aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAris Adamantiadis <aris@0xbadc0de.be>2008-06-30 22:28:11 +0000
committerAris Adamantiadis <aris@0xbadc0de.be>2008-06-30 22:28:11 +0000
commitd477025000c4d6717f9501cc8d382eed06fbe868 (patch)
tree449d1758108d4d7ea969b04df2ce0e6202ee705b
parent5758188467194aa04ad854b77167ec360bdac463 (diff)
downloadlibssh-d477025000c4d6717f9501cc8d382eed06fbe868.tar.gz
libssh-d477025000c4d6717f9501cc8d382eed06fbe868.tar.xz
libssh-d477025000c4d6717f9501cc8d382eed06fbe868.zip
fix bug 0000015 about memory leak in server path
git-svn-id: svn+ssh://svn.berlios.de/svnroot/repos/libssh/trunk@180 7dcaeef0-15fb-0310-b436-a5af3365683c
-rw-r--r--libssh/messages.c9
-rw-r--r--libssh/server.c4
-rw-r--r--libssh/wrapper.c21
-rw-r--r--samplesshd.c2
4 files changed, 35 insertions, 1 deletions
diff --git a/libssh/messages.c b/libssh/messages.c
index e609cbc6..e9c99b1a 100644
--- a/libssh/messages.c
+++ b/libssh/messages.c
@@ -84,6 +84,8 @@ static SSH_MESSAGE *handle_userauth_request(SSH_SESSION *session){
free(user);
service_c=string_to_char(service);
method_c=string_to_char(method);
+ free(service);
+ free(method);
ssh_say(2,"auth request for service %s, method %s for user '%s'\n",service_c,method_c,
msg->auth_request.username);
free(service_c);
@@ -182,10 +184,12 @@ static SSH_MESSAGE *handle_channel_request_open(SSH_SESSION *session){
msg->channel_request_open.packet_size=ntohl(packet);
if(!strcmp(type_c,"session")){
msg->channel_request_open.type=SSH_CHANNEL_SESSION;
+ free(type_c);
leave_function();
return msg;
}
msg->channel_request_open.type=SSH_CHANNEL_UNKNOWN;
+ free(type_c);
leave_function();
return msg;
}
@@ -247,6 +251,7 @@ static SSH_MESSAGE *handle_channel_request(SSH_SESSION *session){
if(!strcmp(type_c,"pty-req")){
STRING *term;
char *term_c;
+ free(type_c);
term=buffer_get_ssh_string(session->in_buffer);
term_c=string_to_char(term);
free(term);
@@ -267,6 +272,7 @@ static SSH_MESSAGE *handle_channel_request(SSH_SESSION *session){
if(!strcmp(type_c,"subsystem")){
STRING *subsys;
char *subsys_c;
+ free(type_c);
subsys=buffer_get_ssh_string(session->in_buffer);
subsys_c=string_to_char(subsys);
free(subsys);
@@ -276,12 +282,14 @@ static SSH_MESSAGE *handle_channel_request(SSH_SESSION *session){
return msg;
}
if(!strcmp(type_c,"shell")){
+ free(type_c);
msg->channel_request.type=SSH_CHANNEL_REQUEST_SHELL;
leave_function();
return msg;
}
if(!strcmp(type_c,"exec")){
STRING *cmd=buffer_get_ssh_string(session->in_buffer);
+ free(type_c);
msg->channel_request.type=SSH_CHANNEL_REQUEST_EXEC;
msg->channel_request.command=string_to_char(cmd);
free(cmd);
@@ -290,6 +298,7 @@ static SSH_MESSAGE *handle_channel_request(SSH_SESSION *session){
}
msg->channel_request.type=SSH_CHANNEL_UNKNOWN;
+ free(type_c);
leave_function();
return msg;
}
diff --git a/libssh/server.c b/libssh/server.c
index 58fbb615..538ec80a 100644
--- a/libssh/server.c
+++ b/libssh/server.c
@@ -163,6 +163,7 @@ SSH_SESSION *ssh_bind_accept(SSH_BIND *ssh_bind){
session=ssh_new();
session->server=1;
session->version=2;
+ ssh_socket_free(session->socket);
session->socket=ssh_socket_new(session);
ssh_socket_set_fd(session->socket,fd);
session->options=ssh_options_copy(ssh_bind->options);
@@ -175,6 +176,8 @@ void ssh_bind_free(SSH_BIND *ssh_bind){
if(ssh_bind->bindfd>=0)
close(ssh_bind->bindfd);
ssh_bind->bindfd=-1;
+ if(ssh_bind->options)
+ ssh_options_free(ssh_bind->options);
free(ssh_bind);
}
@@ -223,6 +226,7 @@ static int dh_handshake_server(SSH_SESSION *session){
return -1;
}
dh_import_e(session,e);
+ free(e);
dh_generate_y(session);
dh_generate_f(session);
f=dh_get_f(session);
diff --git a/libssh/wrapper.c b/libssh/wrapper.c
index b5906ff6..1c848c97 100644
--- a/libssh/wrapper.c
+++ b/libssh/wrapper.c
@@ -447,6 +447,8 @@ void crypto_free(CRYPTO *crypto){
bignum_free(crypto->f);
if(crypto->x)
bignum_free(crypto->x);
+ if(crypto->y)
+ bignum_free(crypto->y);
if(crypto->k)
bignum_free(crypto->k);
/* lot of other things */
@@ -509,6 +511,7 @@ int crypt_set_algorithms(SSH_SESSION *session){
// TODO Obviously too much cut and paste here
int crypt_set_algorithms_server(SSH_SESSION *session){
/* we must scan the kex entries to find crypto algorithms and set their appropriate structure */
+ enter_function();
int i=0;
/* out */
char *server=session->server_kex.methods[SSH_CRYPT_S_C];
@@ -516,16 +519,21 @@ int crypt_set_algorithms_server(SSH_SESSION *session){
char *match=ssh_find_matching(client,server);
if(!match){
ssh_set_error(session,SSH_FATAL,"Crypt_set_algorithms_server : no matching algorithm function found for %s",server);
+ free(match);
+ leave_function();
return SSH_ERROR;
}
while(ssh_ciphertab[i].name && strcmp(match,ssh_ciphertab[i].name))
i++;
if(!ssh_ciphertab[i].name){
ssh_set_error(session,SSH_FATAL,"Crypt_set_algorithms_server : no crypto algorithm function found for %s",server);
+ free(match);
+ leave_function();
return SSH_ERROR;
}
ssh_log(session,SSH_LOG_PACKET,"Set output algorithm %s",match);
session->next_crypto->out_cipher=cipher_new(i);
+ free(match);
i=0;
/* in */
client=session->client_kex.methods[SSH_CRYPT_C_S];
@@ -533,16 +541,21 @@ int crypt_set_algorithms_server(SSH_SESSION *session){
match=ssh_find_matching(client,server);
if(!match){
ssh_set_error(session,SSH_FATAL,"Crypt_set_algorithms_server : no matching algorithm function found for %s",server);
+ free(match);
+ leave_function();
return SSH_ERROR;
}
while(ssh_ciphertab[i].name && strcmp(match,ssh_ciphertab[i].name))
i++;
if(!ssh_ciphertab[i].name){
ssh_set_error(session,SSH_FATAL,"Crypt_set_algorithms_server : no crypto algorithm function found for %s",server);
+ free(match);
+ leave_function();
return SSH_ERROR;
}
ssh_log(session,SSH_LOG_PACKET,"Set input algorithm %s",match);
session->next_crypto->in_cipher=cipher_new(i);
+ free(match);
/* compression */
client=session->client_kex.methods[SSH_CRYPT_C_S];
server=session->server_kex.methods[SSH_CRYPT_C_S];
@@ -551,6 +564,7 @@ int crypt_set_algorithms_server(SSH_SESSION *session){
ssh_log(session,SSH_LOG_PACKET,"enabling C->S compression");
session->next_crypto->do_compress_in=1;
}
+ free(match);
client=session->client_kex.methods[SSH_CRYPT_S_C];
server=session->server_kex.methods[SSH_CRYPT_S_C];
@@ -559,7 +573,8 @@ int crypt_set_algorithms_server(SSH_SESSION *session){
ssh_log(session,SSH_LOG_PACKET,"enabling S->C compression\n");
session->next_crypto->do_compress_out=1;
}
-
+ free(match);
+
server=session->server_kex.methods[SSH_HOSTKEYS];
client=session->client_kex.methods[SSH_HOSTKEYS];
match=ssh_find_matching(client,server);
@@ -569,7 +584,11 @@ int crypt_set_algorithms_server(SSH_SESSION *session){
session->hostkeys=TYPE_RSA;
else {
ssh_set_error(session,SSH_FATAL,"cannot know what %s is into %s",match,server);
+ free(match);
+ leave_function();
return SSH_ERROR;
}
+ free(match);
+ leave_function();
return SSH_OK;
}
diff --git a/samplesshd.c b/samplesshd.c
index c6088d0b..3e98b3e5 100644
--- a/samplesshd.c
+++ b/samplesshd.c
@@ -148,7 +148,9 @@ int main(int argc, char **argv){
if(i>0)
write(1,buffer_get(buf),buffer_get_len(buf));
} while (i>0);
+ buffer_free(buf);
ssh_disconnect(session);
+ ssh_bind_free(ssh_bind);
ssh_finalize();
return 0;
}