aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormilo <milo.sshiva@gmail.com>2009-07-28 18:01:07 +0200
committerAndreas Schneider <mail@cynapses.org>2009-08-06 10:29:36 +0200
commit1b9676a0cc28e5dab6cea5ffe7c9fcd0fa10d9d8 (patch)
tree695104dd824160af03c02826f0e370ec524d0204
parentf4b3ef7604eac4a564159879ee2a5edb04a2c223 (diff)
downloadlibssh-1b9676a0cc28e5dab6cea5ffe7c9fcd0fa10d9d8.tar.gz
libssh-1b9676a0cc28e5dab6cea5ffe7c9fcd0fa10d9d8.tar.xz
libssh-1b9676a0cc28e5dab6cea5ffe7c9fcd0fa10d9d8.zip
Fix possible memory corruption (#14)
Signed-off-by: Andreas Schneider <mail@cynapses.org>
-rw-r--r--libssh/agent.c2
-rw-r--r--libssh/auth.c14
-rw-r--r--libssh/channels.c10
-rw-r--r--libssh/dh.c10
-rw-r--r--libssh/kex.c4
-rw-r--r--libssh/server.c4
-rw-r--r--libssh/session.c4
7 files changed, 24 insertions, 24 deletions
diff --git a/libssh/agent.c b/libssh/agent.c
index e6fe85f8..ca5de97d 100644
--- a/libssh/agent.c
+++ b/libssh/agent.c
@@ -327,7 +327,7 @@ int agent_get_ident_count(struct ssh_session_struct *session) {
}
if (session->agent->ident) {
- buffer_free(session->agent->ident);
+ buffer_reinit(session->agent->ident);
}
session->agent->ident = reply;
diff --git a/libssh/auth.c b/libssh/auth.c
index 96b41102..8a3e597e 100644
--- a/libssh/auth.c
+++ b/libssh/auth.c
@@ -268,7 +268,7 @@ int ssh_userauth_none(SSH_SESSION *session, const char *username) {
leave_function();
return rc;
error:
- buffer_free(session->out_buffer);
+ buffer_reinit(session->out_buffer);
string_free(service);
string_free(method);
string_free(user);
@@ -382,7 +382,7 @@ int ssh_userauth_offer_pubkey(SSH_SESSION *session, const char *username,
leave_function();
return rc;
error:
- buffer_free(session->out_buffer);
+ buffer_reinit(session->out_buffer);
string_free(user);
string_free(method);
string_free(service);
@@ -503,7 +503,7 @@ int ssh_userauth_pubkey(SSH_SESSION *session, const char *username,
leave_function();
return rc;
error:
- buffer_free(session->out_buffer);
+ buffer_reinit(session->out_buffer);
string_free(user);
string_free(service);
string_free(method);
@@ -627,7 +627,7 @@ int ssh_userauth_agent_pubkey(SSH_SESSION *session, const char *username,
return rc;
error:
- buffer_free(session->out_buffer);
+ buffer_reinit(session->out_buffer);
string_free(sign);
string_free(user);
string_free(service);
@@ -739,7 +739,7 @@ int ssh_userauth_password(SSH_SESSION *session, const char *username,
leave_function();
return rc;
error:
- buffer_free(session->out_buffer);
+ buffer_reinit(session->out_buffer);
string_free(user);
string_free(service);
string_free(method);
@@ -1137,7 +1137,7 @@ static int kbdauth_init(SSH_SESSION *session, const char *user,
leave_function();
return rc;
error:
- buffer_free(session->out_buffer);
+ buffer_reinit(session->out_buffer);
string_free(usr);
string_free(service);
string_free(method);
@@ -1304,7 +1304,7 @@ static int kbdauth_send(SSH_SESSION *session) {
leave_function();
return rc;
error:
- buffer_free(session->out_buffer);
+ buffer_reinit(session->out_buffer);
string_burn(answer);
string_free(answer);
diff --git a/libssh/channels.c b/libssh/channels.c
index 88169b7c..ad679ce5 100644
--- a/libssh/channels.c
+++ b/libssh/channels.c
@@ -280,7 +280,7 @@ static int grow_window(SSH_SESSION *session, ssh_channel channel, int minimumsiz
leave_function();
return 0;
error:
- buffer_free(session->out_buffer);
+ buffer_reinit(session->out_buffer);
leave_function();
return -1;
@@ -799,7 +799,7 @@ int channel_send_eof(ssh_channel channel){
leave_function();
return rc;
error:
- buffer_free(session->out_buffer);
+ buffer_reinit(session->out_buffer);
leave_function();
return rc;
@@ -852,7 +852,7 @@ int channel_close(ssh_channel channel){
leave_function();
return rc;
error:
- buffer_free(session->out_buffer);
+ buffer_reinit(session->out_buffer);
leave_function();
return rc;
@@ -935,7 +935,7 @@ int channel_write_common(ssh_channel channel, const void *data,
leave_function();
return origlen;
error:
- buffer_free(session->out_buffer);
+ buffer_reinit(session->out_buffer);
leave_function();
return SSH_ERROR;
@@ -1074,7 +1074,7 @@ static int channel_request(ssh_channel channel, const char *request,
leave_function();
return rc;
error:
- buffer_free(session->out_buffer);
+ buffer_reinit(session->out_buffer);
string_free(req);
leave_function();
diff --git a/libssh/dh.c b/libssh/dh.c
index 7fc3a5e7..4ab28cba 100644
--- a/libssh/dh.c
+++ b/libssh/dh.c
@@ -626,20 +626,20 @@ int hashbufout_add_cookie(SSH_SESSION *session) {
}
if (buffer_add_u8(session->out_hashbuf, 20) < 0) {
- buffer_free(session->out_hashbuf);
+ buffer_reinit(session->out_hashbuf);
return -1;
}
if (session->server) {
if (buffer_add_data(session->out_hashbuf,
session->server_kex.cookie, 16) < 0) {
- buffer_free(session->out_hashbuf);
+ buffer_reinit(session->out_hashbuf);
return -1;
}
} else {
if (buffer_add_data(session->out_hashbuf,
session->client_kex.cookie, 16) < 0) {
- buffer_free(session->out_hashbuf);
+ buffer_reinit(session->out_hashbuf);
return -1;
}
}
@@ -654,11 +654,11 @@ int hashbufin_add_cookie(SSH_SESSION *session, unsigned char *cookie) {
}
if (buffer_add_u8(session->in_hashbuf, 20) < 0) {
- buffer_free(session->in_hashbuf);
+ buffer_reinit(session->in_hashbuf);
return -1;
}
if (buffer_add_data(session->in_hashbuf,cookie, 16) < 0) {
- buffer_free(session->in_hashbuf);
+ buffer_reinit(session->in_hashbuf);
return -1;
}
diff --git a/libssh/kex.c b/libssh/kex.c
index 5927ba99..dd391ca3 100644
--- a/libssh/kex.c
+++ b/libssh/kex.c
@@ -421,8 +421,8 @@ int ssh_send_kex(SSH_SESSION *session, int server_kex) {
leave_function();
return 0;
error:
- buffer_free(session->out_buffer);
- buffer_free(session->out_hashbuf);
+ buffer_reinit(session->out_buffer);
+ buffer_reinit(session->out_hashbuf);
string_free(str);
leave_function();
diff --git a/libssh/server.c b/libssh/server.c
index 5625229d..16361235 100644
--- a/libssh/server.c
+++ b/libssh/server.c
@@ -423,7 +423,7 @@ static int dh_handshake_server(SSH_SESSION *session) {
buffer_add_ssh_string(session->out_buffer, f) < 0 ||
buffer_add_ssh_string(session->out_buffer, sign) < 0) {
ssh_set_error(session, SSH_FATAL, "Not enough space");
- buffer_free(session->out_buffer);
+ buffer_reinit(session->out_buffer);
string_free(f);
string_free(sign);
return -1;
@@ -436,7 +436,7 @@ static int dh_handshake_server(SSH_SESSION *session) {
}
if (buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS) < 0) {
- buffer_free(session->out_buffer);
+ buffer_reinit(session->out_buffer);
return -1;
}
diff --git a/libssh/session.c b/libssh/session.c
index c83fecdc..bc7c453f 100644
--- a/libssh/session.c
+++ b/libssh/session.c
@@ -97,8 +97,8 @@ void ssh_cleanup(SSH_SESSION *session) {
SAFE_FREE(session->serverbanner);
SAFE_FREE(session->clientbanner);
SAFE_FREE(session->banner);
- buffer_free(session->in_buffer);
- buffer_free(session->out_buffer);
+ buffer_reinit(session->in_buffer);
+ buffer_reinit(session->out_buffer);
crypto_free(session->current_crypto);
crypto_free(session->next_crypto);
ssh_socket_free(session->socket);