- djm@cvs.openbsd.org 2012/07/06 01:37:21
[mux.c]
fix memory leak of passed-in environment variables and connection
context when new session message is malformed; bz#2003 from Bert.Wesarg
AT googlemail.com
This commit is contained in:
Damien Miller
parent
dfceafe8b1
commit
ab523b0246
|
|
@ -11,6 +11,11 @@
|
|||
Add options to specify starting line number and number of lines to process
|
||||
when screening moduli candidates. This allows processing of different
|
||||
parts of a candidate moduli file in parallel. man page help jmc@, ok djm@
|
||||
- djm@cvs.openbsd.org 2012/07/06 01:37:21
|
||||
[mux.c]
|
||||
fix memory leak of passed-in environment variables and connection
|
||||
context when new session message is malformed; bz#2003 from Bert.Wesarg
|
||||
AT googlemail.com
|
||||
|
||||
20120704
|
||||
- (dtucker) [configure.ac openbsd-compat/bsd-misc.h] Add setlinebuf for
|
||||
|
|
|
|||
12
mux.c
12
mux.c
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: mux.c,v 1.35 2012/06/01 01:01:22 djm Exp $ */
|
||||
/* $OpenBSD: mux.c,v 1.36 2012/07/06 01:37:21 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
|
||||
*
|
||||
|
|
@ -316,6 +316,8 @@ process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r)
|
|||
cctx->term = NULL;
|
||||
cctx->rid = rid;
|
||||
cmd = reserved = NULL;
|
||||
cctx->env = NULL;
|
||||
env_len = 0;
|
||||
if ((reserved = buffer_get_string_ret(m, NULL)) == NULL ||
|
||||
buffer_get_int_ret(&cctx->want_tty, m) != 0 ||
|
||||
buffer_get_int_ret(&cctx->want_x_fwd, m) != 0 ||
|
||||
|
|
@ -329,16 +331,19 @@ process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r)
|
|||
xfree(cmd);
|
||||
if (reserved != NULL)
|
||||
xfree(reserved);
|
||||
for (j = 0; j < env_len; j++)
|
||||
xfree(cctx->env[j]);
|
||||
if (env_len > 0)
|
||||
xfree(cctx->env);
|
||||
if (cctx->term != NULL)
|
||||
xfree(cctx->term);
|
||||
xfree(cctx);
|
||||
error("%s: malformed message", __func__);
|
||||
return -1;
|
||||
}
|
||||
xfree(reserved);
|
||||
reserved = NULL;
|
||||
|
||||
cctx->env = NULL;
|
||||
env_len = 0;
|
||||
while (buffer_len(m) > 0) {
|
||||
#define MUX_MAX_ENV_VARS 4096
|
||||
if ((cp = buffer_get_string_ret(m, &len)) == NULL)
|
||||
|
|
@ -413,6 +418,7 @@ process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r)
|
|||
xfree(cctx->env);
|
||||
}
|
||||
buffer_free(&cctx->cmd);
|
||||
xfree(cctx);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue