- djm@cvs.openbsd.org 2006/03/25 00:05:41
[auth-bsdauth.c auth-skey.c auth.c auth2-chall.c channels.c] [clientloop.c deattack.c gss-genr.c kex.c key.c misc.c moduli.c] [monitor.c monitor_wrap.c packet.c scard.c sftp-server.c ssh-agent.c] [ssh-keyscan.c ssh.c sshconnect.c sshconnect2.c sshd.c uuencode.c] [xmalloc.c xmalloc.h] introduce xcalloc() and xasprintf() failure-checked allocations functions and use them throughout openssh xcalloc is particularly important because malloc(nmemb * size) is a dangerous idiom (subject to integer overflow) and it is time for it to die feedback and ok deraadt@
This commit is contained in:
parent
7cd4579eb3
commit
07d86bec5e
16
ChangeLog
16
ChangeLog
|
@ -104,6 +104,20 @@
|
|||
- deraadt@cvs.openbsd.org 2006/03/20 21:11:53
|
||||
[ttymodes.c]
|
||||
spacing
|
||||
- djm@cvs.openbsd.org 2006/03/25 00:05:41
|
||||
[auth-bsdauth.c auth-skey.c auth.c auth2-chall.c channels.c]
|
||||
[clientloop.c deattack.c gss-genr.c kex.c key.c misc.c moduli.c]
|
||||
[monitor.c monitor_wrap.c packet.c scard.c sftp-server.c ssh-agent.c]
|
||||
[ssh-keyscan.c ssh.c sshconnect.c sshconnect2.c sshd.c uuencode.c]
|
||||
[xmalloc.c xmalloc.h]
|
||||
introduce xcalloc() and xasprintf() failure-checked allocations
|
||||
functions and use them throughout openssh
|
||||
|
||||
xcalloc is particularly important because malloc(nmemb * size) is a
|
||||
dangerous idiom (subject to integer overflow) and it is time for it
|
||||
to die
|
||||
|
||||
feedback and ok deraadt@
|
||||
|
||||
20060325
|
||||
- OpenBSD CVS Sync
|
||||
|
@ -4361,4 +4375,4 @@
|
|||
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
|
||||
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
|
||||
|
||||
$Id: ChangeLog,v 1.4272 2006/03/26 03:10:34 djm Exp $
|
||||
$Id: ChangeLog,v 1.4273 2006/03/26 03:19:21 djm Exp $
|
||||
|
|
|
@ -68,9 +68,8 @@ bsdauth_query(void *ctx, char **name, char **infotxt,
|
|||
*name = xstrdup("");
|
||||
*infotxt = xstrdup("");
|
||||
*numprompts = 1;
|
||||
*prompts = xmalloc(*numprompts * sizeof(char *));
|
||||
*echo_on = xmalloc(*numprompts * sizeof(u_int));
|
||||
(*echo_on)[0] = 0;
|
||||
*prompts = xcalloc(*numprompts, sizeof(char *));
|
||||
*echo_on = xcalloc(*numprompts, sizeof(u_int));
|
||||
(*prompts)[0] = xstrdup(challenge);
|
||||
|
||||
return 0;
|
||||
|
|
11
auth-skey.c
11
auth-skey.c
|
@ -53,15 +53,10 @@ skey_query(void *ctx, char **name, char **infotxt,
|
|||
*name = xstrdup("");
|
||||
*infotxt = xstrdup("");
|
||||
*numprompts = 1;
|
||||
*prompts = xmalloc(*numprompts * sizeof(char *));
|
||||
*echo_on = xmalloc(*numprompts * sizeof(u_int));
|
||||
(*echo_on)[0] = 0;
|
||||
*prompts = xcalloc(*numprompts, sizeof(char *));
|
||||
*echo_on = xcalloc(*numprompts, sizeof(u_int));
|
||||
|
||||
len = strlen(challenge) + strlen(SKEY_PROMPT) + 1;
|
||||
p = xmalloc(len);
|
||||
strlcpy(p, challenge, len);
|
||||
strlcat(p, SKEY_PROMPT, len);
|
||||
(*prompts)[0] = p;
|
||||
xasprintf(*prompts, "%s%s", challenge, SKEY_PROMPT);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
|
12
auth.c
12
auth.c
|
@ -340,7 +340,8 @@ auth_root_allowed(char *method)
|
|||
static char *
|
||||
expand_authorized_keys(const char *filename, struct passwd *pw)
|
||||
{
|
||||
char *file, *ret;
|
||||
char *file, ret[MAXPATHLEN];
|
||||
int i;
|
||||
|
||||
file = percent_expand(filename, "h", pw->pw_dir,
|
||||
"u", pw->pw_name, (char *)NULL);
|
||||
|
@ -352,14 +353,11 @@ expand_authorized_keys(const char *filename, struct passwd *pw)
|
|||
if (*file == '/')
|
||||
return (file);
|
||||
|
||||
ret = xmalloc(MAXPATHLEN);
|
||||
if (strlcpy(ret, pw->pw_dir, MAXPATHLEN) >= MAXPATHLEN ||
|
||||
strlcat(ret, "/", MAXPATHLEN) >= MAXPATHLEN ||
|
||||
strlcat(ret, file, MAXPATHLEN) >= MAXPATHLEN)
|
||||
i = snprintf(ret, sizeof(ret), "%s/%s", pw->pw_dir, file);
|
||||
if (i < 0 || (size_t)i >= sizeof(ret))
|
||||
fatal("expand_authorized_keys: path too long");
|
||||
|
||||
xfree(file);
|
||||
return (ret);
|
||||
return (xstrdup(ret));
|
||||
}
|
||||
|
||||
char *
|
||||
|
|
|
@ -290,7 +290,7 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
|
|||
if (nresp > 100)
|
||||
fatal("input_userauth_info_response: too many replies");
|
||||
if (nresp > 0) {
|
||||
response = xmalloc(nresp * sizeof(char *));
|
||||
response = xcalloc(nresp, sizeof(char *));
|
||||
for (i = 0; i < nresp; i++)
|
||||
response[i] = packet_get_string(NULL);
|
||||
}
|
||||
|
|
|
@ -249,7 +249,7 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd,
|
|||
/* Do initial allocation if this is the first call. */
|
||||
if (channels_alloc == 0) {
|
||||
channels_alloc = 10;
|
||||
channels = xmalloc(channels_alloc * sizeof(Channel *));
|
||||
channels = xcalloc(channels_alloc, sizeof(Channel *));
|
||||
for (i = 0; i < channels_alloc; i++)
|
||||
channels[i] = NULL;
|
||||
}
|
||||
|
@ -274,8 +274,7 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd,
|
|||
channels[i] = NULL;
|
||||
}
|
||||
/* Initialize and return new channel. */
|
||||
c = channels[found] = xmalloc(sizeof(Channel));
|
||||
memset(c, 0, sizeof(Channel));
|
||||
c = channels[found] = xcalloc(1, sizeof(Channel));
|
||||
buffer_init(&c->input);
|
||||
buffer_init(&c->output);
|
||||
buffer_init(&c->extended);
|
||||
|
@ -2842,7 +2841,7 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
|
|||
}
|
||||
|
||||
/* Allocate a channel for each socket. */
|
||||
*chanids = xmalloc(sizeof(**chanids) * (num_socks + 1));
|
||||
*chanids = xcalloc(num_socks + 1, sizeof(**chanids));
|
||||
for (n = 0; n < num_socks; n++) {
|
||||
sock = socks[n];
|
||||
nc = channel_new("x11 listener",
|
||||
|
|
|
@ -820,8 +820,7 @@ client_process_control(fd_set * readset)
|
|||
return;
|
||||
}
|
||||
|
||||
cctx = xmalloc(sizeof(*cctx));
|
||||
memset(cctx, 0, sizeof(*cctx));
|
||||
cctx = xcalloc(1, sizeof(*cctx));
|
||||
cctx->want_tty = (flags & SSHMUX_FLAG_TTY) != 0;
|
||||
cctx->want_subsys = (flags & SSHMUX_FLAG_SUBSYS) != 0;
|
||||
cctx->want_x_fwd = (flags & SSHMUX_FLAG_X11_FWD) != 0;
|
||||
|
@ -836,7 +835,7 @@ client_process_control(fd_set * readset)
|
|||
env_len = MIN(env_len, 4096);
|
||||
debug3("%s: receiving %d env vars", __func__, env_len);
|
||||
if (env_len != 0) {
|
||||
cctx->env = xmalloc(sizeof(*cctx->env) * (env_len + 1));
|
||||
cctx->env = xcalloc(env_len + 1, sizeof(*cctx->env));
|
||||
for (i = 0; i < env_len; i++)
|
||||
cctx->env[i] = buffer_get_string(&m, &len);
|
||||
cctx->env[i] = NULL;
|
||||
|
|
|
@ -93,7 +93,7 @@ detect_attack(u_char *buf, u_int32_t len)
|
|||
|
||||
if (h == NULL) {
|
||||
debug("Installing crc compensation attack detector.");
|
||||
h = (u_int16_t *) xmalloc(l * HASH_ENTRYSIZE);
|
||||
h = (u_int16_t *) xcalloc(l, HASH_ENTRYSIZE);
|
||||
n = l;
|
||||
} else {
|
||||
if (l > n) {
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: gss-genr.c,v 1.7 2006/03/20 04:07:49 djm Exp $ */
|
||||
/* $OpenBSD: gss-genr.c,v 1.8 2006/03/25 00:05:41 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
|
||||
|
@ -135,9 +135,7 @@ ssh_gssapi_last_error(Gssctxt *ctxt, OM_uint32 *major_status,
|
|||
void
|
||||
ssh_gssapi_build_ctx(Gssctxt **ctx)
|
||||
{
|
||||
*ctx = xmalloc(sizeof (Gssctxt));
|
||||
(*ctx)->major = 0;
|
||||
(*ctx)->minor = 0;
|
||||
*ctx = xcalloc(1, sizeof (Gssctxt));
|
||||
(*ctx)->context = GSS_C_NO_CONTEXT;
|
||||
(*ctx)->name = GSS_C_NO_NAME;
|
||||
(*ctx)->oid = GSS_C_NO_OID;
|
||||
|
|
8
kex.c
8
kex.c
|
@ -82,7 +82,7 @@ kex_buf2prop(Buffer *raw, int *first_kex_follows)
|
|||
int i;
|
||||
char **proposal;
|
||||
|
||||
proposal = xmalloc(PROPOSAL_MAX * sizeof(char *));
|
||||
proposal = xcalloc(PROPOSAL_MAX, sizeof(char *));
|
||||
|
||||
buffer_init(&b);
|
||||
buffer_append(&b, buffer_ptr(raw), buffer_len(raw));
|
||||
|
@ -217,8 +217,7 @@ kex_setup(char *proposal[PROPOSAL_MAX])
|
|||
{
|
||||
Kex *kex;
|
||||
|
||||
kex = xmalloc(sizeof(*kex));
|
||||
memset(kex, 0, sizeof(*kex));
|
||||
kex = xcalloc(1, sizeof(*kex));
|
||||
buffer_init(&kex->peer);
|
||||
buffer_init(&kex->my);
|
||||
kex_prop2buf(&kex->my, proposal);
|
||||
|
@ -379,8 +378,7 @@ kex_choose_conf(Kex *kex)
|
|||
|
||||
/* Algorithm Negotiation */
|
||||
for (mode = 0; mode < MODE_MAX; mode++) {
|
||||
newkeys = xmalloc(sizeof(*newkeys));
|
||||
memset(newkeys, 0, sizeof(*newkeys));
|
||||
newkeys = xcalloc(1, sizeof(*newkeys));
|
||||
kex->newkeys[mode] = newkeys;
|
||||
ctos = (!kex->server && mode == MODE_OUT) || (kex->server && mode == MODE_IN);
|
||||
nenc = ctos ? PROPOSAL_ENC_ALGS_CTOS : PROPOSAL_ENC_ALGS_STOC;
|
||||
|
|
10
key.c
10
key.c
|
@ -49,9 +49,8 @@ key_new(int type)
|
|||
Key *k;
|
||||
RSA *rsa;
|
||||
DSA *dsa;
|
||||
k = xmalloc(sizeof(*k));
|
||||
k = xcalloc(1, sizeof(*k));
|
||||
k->type = type;
|
||||
k->flags = 0;
|
||||
k->dsa = NULL;
|
||||
k->rsa = NULL;
|
||||
switch (k->type) {
|
||||
|
@ -231,8 +230,7 @@ key_fingerprint_hex(u_char *dgst_raw, u_int dgst_raw_len)
|
|||
char *retval;
|
||||
u_int i;
|
||||
|
||||
retval = xmalloc(dgst_raw_len * 3 + 1);
|
||||
retval[0] = '\0';
|
||||
retval = xcalloc(1, dgst_raw_len * 3 + 1);
|
||||
for (i = 0; i < dgst_raw_len; i++) {
|
||||
char hex[4];
|
||||
snprintf(hex, sizeof(hex), "%02x:", dgst_raw[i]);
|
||||
|
@ -254,7 +252,7 @@ key_fingerprint_bubblebabble(u_char *dgst_raw, u_int dgst_raw_len)
|
|||
char *retval;
|
||||
|
||||
rounds = (dgst_raw_len / 2) + 1;
|
||||
retval = xmalloc(sizeof(char) * (rounds*6));
|
||||
retval = xcalloc((rounds * 6), sizeof(char));
|
||||
retval[j++] = 'x';
|
||||
for (i = 0; i < rounds; i++) {
|
||||
u_int idx0, idx1, idx2, idx3, idx4;
|
||||
|
@ -824,7 +822,7 @@ key_demote(const Key *k)
|
|||
{
|
||||
Key *pk;
|
||||
|
||||
pk = xmalloc(sizeof(*pk));
|
||||
pk = xcalloc(1, sizeof(*pk));
|
||||
pk->type = k->type;
|
||||
pk->flags = k->flags;
|
||||
pk->dsa = NULL;
|
||||
|
|
6
misc.c
6
misc.c
|
@ -172,9 +172,8 @@ strdelim(char **s)
|
|||
struct passwd *
|
||||
pwcopy(struct passwd *pw)
|
||||
{
|
||||
struct passwd *copy = xmalloc(sizeof(*copy));
|
||||
struct passwd *copy = xcalloc(1, sizeof(*copy));
|
||||
|
||||
memset(copy, 0, sizeof(*copy));
|
||||
copy->pw_name = xstrdup(pw->pw_name);
|
||||
copy->pw_passwd = xstrdup(pw->pw_passwd);
|
||||
copy->pw_gecos = xstrdup(pw->pw_gecos);
|
||||
|
@ -697,8 +696,7 @@ tohex(const u_char *d, u_int l)
|
|||
u_int i, hl;
|
||||
|
||||
hl = l * 2 + 1;
|
||||
r = xmalloc(hl);
|
||||
*r = '\0';
|
||||
r = xcalloc(1, hl);
|
||||
for (i = 0; i < l; i++) {
|
||||
snprintf(b, sizeof(b), "%02x", d[i]);
|
||||
strlcat(r, b, hl);
|
||||
|
|
17
moduli.c
17
moduli.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: moduli.c,v 1.12 2005/07/17 07:17:55 djm Exp $ */
|
||||
/* $OpenBSD: moduli.c,v 1.13 2006/03/25 00:05:41 djm Exp $ */
|
||||
/*
|
||||
* Copyright 1994 Phil Karn <karn@qualcomm.com>
|
||||
* Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com>
|
||||
|
@ -301,21 +301,10 @@ gen_candidates(FILE *out, u_int32_t memory, u_int32_t power, BIGNUM *start)
|
|||
largewords = (largememory << SHIFT_MEGAWORD);
|
||||
}
|
||||
|
||||
TinySieve = calloc(tinywords, sizeof(u_int32_t));
|
||||
if (TinySieve == NULL) {
|
||||
error("Insufficient memory for tiny sieve: need %u bytes",
|
||||
tinywords << SHIFT_BYTE);
|
||||
exit(1);
|
||||
}
|
||||
TinySieve = xcalloc(tinywords, sizeof(u_int32_t));
|
||||
tinybits = tinywords << SHIFT_WORD;
|
||||
|
||||
SmallSieve = calloc(smallwords, sizeof(u_int32_t));
|
||||
if (SmallSieve == NULL) {
|
||||
error("Insufficient memory for small sieve: need %u bytes",
|
||||
smallwords << SHIFT_BYTE);
|
||||
xfree(TinySieve);
|
||||
exit(1);
|
||||
}
|
||||
SmallSieve = xcalloc(smallwords, sizeof(u_int32_t));
|
||||
smallbits = smallwords << SHIFT_WORD;
|
||||
|
||||
/*
|
||||
|
|
|
@ -1625,8 +1625,7 @@ mm_get_kex(Buffer *m)
|
|||
void *blob;
|
||||
u_int bloblen;
|
||||
|
||||
kex = xmalloc(sizeof(*kex));
|
||||
memset(kex, 0, sizeof(*kex));
|
||||
kex = xcalloc(1, sizeof(*kex));
|
||||
kex->session_id = buffer_get_string(m, &kex->session_id_len);
|
||||
if ((session_id2 == NULL) ||
|
||||
(kex->session_id_len != session_id2_len) ||
|
||||
|
@ -1796,9 +1795,8 @@ monitor_init(void)
|
|||
struct monitor *mon;
|
||||
int pair[2];
|
||||
|
||||
mon = xmalloc(sizeof(*mon));
|
||||
mon = xcalloc(1, sizeof(*mon));
|
||||
|
||||
mon->m_pid = 0;
|
||||
monitor_socketpair(pair);
|
||||
|
||||
mon->m_recvfd = pair[0];
|
||||
|
|
|
@ -859,8 +859,8 @@ mm_chall_setup(char **name, char **infotxt, u_int *numprompts,
|
|||
*name = xstrdup("");
|
||||
*infotxt = xstrdup("");
|
||||
*numprompts = 1;
|
||||
*prompts = xmalloc(*numprompts * sizeof(char *));
|
||||
*echo_on = xmalloc(*numprompts * sizeof(u_int));
|
||||
*prompts = xcalloc(*numprompts, sizeof(char *));
|
||||
*echo_on = xcalloc(*numprompts, sizeof(u_int));
|
||||
(*echo_on)[0] = 0;
|
||||
}
|
||||
|
||||
|
@ -953,11 +953,7 @@ mm_skey_query(void *ctx, char **name, char **infotxt,
|
|||
|
||||
mm_chall_setup(name, infotxt, numprompts, prompts, echo_on);
|
||||
|
||||
len = strlen(challenge) + strlen(SKEY_PROMPT) + 1;
|
||||
p = xmalloc(len);
|
||||
strlcpy(p, challenge, len);
|
||||
strlcat(p, SKEY_PROMPT, len);
|
||||
(*prompts)[0] = p;
|
||||
xasprintf(*prompts, "%s%s", challenge, SKEY_PROMPT);
|
||||
xfree(challenge);
|
||||
|
||||
return (0);
|
||||
|
|
4
packet.c
4
packet.c
|
@ -877,7 +877,7 @@ packet_read_seqnr(u_int32_t *seqnr_p)
|
|||
char buf[8192];
|
||||
DBG(debug("packet_read()"));
|
||||
|
||||
setp = (fd_set *)xmalloc(howmany(connection_in+1, NFDBITS) *
|
||||
setp = (fd_set *)xcalloc(howmany(connection_in+1, NFDBITS),
|
||||
sizeof(fd_mask));
|
||||
|
||||
/* Since we are blocking, ensure that all written packets have been sent. */
|
||||
|
@ -1419,7 +1419,7 @@ packet_write_wait(void)
|
|||
{
|
||||
fd_set *setp;
|
||||
|
||||
setp = (fd_set *)xmalloc(howmany(connection_out + 1, NFDBITS) *
|
||||
setp = (fd_set *)xcalloc(howmany(connection_out + 1, NFDBITS),
|
||||
sizeof(fd_mask));
|
||||
packet_write_poll();
|
||||
while (packet_have_data_to_write()) {
|
||||
|
|
2
scard.c
2
scard.c
|
@ -382,7 +382,7 @@ sc_get_keys(const char *id, const char *pin)
|
|||
key_free(k);
|
||||
return NULL;
|
||||
}
|
||||
keys = xmalloc((nkeys+1) * sizeof(Key *));
|
||||
keys = xcalloc((nkeys+1), sizeof(Key *));
|
||||
|
||||
n = key_new(KEY_RSA1);
|
||||
BN_copy(n->rsa->n, k->rsa->n);
|
||||
|
|
|
@ -712,7 +712,7 @@ process_readdir(void)
|
|||
Stat *stats;
|
||||
int nstats = 10, count = 0, i;
|
||||
|
||||
stats = xmalloc(nstats * sizeof(Stat));
|
||||
stats = xcalloc(nstats, sizeof(Stat));
|
||||
while ((dp = readdir(dirp)) != NULL) {
|
||||
if (count >= nstats) {
|
||||
nstats *= 2;
|
||||
|
|
|
@ -109,8 +109,8 @@ int max_fd = 0;
|
|||
pid_t parent_pid = -1;
|
||||
|
||||
/* pathname and directory for AUTH_SOCKET */
|
||||
char socket_name[1024];
|
||||
char socket_dir[1024];
|
||||
char socket_name[MAXPATHLEN];
|
||||
char socket_dir[MAXPATHLEN];
|
||||
|
||||
/* locking */
|
||||
int locked = 0;
|
||||
|
@ -803,10 +803,7 @@ new_socket(sock_type type, int fd)
|
|||
}
|
||||
old_alloc = sockets_alloc;
|
||||
new_alloc = sockets_alloc + 10;
|
||||
if (sockets)
|
||||
sockets = xrealloc(sockets, new_alloc * sizeof(sockets[0]));
|
||||
else
|
||||
sockets = xmalloc(new_alloc * sizeof(sockets[0]));
|
||||
sockets = xrealloc(sockets, new_alloc * sizeof(sockets[0]));
|
||||
for (i = old_alloc; i < new_alloc; i++)
|
||||
sockets[i].type = AUTH_UNUSED;
|
||||
sockets_alloc = new_alloc;
|
||||
|
|
|
@ -54,7 +54,7 @@ int maxfd;
|
|||
|
||||
extern char *__progname;
|
||||
fd_set *read_wait;
|
||||
size_t read_wait_size;
|
||||
size_t read_wait_nfdset;
|
||||
int ncon;
|
||||
int nonfatal_fatal = 0;
|
||||
jmp_buf kexjmp;
|
||||
|
@ -634,10 +634,10 @@ conloop(void)
|
|||
} else
|
||||
seltime.tv_sec = seltime.tv_usec = 0;
|
||||
|
||||
r = xmalloc(read_wait_size);
|
||||
memcpy(r, read_wait, read_wait_size);
|
||||
e = xmalloc(read_wait_size);
|
||||
memcpy(e, read_wait, read_wait_size);
|
||||
r = xcalloc(read_wait_nfdset, sizeof(fd_mask));
|
||||
e = xcalloc(read_wait_nfdset, sizeof(fd_mask));
|
||||
memcpy(r, read_wait, read_wait_nfdset * sizeof(fd_mask));
|
||||
memcpy(e, read_wait, read_wait_nfdset * sizeof(fd_mask));
|
||||
|
||||
while (select(maxfd, r, NULL, e, &seltime) == -1 &&
|
||||
(errno == EAGAIN || errno == EINTR))
|
||||
|
@ -804,12 +804,10 @@ main(int argc, char **argv)
|
|||
fatal("%s: not enough file descriptors", __progname);
|
||||
if (maxfd > fdlim_get(0))
|
||||
fdlim_set(maxfd);
|
||||
fdcon = xmalloc(maxfd * sizeof(con));
|
||||
memset(fdcon, 0, maxfd * sizeof(con));
|
||||
fdcon = xcalloc(maxfd, sizeof(con));
|
||||
|
||||
read_wait_size = howmany(maxfd, NFDBITS) * sizeof(fd_mask);
|
||||
read_wait = xmalloc(read_wait_size);
|
||||
memset(read_wait, 0, read_wait_size);
|
||||
read_wait_nfdset = howmany(maxfd, NFDBITS);
|
||||
read_wait = xcalloc(read_wait_nfdset, sizeof(fd_mask));
|
||||
|
||||
if (fopt_count) {
|
||||
Linebuf *lb;
|
||||
|
|
5
ssh.c
5
ssh.c
|
@ -687,7 +687,7 @@ main(int ac, char **av)
|
|||
if (options.rhosts_rsa_authentication ||
|
||||
options.hostbased_authentication) {
|
||||
sensitive_data.nkeys = 3;
|
||||
sensitive_data.keys = xmalloc(sensitive_data.nkeys *
|
||||
sensitive_data.keys = xcalloc(sensitive_data.nkeys,
|
||||
sizeof(Key));
|
||||
|
||||
PRIV_START;
|
||||
|
@ -1250,7 +1250,8 @@ env_permitted(char *env)
|
|||
int i;
|
||||
char name[1024], *cp;
|
||||
|
||||
strlcpy(name, env, sizeof(name));
|
||||
if (strlcpy(name, env, sizeof(name)) >= sizeof(name))
|
||||
fatal("env_permitted: name too long");
|
||||
if ((cp = strchr(name, '=')) == NULL)
|
||||
return (0);
|
||||
|
||||
|
|
17
sshconnect.c
17
sshconnect.c
|
@ -68,7 +68,6 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command)
|
|||
int pin[2], pout[2];
|
||||
pid_t pid;
|
||||
char strport[NI_MAXSERV];
|
||||
size_t len;
|
||||
|
||||
/* Convert the port number into a string. */
|
||||
snprintf(strport, sizeof strport, "%hu", port);
|
||||
|
@ -80,10 +79,7 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command)
|
|||
* Use "exec" to avoid "sh -c" processes on some platforms
|
||||
* (e.g. Solaris)
|
||||
*/
|
||||
len = strlen(proxy_command) + 6;
|
||||
tmp = xmalloc(len);
|
||||
strlcpy(tmp, "exec ", len);
|
||||
strlcat(tmp, proxy_command, len);
|
||||
xasprintf(&tmp, "exec %s", proxy_command);
|
||||
command_string = percent_expand(tmp, "h", host,
|
||||
"p", strport, (char *)NULL);
|
||||
xfree(tmp);
|
||||
|
@ -211,7 +207,7 @@ timeout_connect(int sockfd, const struct sockaddr *serv_addr,
|
|||
fd_set *fdset;
|
||||
struct timeval tv;
|
||||
socklen_t optlen;
|
||||
int fdsetsz, optval, rc, result = -1;
|
||||
int optval, rc, result = -1;
|
||||
|
||||
if (timeout <= 0)
|
||||
return (connect(sockfd, serv_addr, addrlen));
|
||||
|
@ -225,10 +221,8 @@ timeout_connect(int sockfd, const struct sockaddr *serv_addr,
|
|||
if (errno != EINPROGRESS)
|
||||
return (-1);
|
||||
|
||||
fdsetsz = howmany(sockfd + 1, NFDBITS) * sizeof(fd_mask);
|
||||
fdset = (fd_set *)xmalloc(fdsetsz);
|
||||
|
||||
memset(fdset, 0, fdsetsz);
|
||||
fdset = (fd_set *)xcalloc(howmany(sockfd + 1, NFDBITS),
|
||||
sizeof(fd_mask));
|
||||
FD_SET(sockfd, fdset);
|
||||
tv.tv_sec = timeout;
|
||||
tv.tv_usec = 0;
|
||||
|
@ -957,8 +951,7 @@ ssh_put_password(char *password)
|
|||
return;
|
||||
}
|
||||
size = roundup(strlen(password) + 1, 32);
|
||||
padded = xmalloc(size);
|
||||
memset(padded, 0, size);
|
||||
padded = xcalloc(1, size);
|
||||
strlcpy(padded, password, size);
|
||||
packet_put_string(padded, size);
|
||||
memset(padded, 0, size);
|
||||
|
|
|
@ -1029,8 +1029,7 @@ pubkey_prepare(Authctxt *authctxt)
|
|||
if (key && key->type == KEY_RSA1)
|
||||
continue;
|
||||
options.identity_keys[i] = NULL;
|
||||
id = xmalloc(sizeof(*id));
|
||||
memset(id, 0, sizeof(*id));
|
||||
id = xcalloc(1, sizeof(*id));
|
||||
id->key = key;
|
||||
id->filename = xstrdup(options.identity_files[i]);
|
||||
TAILQ_INSERT_TAIL(&files, id, next);
|
||||
|
@ -1054,8 +1053,7 @@ pubkey_prepare(Authctxt *authctxt)
|
|||
}
|
||||
}
|
||||
if (!found && !options.identities_only) {
|
||||
id = xmalloc(sizeof(*id));
|
||||
memset(id, 0, sizeof(*id));
|
||||
id = xcalloc(1, sizeof(*id));
|
||||
id->key = key;
|
||||
id->filename = comment;
|
||||
id->ac = ac;
|
||||
|
@ -1336,9 +1334,7 @@ userauth_hostbased(Authctxt *authctxt)
|
|||
return 0;
|
||||
}
|
||||
len = strlen(p) + 2;
|
||||
chost = xmalloc(len);
|
||||
strlcpy(chost, p, len);
|
||||
strlcat(chost, ".", len);
|
||||
xasprintf(&chost, "%s.", p);
|
||||
debug2("userauth_hostbased: chost %s", chost);
|
||||
xfree(p);
|
||||
|
||||
|
|
16
sshd.c
16
sshd.c
|
@ -891,7 +891,7 @@ main(int ac, char **av)
|
|||
{
|
||||
extern char *optarg;
|
||||
extern int optind;
|
||||
int opt, j, i, fdsetsz, on = 1;
|
||||
int opt, j, i, on = 1;
|
||||
int sock_in = -1, sock_out = -1, newsock = -1;
|
||||
pid_t pid;
|
||||
socklen_t fromlen;
|
||||
|
@ -1110,7 +1110,7 @@ main(int ac, char **av)
|
|||
debug("sshd version %.100s", SSH_RELEASE);
|
||||
|
||||
/* load private host keys */
|
||||
sensitive_data.host_keys = xmalloc(options.num_host_key_files *
|
||||
sensitive_data.host_keys = xcalloc(options.num_host_key_files,
|
||||
sizeof(Key *));
|
||||
for (i = 0; i < options.num_host_key_files; i++)
|
||||
sensitive_data.host_keys[i] = NULL;
|
||||
|
@ -1212,7 +1212,7 @@ main(int ac, char **av)
|
|||
debug("setgroups() failed: %.200s", strerror(errno));
|
||||
|
||||
if (rexec_flag) {
|
||||
rexec_argv = xmalloc(sizeof(char *) * (rexec_argc + 2));
|
||||
rexec_argv = xcalloc(rexec_argc + 2, sizeof(char *));
|
||||
for (i = 0; i < rexec_argc; i++) {
|
||||
debug("rexec_argv[%d]='%s'", i, saved_argv[i]);
|
||||
rexec_argv[i] = saved_argv[i];
|
||||
|
@ -1391,7 +1391,7 @@ main(int ac, char **av)
|
|||
if (listen_socks[i] > maxfd)
|
||||
maxfd = listen_socks[i];
|
||||
/* pipes connected to unauthenticated childs */
|
||||
startup_pipes = xmalloc(options.max_startups * sizeof(int));
|
||||
startup_pipes = xcalloc(options.max_startups, sizeof(int));
|
||||
for (i = 0; i < options.max_startups; i++)
|
||||
startup_pipes[i] = -1;
|
||||
|
||||
|
@ -1404,9 +1404,8 @@ main(int ac, char **av)
|
|||
sighup_restart();
|
||||
if (fdset != NULL)
|
||||
xfree(fdset);
|
||||
fdsetsz = howmany(maxfd+1, NFDBITS) * sizeof(fd_mask);
|
||||
fdset = (fd_set *)xmalloc(fdsetsz);
|
||||
memset(fdset, 0, fdsetsz);
|
||||
fdset = (fd_set *)xcalloc(howmany(maxfd + 1, NFDBITS),
|
||||
sizeof(fd_mask));
|
||||
|
||||
for (i = 0; i < num_listen_socks; i++)
|
||||
FD_SET(listen_socks[i], fdset);
|
||||
|
@ -1713,8 +1712,7 @@ main(int ac, char **av)
|
|||
packet_set_nonblocking();
|
||||
|
||||
/* allocate authentication context */
|
||||
authctxt = xmalloc(sizeof(*authctxt));
|
||||
memset(authctxt, 0, sizeof(*authctxt));
|
||||
authctxt = xcalloc(1, sizeof(*authctxt));
|
||||
|
||||
authctxt->loginmsg = &loginmsg;
|
||||
|
||||
|
|
|
@ -57,9 +57,14 @@ uudecode(const char *src, u_char *target, size_t targsize)
|
|||
void
|
||||
dump_base64(FILE *fp, u_char *data, u_int len)
|
||||
{
|
||||
char *buf = xmalloc(2*len);
|
||||
char *buf;;
|
||||
int i, n;
|
||||
|
||||
if (len > 65536) {
|
||||
fprintf(fp, "dump_base64: len > 65536\n");
|
||||
return;
|
||||
}
|
||||
buf = xmalloc(2*len);
|
||||
n = uuencode(data, len, buf, 2*len);
|
||||
for (i = 0; i < n; i++) {
|
||||
fprintf(fp, "%c", buf[i]);
|
||||
|
|
32
xmalloc.c
32
xmalloc.c
|
@ -30,6 +30,22 @@ xmalloc(size_t size)
|
|||
return ptr;
|
||||
}
|
||||
|
||||
void *
|
||||
xcalloc(size_t nmemb, size_t size)
|
||||
{
|
||||
void *ptr;
|
||||
|
||||
if (nmemb && size && SIZE_T_MAX / nmemb < size)
|
||||
fatal("xcalloc: nmemb * size > SIZE_T_MAX");
|
||||
if (size == 0 || nmemb == 0)
|
||||
fatal("xcalloc: zero size");
|
||||
ptr = calloc(nmemb, size);
|
||||
if (ptr == NULL)
|
||||
fatal("xcalloc: out of memory (allocating %lu bytes)",
|
||||
(u_long)(size * nmemb));
|
||||
return ptr;
|
||||
}
|
||||
|
||||
void *
|
||||
xrealloc(void *ptr, size_t new_size)
|
||||
{
|
||||
|
@ -65,3 +81,19 @@ xstrdup(const char *str)
|
|||
strlcpy(cp, str, len);
|
||||
return cp;
|
||||
}
|
||||
|
||||
int
|
||||
xasprintf(char **ret, const char *fmt, ...)
|
||||
{
|
||||
va_list ap;
|
||||
int i;
|
||||
|
||||
va_start(ap, fmt);
|
||||
i = vasprintf(ret, fmt, ap);
|
||||
va_end(ap);
|
||||
|
||||
if (i < 0 || *ret == NULL)
|
||||
fatal("xasprintf: could not allocate memory");
|
||||
|
||||
return (i);
|
||||
}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: xmalloc.h,v 1.9 2002/06/19 00:27:55 deraadt Exp $ */
|
||||
/* $OpenBSD: xmalloc.h,v 1.10 2006/03/25 00:05:41 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
|
@ -20,8 +20,12 @@
|
|||
#define XMALLOC_H
|
||||
|
||||
void *xmalloc(size_t);
|
||||
void *xcalloc(size_t, size_t);
|
||||
void *xrealloc(void *, size_t);
|
||||
void xfree(void *);
|
||||
char *xstrdup(const char *);
|
||||
int xasprintf(char **, const char *, ...)
|
||||
__attribute__((__format__ (printf, 2, 3)))
|
||||
__attribute__((__nonnull__ (2)));
|
||||
|
||||
#endif /* XMALLOC_H */
|
||||
|
|
Loading…
Reference in New Issue