summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--Makefile.in2
-rw-r--r--agentfwd.h6
-rw-r--r--algo.h6
-rw-r--r--auth.h6
-rw-r--r--bignum.h6
-rw-r--r--buffer.c6
-rw-r--r--buffer.h6
-rw-r--r--channel.h8
-rw-r--r--chansession.h6
-rw-r--r--circbuffer.h4
-rw-r--r--cli-session.c4
-rw-r--r--common-algo.c4
-rw-r--r--common-channel.c16
-rw-r--r--common-session.c60
-rw-r--r--compat.h10
-rw-r--r--crypto_desc.h6
-rw-r--r--curve25519-donna.c10
-rw-r--r--dbrandom.h6
-rw-r--r--dbutil.c2
-rw-r--r--dbutil.h7
-rw-r--r--debug.h4
-rw-r--r--dss.h6
-rw-r--r--ecc.h6
-rw-r--r--ecdsa.h6
-rw-r--r--fake-rfc2553.h4
-rw-r--r--gendss.h6
-rw-r--r--genrsa.h6
-rw-r--r--gensignkey.h4
-rw-r--r--includes.h6
-rw-r--r--kex.h6
-rw-r--r--keyimport.c13
-rw-r--r--keyimport.h6
-rw-r--r--libtomcrypt/src/headers/tomcrypt_argchk.h10
-rw-r--r--list.h6
-rw-r--r--listener.c9
-rw-r--r--listener.h8
-rw-r--r--loginrec.h6
-rw-r--r--ltc_prng.h6
-rw-r--r--options.h8
-rw-r--r--packet.h6
-rw-r--r--queue.h4
-rw-r--r--rsa.h6
-rw-r--r--runopts.h6
-rw-r--r--scp.c2
-rw-r--r--service.h6
-rw-r--r--session.h12
-rw-r--r--signkey.h6
-rw-r--r--svr-agentfwd.c2
-rw-r--r--svr-chansession.c2
-rw-r--r--svr-session.c18
-rw-r--r--svr-x11fwd.c2
-rw-r--r--sysoptions.h3
-rw-r--r--tcpfwd.h4
-rw-r--r--termcodes.h6
-rw-r--r--x11fwd.h6
55 files changed, 232 insertions, 166 deletions
diff --git a/Makefile.in b/Makefile.in
index 452ef8d..b2e7a27 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -140,7 +140,7 @@ insmulti%: dropbearmulti
$(INSTALL) -d $(DESTDIR)$(mandir)/man1
if test -e $*.1; then $(INSTALL) -m 644 $*.1 $(DESTDIR)$(mandir)/man1/$*.1; fi
-# dropbear should go in sbin, so it needs a seperate rule
+# dropbear should go in sbin, so it needs a separate rule
inst_dropbear: dropbear
$(INSTALL) -d $(DESTDIR)$(sbindir)
$(INSTALL) dropbear$(EXEEXT) $(DESTDIR)$(sbindir)
diff --git a/agentfwd.h b/agentfwd.h
index 113370c..53c297a 100644
--- a/agentfwd.h
+++ b/agentfwd.h
@@ -21,8 +21,8 @@
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. */
-#ifndef _AGENTFWD_H_
-#define _AGENTFWD_H_
+#ifndef DROPBEAR_AGENTFWD_H_
+#define DROPBEAR_AGENTFWD_H_
#include "includes.h"
#include "chansession.h"
@@ -60,4 +60,4 @@ void svr_agentset(struct ChanSess *chansess);
#endif /* ENABLE_SVR_AGENTFWD */
-#endif /* _AGENTFWD_H_ */
+#endif /* DROPBEAR_AGENTFWD_H_ */
diff --git a/algo.h b/algo.h
index 1758c51..5b7b874 100644
--- a/algo.h
+++ b/algo.h
@@ -22,9 +22,9 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. */
-#ifndef _ALGO_H_
+#ifndef DROPBEAR_ALGO_H_
-#define _ALGO_H_
+#define DROPBEAR_ALGO_H_
#include "includes.h"
#include "buffer.h"
@@ -134,4 +134,4 @@ enum {
DROPBEAR_COMP_ZLIB_DELAY,
};
-#endif /* _ALGO_H_ */
+#endif /* DROPBEAR_ALGO_H_ */
diff --git a/auth.h b/auth.h
index 66f5b6a..78397ed 100644
--- a/auth.h
+++ b/auth.h
@@ -22,8 +22,8 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. */
-#ifndef _AUTH_H_
-#define _AUTH_H_
+#ifndef DROPBEAR_AUTH_H_
+#define DROPBEAR_AUTH_H_
#include "includes.h"
#include "signkey.h"
@@ -137,4 +137,4 @@ struct PubKeyOptions {
};
#endif
-#endif /* _AUTH_H_ */
+#endif /* DROPBEAR_AUTH_H_ */
diff --git a/bignum.h b/bignum.h
index f9710d7..d05e8b7 100644
--- a/bignum.h
+++ b/bignum.h
@@ -22,8 +22,8 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. */
-#ifndef _BIGNUM_H_
-#define _BIGNUM_H_
+#ifndef DROPBEAR_BIGNUM_H_
+#define DROPBEAR_BIGNUM_H_
#include "includes.h"
#include "dbutil.h"
@@ -35,4 +35,4 @@ void bytes_to_mp(mp_int *mp, const unsigned char* bytes, unsigned int len);
void hash_process_mp(const struct ltc_hash_descriptor *hash_desc,
hash_state *hs, mp_int *mp);
-#endif /* _BIGNUM_H_ */
+#endif /* DROPBEAR_BIGNUM_H_ */
diff --git a/buffer.c b/buffer.c
index 9bda652..2b35f72 100644
--- a/buffer.c
+++ b/buffer.c
@@ -99,7 +99,9 @@ buffer* buf_newcopy(buffer* buf) {
ret = buf_new(buf->len);
ret->len = buf->len;
- memcpy(ret->data, buf->data, buf->len);
+ if (buf->len > 0) {
+ memcpy(ret->data, buf->data, buf->len);
+ }
return ret;
}
@@ -127,7 +129,7 @@ void buf_setpos(buffer* buf, unsigned int pos) {
buf->pos = pos;
}
-/* increment the postion by incr, increasing the buffer length if required */
+/* increment the position by incr, increasing the buffer length if required */
void buf_incrwritepos(buffer* buf, unsigned int incr) {
if (incr > BUF_MAX_INCR || buf->pos + incr > buf->size) {
dropbear_exit("Bad buf_incrwritepos");
diff --git a/buffer.h b/buffer.h
index 1d83f8e..5f59939 100644
--- a/buffer.h
+++ b/buffer.h
@@ -22,9 +22,9 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. */
-#ifndef _BUFFER_H_
+#ifndef DROPBEAR_BUFFER_H_
-#define _BUFFER_H_
+#define DROPBEAR_BUFFER_H_
#include "includes.h"
@@ -65,4 +65,4 @@ void buf_putmpint(buffer* buf, mp_int * mp);
int buf_getmpint(buffer* buf, mp_int* mp);
unsigned int buf_getint(buffer* buf);
-#endif /* _BUFFER_H_ */
+#endif /* DROPBEAR_BUFFER_H_ */
diff --git a/channel.h b/channel.h
index b543ea1..99b1b42 100644
--- a/channel.h
+++ b/channel.h
@@ -22,8 +22,8 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. */
-#ifndef _CHANNEL_H_
-#define _CHANNEL_H_
+#ifndef DROPBEAR_CHANNEL_H_
+#define DROPBEAR_CHANNEL_H_
#include "includes.h"
#include "buffer.h"
@@ -93,7 +93,7 @@ struct Channel {
struct ChanType {
- int sepfds; /* Whether this channel has seperate pipes for in/out or not */
+ int sepfds; /* Whether this channel has separate pipes for in/out or not */
char *name;
int (*inithandler)(struct Channel*);
int (*check_close)(struct Channel*);
@@ -141,4 +141,4 @@ void send_msg_request_success();
void send_msg_request_failure();
-#endif /* _CHANNEL_H_ */
+#endif /* DROPBEAR_CHANNEL_H_ */
diff --git a/chansession.h b/chansession.h
index 4078123..3dd58ac 100644
--- a/chansession.h
+++ b/chansession.h
@@ -22,8 +22,8 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. */
-#ifndef _CHANSESSION_H_
-#define _CHANSESSION_H_
+#ifndef DROPBEAR_CHANSESSION_H_
+#define DROPBEAR_CHANSESSION_H_
#include "loginrec.h"
#include "channel.h"
@@ -103,4 +103,4 @@ struct SigMap {
extern const struct SigMap signames[];
-#endif /* _CHANSESSION_H_ */
+#endif /* DROPBEAR_CHANSESSION_H_ */
diff --git a/circbuffer.h b/circbuffer.h
index 21c5134..32ed13c 100644
--- a/circbuffer.h
+++ b/circbuffer.h
@@ -22,8 +22,8 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. */
-#ifndef _CIRCBUFFER_H_
-#define _CIRCBUFFER_H_
+#ifndef DROPBEAR_CIRCBUFFER_H_
+#define DROPBEAR_CIRCBUFFER_H_
struct circbuf {
unsigned int size;
diff --git a/cli-session.c b/cli-session.c
index 08f4ff5..815f5b6 100644
--- a/cli-session.c
+++ b/cli-session.c
@@ -39,10 +39,10 @@
#include "crypto_desc.h"
#include "netio.h"
-static void cli_remoteclosed();
+static void cli_remoteclosed() ATTRIB_NORETURN;
static void cli_sessionloop();
static void cli_session_init();
-static void cli_finished();
+static void cli_finished() ATTRIB_NORETURN;
static void recv_msg_service_accept(void);
static void cli_session_cleanup(void);
static void recv_msg_global_request_cli(void);
diff --git a/common-algo.c b/common-algo.c
index 9a3664b..a3e9d78 100644
--- a/common-algo.c
+++ b/common-algo.c
@@ -87,7 +87,7 @@ const struct dropbear_cipher dropbear_nocipher =
#ifdef DROPBEAR_ENABLE_CBC_MODE
const struct dropbear_cipher_mode dropbear_mode_cbc =
{(void*)cbc_start, (void*)cbc_encrypt, (void*)cbc_decrypt};
-#endif // DROPBEAR_ENABLE_CBC_MODE
+#endif /* DROPBEAR_ENABLE_CBC_MODE */
const struct dropbear_cipher_mode dropbear_mode_none =
{void_start, void_cipher, void_cipher};
@@ -102,7 +102,7 @@ static int dropbear_big_endian_ctr_start(int cipher,
}
const struct dropbear_cipher_mode dropbear_mode_ctr =
{(void*)dropbear_big_endian_ctr_start, (void*)ctr_encrypt, (void*)ctr_decrypt};
-#endif // DROPBEAR_ENABLE_CTR_MODE
+#endif /* DROPBEAR_ENABLE_CTR_MODE */
/* Mapping of ssh hashes to libtomcrypt hashes, including keysize etc.
{&hash_desc, keysize, hashsize} */
diff --git a/common-channel.c b/common-channel.c
index 5e32cc3..3622729 100644
--- a/common-channel.c
+++ b/common-channel.c
@@ -395,7 +395,7 @@ void channel_connect_done(int result, int sock, void* user_data, const char* UNU
/* Send the close message and set the channel as closed */
static void send_msg_channel_close(struct Channel *channel) {
- TRACE(("enter send_msg_channel_close %p", channel))
+ TRACE(("enter send_msg_channel_close %p", (void*)channel))
if (channel->type->closehandler
&& !channel->close_handler_done) {
channel->type->closehandler(channel);
@@ -578,11 +578,11 @@ static void remove_channel(struct Channel * channel) {
/* close the FDs in case they haven't been done
* yet (they might have been shutdown etc) */
TRACE(("CLOSE writefd %d", channel->writefd))
- close(channel->writefd);
+ m_close(channel->writefd);
TRACE(("CLOSE readfd %d", channel->readfd))
- close(channel->readfd);
+ m_close(channel->readfd);
TRACE(("CLOSE errfd %d", channel->errfd))
- close(channel->errfd);
+ m_close(channel->errfd);
}
if (!channel->close_handler_done
@@ -612,7 +612,7 @@ void recv_msg_channel_request() {
channel = getchannel();
- TRACE(("enter recv_msg_channel_request %p", channel))
+ TRACE(("enter recv_msg_channel_request %p", (void*)channel))
if (channel->sent_close) {
TRACE(("leave recv_msg_channel_request: already closed channel"))
@@ -997,7 +997,7 @@ static void close_chan_fd(struct Channel *channel, int fd, int how) {
}
} else {
TRACE(("CLOSE some fd %d", fd))
- close(fd);
+ m_close(fd);
closein = closeout = 1;
}
@@ -1020,7 +1020,7 @@ static void close_chan_fd(struct Channel *channel, int fd, int how) {
if (channel->type->sepfds && channel->readfd == FD_CLOSED
&& channel->writefd == FD_CLOSED && channel->errfd == FD_CLOSED) {
TRACE(("CLOSE (finally) of %d", fd))
- close(fd);
+ m_close(fd);
}
}
@@ -1137,10 +1137,10 @@ void send_msg_request_failure() {
}
struct Channel* get_any_ready_channel() {
+ size_t i;
if (ses.chancount == 0) {
return NULL;
}
- size_t i;
for (i = 0; i < ses.chansize; i++) {
struct Channel *chan = ses.channels[i];
if (chan
diff --git a/common-session.c b/common-session.c
index 46aef0d..19247a8 100644
--- a/common-session.c
+++ b/common-session.c
@@ -246,6 +246,15 @@ void session_loop(void(*loophandler)()) {
/* Not reached */
}
+static void cleanup_buf(buffer **buf) {
+ if (!*buf) {
+ return;
+ }
+ buf_burn(*buf);
+ buf_free(*buf);
+ *buf = NULL;
+}
+
/* clean up a session on exit */
void session_cleanup() {
@@ -257,24 +266,45 @@ void session_cleanup() {
return;
}
+ /* Beware of changing order of functions here. */
+
+ /* Must be before extra_session_cleanup() */
+ chancleanup();
+
if (ses.extra_session_cleanup) {
ses.extra_session_cleanup();
}
- chancleanup();
-
- /* Cleaning up keys must happen after other cleanup
- functions which might queue packets */
- if (ses.session_id) {
- buf_burn(ses.session_id);
- buf_free(ses.session_id);
- ses.session_id = NULL;
+ /* After these are freed most functions will exit */
+#ifdef DROPBEAR_CLEANUP
+ /* listeners call cleanup functions, this should occur before
+ other session state is freed. */
+ remove_all_listeners();
+
+ while (!isempty(&ses.writequeue)) {
+ buf_free(dequeue(&ses.writequeue));
}
- if (ses.hash) {
- buf_burn(ses.hash);
- buf_free(ses.hash);
- ses.hash = NULL;
+
+ m_free(ses.remoteident);
+ m_free(ses.authstate.pw_dir);
+ m_free(ses.authstate.pw_name);
+ m_free(ses.authstate.pw_shell);
+ m_free(ses.authstate.pw_passwd);
+ m_free(ses.authstate.username);
+#endif
+
+ cleanup_buf(&ses.session_id);
+ cleanup_buf(&ses.hash);
+ cleanup_buf(&ses.payload);
+ cleanup_buf(&ses.readbuf);
+ cleanup_buf(&ses.writepayload);
+ cleanup_buf(&ses.kexhashbuf);
+ cleanup_buf(&ses.transkexinit);
+ if (ses.dh_K) {
+ mp_clear(ses.dh_K);
}
+ m_free(ses.dh_K);
+
m_burn(ses.keys, sizeof(struct key_context));
m_free(ses.keys);
@@ -405,16 +435,16 @@ static int ident_readln(int fd, char* buf, int count) {
}
void ignore_recv_response() {
- // Do nothing
+ /* Do nothing */
TRACE(("Ignored msg_request_response"))
}
static void send_msg_keepalive() {
- CHECKCLEARTOWRITE();
time_t old_time_idle = ses.last_packet_time_idle;
-
struct Channel *chan = get_any_ready_channel();
+ CHECKCLEARTOWRITE();
+
if (chan) {
/* Channel requests are preferable, more implementations
handle them than SSH_MSG_GLOBAL_REQUEST */
diff --git a/compat.h b/compat.h
index 1ab344f..4bd1a12 100644
--- a/compat.h
+++ b/compat.h
@@ -22,8 +22,8 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. */
-#ifndef _COMPAT_H_
-#define _COMPAT_H_
+#ifndef DROPBEAR_COMPAT_H_
+#define DROPBEAR_COMPAT_H_
#include "includes.h"
@@ -49,8 +49,8 @@ void setusershell();
void endusershell();
#endif
-#ifndef _PATH_DEVNULL
-#define _PATH_DEVNULL "/dev/null"
+#ifndef DROPBEAR_PATH_DEVNULL
+#define DROPBEAR_PATH_DEVNULL "/dev/null"
#endif
-#endif /* _COMPAT_H_ */
+#endif /* DROPBEAR_COMPAT_H_ */
diff --git a/crypto_desc.h b/crypto_desc.h
index d05096b..54da734 100644
--- a/crypto_desc.h
+++ b/crypto_desc.h
@@ -1,9 +1,9 @@
-#ifndef _CRYPTO_DESC_H
-#define _CRYPTO_DESC_H
+#ifndef DROPBEAR_CRYPTO_DESC_H
+#define DROPBEAR_CRYPTO_DESC_H
void crypto_init();
extern int dropbear_ltc_prng;
-#endif /* _CRYPTO_DESC_H */
+#endif /* DROPBEAR_CRYPTO_DESC_H */
diff --git a/curve25519-donna.c b/curve25519-donna.c
index bb1262e..3309610 100644
--- a/curve25519-donna.c
+++ b/curve25519-donna.c
@@ -527,7 +527,7 @@ static void fmonty(limb *x2, limb *z2, /* output 2Q */
memcpy(origx, x, 10 * sizeof(limb));
fsum(x, z);
- fdifference(z, origx); // does x - z
+ fdifference(z, origx); /* does x - z */
memcpy(origxprime, xprime, sizeof(limb) * 10);
fsum(xprime, zprime);
@@ -554,7 +554,7 @@ static void fmonty(limb *x2, limb *z2, /* output 2Q */
fproduct(x2, xx, zz);
freduce_degree(x2);
freduce_coefficients(x2);
- fdifference(zz, xx); // does zz = xx - zz
+ fdifference(zz, xx); /* does zz = xx - zz */
memset(zzz + 10, 0, sizeof(limb) * 9);
fscalar_product(zzz, zz, 121665);
/* No need to call freduce_degree here:
@@ -641,9 +641,9 @@ cmult(limb *resultx, limb *resultz, const u8 *n, const limb *q) {
memcpy(resultz, nqz, sizeof(limb) * 10);
}
-// -----------------------------------------------------------------------------
-// Shamelessly copied from djb's code
-// -----------------------------------------------------------------------------
+/* -----------------------------------------------------------------------------
+ * Shamelessly copied from djb's code
+ * ----------------------------------------------------------------------------- */
static void
crecip(limb *out, const limb *z) {
limb z2[10];
diff --git a/dbrandom.h b/dbrandom.h
index 2c79ec3..3434f69 100644
--- a/dbrandom.h
+++ b/dbrandom.h
@@ -22,8 +22,8 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. */
-#ifndef _RANDOM_H_
-#define _RANDOM_H_
+#ifndef DROPBEAR_RANDOM_H_
+#define DROPBEAR_RANDOM_H_
#include "includes.h"
@@ -32,4 +32,4 @@ void genrandom(unsigned char* buf, unsigned int len);
void addrandom(char * buf, unsigned int len);
void gen_random_mpint(mp_int *max, mp_int *rand);
-#endif /* _RANDOM_H_ */
+#endif /* DROPBEAR_RANDOM_H_ */
diff --git a/dbutil.c b/dbutil.c
index a6463d6..4669304 100644
--- a/dbutil.c
+++ b/dbutil.c
@@ -504,12 +504,12 @@ out:
/* make sure that the socket closes */
void m_close(int fd) {
+ int val;
if (fd == -1) {
return;
}
- int val;
do {
val = close(fd);
} while (val < 0 && errno == EINTR);
diff --git a/dbutil.h b/dbutil.h
index f5c57b3..83ba888 100644
--- a/dbutil.h
+++ b/dbutil.h
@@ -22,9 +22,9 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. */
-#ifndef _DBUTIL_H_
+#ifndef DROPBEAR_DBUTIL_H_
-#define _DBUTIL_H_
+#define DROPBEAR_DBUTIL_H_
#include "includes.h"
#include "buffer.h"
@@ -99,5 +99,4 @@ time_t monotonic_now();
char * expand_tilde(const char *inpath);
-
-#endif /* _DBUTIL_H_ */
+#endif /* DROPBEAR_DBUTIL_H_ */
diff --git a/debug.h b/debug.h
index 5c5623f..cbfa7e9 100644
--- a/debug.h
+++ b/debug.h
@@ -22,8 +22,8 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. */
-#ifndef _DEBUG_H_
-#define _DEBUG_H_
+#ifndef DROPBEAR_DEBUG_H_
+#define DROPBEAR_DEBUG_H_
#include "includes.h"
diff --git a/dss.h b/dss.h
index f921ae4..4f164f3 100644
--- a/dss.h
+++ b/dss.h
@@ -22,8 +22,8 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. */
-#ifndef _DSS_H_
-#define _DSS_H_
+#ifndef DROPBEAR_DSS_H_
+#define DROPBEAR_DSS_H_
#include "includes.h"
#include "buffer.h"
@@ -53,4 +53,4 @@ void dss_key_free(dropbear_dss_key *key);
#endif /* DROPBEAR_DSS */
-#endif /* _DSS_H_ */
+#endif /* DROPBEAR_DSS_H_ */
diff --git a/ecc.h b/ecc.h
index 40213f4..703c717 100644
--- a/ecc.h
+++ b/ecc.h
@@ -1,5 +1,5 @@
-#ifndef _DROPBEAR_ECC_H
-#define _DROPBEAR_ECC_H
+#ifndef DROPBEAR_DROPBEAR_ECC_H
+#define DROPBEAR_DROPBEAR_ECC_H
#include "includes.h"
#include "options.h"
@@ -33,4 +33,4 @@ mp_int * dropbear_ecc_shared_secret(ecc_key *pub_key, ecc_key *priv_key);
#endif
-#endif /* _DROPBEAR_ECC_H */
+#endif /* DROPBEAR_DROPBEAR_ECC_H */
diff --git a/ecdsa.h b/ecdsa.h
index f578171..24792cb 100644
--- a/ecdsa.h
+++ b/ecdsa.h
@@ -1,5 +1,5 @@
-#ifndef _ECDSA_H_
-#define _ECDSA_H_
+#ifndef DROPBEAR_ECDSA_H_
+#define DROPBEAR_ECDSA_H_
#include "includes.h"
#include "buffer.h"
@@ -32,4 +32,4 @@ int signkey_is_ecdsa(enum signkey_type type);
#endif
-#endif /* _ECDSA_H_ */
+#endif /* DROPBEAR_ECDSA_H_ */
diff --git a/fake-rfc2553.h b/fake-rfc2553.h
index 876fa14..c64136c 100644
--- a/fake-rfc2553.h
+++ b/fake-rfc2553.h
@@ -39,8 +39,8 @@
* that ai_family is AF_INET. Don't use it for another purpose.
*/
-#ifndef _FAKE_RFC2553_H
-#define _FAKE_RFC2553_H
+#ifndef DROPBEAR_FAKE_RFC2553_H
+#define DROPBEAR_FAKE_RFC2553_H
#include "includes.h"
#include <sys/types.h>
diff --git a/gendss.h b/gendss.h
index 44335bc..8292ac9 100644
--- a/gendss.h
+++ b/gendss.h
@@ -22,8 +22,8 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. */
-#ifndef _GENDSS_H_
-#define _GENDSS_H_
+#ifndef DROPBEAR_GENDSS_H_
+#define DROPBEAR_GENDSS_H_
#include "dss.h"
@@ -33,4 +33,4 @@ dropbear_dss_key * gen_dss_priv_key(unsigned int size);
#endif /* DROPBEAR_DSS */
-#endif /* _GENDSS_H_ */
+#endif /* DROPBEAR_GENDSS_H_ */
diff --git a/genrsa.h b/genrsa.h
index 4aad948..acb43fb 100644
--- a/genrsa.h
+++ b/genrsa.h
@@ -22,8 +22,8 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. */
-#ifndef _GENRSA_H_
-#define _GENRSA_H_
+#ifndef DROPBEAR_GENRSA_H_
+#define DROPBEAR_GENRSA_H_
#include "rsa.h"
@@ -33,4 +33,4 @@ dropbear_rsa_key * gen_rsa_priv_key(unsigned int size);
#endif /* DROPBEAR_RSA */
-#endif /* _GENRSA_H_ */
+#endif /* DROPBEAR_GENRSA_H_ */
diff --git a/gensignkey.h b/gensignkey.h
index b463a42..508eca0 100644
--- a/gensignkey.h
+++ b/gensignkey.h
@@ -1,5 +1,5 @@
-#ifndef _GENSIGNKEY_H
-#define _GENSIGNKEY_H
+#ifndef DROPBEAR_GENSIGNKEY_H
+#define DROPBEAR_GENSIGNKEY_H
#include "signkey.h"
diff --git a/includes.h b/includes.h
index 2a5b6c1..f91a2c2 100644
--- a/includes.h
+++ b/includes.h
@@ -22,8 +22,8 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. */
-#ifndef _INCLUDES_H_
-#define _INCLUDES_H_
+#ifndef DROPBEAR_INCLUDES_H_
+#define DROPBEAR_INCLUDES_H_
#include "config.h"
@@ -177,4 +177,4 @@ typedef u_int32_t uint32_t;
# define UNUSED(x) x
#endif
-#endif /* _INCLUDES_H_ */
+#endif /* DROPBEAR_INCLUDES_H_ */
diff --git a/kex.h b/kex.h
index 144df59..4cee8e3 100644
--- a/kex.h
+++ b/kex.h
@@ -22,8 +22,8 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. */
-#ifndef _KEX_H_
-#define _KEX_H_
+#ifndef DROPBEAR_KEX_H_
+#define DROPBEAR_KEX_H_
#include "includes.h"
#include "algo.h"
@@ -113,4 +113,4 @@ int curve25519_donna(unsigned char *out, const unsigned char *secret, const unsi
#define MAX_KEXHASHBUF 2000
-#endif /* _KEX_H_ */
+#endif /* DROPBEAR_KEX_H_ */
diff --git a/keyimport.c b/keyimport.c
index 6f2634f..8a0d525 100644
--- a/keyimport.c
+++ b/keyimport.c
@@ -464,17 +464,16 @@ static struct openssh_key *load_openssh_key(const char *filename)
goto error;
}
- memset(buffer, 0, sizeof(buffer));
+ m_burn(buffer, sizeof(buffer));
return ret;
error:
- memset(buffer, 0, sizeof(buffer));
+ m_burn(buffer, sizeof(buffer));
if (ret) {
if (ret->keyblob) {
- memset(ret->keyblob, 0, ret->keyblob_size);
+ m_burn(ret->keyblob, ret->keyblob_size);
m_free(ret->keyblob);
}
- memset(&ret, 0, sizeof(ret));
m_free(ret);
}
if (fp) {
@@ -494,9 +493,8 @@ static int openssh_encrypted(const char *filename)
if (!key)
return 0;
ret = key->encrypted;
- memset(key->keyblob, 0, key->keyblob_size);
+ m_burn(key->keyblob, key->keyblob_size);
m_free(key->keyblob);
- memset(&key, 0, sizeof(key));
m_free(key);
return ret;
}
@@ -1046,6 +1044,7 @@ static int openssh_write(const char *filename, sign_key *key,
const void* curve_oid = NULL;
unsigned long pubkey_size = 2*curve_size+1;
unsigned int k_size;
+ int err = 0;
/* version. less than 10 bytes */
buf_incrwritepos(seq_buf,
@@ -1091,7 +1090,7 @@ static int openssh_write(const char *filename, sign_key *key,
buf_incrwritepos(seq_buf,
ber_write_id_len(buf_getwriteptr(seq_buf, 10), 3, 1+pubkey_size, 0));
buf_putbyte(seq_buf, 0);
- int err = ecc_ansi_x963_export(*eck, buf_getwriteptr(seq_buf, pubkey_size), &pubkey_size);
+ err = ecc_ansi_x963_export(*eck, buf_getwriteptr(seq_buf, pubkey_size), &pubkey_size);
if (err != CRYPT_OK) {
dropbear_exit("ECC error");
}
diff --git a/keyimport.h b/keyimport.h
index 19f212f..af9a300 100644
--- a/keyimport.h
+++ b/keyimport.h
@@ -22,8 +22,8 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. */
-#ifndef _KEYIMPORT_H_
-#define _KEYIMPORT_H_
+#ifndef DROPBEAR_KEYIMPORT_H_
+#define DROPBEAR_KEYIMPORT_H_
#include "includes.h"
#include "signkey.h"
@@ -39,4 +39,4 @@ int import_write(const char *filename, sign_key *key, char *passphrase,
sign_key *import_read(const char *filename, char *passphrase, int filetype);
int import_encrypted(const char* filename, int filetype);
-#endif /* _KEYIMPORT_H_ */
+#endif /* DROPBEAR_KEYIMPORT_H_ */
diff --git a/libtomcrypt/src/headers/tomcrypt_argchk.h b/libtomcrypt/src/headers/tomcrypt_argchk.h
index cfc93ad..38e1bdd 100644
--- a/libtomcrypt/src/headers/tomcrypt_argchk.h
+++ b/libtomcrypt/src/headers/tomcrypt_argchk.h
@@ -4,8 +4,16 @@
#include <signal.h>
+/* portability macros for compiler-specific code attributes */
+#ifdef __GNUC__
+#define ATTRIB_NORETURN __attribute__((noreturn))
+#else
+#define ATTRIB_NORETURN
+#endif
+
+
/* this is the default LibTomCrypt macro */
-void crypt_argchk(char *v, char *s, int d);
+void crypt_argchk(char *v, char *s, int d) ATTRIB_NORETURN;
#define LTC_ARGCHK(x) if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); }
#define LTC_ARGCHKVD(x) LTC_ARGCHK(x)
diff --git a/list.h b/list.h
index 23ef9bb..35c0d49 100644
--- a/list.h
+++ b/list.h
@@ -1,5 +1,5 @@
-#ifndef _DROPBEAR_LIST_H
-#define _DROPBEAR_LIST_H
+#ifndef DROPBEAR_DROPBEAR_LIST_H
+#define DROPBEAR_DROPBEAR_LIST_H
struct _m_list;
@@ -25,4 +25,4 @@ void list_append(m_list *list, void *item);
void * list_remove(m_list_elem *elem);
-#endif /* _DROPBEAR_LIST_H */
+#endif /* DROPBEAR_DROPBEAR_LIST_H */
diff --git a/listener.c b/listener.c
index dd90c6b..a7f0730 100644
--- a/listener.c
+++ b/listener.c
@@ -161,5 +161,14 @@ void remove_listener(struct Listener* listener) {
}
ses.listeners[listener->index] = NULL;
m_free(listener);
+}
+void remove_all_listeners(void) {
+ unsigned int i;
+ for (i = 0; i < ses.listensize; i++) {
+ if (ses.listeners[i]) {
+ remove_listener(ses.listeners[i]);
+ }
+ }
+ m_free(ses.listeners);
}
diff --git a/listener.h b/listener.h
index 5092efd..b531ed6 100644
--- a/listener.h
+++ b/listener.h
@@ -22,8 +22,8 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. */
-#ifndef _LISTENER_H
-#define _LISTENER_H
+#ifndef DROPBEAR_LISTENER_H
+#define DROPBEAR_LISTENER_H
#define MAX_LISTENERS 20
#define LISTENER_EXTEND_SIZE 1
@@ -60,4 +60,6 @@ struct Listener * get_listener(int type, void* typedata,
void remove_listener(struct Listener* listener);
-#endif /* _LISTENER_H */
+void remove_all_listeners(void);
+
+#endif /* DROPBEAR_LISTENER_H */
diff --git a/loginrec.h b/loginrec.h
index d2da8d2..830c045 100644
--- a/loginrec.h
+++ b/loginrec.h
@@ -1,5 +1,5 @@
-#ifndef _HAVE_LOGINREC_H_
-#define _HAVE_LOGINREC_H_
+#ifndef DROPBEAR_HAVE_LOGINREC_H_
+#define DROPBEAR_HAVE_LOGINREC_H_
/*
* Copyright (c) 2000 Andre Lucas. All rights reserved.
@@ -182,4 +182,4 @@ char *line_fullname(char *dst, const char *src, size_t dstsize);
char *line_stripname(char *dst, const char *src, size_t dstsize);
char *line_abbrevname(char *dst, const char *src, size_t dstsize);
-#endif /* _HAVE_LOGINREC_H_ */
+#endif /* DROPBEAR_HAVE_LOGINREC_H_ */
diff --git a/ltc_prng.h b/ltc_prng.h
index f5391e0..6888512 100644
--- a/ltc_prng.h
+++ b/ltc_prng.h
@@ -1,5 +1,5 @@
-#ifndef _LTC_PRNG_H_DROPBEAR
-#define _LTC_PRNG_H_DROPBEAR
+#ifndef DROPBEAR_LTC_PRNG_H_DROPBEAR
+#define DROPBEAR_LTC_PRNG_H_DROPBEAR
#include "options.h"
#include "includes.h"
@@ -10,4 +10,4 @@ extern const struct ltc_prng_descriptor dropbear_prng_desc;
#endif /* DROPBEAR_LTC_PRNG */
-#endif /* _LTC_PRNG_H_DROPBEAR */
+#endif /* DROPBEAR_LTC_PRNG_H_DROPBEAR */
diff --git a/options.h b/options.h
index 5c86834..e2d69a9 100644
--- a/options.h
+++ b/options.h
@@ -2,8 +2,8 @@
* Copyright (c) 2002,2003 Matt Johnston
* All rights reserved. See LICENSE for the license. */
-#ifndef _OPTIONS_H_
-#define _OPTIONS_H_
+#ifndef DROPBEAR_OPTIONS_H_
+#define DROPBEAR_OPTIONS_H_
/* Define compile-time options below - the "#ifndef DROPBEAR_XXX .... #endif"
* parts are to allow for commandline -DDROPBEAR_XXX options etc. */
@@ -289,7 +289,7 @@ much traffic. */
/* This is used by the scp binary when used as a client binary. If you're
* not using the Dropbear client, you'll need to change it */
-#define _PATH_SSH_PROGRAM "/usr/bin/dbclient"
+#define DROPBEAR_PATH_SSH_PROGRAM "/usr/bin/dbclient"
/* Whether to log commands executed by a client. This only logs the
* (single) command sent to the server, not what a user did in a
@@ -337,4 +337,4 @@ be overridden at runtime with -I. 0 disables idle timeouts */
* in sysoptions.h */
#include "sysoptions.h"
-#endif /* _OPTIONS_H_ */
+#endif /* DROPBEAR_OPTIONS_H_ */
diff --git a/packet.h b/packet.h
index c1d255e..cd21fe0 100644
--- a/packet.h
+++ b/packet.h
@@ -22,9 +22,9 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. */
-#ifndef _PACKET_H_
+#ifndef DROPBEAR_PACKET_H_
-#define _PACKET_H_
+#define DROPBEAR_PACKET_H_
#include "includes.h"
#include "queue.h"
@@ -47,4 +47,4 @@ typedef struct PacketType {
#define INIT_READBUF 128
-#endif /* _PACKET_H_ */
+#endif /* DROPBEAR_PACKET_H_ */
diff --git a/queue.h b/queue.h
index 8cffab7..d2227ac 100644
--- a/queue.h
+++ b/queue.h
@@ -22,8 +22,8 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. */
-#ifndef _QUEUE_H_
-#define _QUEUE_H_
+#ifndef DROPBEAR_QUEUE_H_
+#define DROPBEAR_QUEUE_H_
struct Link {
diff --git a/rsa.h b/rsa.h
index 7c99282..800be59 100644
--- a/rsa.h
+++ b/rsa.h
@@ -22,8 +22,8 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. */
-#ifndef _RSA_H_
-#define _RSA_H_
+#ifndef DROPBEAR_RSA_H_
+#define DROPBEAR_RSA_H_
#include "includes.h"
#include "buffer.h"
@@ -55,4 +55,4 @@ void rsa_key_free(dropbear_rsa_key *key);
#endif /* DROPBEAR_RSA */
-#endif /* _RSA_H_ */
+#endif /* DROPBEAR_RSA_H_ */
diff --git a/runopts.h b/runopts.h
index 8756716..062cfd8 100644
--- a/runopts.h
+++ b/runopts.h
@@ -22,8 +22,8 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. */
-#ifndef _RUNOPTS_H_
-#define _RUNOPTS_H_
+#ifndef DROPBEAR_RUNOPTS_H_
+#define DROPBEAR_RUNOPTS_H_
#include "includes.h"
#include "signkey.h"
@@ -170,4 +170,4 @@ void parse_ciphers_macs();
void print_version(void);
-#endif /* _RUNOPTS_H_ */
+#endif /* DROPBEAR_RUNOPTS_H_ */
diff --git a/scp.c b/scp.c
index 11c9665..710d9d2 100644
--- a/scp.c
+++ b/scp.c
@@ -437,7 +437,7 @@ main(int argc, char **argv)
}
/*
* Finally check the exit status of the ssh process, if one was forked
- * and no error has occured yet
+ * and no error has occurred yet
*/
if (do_cmd_pid != -1 && errs == 0) {
if (remin != -1)
diff --git a/service.h b/service.h
index 9c60c09..de35724 100644
--- a/service.h
+++ b/service.h
@@ -22,9 +22,9 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. */
-#ifndef _SERVICE_H_
-#define _SERVICE_H_
+#ifndef DROPBEAR_SERVICE_H_
+#define DROPBEAR_SERVICE_H_
void recv_msg_service_request(); /* Server */
-#endif /* _SERVICE_H_ */
+#endif /* DROPBEAR_SERVICE_H_ */
diff --git a/session.h b/session.h
index beec245..85dba3b 100644
--- a/session.h
+++ b/session.h
@@ -22,8 +22,8 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. */
-#ifndef _SESSION_H_
-#define _SESSION_H_
+#ifndef DROPBEAR_SESSION_H_
+#define DROPBEAR_SESSION_H_
#include "includes.h"
#include "options.h"
@@ -44,7 +44,7 @@ extern int sessinitdone; /* Is set to 0 somewhere */
extern int exitflag;
void common_session_init(int sock_in, int sock_out);
-void session_loop(void(*loophandler)());
+void session_loop(void(*loophandler)()) ATTRIB_NORETURN;
void session_cleanup();
void send_session_identification();
void send_msg_ignore();
@@ -56,12 +56,12 @@ const char* get_user_shell();
void fill_passwd(const char* username);
/* Server */
-void svr_session(int sock, int childpipe);
+void svr_session(int sock, int childpipe) ATTRIB_NORETURN;
void svr_dropbear_exit(int exitcode, const char* format, va_list param) ATTRIB_NORETURN;
void svr_dropbear_log(int priority, const char* format, va_list param);
/* Client */
-void cli_session(int sock_in, int sock_out, struct dropbear_progress_connection *progress);
+void cli_session(int sock_in, int sock_out, struct dropbear_progress_connection *progress) ATTRIB_NORETURN;
void cli_connected(int result, int sock, void* userdata, const char *errstring);
void cleantext(unsigned char* dirtytext);
@@ -313,4 +313,4 @@ extern struct serversession svr_ses;
extern struct clientsession cli_ses;
#endif /* DROPBEAR_CLIENT */
-#endif /* _SESSION_H_ */
+#endif /* DROPBEAR_SESSION_H_ */
diff --git a/signkey.h b/signkey.h
index 60c04d9..475b51a 100644
--- a/signkey.h
+++ b/signkey.h
@@ -22,8 +22,8 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. */
-#ifndef _SIGNKEY_H_
-#define _SIGNKEY_H_
+#ifndef DROPBEAR_SIGNKEY_H_
+#define DROPBEAR_SIGNKEY_H_
#include "buffer.h"
#include "dss.h"
@@ -101,4 +101,4 @@ int cmp_base64_key(const unsigned char* keyblob, unsigned int keybloblen,
void** signkey_key_ptr(sign_key *key, enum signkey_type type);
-#endif /* _SIGNKEY_H_ */
+#endif /* DROPBEAR_SIGNKEY_H_ */
diff --git a/svr-agentfwd.c b/svr-agentfwd.c
index 3c4daab..512cbd2 100644
--- a/svr-agentfwd.c
+++ b/svr-agentfwd.c
@@ -117,7 +117,7 @@ static void agentaccept(struct Listener *UNUSED(listener), int sock) {
}
/* set up the environment variable pointing to the socket. This is called
- * just before command/shell execution, after dropping priveleges */
+ * just before command/shell execution, after dropping privileges */
void svr_agentset(struct ChanSess * chansess) {
char *path = NULL;
diff --git a/svr-chansession.c b/svr-chansession.c
index 67122bb..5bed8fc 100644
--- a/svr-chansession.c
+++ b/svr-chansession.c
@@ -234,7 +234,7 @@ static int newchansess(struct Channel *channel) {
struct ChanSess *chansess;
- TRACE(("new chansess %p", channel))
+ TRACE(("new chansess %p", (void*)channel))
dropbear_assert(channel->typedata == NULL);
diff --git a/svr-session.c b/svr-session.c
index 343cb30..8485905 100644
--- a/svr-session.c
+++ b/svr-session.c
@@ -78,10 +78,14 @@ static const struct ChanType *svr_chantypes[] = {
};
static void
-svr_session_cleanup(void)
-{
+svr_session_cleanup(void) {
/* free potential public key options */
svr_pubkey_options_cleanup();
+
+ m_free(svr_ses.addrstring);
+ m_free(svr_ses.remotehost);
+ m_free(svr_ses.childpids);
+ svr_ses.childpidsize = 0;
}
static void
@@ -150,6 +154,7 @@ void svr_session(int sock, int childpipe) {
void svr_dropbear_exit(int exitcode, const char* format, va_list param) {
char fmtbuf[300];
+ int i;
if (!sessinitdone) {
/* before session init */
@@ -183,6 +188,15 @@ void svr_dropbear_exit(int exitcode, const char* format, va_list param) {
session_cleanup();
}
+ if (svr_opts.hostkey) {
+ sign_key_free(svr_opts.hostkey);
+ svr_opts.hostkey = NULL;
+ }
+ for (i = 0; i < DROPBEAR_MAX_PORTS; i++) {
+ m_free(svr_opts.addresses[i]);
+ m_free(svr_opts.ports[i]);
+ }
+
exit(exitcode);
}
diff --git a/svr-x11fwd.c b/svr-x11fwd.c
index ceca26a..6400c06 100644
--- a/svr-x11fwd.c
+++ b/svr-x11fwd.c
@@ -175,7 +175,7 @@ void x11cleanup(struct ChanSess *chansess) {
m_free(chansess->x11authprot);
m_free(chansess->x11authcookie);
- TRACE(("chansess %p", chansess))
+ TRACE(("chansess %p", (void*)chansess))
if (chansess->x11listener != NULL) {
remove_listener(chansess->x11listener);
chansess->x11listener = NULL;
diff --git a/sysoptions.h b/sysoptions.h
index 092eb7e..11dc10d 100644
--- a/sysoptions.h
+++ b/sysoptions.h
@@ -256,6 +256,9 @@
#define DROPBEAR_LISTEN_BACKLOG MAX_CHANNELS
#endif
+/* free memory before exiting */
+#define DROPBEAR_CLEANUP
+
/* Use this string since some implementations might special-case it */
#define DROPBEAR_KEEPALIVE_STRING "keepalive@openssh.com"
diff --git a/tcpfwd.h b/tcpfwd.h
index 654664c..51a1575 100644
--- a/tcpfwd.h
+++ b/tcpfwd.h
@@ -21,8 +21,8 @@
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. */
-#ifndef _TCPFWD_H
-#define _TCPFWD_H
+#ifndef DROPBEAR_TCPFWD_H
+#define DROPBEAR_TCPFWD_H
#include "channel.h"
#include "list.h"
diff --git a/termcodes.h b/termcodes.h
index 00792ea..cd76b7f 100644
--- a/termcodes.h
+++ b/termcodes.h
@@ -22,8 +22,8 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. */
-#ifndef _TERMCODES_H_
-#define _TERMCODES_H_
+#ifndef DROPBEAR_TERMCODES_H_
+#define DROPBEAR_TERMCODES_H_
#define TERMCODE_NONE 0
#define TERMCODE_CONTROL 1
@@ -43,4 +43,4 @@ struct TermCode {
extern const struct TermCode termcodes[];
-#endif /* _TERMCODES_H_ */
+#endif /* DROPBEAR_TERMCODES_H_ */
diff --git a/x11fwd.h b/x11fwd.h
index 5855a68..e142226 100644
--- a/x11fwd.h
+++ b/x11fwd.h
@@ -21,8 +21,8 @@
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. */
-#ifndef _X11FWD_H_
-#define _X11FWD_H_
+#ifndef DROPBEAR__X11FWD_H_
+#define DROPBEAR__X11FWD_H_
#ifndef DISABLE_X11FWD
#include "includes.h"
@@ -34,4 +34,4 @@ void x11setauth(struct ChanSess *chansess);
void x11cleanup(struct ChanSess *chansess);
#endif /* DROPBEAR_X11FWD */
-#endif /* _X11FWD_H_ */
+#endif /* DROPBEAR__X11FWD_H_ */