diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2018-08-13 02:41:05 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2018-08-13 12:42:13 +1000 |
| commit | c3903c38b0fd168ab3d925c2b129d1a599593426 (patch) | |
| tree | a0914654d1d42e32084afe2d34144c0fadc2735d /compat.c | |
| parent | 1b9dd4aa15208100fbc3650f33ea052255578282 (diff) | |
upstream: revert compat.[ch] section of the following change. It
causes double-free under some circumstances.
--
date: 2018/07/31 03:07:24; author: djm; state: Exp; lines: +33 -18; commitid: f7g4UI8eeOXReTPh;
fix some memory leaks spotted by Coverity via Jakub Jelen in bz#2366
feedback and ok dtucker@
OpenBSD-Commit-ID: 1e77547f60fdb5e2ffe23e2e4733c54d8d2d1137
Diffstat (limited to 'compat.c')
| -rw-r--r-- | compat.c | 51 |
1 files changed, 18 insertions, 33 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: compat.c,v 1.112 2018/07/31 03:07:24 djm Exp $ */ +/* $OpenBSD: compat.c,v 1.113 2018/08/13 02:41:05 djm Exp $ */ /* * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. * @@ -184,17 +184,13 @@ proto_spec(const char *spec) } char * -compat_cipher_proposal(char *cipher_prop, u_int compat) +compat_cipher_proposal(char *cipher_prop) { - char *cp; - - if (!(compat & SSH_BUG_BIGENDIANAES)) + if (!(datafellows & SSH_BUG_BIGENDIANAES)) return cipher_prop; debug2("%s: original cipher proposal: %s", __func__, cipher_prop); - if ((cp = match_filter_blacklist(cipher_prop, "aes*")) == NULL) + if ((cipher_prop = match_filter_blacklist(cipher_prop, "aes*")) == NULL) fatal("match_filter_blacklist failed"); - free(cipher_prop); - cipher_prop = cp; debug2("%s: compat cipher proposal: %s", __func__, cipher_prop); if (*cipher_prop == '\0') fatal("No supported ciphers found"); @@ -202,17 +198,13 @@ compat_cipher_proposal(char *cipher_prop, u_int compat) } char * -compat_pkalg_proposal(char *pkalg_prop, u_int compat) +compat_pkalg_proposal(char *pkalg_prop) { - char *cp; - - if (!(compat & SSH_BUG_RSASIGMD5)) + if (!(datafellows & SSH_BUG_RSASIGMD5)) return pkalg_prop; debug2("%s: original public key proposal: %s", __func__, pkalg_prop); - if ((cp = match_filter_blacklist(pkalg_prop, "ssh-rsa")) == NULL) + if ((pkalg_prop = match_filter_blacklist(pkalg_prop, "ssh-rsa")) == NULL) fatal("match_filter_blacklist failed"); - free(pkalg_prop); - pkalg_prop = cp; debug2("%s: compat public key proposal: %s", __func__, pkalg_prop); if (*pkalg_prop == '\0') fatal("No supported PK algorithms found"); @@ -220,31 +212,24 @@ compat_pkalg_proposal(char *pkalg_prop, u_int compat) } char * -compat_kex_proposal(char *kex_prop, u_int compat) +compat_kex_proposal(char *p) { - char *cp; - - if ((compat & (SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX)) == 0) - return kex_prop; - debug2("%s: original KEX proposal: %s", __func__, kex_prop); - if ((compat & SSH_BUG_CURVE25519PAD) != 0) { - if ((cp = match_filter_blacklist(kex_prop, + if ((datafellows & (SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX)) == 0) + return p; + debug2("%s: original KEX proposal: %s", __func__, p); + if ((datafellows & SSH_BUG_CURVE25519PAD) != 0) + if ((p = match_filter_blacklist(p, "curve25519-sha256@libssh.org")) == NULL) fatal("match_filter_blacklist failed"); - free(kex_prop); - kex_prop = cp; - } - if ((compat & SSH_OLD_DHGEX) != 0) { - if ((cp = match_filter_blacklist(kex_prop, + if ((datafellows & SSH_OLD_DHGEX) != 0) { + if ((p = match_filter_blacklist(p, "diffie-hellman-group-exchange-sha256," "diffie-hellman-group-exchange-sha1")) == NULL) fatal("match_filter_blacklist failed"); - free(kex_prop); - kex_prop = cp; } - debug2("%s: compat KEX proposal: %s", __func__, kex_prop); - if (*kex_prop == '\0') + debug2("%s: compat KEX proposal: %s", __func__, p); + if (*p == '\0') fatal("No supported key exchange algorithms found"); - return kex_prop; + return p; } |