aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndreas Schneider <asn@cryptomilk.org>2012-10-08 20:39:56 +0200
committerAndreas Schneider <asn@cryptomilk.org>2012-10-12 08:07:01 +0200
commit4e7736444f6eabbd1b0e8b7068b1bb587066c8ac (patch)
tree83028f455cd0510a8db3e3a542cce0fb8144687a
parent7254390ac2cc548c28e9c4f85f3aa3bc56605e89 (diff)
downloadlibssh-4e7736444f6eabbd1b0e8b7068b1bb587066c8ac.tar.gz
libssh-4e7736444f6eabbd1b0e8b7068b1bb587066c8ac.tar.xz
libssh-4e7736444f6eabbd1b0e8b7068b1bb587066c8ac.zip
server: Don't leak memory on calling ssh_string_from_char().
Also check the return values. Found by Coverity.
-rw-r--r--src/server.c40
1 files changed, 32 insertions, 8 deletions
diff --git a/src/server.c b/src/server.c
index 5089bd0e..511d95b9 100644
--- a/src/server.c
+++ b/src/server.c
@@ -699,6 +699,10 @@ int ssh_message_service_reply_success(ssh_message msg) {
return -1;
}
service=ssh_string_from_char(msg->service_request.service);
+ if (service == NULL) {
+ return -1;
+ }
+
if (buffer_add_ssh_string(session->out_buffer, service) < 0) {
ssh_string_free(service);
return -1;
@@ -866,24 +870,39 @@ int ssh_message_auth_interactive_request(ssh_message msg, const char *name,
/* name */
tmp = ssh_string_from_char(name);
- if (buffer_add_ssh_string(msg->session->out_buffer, tmp) < 0) {
+ if (tmp == NULL) {
+ return SSH_ERROR;
+ }
+
+ r = buffer_add_ssh_string(msg->session->out_buffer, tmp);
+ ssh_string_free(tmp);
+ if (r < 0) {
return SSH_ERROR;
}
- ssh_string_free(tmp); tmp = NULL;
/* instruction */
tmp = ssh_string_from_char(instruction);
- if (buffer_add_ssh_string(msg->session->out_buffer, tmp) < 0) {
+ if (tmp == NULL) {
+ return SSH_ERROR;
+ }
+
+ r = buffer_add_ssh_string(msg->session->out_buffer, tmp);
+ ssh_string_free(tmp);
+ if (r < 0) {
return SSH_ERROR;
}
- ssh_string_free(tmp); tmp = NULL;
/* language tag */
tmp = ssh_string_from_char("");
- if (buffer_add_ssh_string(msg->session->out_buffer, tmp) < 0) {
+ if (tmp == NULL) {
+ return SSH_ERROR;
+ }
+
+ r = buffer_add_ssh_string(msg->session->out_buffer, tmp);
+ ssh_string_free(tmp);
+ if (r < 0) {
return SSH_ERROR;
}
- ssh_string_free(tmp); tmp = NULL;
/* num prompts */
if (buffer_add_u32(msg->session->out_buffer, ntohl(num_prompts)) < 0) {
@@ -893,10 +912,15 @@ int ssh_message_auth_interactive_request(ssh_message msg, const char *name,
for(i = 0; i < num_prompts; i++) {
/* prompt[i] */
tmp = ssh_string_from_char(prompts[i]);
- if (buffer_add_ssh_string(msg->session->out_buffer, tmp) < 0) {
+ if (tmp == NULL) {
+ return SSH_ERROR;
+ }
+
+ r = buffer_add_ssh_string(msg->session->out_buffer, tmp);
+ ssh_string_free(tmp);
+ if (r < 0) {
goto error;
}
- ssh_string_free(tmp); tmp = NULL;
/* echo[i] */
if (buffer_add_u8(msg->session->out_buffer, echo[i]) < 0) {