merge

--HG--
branch : coverity

Makefile.in

@@ -140,7 +140,7 @@ insmulti%: dropbearmulti
 	$(INSTALL) -d $(DESTDIR)$(mandir)/man1
 	if test -e $*.1; then $(INSTALL) -m 644 $*.1 $(DESTDIR)$(mandir)/man1/$*.1; fi
 
-# dropbear should go in sbin, so it needs a seperate rule
+# dropbear should go in sbin, so it needs a separate rule
 inst_dropbear: dropbear
 	$(INSTALL) -d $(DESTDIR)$(sbindir)
 	$(INSTALL) dropbear$(EXEEXT) $(DESTDIR)$(sbindir)

agentfwd.h

@@ -21,8 +21,8 @@
  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE. */
-#ifndef _AGENTFWD_H_
-#define _AGENTFWD_H_
+#ifndef DROPBEAR_AGENTFWD_H_
+#define DROPBEAR_AGENTFWD_H_
 
 #include "includes.h"
 #include "chansession.h"
@@ -60,4 +60,4 @@ void svr_agentset(struct ChanSess *chansess);
 
 #endif /* ENABLE_SVR_AGENTFWD */
 
-#endif /* _AGENTFWD_H_ */
+#endif /* DROPBEAR_AGENTFWD_H_ */

algo.h

@@ -22,9 +22,9 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE. */
 
-#ifndef _ALGO_H_
+#ifndef DROPBEAR_ALGO_H_
 
-#define _ALGO_H_
+#define DROPBEAR_ALGO_H_
 
 #include "includes.h"
 #include "buffer.h"
@@ -134,4 +134,4 @@ enum {
 	DROPBEAR_COMP_ZLIB_DELAY,
 };
 
-#endif /* _ALGO_H_ */
+#endif /* DROPBEAR_ALGO_H_ */

auth.h

@@ -22,8 +22,8 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE. */
 
-#ifndef _AUTH_H_
-#define _AUTH_H_
+#ifndef DROPBEAR_AUTH_H_
+#define DROPBEAR_AUTH_H_
 
 #include "includes.h"
 #include "signkey.h"
@@ -137,4 +137,4 @@ struct PubKeyOptions {
 };
 #endif
 
-#endif /* _AUTH_H_ */
+#endif /* DROPBEAR_AUTH_H_ */

bignum.h

@@ -22,8 +22,8 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE. */
 
-#ifndef _BIGNUM_H_
-#define _BIGNUM_H_
+#ifndef DROPBEAR_BIGNUM_H_
+#define DROPBEAR_BIGNUM_H_
 
 #include "includes.h"
 #include "dbutil.h"
@@ -35,4 +35,4 @@ void bytes_to_mp(mp_int *mp, const unsigned char* bytes, unsigned int len);
 void hash_process_mp(const struct ltc_hash_descriptor *hash_desc, 
 				hash_state *hs, mp_int *mp);
 
-#endif /* _BIGNUM_H_ */
+#endif /* DROPBEAR_BIGNUM_H_ */

buffer.c

@@ -99,7 +99,9 @@ buffer* buf_newcopy(buffer* buf) {
 
 	ret = buf_new(buf->len);
 	ret->len = buf->len;
-	memcpy(ret->data, buf->data, buf->len);
+	if (buf->len > 0) {
+	    memcpy(ret->data, buf->data, buf->len);
+	}
 	return ret;
 }
 
@@ -127,7 +129,7 @@ void buf_setpos(buffer* buf, unsigned int pos) {
 	buf->pos = pos;
 }
 
-/* increment the postion by incr, increasing the buffer length if required */
+/* increment the position by incr, increasing the buffer length if required */
 void buf_incrwritepos(buffer* buf, unsigned int incr) {
 	if (incr > BUF_MAX_INCR || buf->pos + incr > buf->size) {
 		dropbear_exit("Bad buf_incrwritepos");

buffer.h

@@ -22,9 +22,9 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE. */
 
-#ifndef _BUFFER_H_
+#ifndef DROPBEAR_BUFFER_H_
 
-#define _BUFFER_H_
+#define DROPBEAR_BUFFER_H_
 
 #include "includes.h"
 
@@ -65,4 +65,4 @@ void buf_putmpint(buffer* buf, mp_int * mp);
 int buf_getmpint(buffer* buf, mp_int* mp);
 unsigned int buf_getint(buffer* buf);
 
-#endif /* _BUFFER_H_ */
+#endif /* DROPBEAR_BUFFER_H_ */

channel.h

@@ -22,8 +22,8 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE. */
 
-#ifndef _CHANNEL_H_
-#define _CHANNEL_H_
+#ifndef DROPBEAR_CHANNEL_H_
+#define DROPBEAR_CHANNEL_H_
 
 #include "includes.h"
 #include "buffer.h"
@@ -92,7 +92,7 @@ struct Channel {
 
 struct ChanType {
 
-	int sepfds; /* Whether this channel has seperate pipes for in/out or not */
+	int sepfds; /* Whether this channel has separate pipes for in/out or not */
 	char *name;
 	int (*inithandler)(struct Channel*);
 	int (*check_close)(struct Channel*);
@@ -137,4 +137,4 @@ void send_msg_request_success();
 void send_msg_request_failure();
 
 
-#endif /* _CHANNEL_H_ */
+#endif /* DROPBEAR_CHANNEL_H_ */

chansession.h

@@ -22,8 +22,8 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE. */
 
-#ifndef _CHANSESSION_H_
-#define _CHANSESSION_H_
+#ifndef DROPBEAR_CHANSESSION_H_
+#define DROPBEAR_CHANSESSION_H_
 
 #include "loginrec.h"
 #include "channel.h"
@@ -103,4 +103,4 @@ struct SigMap {
 
 extern const struct SigMap signames[];
 
-#endif /* _CHANSESSION_H_ */
+#endif /* DROPBEAR_CHANSESSION_H_ */

circbuffer.h

@@ -22,8 +22,8 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE. */
 
-#ifndef _CIRCBUFFER_H_
-#define _CIRCBUFFER_H_
+#ifndef DROPBEAR_CIRCBUFFER_H_
+#define DROPBEAR_CIRCBUFFER_H_
 struct circbuf {
 
 	unsigned int size;

cli-main.c

@@ -72,8 +72,7 @@ int main(int argc, char ** argv) {
 	} else
 #endif
 	{
-		int sock = connect_remote(cli_opts.remotehost, cli_opts.remoteport, 
-				0, &error);
+		int sock = connect_remote(cli_opts.remotehost, cli_opts.remoteport, &error);
 		sock_in = sock_out = sock;
 	}
 

cli-session.c

@@ -38,10 +38,10 @@
 #include "agentfwd.h"
 #include "crypto_desc.h"
 
-static void cli_remoteclosed();
+static void cli_remoteclosed() ATTRIB_NORETURN;
 static void cli_sessionloop();
 static void cli_session_init();
-static void cli_finished();
+static void cli_finished() ATTRIB_NORETURN;
 static void recv_msg_service_accept(void);
 static void cli_session_cleanup(void);
 static void recv_msg_global_request_cli(void);

cli-tcpfwd.c

@@ -254,7 +254,7 @@ static int newtcpforwarded(struct Channel * channel) {
 	}
 	
 	snprintf(portstring, sizeof(portstring), "%d", fwd->connectport);
-	sock = connect_remote(fwd->connectaddr, portstring, 1, NULL);
+	sock = connect_remote(fwd->connectaddr, portstring, NULL);
 	if (sock < 0) {
 		TRACE(("leave newtcpdirect: sock failed"))
 		err = SSH_OPEN_CONNECT_FAILED;

common-algo.c

@@ -87,7 +87,7 @@ const struct dropbear_cipher dropbear_nocipher =
 #ifdef DROPBEAR_ENABLE_CBC_MODE
 const struct dropbear_cipher_mode dropbear_mode_cbc =
 	{(void*)cbc_start, (void*)cbc_encrypt, (void*)cbc_decrypt};
-#endif // DROPBEAR_ENABLE_CBC_MODE
+#endif /* DROPBEAR_ENABLE_CBC_MODE */
 
 const struct dropbear_cipher_mode dropbear_mode_none =
 	{void_start, void_cipher, void_cipher};
@@ -102,7 +102,7 @@ static int dropbear_big_endian_ctr_start(int cipher,
 }
 const struct dropbear_cipher_mode dropbear_mode_ctr =
 	{(void*)dropbear_big_endian_ctr_start, (void*)ctr_encrypt, (void*)ctr_decrypt};
-#endif // DROPBEAR_ENABLE_CTR_MODE
+#endif /* DROPBEAR_ENABLE_CTR_MODE */
 
 /* Mapping of ssh hashes to libtomcrypt hashes, including keysize etc.
    {&hash_desc, keysize, hashsize} */
@@ -183,18 +183,18 @@ algo_type sshciphers[] = {
 };
 
 algo_type sshhashes[] = {
-#ifdef DROPBEAR_SHA2_256_HMAC
-	{"hmac-sha2-256", 0, &dropbear_sha2_256, 1, NULL},
-#endif
-#ifdef DROPBEAR_SHA2_512_HMAC
-	{"hmac-sha2-512", 0, &dropbear_sha2_512, 1, NULL},
-#endif
 #ifdef DROPBEAR_SHA1_96_HMAC
 	{"hmac-sha1-96", 0, &dropbear_sha1_96, 1, NULL},
 #endif
 #ifdef DROPBEAR_SHA1_HMAC
 	{"hmac-sha1", 0, &dropbear_sha1, 1, NULL},
 #endif
+#ifdef DROPBEAR_SHA2_256_HMAC
+	{"hmac-sha2-256", 0, &dropbear_sha2_256, 1, NULL},
+#endif
+#ifdef DROPBEAR_SHA2_512_HMAC
+	{"hmac-sha2-512", 0, &dropbear_sha2_512, 1, NULL},
+#endif
 #ifdef DROPBEAR_MD5_HMAC
 	{"hmac-md5", 0, (void*)&dropbear_md5, 1, NULL},
 #endif

common-channel.c

@@ -402,7 +402,7 @@ static void check_in_progress(struct Channel *channel) {
 /* Send the close message and set the channel as closed */
 static void send_msg_channel_close(struct Channel *channel) {
 
-	TRACE(("enter send_msg_channel_close %p", channel))
+	TRACE(("enter send_msg_channel_close %p", (void*)channel))
 	if (channel->type->closehandler 
 			&& !channel->close_handler_done) {
 		channel->type->closehandler(channel);
@@ -586,11 +586,11 @@ static void remove_channel(struct Channel * channel) {
 		/* close the FDs in case they haven't been done
 		 * yet (they might have been shutdown etc) */
 		TRACE(("CLOSE writefd %d", channel->writefd))
-		close(channel->writefd);
+		m_close(channel->writefd);
 		TRACE(("CLOSE readfd %d", channel->readfd))
-		close(channel->readfd);
+		m_close(channel->readfd);
 		TRACE(("CLOSE errfd %d", channel->errfd))
-		close(channel->errfd);
+		m_close(channel->errfd);
 	}
 
 	if (!channel->close_handler_done
@@ -616,7 +616,7 @@ void recv_msg_channel_request() {
 
 	channel = getchannel();
 
-	TRACE(("enter recv_msg_channel_request %p", channel))
+	TRACE(("enter recv_msg_channel_request %p", (void*)channel))
 
 	if (channel->sent_close) {
 		TRACE(("leave recv_msg_channel_request: already closed channel"))
@@ -1001,7 +1001,7 @@ static void close_chan_fd(struct Channel *channel, int fd, int how) {
 		}
 	} else {
 		TRACE(("CLOSE some fd %d", fd))
-		close(fd);
+		m_close(fd);
 		closein = closeout = 1;
 	}
 
@@ -1024,7 +1024,7 @@ static void close_chan_fd(struct Channel *channel, int fd, int how) {
 	if (channel->type->sepfds && channel->readfd == FD_CLOSED 
 		&& channel->writefd == FD_CLOSED && channel->errfd == FD_CLOSED) {
 		TRACE(("CLOSE (finally) of %d", fd))
-		close(fd);
+		m_close(fd);
 	}
 }
 
@@ -1141,10 +1141,10 @@ void send_msg_request_failure() {
 }
 
 struct Channel* get_any_ready_channel() {
+	size_t i;
 	if (ses.chancount == 0) {
 		return NULL;
 	}
-	size_t i;
 	for (i = 0; i < ses.chansize; i++) {
 		struct Channel *chan = ses.channels[i];
 		if (chan

common-session.c

@@ -53,6 +53,10 @@ int exitflag = 0; /* GLOBAL */
 void common_session_init(int sock_in, int sock_out) {
 	time_t now;
 
+#ifdef DEBUG_TRACE
+	debug_start_net();
+#endif
+
 	TRACE(("enter session_init"))
 
 	ses.sock_in = sock_in;
@@ -236,6 +240,15 @@ void session_loop(void(*loophandler)()) {
 	/* Not reached */
 }
 
+static void cleanup_buf(buffer **buf) {
+	if (!*buf) {
+		return;
+	}
+	buf_burn(*buf);
+	buf_free(*buf);
+	*buf = NULL;
+}
+
 /* clean up a session on exit */
 void session_cleanup() {
 	
@@ -247,24 +260,45 @@ void session_cleanup() {
 		return;
 	}
 
+	/* Beware of changing order of functions here. */
+
+	/* Must be before extra_session_cleanup() */
+	chancleanup();
+
 	if (ses.extra_session_cleanup) {
 		ses.extra_session_cleanup();
 	}
 
-	chancleanup();
-	
-	/* Cleaning up keys must happen after other cleanup
-	functions which might queue packets */
-	if (ses.session_id) {
-		buf_burn(ses.session_id);
-		buf_free(ses.session_id);
-		ses.session_id = NULL;
+	/* After these are freed most functions will exit */
+#ifdef DROPBEAR_CLEANUP
+	/* listeners call cleanup functions, this should occur before
+	other session state is freed. */
+	remove_all_listeners();
+
+	while (!isempty(&ses.writequeue)) {
+		buf_free(dequeue(&ses.writequeue));
 	}
-	if (ses.hash) {
-		buf_burn(ses.hash);
-		buf_free(ses.hash);
-		ses.hash = NULL;
+
+	m_free(ses.remoteident);
+	m_free(ses.authstate.pw_dir);
+	m_free(ses.authstate.pw_name);
+	m_free(ses.authstate.pw_shell);
+	m_free(ses.authstate.pw_passwd);
+	m_free(ses.authstate.username);
+#endif
+
+	cleanup_buf(&ses.session_id);
+	cleanup_buf(&ses.hash);
+	cleanup_buf(&ses.payload);
+	cleanup_buf(&ses.readbuf);
+	cleanup_buf(&ses.writepayload);
+	cleanup_buf(&ses.kexhashbuf);
+	cleanup_buf(&ses.transkexinit);
+	if (ses.dh_K) {
+		mp_clear(ses.dh_K);
 	}
+	m_free(ses.dh_K);
+
 	m_burn(ses.keys, sizeof(struct key_context));
 	m_free(ses.keys);
 
@@ -395,16 +429,16 @@ static int ident_readln(int fd, char* buf, int count) {
 }
 
 void ignore_recv_response() {
-	// Do nothing
+	/* Do nothing */
 	TRACE(("Ignored msg_request_response"))
 }
 
 static void send_msg_keepalive() {
-	CHECKCLEARTOWRITE();
 	time_t old_time_idle = ses.last_packet_time_idle;
-
 	struct Channel *chan = get_any_ready_channel();
 
+	CHECKCLEARTOWRITE();
+
 	if (chan) {
 		/* Channel requests are preferable, more implementations
 		handle them than SSH_MSG_GLOBAL_REQUEST */
@@ -573,7 +607,7 @@ void update_channel_prio() {
 	}
 
 	if (new_prio != ses.socket_prio) {
-		TRACE(("Dropbear priority transitioning %4.4s -> %4.4s", (char*)&ses.socket_prio, (char*)&new_prio))
+		TRACE(("Dropbear priority transitioning %d -> %d", ses.socket_prio, new_prio))
 		set_sock_priority(ses.sock_out, new_prio);
 		ses.socket_prio = new_prio;
 	}

compat.h

@@ -22,8 +22,8 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE. */
 
-#ifndef _COMPAT_H_
-#define _COMPAT_H_
+#ifndef DROPBEAR_COMPAT_H_
+#define DROPBEAR_COMPAT_H_
 
 #include "includes.h"
 
@@ -49,8 +49,8 @@ void setusershell();
 void endusershell();
 #endif
 
-#ifndef _PATH_DEVNULL
-#define _PATH_DEVNULL "/dev/null"
+#ifndef DROPBEAR_PATH_DEVNULL
+#define DROPBEAR_PATH_DEVNULL "/dev/null"
 #endif
 
-#endif /* _COMPAT_H_ */
+#endif /* DROPBEAR_COMPAT_H_ */

crypto_desc.h

@@ -1,9 +1,9 @@
-#ifndef _CRYPTO_DESC_H
-#define _CRYPTO_DESC_H
+#ifndef DROPBEAR_CRYPTO_DESC_H
+#define DROPBEAR_CRYPTO_DESC_H
 
 void crypto_init();
 
 extern int dropbear_ltc_prng;
 
-#endif /* _CRYPTO_DESC_H */
+#endif /* DROPBEAR_CRYPTO_DESC_H */
 

curve25519-donna.c

@@ -527,7 +527,7 @@ static void fmonty(limb *x2, limb *z2,  /* output 2Q */
 
   memcpy(origx, x, 10 * sizeof(limb));
   fsum(x, z);
-  fdifference(z, origx);  // does x - z
+  fdifference(z, origx);  /* does x - z */
 
   memcpy(origxprime, xprime, sizeof(limb) * 10);
   fsum(xprime, zprime);
@@ -554,7 +554,7 @@ static void fmonty(limb *x2, limb *z2,  /* output 2Q */
   fproduct(x2, xx, zz);
   freduce_degree(x2);
   freduce_coefficients(x2);
-  fdifference(zz, xx);  // does zz = xx - zz
+  fdifference(zz, xx);  /* does zz = xx - zz */
   memset(zzz + 10, 0, sizeof(limb) * 9);
   fscalar_product(zzz, zz, 121665);
   /* No need to call freduce_degree here:
@@ -641,9 +641,9 @@ cmult(limb *resultx, limb *resultz, const u8 *n, const limb *q) {
   memcpy(resultz, nqz, sizeof(limb) * 10);
 }
 
-// -----------------------------------------------------------------------------
-// Shamelessly copied from djb's code
-// -----------------------------------------------------------------------------
+/* -----------------------------------------------------------------------------
+ * Shamelessly copied from djb's code
+ * ----------------------------------------------------------------------------- */
 static void
 crecip(limb *out, const limb *z) {
   limb z2[10];

dbrandom.h

@@ -22,8 +22,8 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE. */
 
-#ifndef _RANDOM_H_
-#define _RANDOM_H_
+#ifndef DROPBEAR_RANDOM_H_
+#define DROPBEAR_RANDOM_H_
 
 #include "includes.h"
 
@@ -32,4 +32,4 @@ void genrandom(unsigned char* buf, unsigned int len);
 void addrandom(char * buf, unsigned int len);
 void gen_random_mpint(mp_int *max, mp_int *rand);
 
-#endif /* _RANDOM_H_ */
+#endif /* DROPBEAR_RANDOM_H_ */

dbutil.c

@@ -150,18 +150,44 @@ void dropbear_log(int priority, const char* format, ...) {
 
 
 #ifdef DEBUG_TRACE
+
+static double debug_start_time = -1;
+
+void debug_start_net()
+{
+	if (getenv("DROPBEAR_DEBUG_NET_TIMESTAMP"))
+	{
+    	/* Timestamps start from first network activity */
+	    struct timeval tv;
+	    gettimeofday(&tv, NULL);
+	    debug_start_time = tv.tv_sec + (tv.tv_usec / 1000000.0);
+	    TRACE(("Resetting Dropbear TRACE timestamps"))
+	}
+}
+
+static double time_since_start()
+{
+    double nowf;
+    struct timeval tv;
+    gettimeofday(&tv, NULL);
+    nowf = tv.tv_sec + (tv.tv_usec / 1000000.0);
+    if (debug_start_time < 0)
+    {
+        debug_start_time = nowf;
+        return 0;
+    }
+    return nowf - debug_start_time;
+}
+
 void dropbear_trace(const char* format, ...) {
 	va_list param;
-	struct timeval tv;
 
 	if (!debug_trace) {
 		return;
 	}
 
-	gettimeofday(&tv, NULL);
-
 	va_start(param, format);
-	fprintf(stderr, "TRACE  (%d) %d.%d: ", getpid(), (int)tv.tv_sec, (int)tv.tv_usec);
+	fprintf(stderr, "TRACE  (%d) %f: ", getpid(), time_since_start());
 	vfprintf(stderr, format, param);
 	fprintf(stderr, "\n");
 	va_end(param);
@@ -170,7 +196,6 @@ void dropbear_trace(const char* format, ...) {
 void dropbear_trace2(const char* format, ...) {
 	static int trace_env = -1;
 	va_list param;
-	struct timeval tv;
 
 	if (trace_env == -1) {
 		trace_env = getenv("DROPBEAR_TRACE2") ? 1 : 0;
@@ -180,10 +205,8 @@ void dropbear_trace2(const char* format, ...) {
 		return;
 	}
 
-	gettimeofday(&tv, NULL);
-
 	va_start(param, format);
-	fprintf(stderr, "TRACE2 (%d) %d.%d: ", getpid(), (int)tv.tv_sec, (int)tv.tv_usec);
+	fprintf(stderr, "TRACE2 (%d) %f: ", getpid(), time_since_start());
 	vfprintf(stderr, format, param);
 	fprintf(stderr, "\n");
 	va_end(param);
@@ -390,13 +413,29 @@ int connect_unix(const char* path) {
 }
 #endif
 
+#if defined(__linux__) && defined(TCP_DEFER_ACCEPT)
+static void set_piggyback_ack(int sock) {
+	/* Undocumented Linux feature - set TCP_DEFER_ACCEPT and data will be piggybacked
+	on the 3rd packet (ack) of the TCP handshake. Saves a IP packet.
+	http://thread.gmane.org/gmane.linux.network/224627/focus=224727
+	"Piggyback the final ACK of the three way TCP connection establishment with the data" */
+	int val = 1;
+	/* No error checking, this is opportunistic */
+	int err = setsockopt(sock, IPPROTO_TCP, TCP_DEFER_ACCEPT, (void*)&val, sizeof(val));
+	if (err)
+	{
+		TRACE(("Failed setsockopt TCP_DEFER_ACCEPT: %s", strerror(errno)))
+	}
+}
+#endif
+
+
 /* Connect via TCP to a host. Connection will try ipv4 or ipv6, will
  * return immediately if nonblocking is set. On failure, if errstring
  * wasn't null, it will be a newly malloced error message */
 
 /* TODO: maxfd */
-int connect_remote(const char* remotehost, const char* remoteport,
-		int nonblocking, char ** errstring) {
+int connect_remote(const char* remotehost, const char* remoteport, char ** errstring) {
 
 	struct addrinfo *res0 = NULL, *res = NULL, hints;
 	int sock;
@@ -435,12 +474,14 @@ int connect_remote(const char* remotehost, const char* remoteport,
 			continue;
 		}
 
-		if (nonblocking) {
-			setnonblocking(sock);
-		}
+		setnonblocking(sock);
+
+#if defined(__linux__) && defined(TCP_DEFER_ACCEPT)
+		set_piggyback_ack(sock);
+#endif
 
 		if (connect(sock, res->ai_addr, res->ai_addrlen) < 0) {
-			if (errno == EINPROGRESS && nonblocking) {
+			if (errno == EINPROGRESS) {
 				TRACE(("Connect in progress"))
 				break;
 			} else {
@@ -454,7 +495,7 @@ int connect_remote(const char* remotehost, const char* remoteport,
 		break; /* Success */
 	}
 
-	if (sock < 0 && !(errno == EINPROGRESS && nonblocking)) {
+	if (sock < 0 && !(errno == EINPROGRESS)) {
 		/* Failed */
 		if (errstring != NULL && *errstring == NULL) {
 			int len;
@@ -827,12 +868,12 @@ out:
 
 /* make sure that the socket closes */
 void m_close(int fd) {
+	int val;
 
 	if (fd == -1) {
 		return;
 	}
 
-	int val;
 	do {
 		val = close(fd);
 	} while (val < 0 && errno == EINTR);

dbutil.h

@@ -22,9 +22,9 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE. */
 
-#ifndef _DBUTIL_H_
+#ifndef DROPBEAR_DBUTIL_H_
 
-#define _DBUTIL_H_
+#define DROPBEAR_DBUTIL_H_
 
 #include "includes.h"
 #include "buffer.h"
@@ -58,6 +58,7 @@ void dropbear_trace(const char* format, ...) ATTRIB_PRINTF(1,2);
 void dropbear_trace2(const char* format, ...) ATTRIB_PRINTF(1,2);
 void printhex(const char * label, const unsigned char * buf, int len);
 void printmpint(const char *label, mp_int *mp);
+void debug_start_net();
 extern int debug_trace;
 #endif
 
@@ -82,8 +83,7 @@ void run_shell_command(const char* cmd, unsigned int maxfd, char* usershell);
 #ifdef ENABLE_CONNECT_UNIX
 int connect_unix(const char* addr);
 #endif
-int connect_remote(const char* remotehost, const char* remoteport,
-		int nonblocking, char ** errstring);
+int connect_remote(const char* remotehost, const char* remoteport, char ** errstring);
 int buf_readfile(buffer* buf, const char* filename);
 int buf_getline(buffer * line, FILE * authfile);
 
@@ -112,4 +112,4 @@ time_t monotonic_now();
 
 char * expand_tilde(const char *inpath);
 
-#endif /* _DBUTIL_H_ */
+#endif /* DROPBEAR_DBUTIL_H_ */

debug.h

@@ -22,8 +22,8 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE. */
 
-#ifndef _DEBUG_H_
-#define _DEBUG_H_
+#ifndef DROPBEAR_DEBUG_H_
+#define DROPBEAR_DEBUG_H_
 
 #include "includes.h"
 
@@ -39,7 +39,7 @@
  * Caution: Don't use this in an unfriendly environment (ie unfirewalled),
  * since the printing may not sanitise strings etc. This will add a reasonable
  * amount to your executable size. */
-#define DEBUG_TRACE
+/*#define DEBUG_TRACE*/
 
 /* All functions writing to the cleartext payload buffer call
  * CHECKCLEARTOWRITE() before writing. This is only really useful if you're

dss.h

@@ -22,8 +22,8 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE. */
 
-#ifndef _DSS_H_
-#define _DSS_H_
+#ifndef DROPBEAR_DSS_H_
+#define DROPBEAR_DSS_H_
 
 #include "includes.h"
 #include "buffer.h"
@@ -53,4 +53,4 @@ void dss_key_free(dropbear_dss_key *key);
 
 #endif /* DROPBEAR_DSS */
 
-#endif /* _DSS_H_ */
+#endif /* DROPBEAR_DSS_H_ */

ecc.h

@@ -1,5 +1,5 @@
-#ifndef _DROPBEAR_ECC_H
-#define _DROPBEAR_ECC_H
+#ifndef DROPBEAR_DROPBEAR_ECC_H
+#define DROPBEAR_DROPBEAR_ECC_H
 
 #include "includes.h"
 #include "options.h"
@@ -33,4 +33,4 @@ mp_int * dropbear_ecc_shared_secret(ecc_key *pub_key, ecc_key *priv_key);
 
 #endif
 
-#endif /* _DROPBEAR_ECC_H */
+#endif /* DROPBEAR_DROPBEAR_ECC_H */

ecdsa.h

@@ -1,5 +1,5 @@
-#ifndef _ECDSA_H_
-#define _ECDSA_H_
+#ifndef DROPBEAR_ECDSA_H_
+#define DROPBEAR_ECDSA_H_
 
 #include "includes.h"
 #include "buffer.h"
@@ -32,4 +32,4 @@ int signkey_is_ecdsa(enum signkey_type type);
 
 #endif
 
-#endif /* _ECDSA_H_ */
+#endif /* DROPBEAR_ECDSA_H_ */

fake-rfc2553.h

@@ -39,8 +39,8 @@
  * that ai_family is AF_INET. Don't use it for another purpose.
  */
 
-#ifndef _FAKE_RFC2553_H
-#define _FAKE_RFC2553_H
+#ifndef DROPBEAR_FAKE_RFC2553_H
+#define DROPBEAR_FAKE_RFC2553_H
 
 #include "includes.h"
 #include <sys/types.h>

gendss.h

@@ -22,8 +22,8 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE. */
 
-#ifndef _GENDSS_H_
-#define _GENDSS_H_
+#ifndef DROPBEAR_GENDSS_H_
+#define DROPBEAR_GENDSS_H_
 
 #include "dss.h"
 
@@ -33,4 +33,4 @@ dropbear_dss_key * gen_dss_priv_key(unsigned int size);
 
 #endif /* DROPBEAR_DSS */
 
-#endif /* _GENDSS_H_ */
+#endif /* DROPBEAR_GENDSS_H_ */

genrsa.h

@@ -22,8 +22,8 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE. */
 
-#ifndef _GENRSA_H_
-#define _GENRSA_H_
+#ifndef DROPBEAR_GENRSA_H_
+#define DROPBEAR_GENRSA_H_
 
 #include "rsa.h"
 
@@ -33,4 +33,4 @@ dropbear_rsa_key * gen_rsa_priv_key(unsigned int size);
 
 #endif /* DROPBEAR_RSA */
 
-#endif /* _GENRSA_H_ */
+#endif /* DROPBEAR_GENRSA_H_ */

gensignkey.h

@@ -1,5 +1,5 @@
-#ifndef _GENSIGNKEY_H
-#define _GENSIGNKEY_H
+#ifndef DROPBEAR_GENSIGNKEY_H
+#define DROPBEAR_GENSIGNKEY_H
 
 #include "signkey.h"
 

includes.h

@@ -22,8 +22,8 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE. */
 
-#ifndef _INCLUDES_H_
-#define _INCLUDES_H_
+#ifndef DROPBEAR_INCLUDES_H_
+#define DROPBEAR_INCLUDES_H_
 
 
 #include "config.h"
@@ -177,4 +177,4 @@ typedef u_int32_t uint32_t;
 # define UNUSED(x) x 
 #endif
 
-#endif /* _INCLUDES_H_ */
+#endif /* DROPBEAR_INCLUDES_H_ */

kex.h

@@ -22,8 +22,8 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE. */
 
-#ifndef _KEX_H_
-#define _KEX_H_
+#ifndef DROPBEAR_KEX_H_
+#define DROPBEAR_KEX_H_
 
 #include "includes.h"
 #include "algo.h"
@@ -113,4 +113,4 @@ int curve25519_donna(unsigned char *out, const unsigned char *secret, const unsi
 
 #define MAX_KEXHASHBUF 2000
 
-#endif /* _KEX_H_ */
+#endif /* DROPBEAR_KEX_H_ */

keyimport.c

@@ -464,17 +464,16 @@ static struct openssh_key *load_openssh_key(const char *filename)
 		goto error;
 	}
 
-	memset(buffer, 0, sizeof(buffer));
+	m_burn(buffer, sizeof(buffer));
 	return ret;
 
 	error:
-	memset(buffer, 0, sizeof(buffer));
+	m_burn(buffer, sizeof(buffer));
 	if (ret) {
 		if (ret->keyblob) {
-			memset(ret->keyblob, 0, ret->keyblob_size);
+			m_burn(ret->keyblob, ret->keyblob_size);
 			m_free(ret->keyblob);
 		}
-		memset(&ret, 0, sizeof(ret));
 		m_free(ret);
 	}
 	if (fp) {
@@ -494,9 +493,8 @@ static int openssh_encrypted(const char *filename)
 	if (!key)
 		return 0;
 	ret = key->encrypted;
-	memset(key->keyblob, 0, key->keyblob_size);
+	m_burn(key->keyblob, key->keyblob_size);
 	m_free(key->keyblob);
-	memset(&key, 0, sizeof(key));
 	m_free(key);
 	return ret;
 }
@@ -1046,6 +1044,7 @@ static int openssh_write(const char *filename, sign_key *key,
 		const void* curve_oid = NULL;
 		unsigned long pubkey_size = 2*curve_size+1;
 		unsigned int k_size;
+		int err = 0;
 
 		/* version. less than 10 bytes */
 		buf_incrwritepos(seq_buf,
@@ -1091,7 +1090,7 @@ static int openssh_write(const char *filename, sign_key *key,
 		buf_incrwritepos(seq_buf,
 			ber_write_id_len(buf_getwriteptr(seq_buf, 10), 3, 1+pubkey_size, 0));
 		buf_putbyte(seq_buf, 0);
-		int err = ecc_ansi_x963_export(*eck, buf_getwriteptr(seq_buf, pubkey_size), &pubkey_size);
+		err = ecc_ansi_x963_export(*eck, buf_getwriteptr(seq_buf, pubkey_size), &pubkey_size);
 		if (err != CRYPT_OK) {
 			dropbear_exit("ECC error");
 		}

keyimport.h

@@ -22,8 +22,8 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE. */
 
-#ifndef _KEYIMPORT_H_
-#define _KEYIMPORT_H_
+#ifndef DROPBEAR_KEYIMPORT_H_
+#define DROPBEAR_KEYIMPORT_H_
 
 #include "includes.h"
 #include "signkey.h"
@@ -39,4 +39,4 @@ int import_write(const char *filename, sign_key *key, char *passphrase,
 sign_key *import_read(const char *filename, char *passphrase, int filetype);
 int import_encrypted(const char* filename, int filetype);
 
-#endif /* _KEYIMPORT_H_ */
+#endif /* DROPBEAR_KEYIMPORT_H_ */

libtomcrypt/src/headers/tomcrypt_argchk.h

@@ -4,8 +4,16 @@
 
 #include <signal.h>
 
+/* portability macros for compiler-specific code attributes */
+#ifdef __GNUC__
+#define ATTRIB_NORETURN __attribute__((noreturn))
+#else
+#define ATTRIB_NORETURN
+#endif
+
+
 /* this is the default LibTomCrypt macro  */
-void crypt_argchk(char *v, char *s, int d);
+void crypt_argchk(char *v, char *s, int d) ATTRIB_NORETURN;
 #define LTC_ARGCHK(x) if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); }
 #define LTC_ARGCHKVD(x) LTC_ARGCHK(x)
 

list.h

@@ -1,5 +1,5 @@
-#ifndef _DROPBEAR_LIST_H
-#define _DROPBEAR_LIST_H
+#ifndef DROPBEAR_DROPBEAR_LIST_H
+#define DROPBEAR_DROPBEAR_LIST_H
 
 struct _m_list;
 
@@ -25,4 +25,4 @@ void list_append(m_list *list, void *item);
 void * list_remove(m_list_elem *elem);
 
 
-#endif /* _DROPBEAR_LIST_H */
+#endif /* DROPBEAR_DROPBEAR_LIST_H */

listener.c

@@ -161,5 +161,14 @@ void remove_listener(struct Listener* listener) {
 	}
 	ses.listeners[listener->index] = NULL;
 	m_free(listener);
-
+}
+
+void remove_all_listeners(void) {
+	unsigned int i;
+	for (i = 0; i < ses.listensize; i++) {
+		if (ses.listeners[i]) {
+			remove_listener(ses.listeners[i]);
+		}
+	}
+	m_free(ses.listeners);
 }

listener.h

@@ -22,8 +22,8 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE. */
 
-#ifndef _LISTENER_H
-#define _LISTENER_H
+#ifndef DROPBEAR_LISTENER_H
+#define DROPBEAR_LISTENER_H
 
 #define MAX_LISTENERS 20
 #define LISTENER_EXTEND_SIZE 1
@@ -60,4 +60,6 @@ struct Listener * get_listener(int type, void* typedata,
 
 void remove_listener(struct Listener* listener);
 
-#endif /* _LISTENER_H */
+void remove_all_listeners(void);
+
+#endif /* DROPBEAR_LISTENER_H */

loginrec.h

@@ -1,5 +1,5 @@
-#ifndef _HAVE_LOGINREC_H_
-#define _HAVE_LOGINREC_H_
+#ifndef DROPBEAR_HAVE_LOGINREC_H_
+#define DROPBEAR_HAVE_LOGINREC_H_
 
 /*
  * Copyright (c) 2000 Andre Lucas.  All rights reserved.
@@ -182,4 +182,4 @@ char *line_fullname(char *dst, const char *src, size_t dstsize);
 char *line_stripname(char *dst, const char *src, size_t dstsize);
 char *line_abbrevname(char *dst, const char *src, size_t dstsize);
 
-#endif /* _HAVE_LOGINREC_H_ */
+#endif /* DROPBEAR_HAVE_LOGINREC_H_ */

ltc_prng.h

@@ -1,5 +1,5 @@
-#ifndef _LTC_PRNG_H_DROPBEAR
-#define _LTC_PRNG_H_DROPBEAR
+#ifndef DROPBEAR_LTC_PRNG_H_DROPBEAR
+#define DROPBEAR_LTC_PRNG_H_DROPBEAR
 
 #include "options.h"
 #include "includes.h"
@@ -10,4 +10,4 @@ extern const struct ltc_prng_descriptor dropbear_prng_desc;
 
 #endif /* DROPBEAR_LTC_PRNG */
 
-#endif /* _LTC_PRNG_H_DROPBEAR */
+#endif /* DROPBEAR_LTC_PRNG_H_DROPBEAR */

options.h

@@ -2,8 +2,8 @@
  * Copyright (c) 2002,2003 Matt Johnston
  * All rights reserved. See LICENSE for the license. */
 
-#ifndef _OPTIONS_H_
-#define _OPTIONS_H_
+#ifndef DROPBEAR_OPTIONS_H_
+#define DROPBEAR_OPTIONS_H_
 
 /* Define compile-time options below - the "#ifndef DROPBEAR_XXX .... #endif"
  * parts are to allow for commandline -DDROPBEAR_XXX options etc. */
@@ -289,7 +289,7 @@ much traffic. */
 
 /* This is used by the scp binary when used as a client binary. If you're
  * not using the Dropbear client, you'll need to change it */
-#define _PATH_SSH_PROGRAM "/usr/bin/dbclient"
+#define DROPBEAR_PATH_SSH_PROGRAM "/usr/bin/dbclient"
 
 /* Whether to log commands executed by a client. This only logs the 
  * (single) command sent to the server, not what a user did in a 
@@ -337,4 +337,4 @@ be overridden at runtime with -I. 0 disables idle timeouts */
  * in sysoptions.h */
 #include "sysoptions.h"
 
-#endif /* _OPTIONS_H_ */
+#endif /* DROPBEAR_OPTIONS_H_ */

packet.h

@@ -22,9 +22,9 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE. */
 
-#ifndef _PACKET_H_
+#ifndef DROPBEAR_PACKET_H_
 
-#define _PACKET_H_
+#define DROPBEAR_PACKET_H_
 
 #include "includes.h"
 
@@ -46,4 +46,4 @@ typedef struct PacketType {
 
 #define INIT_READBUF 128
 
-#endif /* _PACKET_H_ */
+#endif /* DROPBEAR_PACKET_H_ */

queue.h

@@ -22,8 +22,8 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE. */
 
-#ifndef _QUEUE_H_
-#define _QUEUE_H_
+#ifndef DROPBEAR_QUEUE_H_
+#define DROPBEAR_QUEUE_H_
 
 struct Link {
 

rsa.h

@@ -22,8 +22,8 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE. */
 
-#ifndef _RSA_H_
-#define _RSA_H_
+#ifndef DROPBEAR_RSA_H_
+#define DROPBEAR_RSA_H_
 
 #include "includes.h"
 #include "buffer.h"
@@ -55,4 +55,4 @@ void rsa_key_free(dropbear_rsa_key *key);
 
 #endif /* DROPBEAR_RSA */
 
-#endif /* _RSA_H_ */
+#endif /* DROPBEAR_RSA_H_ */

runopts.h

@@ -22,8 +22,8 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE. */
 
-#ifndef _RUNOPTS_H_
-#define _RUNOPTS_H_
+#ifndef DROPBEAR_RUNOPTS_H_
+#define DROPBEAR_RUNOPTS_H_
 
 #include "includes.h"
 #include "signkey.h"
@@ -170,4 +170,4 @@ void parse_ciphers_macs();
 
 void print_version(void);
 
-#endif /* _RUNOPTS_H_ */
+#endif /* DROPBEAR_RUNOPTS_H_ */

scp.c

@@ -437,7 +437,7 @@ main(int argc, char **argv)
 	}
 	/*
 	 * Finally check the exit status of the ssh process, if one was forked
-	 * and no error has occured yet
+	 * and no error has occurred yet
 	 */
 	if (do_cmd_pid != -1 && errs == 0) {
 		if (remin != -1)

service.h

@@ -22,9 +22,9 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE. */
 
-#ifndef _SERVICE_H_
-#define _SERVICE_H_
+#ifndef DROPBEAR_SERVICE_H_
+#define DROPBEAR_SERVICE_H_
 
 void recv_msg_service_request(); /* Server */
 
-#endif /* _SERVICE_H_ */
+#endif /* DROPBEAR_SERVICE_H_ */

session.h

@@ -22,8 +22,8 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE. */
 
-#ifndef _SESSION_H_
-#define _SESSION_H_
+#ifndef DROPBEAR_SESSION_H_
+#define DROPBEAR_SESSION_H_
 
 #include "includes.h"
 #include "options.h"
@@ -43,7 +43,7 @@ extern int sessinitdone; /* Is set to 0 somewhere */
 extern int exitflag;
 
 void common_session_init(int sock_in, int sock_out);
-void session_loop(void(*loophandler)());
+void session_loop(void(*loophandler)()) ATTRIB_NORETURN;
 void session_cleanup();
 void send_session_identification();
 void send_msg_ignore();
@@ -55,12 +55,12 @@ const char* get_user_shell();
 void fill_passwd(const char* username);
 
 /* Server */
-void svr_session(int sock, int childpipe);
+void svr_session(int sock, int childpipe) ATTRIB_NORETURN;
 void svr_dropbear_exit(int exitcode, const char* format, va_list param) ATTRIB_NORETURN;
 void svr_dropbear_log(int priority, const char* format, va_list param);
 
 /* Client */
-void cli_session(int sock_in, int sock_out);
+void cli_session(int sock_in, int sock_out) ATTRIB_NORETURN;
 void cleantext(unsigned char* dirtytext);
 
 /* crypto parameters that are stored individually for transmit and receive */
@@ -309,4 +309,4 @@ extern struct serversession svr_ses;
 extern struct clientsession cli_ses;
 #endif /* DROPBEAR_CLIENT */
 
-#endif /* _SESSION_H_ */
+#endif /* DROPBEAR_SESSION_H_ */

signkey.h

@@ -22,8 +22,8 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE. */
 
-#ifndef _SIGNKEY_H_
-#define _SIGNKEY_H_
+#ifndef DROPBEAR_SIGNKEY_H_
+#define DROPBEAR_SIGNKEY_H_
 
 #include "buffer.h"
 #include "dss.h"
@@ -101,4 +101,4 @@ int cmp_base64_key(const unsigned char* keyblob, unsigned int keybloblen,
 
 void** signkey_key_ptr(sign_key *key, enum signkey_type type);
 
-#endif /* _SIGNKEY_H_ */
+#endif /* DROPBEAR_SIGNKEY_H_ */

svr-agentfwd.c

@@ -117,7 +117,7 @@ static void agentaccept(struct Listener *UNUSED(listener), int sock) {
 }
 
 /* set up the environment variable pointing to the socket. This is called
- * just before command/shell execution, after dropping priveleges */
+ * just before command/shell execution, after dropping privileges */
 void svr_agentset(struct ChanSess * chansess) {
 
 	char *path = NULL;

svr-chansession.c

@@ -234,7 +234,7 @@ static int newchansess(struct Channel *channel) {
 
 	struct ChanSess *chansess;
 
-	TRACE(("new chansess %p", channel))
+	TRACE(("new chansess %p", (void*)channel))
 
 	dropbear_assert(channel->typedata == NULL);
 

svr-session.c

@@ -78,10 +78,14 @@ static const struct ChanType *svr_chantypes[] = {
 };
 
 static void
-svr_session_cleanup(void)
-{
+svr_session_cleanup(void) {
 	/* free potential public key options */
 	svr_pubkey_options_cleanup();
+
+	m_free(svr_ses.addrstring);
+	m_free(svr_ses.remotehost);
+	m_free(svr_ses.childpids);
+	svr_ses.childpidsize = 0;
 }
 
 static void
@@ -150,6 +154,7 @@ void svr_session(int sock, int childpipe) {
 void svr_dropbear_exit(int exitcode, const char* format, va_list param) {
 
 	char fmtbuf[300];
+	int i;
 
 	if (!sessinitdone) {
 		/* before session init */
@@ -183,6 +188,15 @@ void svr_dropbear_exit(int exitcode, const char* format, va_list param) {
 		session_cleanup();
 	}
 
+	if (svr_opts.hostkey) {
+		sign_key_free(svr_opts.hostkey);
+		svr_opts.hostkey = NULL;
+	}
+	for (i = 0; i < DROPBEAR_MAX_PORTS; i++) {
+		m_free(svr_opts.addresses[i]);
+		m_free(svr_opts.ports[i]);
+	}
+
 	exit(exitcode);
 
 }

svr-tcpfwd.c

@@ -270,7 +270,7 @@ static int newtcpdirect(struct Channel * channel) {
 	}
 
 	snprintf(portstring, sizeof(portstring), "%d", destport);
-	sock = connect_remote(desthost, portstring, 1, NULL);
+	sock = connect_remote(desthost, portstring, NULL);
 	if (sock < 0) {
 		err = SSH_OPEN_CONNECT_FAILED;
 		TRACE(("leave newtcpdirect: sock failed"))

svr-x11fwd.c

@@ -175,7 +175,7 @@ void x11cleanup(struct ChanSess *chansess) {
 	m_free(chansess->x11authprot);
 	m_free(chansess->x11authcookie);
 
-	TRACE(("chansess %p", chansess))
+	TRACE(("chansess %p", (void*)chansess))
 	if (chansess->x11listener != NULL) {
 		remove_listener(chansess->x11listener);
 		chansess->x11listener = NULL;

sysoptions.h

@@ -256,6 +256,9 @@
 #define DROPBEAR_LISTEN_BACKLOG MAX_CHANNELS
 #endif
 
+/* free memory before exiting */
+#define DROPBEAR_CLEANUP
+
 /* Use this string since some implementations might special-case it */
 #define DROPBEAR_KEEPALIVE_STRING "keepalive@openssh.com"
 

tcpfwd.h

@@ -21,8 +21,8 @@
  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE. */
-#ifndef _TCPFWD_H
-#define _TCPFWD_H
+#ifndef DROPBEAR_TCPFWD_H
+#define DROPBEAR_TCPFWD_H
 
 #include "channel.h"
 #include "list.h"

termcodes.h

@@ -22,8 +22,8 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE. */
 
-#ifndef _TERMCODES_H_
-#define _TERMCODES_H_
+#ifndef DROPBEAR_TERMCODES_H_
+#define DROPBEAR_TERMCODES_H_
 
 #define TERMCODE_NONE 0
 #define TERMCODE_CONTROL 1
@@ -43,4 +43,4 @@ struct TermCode {
 
 extern const struct TermCode termcodes[];
 
-#endif /* _TERMCODES_H_ */
+#endif /* DROPBEAR_TERMCODES_H_ */

x11fwd.h

@@ -21,8 +21,8 @@
  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE. */
-#ifndef _X11FWD_H_
-#define _X11FWD_H_
+#ifndef DROPBEAR__X11FWD_H_
+#define DROPBEAR__X11FWD_H_
 #ifndef DISABLE_X11FWD
 
 #include "includes.h"
@@ -34,4 +34,4 @@ void x11setauth(struct ChanSess *chansess);
 void x11cleanup(struct ChanSess *chansess);
 
 #endif /* DROPBEAR_X11FWD */
-#endif /* _X11FWD_H_ */
+#endif /* DROPBEAR__X11FWD_H_ */