Attachment #3176 for bug #2687

Lines 186-196 proto_spec(const char *spec) Link Here

(-)a/compat.c (-9 / +24 lines)
186	char *	186	char *
187	compat_cipher_proposal(char *cipher_prop)	187	compat_cipher_proposal(char *cipher_prop)
188	{	188	{
		189	char *np = NULL;
		190
189	if (!(datafellows & SSH_BUG_BIGENDIANAES))	191	if (!(datafellows & SSH_BUG_BIGENDIANAES))
190	return cipher_prop;	192	return cipher_prop;
191	debug2("%s: original cipher proposal: %s", __func__, cipher_prop);	193	debug2("%s: original cipher proposal: %s", __func__, cipher_prop);
192	if ((cipher_prop = match_filter_blacklist(cipher_prop, "aes*")) == NULL)	194	np = match_filter_blacklist(cipher_prop, "aes*");
		195	if (np == NULL)
193	fatal("match_filter_blacklist failed");	196	fatal("match_filter_blacklist failed");
		197	free(cipher_prop);
		198	cipher_prop = np;
194	debug2("%s: compat cipher proposal: %s", __func__, cipher_prop);	199	debug2("%s: compat cipher proposal: %s", __func__, cipher_prop);
195	if (*cipher_prop == '\0')	200	if (*cipher_prop == '\0')
196	fatal("No supported ciphers found");	201	fatal("No supported ciphers found");
Lines 200-210 compat_cipher_proposal(char *cipher_prop) Link Here
200	char *	205	char *
201	compat_pkalg_proposal(char *pkalg_prop)	206	compat_pkalg_proposal(char *pkalg_prop)
202	{	207	{
		208	char *np = NULL;
		209
203	if (!(datafellows & SSH_BUG_RSASIGMD5))	210	if (!(datafellows & SSH_BUG_RSASIGMD5))
204	return pkalg_prop;	211	return pkalg_prop;
205	debug2("%s: original public key proposal: %s", __func__, pkalg_prop);	212	debug2("%s: original public key proposal: %s", __func__, pkalg_prop);
206	if ((pkalg_prop = match_filter_blacklist(pkalg_prop, "ssh-rsa")) == NULL)	213	np = match_filter_blacklist(pkalg_prop, "ssh-rsa");
		214	if (np == NULL)
207	fatal("match_filter_blacklist failed");	215	fatal("match_filter_blacklist failed");
		216	free(pkalg_prop);
		217	pkalg_prop = np;
208	debug2("%s: compat public key proposal: %s", __func__, pkalg_prop);	218	debug2("%s: compat public key proposal: %s", __func__, pkalg_prop);
209	if (*pkalg_prop == '\0')	219	if (*pkalg_prop == '\0')
210	fatal("No supported PK algorithms found");	220	fatal("No supported PK algorithms found");
Lines 217-231 compat_kex_proposal(char *p) Link Here
217	if ((datafellows & (SSH_BUG_CURVE25519PAD\|SSH_OLD_DHGEX)) == 0)	227	if ((datafellows & (SSH_BUG_CURVE25519PAD\|SSH_OLD_DHGEX)) == 0)
218	return p;	228	return p;
219	debug2("%s: original KEX proposal: %s", __func__, p);	229	debug2("%s: original KEX proposal: %s", __func__, p);
220	if ((datafellows & SSH_BUG_CURVE25519PAD) != 0)	230	if ((datafellows & SSH_BUG_CURVE25519PAD) != 0) {
221	if ((p = match_filter_blacklist(p,	231	char *np = match_filter_blacklist(p,
222	"curve25519-sha256@libssh.org")) == NULL)	232	"curve25519-sha256@libssh.org");
		233	if (np == NULL)
223	fatal("match_filter_blacklist failed");	234	fatal("match_filter_blacklist failed");
		235	free(p);
		236	p = np;
		237	}
224	if ((datafellows & SSH_OLD_DHGEX) != 0) {	238	if ((datafellows & SSH_OLD_DHGEX) != 0) {
225	if ((p = match_filter_blacklist(p,	239	char *np = match_filter_blacklist(p,
226	"diffie-hellman-group-exchange-sha256,"	240	"diffie-hellman-group-exchange-sha256,"
227	"diffie-hellman-group-exchange-sha1")) == NULL)	241	"diffie-hellman-group-exchange-sha1");
		242	if (np == NULL)
228	fatal("match_filter_blacklist failed");	243	fatal("match_filter_blacklist failed");
		244	free(p);
		245	p = np;
229	}	246	}
230	debug2("%s: compat KEX proposal: %s", __func__, p);	247	debug2("%s: compat KEX proposal: %s", __func__, p);
231	if (*p == '\0')	248	if (*p == '\0')
232	-
233	--
234	auth-options.c \| 1 +	249	auth-options.c \| 1 +
235	1 file changed, 1 insertion(+)	250	1 file changed, 1 insertion(+)

Lines 779-784 deserialise_array(struct sshbuf m, char *ap, size_t np) Link Here

(-)a/auth-options.c (-2 / +1 lines)
779	n = tmp;	779	n = tmp;
780	if (n > 0 && (a = calloc(n, sizeof(*a))) == NULL) {	780	if (n > 0 && (a = calloc(n, sizeof(*a))) == NULL) {
781	r = SSH_ERR_ALLOC_FAIL;	781	r = SSH_ERR_ALLOC_FAIL;
		782	n = 0;
782	goto out;	783	goto out;
783	}	784	}
784	for (i = 0; i < n; i++) {	785	for (i = 0; i < n; i++) {
785	-
786	--
787	openbsd-compat/port-linux.c \| 1 +	786	openbsd-compat/port-linux.c \| 1 +
788	1 file changed, 1 insertion(+)	787	1 file changed, 1 insertion(+)

Lines 26-31 Link Here

(-)a/openbsd-compat/port-linux.c (-2 / +1 lines)
26	#include <stdarg.h>	26	#include <stdarg.h>
27	#include <string.h>	27	#include <string.h>
28	#include <stdio.h>	28	#include <stdio.h>
		29	#include <stdlib.h>
29		30
30	#include "log.h"	31	#include "log.h"
31	#include "xmalloc.h"	32	#include "xmalloc.h"
32	-
33	--
34	openbsd-compat/setproctitle.c \| 2 +-	33	openbsd-compat/setproctitle.c \| 2 +-
35	1 file changed, 1 insertion(+), 1 deletion(-)	34	1 file changed, 1 insertion(+), 1 deletion(-)




#if SPT_TYPE != SPT_NONE
	va_list ap;
	char buf[1024], ptitle[1024];
	size_t len = 0;
	int r;
	extern char *__progname;
#if SPT_TYPE == SPT_PSTAT
- 
calls
--
packet.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

Lines 1282-1288 int Link Here

(-)a/packet.c (-3 / +1 lines)
1282	ssh_packet_read_seqnr(struct ssh ssh, u_char typep, u_int32_t *seqnr_p)	1282	ssh_packet_read_seqnr(struct ssh ssh, u_char typep, u_int32_t *seqnr_p)
1283	{	1283	{
1284	struct session_state *state = ssh->state;	1284	struct session_state *state = ssh->state;
1285	int len, r, ms_remain;	1285	int len, r, ms_remain = 0;
1286	fd_set *setp;	1286	fd_set *setp;
1287	char buf[8192];	1287	char buf[8192];
1288	struct timeval timeout, start, *timeoutp = NULL;	1288	struct timeval timeout, start, *timeoutp = NULL;
1289	-
1290	--
1291	session.c \| 1 +	1289	session.c \| 1 +
1292	1 file changed, 1 insertion(+)	1290	1 file changed, 1 insertion(+)

Lines 1183-1188 do_setup_env(struct ssh ssh, Session s, const char *shell) Link Here

(-)a/session.c (-2 / +1 lines)
1183	}	1183	}
1184	*value++ = '\0';	1184	*value++ = '\0';
1185	child_set_env(&env, &envsize, cp, value);	1185	child_set_env(&env, &envsize, cp, value);
		1186	free(cp);
1186	}	1187	}
1187		1188
1188	/* SSH_CLIENT deprecated */	1189	/* SSH_CLIENT deprecated */
1189	-
1190	--
1191	sftp.c \| 2 ++	1190	sftp.c \| 2 ++
1192	1 file changed, 2 insertions(+)	1191	1 file changed, 2 insertions(+)




	case I_LUMASK:
	case I_CHMOD:
		base = 8;
		/* FALLTHROUGH */
	case I_CHOWN:
	case I_CHGRP:
		if ((optidx = parse_no_flags(cmd, argv, argc)) == -1)

		break;
	case I_SYMLINK:
		sflag = 1;
		/* FALLTHROUGH */
	case I_LINK:
		if (!sflag)
			path1 = make_absolute(path1, *pwd);
- 
--
sshd.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)




do_ssh2_kex(void)
{
	char *myproposal[PROPOSAL_MAX] = { KEX_SERVER };
	char *algs = NULL;
	struct kex *kex;
	int r;


		packet_set_rekey_limits(options.rekey_limit,
		    options.rekey_interval);

	algs = list_hostkey_types();
	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(algs);
	free(algs);

#ifdef GSSAPI
	{
- 
already strdups the arguments
--
channels.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)




		host_to_connect = listen_host = listen_path = NULL;
		port_to_connect = listen_port = 0;
		if (fwd->connect_path != NULL) {
			host_to_connect = fwd->connect_path;
			port_to_connect = PORT_STREAMLOCAL;
		} else {
			host_to_connect = fwd->connect_host;
			port_to_connect = fwd->connect_port;
		}
		if (fwd->listen_path != NULL) {
			listen_path = fwd->listen_path;
			listen_port = PORT_STREAMLOCAL;
		} else {
			if (fwd->listen_host != NULL)
				listen_host = fwd->listen_host;
			listen_port = fwd->listen_port;
		}
		idx = permission_set_add(ssh, FORWARD_USER, FORWARD_LOCAL,
- 
--
auth-pam.c | 22 +++++++++++++---------
1 file changed, 13 insertions(+), 9 deletions(-)




    u_int *num, char ***prompts, u_int **echo_on)
{
	struct ssh *ssh = active_state; /* XXX */
	struct sshbuf *buffer = NULL;
	struct pam_ctxt *ctxt = ctx;
	size_t plen;
	u_char type;
	char *msg = NULL;
	size_t len, mlen;
	int r, rv = -1;

	debug3("PAM: %s entering", __func__);
	if ((buffer = sshbuf_new()) == NULL)

			plen += mlen;
			**echo_on = (type == PAM_PROMPT_ECHO_ON);
			free(msg);
			rv = 0;
			goto out;
		case PAM_ERROR_MSG:
		case PAM_TEXT_INFO:
			/* accumulate messages */

				*num = 0;
				**echo_on = 0;
				ctxt->pam_done = -1;
				rv = 0;
				goto out;
			}
			/* FALLTHROUGH */
		case PAM_SUCCESS:

				**echo_on = 0;
				ctxt->pam_done = 1;
				free(msg);
				rv = 0;
				goto out;
			}
			error("PAM: %s for %s%.100s from %.100s", msg,
			    sshpam_authctxt->valid ? "" : "illegal user ",

			**echo_on = 0;
			free(msg);
			ctxt->pam_done = -1;
			goto out;
		}
	}
out:
	sshbuf_free(buffer);
	return (rv);
}

/*
- 
--
auth-options.c | 1 +
1 file changed, 1 insertion(+)

Lines 333-338 handle_permit(const char **optsp, int allow_bare_port, Link Here

(-)a/auth-options.c (-1 / +1 lines)
333	* listen_host wildcard.	333	* listen_host wildcard.
334	*/	334	*/
335	if (asprintf(&tmp, "*:%s", opt) < 0) {	335	if (asprintf(&tmp, "*:%s", opt) < 0) {
		336	free(opt);
336	*errstrp = "memory allocation failed";	337	*errstrp = "memory allocation failed";
337	return -1;	338	return -1;
338	}	339	}
339	-

Return to bug 2687

Lines 1443-1448 parse_args(const char *cpp, int ignore_errors, int *aflag, Link Here

(-)a/sftp.c (-2 / +2 lines)
1443	case I_LUMASK:	1443	case I_LUMASK:
1444	case I_CHMOD:	1444	case I_CHMOD:
1445	base = 8;	1445	base = 8;
		1446	/* FALLTHROUGH */
1446	case I_CHOWN:	1447	case I_CHOWN:
1447	case I_CHGRP:	1448	case I_CHGRP:
1448	if ((optidx = parse_no_flags(cmd, argv, argc)) == -1)	1449	if ((optidx = parse_no_flags(cmd, argv, argc)) == -1)
Lines 1541-1546 parse_dispatch_command(struct sftp_conn conn, const char cmd, char **pwd, Link Here
1541	break;	1542	break;
1542	case I_SYMLINK:	1543	case I_SYMLINK:
1543	sflag = 1;	1544	sflag = 1;
		1545	/* FALLTHROUGH */
1544	case I_LINK:	1546	case I_LINK:
1545	if (!sflag)	1547	if (!sflag)
1546	path1 = make_absolute(path1, *pwd);	1548	path1 = make_absolute(path1, *pwd);
1547	-
1548	--
1549	sshd.c \| 6 ++++--	1549	sshd.c \| 6 ++++--
1550	1 file changed, 4 insertions(+), 2 deletions(-)	1550	1 file changed, 4 insertions(+), 2 deletions(-)

Lines 2275-2280 static void Link Here

(-)a/sshd.c (-4 / +4 lines)
2275	do_ssh2_kex(void)	2275	do_ssh2_kex(void)
2276	{	2276	{
2277	char *myproposal[PROPOSAL_MAX] = { KEX_SERVER };	2277	char *myproposal[PROPOSAL_MAX] = { KEX_SERVER };
		2278	char *algs = NULL;
2278	struct kex *kex;	2279	struct kex *kex;
2279	int r;	2280	int r;
2280		2281
Lines 2296-2303 do_ssh2_kex(void) Link Here
2296	packet_set_rekey_limits(options.rekey_limit,	2297	packet_set_rekey_limits(options.rekey_limit,
2297	options.rekey_interval);	2298	options.rekey_interval);
2298		2299
2299	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(	2300	algs = list_hostkey_types();
2300	list_hostkey_types());	2301	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(algs);
		2302	free(algs);
2301		2303
2302	#ifdef GSSAPI	2304	#ifdef GSSAPI
2303	{	2305	{
2304	-
2305	already strdups the arguments	2306	already strdups the arguments
2306	--
2307	channels.c \| 8 ++++----	2307	channels.c \| 8 ++++----
2308	1 file changed, 4 insertions(+), 4 deletions(-)	2308	1 file changed, 4 insertions(+), 4 deletions(-)

Lines 3830-3847 channel_request_remote_forwarding(struct ssh ssh, struct Forward fwd) Link Here

(-)a/channels.c (-6 / +4 lines)
3830	host_to_connect = listen_host = listen_path = NULL;	3830	host_to_connect = listen_host = listen_path = NULL;
3831	port_to_connect = listen_port = 0;	3831	port_to_connect = listen_port = 0;
3832	if (fwd->connect_path != NULL) {	3832	if (fwd->connect_path != NULL) {
3833	host_to_connect = xstrdup(fwd->connect_path);	3833	host_to_connect = fwd->connect_path;
3834	port_to_connect = PORT_STREAMLOCAL;	3834	port_to_connect = PORT_STREAMLOCAL;
3835	} else {	3835	} else {
3836	host_to_connect = xstrdup(fwd->connect_host);	3836	host_to_connect = fwd->connect_host;
3837	port_to_connect = fwd->connect_port;	3837	port_to_connect = fwd->connect_port;
3838	}	3838	}
3839	if (fwd->listen_path != NULL) {	3839	if (fwd->listen_path != NULL) {
3840	listen_path = xstrdup(fwd->listen_path);	3840	listen_path = fwd->listen_path;
3841	listen_port = PORT_STREAMLOCAL;	3841	listen_port = PORT_STREAMLOCAL;
3842	} else {	3842	} else {
3843	if (fwd->listen_host != NULL)	3843	if (fwd->listen_host != NULL)
3844	listen_host = xstrdup(fwd->listen_host);	3844	listen_host = fwd->listen_host;
3845	listen_port = fwd->listen_port;	3845	listen_port = fwd->listen_port;
3846	}	3846	}
3847	idx = permission_set_add(ssh, FORWARD_USER, FORWARD_LOCAL,	3847	idx = permission_set_add(ssh, FORWARD_USER, FORWARD_LOCAL,
3848	-
3849	--
3850	auth-pam.c \| 22 +++++++++++++---------	3848	auth-pam.c \| 22 +++++++++++++---------
3851	1 file changed, 13 insertions(+), 9 deletions(-)	3849	1 file changed, 13 insertions(+), 9 deletions(-)

Lines 788-800 sshpam_query(void ctx, char name, char *info, Link Here

(-)a/auth-pam.c (-11 / +13 lines)
788	u_int num, char prompts, u_int echo_on)	788	u_int num, char prompts, u_int echo_on)
789	{	789	{
790	struct ssh ssh = active_state; / XXX */	790	struct ssh ssh = active_state; / XXX */
791	struct sshbuf *buffer;	791	struct sshbuf *buffer = NULL;
792	struct pam_ctxt *ctxt = ctx;	792	struct pam_ctxt *ctxt = ctx;
793	size_t plen;	793	size_t plen;
794	u_char type;	794	u_char type;
795	char *msg;	795	char *msg = NULL;
796	size_t len, mlen;	796	size_t len, mlen;
797	int r;	797	int r, rv = -1;
798		798
799	debug3("PAM: %s entering", __func__);	799	debug3("PAM: %s entering", __func__);
800	if ((buffer = sshbuf_new()) == NULL)	800	if ((buffer = sshbuf_new()) == NULL)
Lines 819-825 sshpam_query(void ctx, char name, char *info, Link Here
819	plen += mlen;	819	plen += mlen;
820	**echo_on = (type == PAM_PROMPT_ECHO_ON);	820	**echo_on = (type == PAM_PROMPT_ECHO_ON);
821	free(msg);	821	free(msg);
822	return (0);	822	rv = 0;
		823	goto out;
823	case PAM_ERROR_MSG:	824	case PAM_ERROR_MSG:
824	case PAM_TEXT_INFO:	825	case PAM_TEXT_INFO:
825	/* accumulate messages */	826	/* accumulate messages */
Lines 846-853 sshpam_query(void ctx, char name, char *info, Link Here
846	*num = 0;	847	*num = 0;
847	**echo_on = 0;	848	**echo_on = 0;
848	ctxt->pam_done = -1;	849	ctxt->pam_done = -1;
849	free(msg);	850	rv = 0;
850	return 0;	851	goto out;
851	}	852	}
852	/* FALLTHROUGH */	853	/* FALLTHROUGH */
853	case PAM_SUCCESS:	854	case PAM_SUCCESS:
Lines 873-879 sshpam_query(void ctx, char name, char *info, Link Here
873	**echo_on = 0;	874	**echo_on = 0;
874	ctxt->pam_done = 1;	875	ctxt->pam_done = 1;
875	free(msg);	876	free(msg);
876	return (0);	877	rv = 0;
		878	goto out;
877	}	879	}
878	error("PAM: %s for %s%.100s from %.100s", msg,	880	error("PAM: %s for %s%.100s from %.100s", msg,
879	sshpam_authctxt->valid ? "" : "illegal user ",	881	sshpam_authctxt->valid ? "" : "illegal user ",
Lines 885-894 sshpam_query(void ctx, char name, char *info, Link Here
885	**echo_on = 0;	887	**echo_on = 0;
886	free(msg);	888	free(msg);
887	ctxt->pam_done = -1;	889	ctxt->pam_done = -1;
888	return (-1);	890	goto out;
889	}	891	}
890	}	892	}
891	return (-1);	893	out:
		894	sshbuf_free(buffer);
		895	return (rv);
892	}	896	}
893		897
894	/*	898	/*
895	-
896	--
897	auth-options.c \| 1 +	899	auth-options.c \| 1 +
898	1 file changed, 1 insertion(+)	900	1 file changed, 1 insertion(+)

Lines 125-131 setproctitle(const char *fmt, ...) Link Here

(-)a/openbsd-compat/setproctitle.c (-3 / +1 lines)
125	#if SPT_TYPE != SPT_NONE	125	#if SPT_TYPE != SPT_NONE
126	va_list ap;	126	va_list ap;
127	char buf[1024], ptitle[1024];	127	char buf[1024], ptitle[1024];
128	size_t len;	128	size_t len = 0;
129	int r;	129	int r;
130	extern char *__progname;	130	extern char *__progname;
131	#if SPT_TYPE == SPT_PSTAT	131	#if SPT_TYPE == SPT_PSTAT
132	-
133	calls	132	calls
134	--
135	packet.c \| 2 +-	133	packet.c \| 2 +-
136	1 file changed, 1 insertion(+), 1 deletion(-)	134	1 file changed, 1 insertion(+), 1 deletion(-)