shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-11 18:50:28 +09:00
Code Issues Packages Projects Releases Wiki Activity

Fix memory leaks found by tysonite

Browse Source
This commit is contained in:
Aris Adamantiadis
2009-09-25 18:49:26 +02:00
parent fef87793a0
commit c70694c594
1 changed files with 30 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
libssh/messages.c
View File

@@ -84,6 +84,7 @@ static ssh_message handle_service_request(ssh_session session) {
msg->type=SSH_REQUEST_SERVICE; msg->type=SSH_REQUEST_SERVICE;
msg->service_request.service=service_c; msg->service_request.service=service_c;
error: error:
string_free(service);
leave_function(); leave_function();
return msg; return msg;
} }
@@ -107,6 +108,7 @@ static ssh_message handle_userauth_request(ssh_session session){
ssh_message msg = NULL; ssh_message msg = NULL;
char *service_c = NULL; char *service_c = NULL;
char *method_c = NULL; char *method_c = NULL;
uint32_t method_size = 0;
enter_function(); enter_function();
@@ -144,6 +146,7 @@ static ssh_message handle_userauth_request(ssh_session session){
if (method_c == NULL) { if (method_c == NULL) {
goto error; goto error;
} }
method_size = string_len(method);
string_free(service); string_free(service);
service = NULL; service = NULL;
@@ -156,7 +159,7 @@ static ssh_message handle_userauth_request(ssh_session session){
msg->auth_request.username); msg->auth_request.username);
if (strcmp(method_c, "none") == 0) { if (strncmp(method_c, "none", method_size) == 0) {
msg->auth_request.method = SSH_AUTH_METHOD_NONE; msg->auth_request.method = SSH_AUTH_METHOD_NONE;
SAFE_FREE(service_c); SAFE_FREE(service_c);
SAFE_FREE(method_c); SAFE_FREE(method_c);
@@ -164,7 +167,7 @@ static ssh_message handle_userauth_request(ssh_session session){
return msg; return msg;
} }
if (strcmp(method_c, "password") == 0) { if (strncmp(method_c, "password", method_size) == 0) {
ssh_string pass = NULL; ssh_string pass = NULL;
uint8_t tmp; uint8_t tmp;
@@ -187,7 +190,7 @@ static ssh_message handle_userauth_request(ssh_session session){
return msg; return msg;
} }
if (strcmp(method_c, "publickey") == 0) { if (strncmp(method_c, "publickey", method_size) == 0) {
ssh_string algo = NULL; ssh_string algo = NULL;
ssh_string publickey = NULL; ssh_string publickey = NULL;
uint8_t has_sign; uint8_t has_sign;
@@ -230,16 +233,32 @@ static ssh_message handle_userauth_request(ssh_session session){
signature = signature_from_string(session, sign, public_key, signature = signature_from_string(session, sign, public_key,
public_key->type); public_key->type);
digest = ssh_userauth_build_digest(session, msg, service_c); digest = ssh_userauth_build_digest(session, msg, service_c);
if(sig_verify(session, public_key, signature, if ((digest == NULL || signature == NULL) ||
buffer_get(digest), buffer_get_len(digest)) < 0) { (digest != NULL && signature != NULL &&
sig_verify(session, public_key, signature,
buffer_get(digest), buffer_get_len(digest)) < 0)) {
ssh_log(session, SSH_LOG_PACKET, "Invalid signature from peer"); ssh_log(session, SSH_LOG_PACKET, "Invalid signature from peer");
msg->auth_request.signature_state = -1;
string_free(sign); string_free(sign);
sign = NULL; sign = NULL;
buffer_free(digest);
digest = NULL;
signature_free(signature);
signature = NULL;
msg->auth_request.signature_state = -1;
goto error; goto error;
} }
else else
ssh_log(session, SSH_LOG_PACKET, "Valid signature received"); ssh_log(session, SSH_LOG_PACKET, "Valid signature received");
buffer_free(digest);
digest = NULL;
string_free(sign);
sign = NULL;
signature_free(signature);
signature = NULL;
msg->auth_request.signature_state = 1; msg->auth_request.signature_state = 1;
} }
SAFE_FREE(service_c); SAFE_FREE(service_c);
@@ -777,6 +796,7 @@ void ssh_message_free(ssh_message msg){
strlen(msg->auth_request.password)); strlen(msg->auth_request.password));
SAFE_FREE(msg->auth_request.password); SAFE_FREE(msg->auth_request.password);
} }
publickey_free(msg->auth_request.public_key);
break; break;
case SSH_REQUEST_CHANNEL_OPEN: case SSH_REQUEST_CHANNEL_OPEN:
SAFE_FREE(msg->channel_request_open.originator); SAFE_FREE(msg->channel_request_open.originator);
@@ -790,6 +810,9 @@ void ssh_message_free(ssh_message msg){
SAFE_FREE(msg->channel_request.command); SAFE_FREE(msg->channel_request.command);
SAFE_FREE(msg->channel_request.subsystem); SAFE_FREE(msg->channel_request.subsystem);
break; break;
case SSH_REQUEST_SERVICE:
SAFE_FREE(msg->service_request.service);
break;
} }
ZERO_STRUCTP(msg); ZERO_STRUCTP(msg);
SAFE_FREE(msg); SAFE_FREE(msg);