aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAris Adamantiadis <aris@0xbadc0de.be>2009-09-25 18:49:26 +0200
committerAris Adamantiadis <aris@0xbadc0de.be>2009-09-25 18:49:26 +0200
commitc70694c5948a2d62a3411927a226bac51eefd7d5 (patch)
tree8090706ad8099d5db566df5b71d41a2349fdd3a7
parentfef87793a00edd8f2ea030d80ffcc9b67af8489f (diff)
downloadlibssh-c70694c5948a2d62a3411927a226bac51eefd7d5.tar.gz
libssh-c70694c5948a2d62a3411927a226bac51eefd7d5.tar.xz
libssh-c70694c5948a2d62a3411927a226bac51eefd7d5.zip
Fix memory leaks found by tysonite
-rw-r--r--libssh/messages.c37
1 files changed, 30 insertions, 7 deletions
diff --git a/libssh/messages.c b/libssh/messages.c
index 1cf6e5e8..2be7b21c 100644
--- a/libssh/messages.c
+++ b/libssh/messages.c
@@ -84,6 +84,7 @@ static ssh_message handle_service_request(ssh_session session) {
msg->type=SSH_REQUEST_SERVICE;
msg->service_request.service=service_c;
error:
+ string_free(service);
leave_function();
return msg;
}
@@ -107,6 +108,7 @@ static ssh_message handle_userauth_request(ssh_session session){
ssh_message msg = NULL;
char *service_c = NULL;
char *method_c = NULL;
+ uint32_t method_size = 0;
enter_function();
@@ -144,6 +146,7 @@ static ssh_message handle_userauth_request(ssh_session session){
if (method_c == NULL) {
goto error;
}
+ method_size = string_len(method);
string_free(service);
service = NULL;
@@ -156,7 +159,7 @@ static ssh_message handle_userauth_request(ssh_session session){
msg->auth_request.username);
- if (strcmp(method_c, "none") == 0) {
+ if (strncmp(method_c, "none", method_size) == 0) {
msg->auth_request.method = SSH_AUTH_METHOD_NONE;
SAFE_FREE(service_c);
SAFE_FREE(method_c);
@@ -164,7 +167,7 @@ static ssh_message handle_userauth_request(ssh_session session){
return msg;
}
- if (strcmp(method_c, "password") == 0) {
+ if (strncmp(method_c, "password", method_size) == 0) {
ssh_string pass = NULL;
uint8_t tmp;
@@ -187,7 +190,7 @@ static ssh_message handle_userauth_request(ssh_session session){
return msg;
}
- if (strcmp(method_c, "publickey") == 0) {
+ if (strncmp(method_c, "publickey", method_size) == 0) {
ssh_string algo = NULL;
ssh_string publickey = NULL;
uint8_t has_sign;
@@ -230,16 +233,32 @@ static ssh_message handle_userauth_request(ssh_session session){
signature = signature_from_string(session, sign, public_key,
public_key->type);
digest = ssh_userauth_build_digest(session, msg, service_c);
- if(sig_verify(session, public_key, signature,
- buffer_get(digest), buffer_get_len(digest)) < 0) {
+ if ((digest == NULL || signature == NULL) ||
+ (digest != NULL && signature != NULL &&
+ sig_verify(session, public_key, signature,
+ buffer_get(digest), buffer_get_len(digest)) < 0)) {
ssh_log(session, SSH_LOG_PACKET, "Invalid signature from peer");
- msg->auth_request.signature_state = -1;
+
string_free(sign);
sign = NULL;
+ buffer_free(digest);
+ digest = NULL;
+ signature_free(signature);
+ signature = NULL;
+
+ msg->auth_request.signature_state = -1;
goto error;
- }
+ }
else
ssh_log(session, SSH_LOG_PACKET, "Valid signature received");
+
+ buffer_free(digest);
+ digest = NULL;
+ string_free(sign);
+ sign = NULL;
+ signature_free(signature);
+ signature = NULL;
+
msg->auth_request.signature_state = 1;
}
SAFE_FREE(service_c);
@@ -777,6 +796,7 @@ void ssh_message_free(ssh_message msg){
strlen(msg->auth_request.password));
SAFE_FREE(msg->auth_request.password);
}
+ publickey_free(msg->auth_request.public_key);
break;
case SSH_REQUEST_CHANNEL_OPEN:
SAFE_FREE(msg->channel_request_open.originator);
@@ -790,6 +810,9 @@ void ssh_message_free(ssh_message msg){
SAFE_FREE(msg->channel_request.command);
SAFE_FREE(msg->channel_request.subsystem);
break;
+ case SSH_REQUEST_SERVICE:
+ SAFE_FREE(msg->service_request.service);
+ break;
}
ZERO_STRUCTP(msg);
SAFE_FREE(msg);