9 +22,9 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _SERVICE_H_ -#define _SERVICE_H_ +#ifndef DROPBEAR_SERVICE_H_ +#define DROPBEAR_SERVICE_H_ void recv_msg_service_request(); /* Server */ -#endif /* _SERVICE_H_ */ +#endif /* DROPBEAR_SERVICE_H_ */ @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _SESSION_H_ -#define _SESSION_H_ +#ifndef DROPBEAR_SESSION_H_ +#define DROPBEAR_SESSION_H_ #include "includes.h" #include "options.h" @@ -44,7 +44,7 @@ extern int sessinitdone; /* Is set to 0 somewhere */ extern int exitflag; void common_session_init(int sock_in, int sock_out); -void session_loop(void(*loophandler)()); +void session_loop(void(*loophandler)()) ATTRIB_NORETURN; void session_cleanup(); void send_session_identification(); void send_msg_ignore(); @@ -56,12 +56,12 @@ const char* get_user_shell(); void fill_passwd(const char* username); /* Server */ -void svr_session(int sock, int childpipe); +void svr_session(int sock, int childpipe) ATTRIB_NORETURN; void svr_dropbear_exit(int exitcode, const char* format, va_list param) ATTRIB_NORETURN; void svr_dropbear_log(int priority, const char* format, va_list param); /* Client */ -void cli_session(int sock_in, int sock_out, struct dropbear_progress_connection *progress); +void cli_session(int sock_in, int sock_out, struct dropbear_progress_connection *progress) ATTRIB_NORETURN; void cli_connected(int result, int sock, void* userdata, const char *errstring); void cleantext(unsigned char* dirtytext); @@ -313,4 +313,4 @@ extern struct serversession svr_ses; extern struct clientsession cli_ses; #endif /* DROPBEAR_CLIENT */ -#endif /* _SESSION_H_ */ +#endif /* DROPBEAR_SESSION_H_ */ @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _SIGNKEY_H_ -#define _SIGNKEY_H_ +#ifndef DROPBEAR_SIGNKEY_H_ +#define DROPBEAR_SIGNKEY_H_ #include "buffer.h" #include "dss.h" @@ -101,4 +101,4 @@ int cmp_base64_key(const unsigned char* keyblob, unsigned int keybloblen, void** signkey_key_ptr(sign_key *key, enum signkey_type type); -#endif /* _SIGNKEY_H_ */ +#endif /* DROPBEAR_SIGNKEY_H_ */ diff --git a/svr-agentfwd.c b/svr-agentfwd.c index 3c4daab..512cbd2 100644 --- a/svr-agentfwd.c +++ b/svr-agentfwd.c @@ -117,7 +117,7 @@ static void agentaccept(struct Listener *UNUSED(listener), int sock) { } /* set up the environment variable pointing to the socket. This is called - * just before command/shell execution, after dropping priveleges */ + * just before command/shell execution, after dropping privileges */ void svr_agentset(struct ChanSess * chansess) { char *path = NULL; diff --git a/svr-chansession.c b/svr-chansession.c index 67122bb..5bed8fc 100644 --- a/svr-chansession.c +++ b/svr-chansession.c @@ -234,7 +234,7 @@ static int newchansess(struct Channel *channel) { struct ChanSess *chansess; - TRACE(("new chansess %p", channel)) + TRACE(("new chansess %p", (void*)channel)) dropbear_assert(channel->typedata == NULL); diff --git a/svr-session.c b/svr-session.c index 343cb30..8485905 100644 --- a/svr-session.c +++ b/svr-session.c @@ -78,10 +78,14 @@ static const struct ChanType *svr_chantypes[] = { }; static void -svr_session_cleanup(void) -{ +svr_session_cleanup(void) { /* free potential public key options */ svr_pubkey_options_cleanup(); + + m_free(svr_ses.addrstring); + m_free(svr_ses.remotehost); + m_free(svr_ses.childpids); + svr_ses.childpidsize = 0; } static void @@ -150,6 +154,7 @@ void svr_session(int sock, int childpipe) { void svr_dropbear_exit(int exitcode, const char* format, va_list param) { char fmtbuf[300]; + int i; if (!sessinitdone) { /* before session init */ @@ -183,6 +188,15 @@ void svr_dropbear_exit(int exitcode, const char* format, va_list param) { session_cleanup(); } + if (svr_opts.hostkey) { + sign_key_free(svr_opts.hostkey); + svr_opts.hostkey = NULL; + } + for (i = 0; i < DROPBEAR_MAX_PORTS; i++) { + m_free(svr_opts.addresses[i]); + m_free(svr_opts.ports[i]); + } + exit(exitcode); } diff --git a/svr-x11fwd.c b/svr-x11fwd.c index ceca26a..6400c06 100644 --- a/svr-x11fwd.c +++ b/svr-x11fwd.c @@ -175,7 +175,7 @@ void x11cleanup(struct ChanSess *chansess) { m_free(chansess->x11authprot); m_free(chansess->x11authcookie); - TRACE(("chansess %p", chansess)) + TRACE(("chansess %p", (void*)chansess)) if (chansess->x11listener != NULL) { remove_listener(chansess->x11listener); chansess->x11listener = NULL; diff --git a/sysoptions.h b/sysoptions.h index 092eb7e..11dc10d 100644 --- a/sysoptions.h +++ b/sysoptions.h @@ -256,6 +256,9 @@ #define DROPBEAR_LISTEN_BACKLOG MAX_CHANNELS #endif +/* free memory before exiting */ +#define DROPBEAR_CLEANUP + /* Use this string since some implementations might special-case it */ #define DROPBEAR_KEEPALIVE_STRING "keepalive@openssh.com" @@ -21,8 +21,8 @@ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _TCPFWD_H -#define _TCPFWD_H +#ifndef DROPBEAR_TCPFWD_H +#define DROPBEAR_TCPFWD_H #include "channel.h" #include "list.h" diff --git a/termcodes.h b/termcodes.h index 00792ea..cd76b7f 100644 --- a/termcodes.h +++ b/termcodes.h @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _TERMCODES_H_ -#define _TERMCODES_H_ +#ifndef DROPBEAR_TERMCODES_H_ +#define DROPBEAR_TERMCODES_H_ #define TERMCODE_NONE 0 #define TERMCODE_CONTROL 1 @@ -43,4 +43,4 @@ struct TermCode { extern const struct TermCode termcodes[]; -#endif /* _TERMCODES_H_ */ +#endif /* DROPBEAR_TERMCODES_H_ */ @@ -21,8 +21,8 @@ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _X11FWD_H_ -#define _X11FWD_H_ +#ifndef DROPBEAR__X11FWD_H_ +#define DROPBEAR__X11FWD_H_ #ifndef DISABLE_X11FWD #include "includes.h" @@ -34,4 +34,4 @@ void x11setauth(struct ChanSess *chansess); void x11cleanup(struct ChanSess *chansess); #endif /* DROPBEAR_X11FWD */ -#endif /* _X11FWD_H_ */ +#endif /* DROPBEAR__X11FWD_H_ */ |