diff options
author | milo <milo.sshiva@gmail.com> | 2009-07-28 18:01:07 +0200 |
---|---|---|
committer | Andreas Schneider <mail@cynapses.org> | 2009-08-06 10:29:36 +0200 |
commit | 1b9676a0cc28e5dab6cea5ffe7c9fcd0fa10d9d8 (patch) | |
tree | 695104dd824160af03c02826f0e370ec524d0204 | |
parent | f4b3ef7604eac4a564159879ee2a5edb04a2c223 (diff) | |
download | libssh-1b9676a0cc28e5dab6cea5ffe7c9fcd0fa10d9d8.tar.gz libssh-1b9676a0cc28e5dab6cea5ffe7c9fcd0fa10d9d8.tar.xz libssh-1b9676a0cc28e5dab6cea5ffe7c9fcd0fa10d9d8.zip |
Fix possible memory corruption (#14)
Signed-off-by: Andreas Schneider <mail@cynapses.org>
-rw-r--r-- | libssh/agent.c | 2 | ||||
-rw-r--r-- | libssh/auth.c | 14 | ||||
-rw-r--r-- | libssh/channels.c | 10 | ||||
-rw-r--r-- | libssh/dh.c | 10 | ||||
-rw-r--r-- | libssh/kex.c | 4 | ||||
-rw-r--r-- | libssh/server.c | 4 | ||||
-rw-r--r-- | libssh/session.c | 4 |
7 files changed, 24 insertions, 24 deletions
diff --git a/libssh/agent.c b/libssh/agent.c index e6fe85f8..ca5de97d 100644 --- a/libssh/agent.c +++ b/libssh/agent.c @@ -327,7 +327,7 @@ int agent_get_ident_count(struct ssh_session_struct *session) { } if (session->agent->ident) { - buffer_free(session->agent->ident); + buffer_reinit(session->agent->ident); } session->agent->ident = reply; diff --git a/libssh/auth.c b/libssh/auth.c index 96b41102..8a3e597e 100644 --- a/libssh/auth.c +++ b/libssh/auth.c @@ -268,7 +268,7 @@ int ssh_userauth_none(SSH_SESSION *session, const char *username) { leave_function(); return rc; error: - buffer_free(session->out_buffer); + buffer_reinit(session->out_buffer); string_free(service); string_free(method); string_free(user); @@ -382,7 +382,7 @@ int ssh_userauth_offer_pubkey(SSH_SESSION *session, const char *username, leave_function(); return rc; error: - buffer_free(session->out_buffer); + buffer_reinit(session->out_buffer); string_free(user); string_free(method); string_free(service); @@ -503,7 +503,7 @@ int ssh_userauth_pubkey(SSH_SESSION *session, const char *username, leave_function(); return rc; error: - buffer_free(session->out_buffer); + buffer_reinit(session->out_buffer); string_free(user); string_free(service); string_free(method); @@ -627,7 +627,7 @@ int ssh_userauth_agent_pubkey(SSH_SESSION *session, const char *username, return rc; error: - buffer_free(session->out_buffer); + buffer_reinit(session->out_buffer); string_free(sign); string_free(user); string_free(service); @@ -739,7 +739,7 @@ int ssh_userauth_password(SSH_SESSION *session, const char *username, leave_function(); return rc; error: - buffer_free(session->out_buffer); + buffer_reinit(session->out_buffer); string_free(user); string_free(service); string_free(method); @@ -1137,7 +1137,7 @@ static int kbdauth_init(SSH_SESSION *session, const char *user, leave_function(); return rc; error: - buffer_free(session->out_buffer); + buffer_reinit(session->out_buffer); string_free(usr); string_free(service); string_free(method); @@ -1304,7 +1304,7 @@ static int kbdauth_send(SSH_SESSION *session) { leave_function(); return rc; error: - buffer_free(session->out_buffer); + buffer_reinit(session->out_buffer); string_burn(answer); string_free(answer); diff --git a/libssh/channels.c b/libssh/channels.c index 88169b7c..ad679ce5 100644 --- a/libssh/channels.c +++ b/libssh/channels.c @@ -280,7 +280,7 @@ static int grow_window(SSH_SESSION *session, ssh_channel channel, int minimumsiz leave_function(); return 0; error: - buffer_free(session->out_buffer); + buffer_reinit(session->out_buffer); leave_function(); return -1; @@ -799,7 +799,7 @@ int channel_send_eof(ssh_channel channel){ leave_function(); return rc; error: - buffer_free(session->out_buffer); + buffer_reinit(session->out_buffer); leave_function(); return rc; @@ -852,7 +852,7 @@ int channel_close(ssh_channel channel){ leave_function(); return rc; error: - buffer_free(session->out_buffer); + buffer_reinit(session->out_buffer); leave_function(); return rc; @@ -935,7 +935,7 @@ int channel_write_common(ssh_channel channel, const void *data, leave_function(); return origlen; error: - buffer_free(session->out_buffer); + buffer_reinit(session->out_buffer); leave_function(); return SSH_ERROR; @@ -1074,7 +1074,7 @@ static int channel_request(ssh_channel channel, const char *request, leave_function(); return rc; error: - buffer_free(session->out_buffer); + buffer_reinit(session->out_buffer); string_free(req); leave_function(); diff --git a/libssh/dh.c b/libssh/dh.c index 7fc3a5e7..4ab28cba 100644 --- a/libssh/dh.c +++ b/libssh/dh.c @@ -626,20 +626,20 @@ int hashbufout_add_cookie(SSH_SESSION *session) { } if (buffer_add_u8(session->out_hashbuf, 20) < 0) { - buffer_free(session->out_hashbuf); + buffer_reinit(session->out_hashbuf); return -1; } if (session->server) { if (buffer_add_data(session->out_hashbuf, session->server_kex.cookie, 16) < 0) { - buffer_free(session->out_hashbuf); + buffer_reinit(session->out_hashbuf); return -1; } } else { if (buffer_add_data(session->out_hashbuf, session->client_kex.cookie, 16) < 0) { - buffer_free(session->out_hashbuf); + buffer_reinit(session->out_hashbuf); return -1; } } @@ -654,11 +654,11 @@ int hashbufin_add_cookie(SSH_SESSION *session, unsigned char *cookie) { } if (buffer_add_u8(session->in_hashbuf, 20) < 0) { - buffer_free(session->in_hashbuf); + buffer_reinit(session->in_hashbuf); return -1; } if (buffer_add_data(session->in_hashbuf,cookie, 16) < 0) { - buffer_free(session->in_hashbuf); + buffer_reinit(session->in_hashbuf); return -1; } diff --git a/libssh/kex.c b/libssh/kex.c index 5927ba99..dd391ca3 100644 --- a/libssh/kex.c +++ b/libssh/kex.c @@ -421,8 +421,8 @@ int ssh_send_kex(SSH_SESSION *session, int server_kex) { leave_function(); return 0; error: - buffer_free(session->out_buffer); - buffer_free(session->out_hashbuf); + buffer_reinit(session->out_buffer); + buffer_reinit(session->out_hashbuf); string_free(str); leave_function(); diff --git a/libssh/server.c b/libssh/server.c index 5625229d..16361235 100644 --- a/libssh/server.c +++ b/libssh/server.c @@ -423,7 +423,7 @@ static int dh_handshake_server(SSH_SESSION *session) { buffer_add_ssh_string(session->out_buffer, f) < 0 || buffer_add_ssh_string(session->out_buffer, sign) < 0) { ssh_set_error(session, SSH_FATAL, "Not enough space"); - buffer_free(session->out_buffer); + buffer_reinit(session->out_buffer); string_free(f); string_free(sign); return -1; @@ -436,7 +436,7 @@ static int dh_handshake_server(SSH_SESSION *session) { } if (buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS) < 0) { - buffer_free(session->out_buffer); + buffer_reinit(session->out_buffer); return -1; } diff --git a/libssh/session.c b/libssh/session.c index c83fecdc..bc7c453f 100644 --- a/libssh/session.c +++ b/libssh/session.c @@ -97,8 +97,8 @@ void ssh_cleanup(SSH_SESSION *session) { SAFE_FREE(session->serverbanner); SAFE_FREE(session->clientbanner); SAFE_FREE(session->banner); - buffer_free(session->in_buffer); - buffer_free(session->out_buffer); + buffer_reinit(session->in_buffer); + buffer_reinit(session->out_buffer); crypto_free(session->current_crypto); crypto_free(session->next_crypto); ssh_socket_free(session->socket); |