diff --git a/Makefile.in b/Makefile.in index 8cde521..8ab1a73 100644 --- a/Makefile.in +++ b/Makefile.in @@ -140,7 +140,7 @@ insmulti%: dropbearmulti $(INSTALL) -d $(DESTDIR)$(mandir)/man1 if test -e $*.1; then $(INSTALL) -m 644 $*.1 $(DESTDIR)$(mandir)/man1/$*.1; fi -# dropbear should go in sbin, so it needs a seperate rule +# dropbear should go in sbin, so it needs a separate rule inst_dropbear: dropbear $(INSTALL) -d $(DESTDIR)$(sbindir) $(INSTALL) dropbear$(EXEEXT) $(DESTDIR)$(sbindir) diff --git a/agentfwd.h b/agentfwd.h index 113370c..53c297a 100644 --- a/agentfwd.h +++ b/agentfwd.h @@ -21,8 +21,8 @@ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _AGENTFWD_H_ -#define _AGENTFWD_H_ +#ifndef DROPBEAR_AGENTFWD_H_ +#define DROPBEAR_AGENTFWD_H_ #include "includes.h" #include "chansession.h" @@ -60,4 +60,4 @@ void svr_agentset(struct ChanSess *chansess); #endif /* ENABLE_SVR_AGENTFWD */ -#endif /* _AGENTFWD_H_ */ +#endif /* DROPBEAR_AGENTFWD_H_ */ diff --git a/algo.h b/algo.h index 1758c51..5b7b874 100644 --- a/algo.h +++ b/algo.h @@ -22,9 +22,9 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _ALGO_H_ +#ifndef DROPBEAR_ALGO_H_ -#define _ALGO_H_ +#define DROPBEAR_ALGO_H_ #include "includes.h" #include "buffer.h" @@ -134,4 +134,4 @@ enum { DROPBEAR_COMP_ZLIB_DELAY, }; -#endif /* _ALGO_H_ */ +#endif /* DROPBEAR_ALGO_H_ */ diff --git a/auth.h b/auth.h index 66f5b6a..78397ed 100644 --- a/auth.h +++ b/auth.h @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _AUTH_H_ -#define _AUTH_H_ +#ifndef DROPBEAR_AUTH_H_ +#define DROPBEAR_AUTH_H_ #include "includes.h" #include "signkey.h" @@ -137,4 +137,4 @@ struct PubKeyOptions { }; #endif -#endif /* _AUTH_H_ */ +#endif /* DROPBEAR_AUTH_H_ */ diff --git a/bignum.h b/bignum.h index f9710d7..d05e8b7 100644 --- a/bignum.h +++ b/bignum.h @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _BIGNUM_H_ -#define _BIGNUM_H_ +#ifndef DROPBEAR_BIGNUM_H_ +#define DROPBEAR_BIGNUM_H_ #include "includes.h" #include "dbutil.h" @@ -35,4 +35,4 @@ void bytes_to_mp(mp_int *mp, const unsigned char* bytes, unsigned int len); void hash_process_mp(const struct ltc_hash_descriptor *hash_desc, hash_state *hs, mp_int *mp); -#endif /* _BIGNUM_H_ */ +#endif /* DROPBEAR_BIGNUM_H_ */ diff --git a/buffer.c b/buffer.c index 9bda652..2b35f72 100644 --- a/buffer.c +++ b/buffer.c @@ -99,7 +99,9 @@ buffer* buf_newcopy(buffer* buf) { ret = buf_new(buf->len); ret->len = buf->len; - memcpy(ret->data, buf->data, buf->len); + if (buf->len > 0) { + memcpy(ret->data, buf->data, buf->len); + } return ret; } @@ -127,7 +129,7 @@ void buf_setpos(buffer* buf, unsigned int pos) { buf->pos = pos; } -/* increment the postion by incr, increasing the buffer length if required */ +/* increment the position by incr, increasing the buffer length if required */ void buf_incrwritepos(buffer* buf, unsigned int incr) { if (incr > BUF_MAX_INCR || buf->pos + incr > buf->size) { dropbear_exit("Bad buf_incrwritepos"); diff --git a/buffer.h b/buffer.h index 1d83f8e..5f59939 100644 --- a/buffer.h +++ b/buffer.h @@ -22,9 +22,9 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _BUFFER_H_ +#ifndef DROPBEAR_BUFFER_H_ -#define _BUFFER_H_ +#define DROPBEAR_BUFFER_H_ #include "includes.h" @@ -65,4 +65,4 @@ void buf_putmpint(buffer* buf, mp_int * mp); int buf_getmpint(buffer* buf, mp_int* mp); unsigned int buf_getint(buffer* buf); -#endif /* _BUFFER_H_ */ +#endif /* DROPBEAR_BUFFER_H_ */ diff --git a/channel.h b/channel.h index a310d44..689d2d6 100644 --- a/channel.h +++ b/channel.h @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _CHANNEL_H_ -#define _CHANNEL_H_ +#ifndef DROPBEAR_CHANNEL_H_ +#define DROPBEAR_CHANNEL_H_ #include "includes.h" #include "buffer.h" @@ -92,7 +92,7 @@ struct Channel { struct ChanType { - int sepfds; /* Whether this channel has seperate pipes for in/out or not */ + int sepfds; /* Whether this channel has separate pipes for in/out or not */ char *name; int (*inithandler)(struct Channel*); int (*check_close)(struct Channel*); @@ -137,4 +137,4 @@ void send_msg_request_success(); void send_msg_request_failure(); -#endif /* _CHANNEL_H_ */ +#endif /* DROPBEAR_CHANNEL_H_ */ diff --git a/chansession.h b/chansession.h index 4078123..3dd58ac 100644 --- a/chansession.h +++ b/chansession.h @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _CHANSESSION_H_ -#define _CHANSESSION_H_ +#ifndef DROPBEAR_CHANSESSION_H_ +#define DROPBEAR_CHANSESSION_H_ #include "loginrec.h" #include "channel.h" @@ -103,4 +103,4 @@ struct SigMap { extern const struct SigMap signames[]; -#endif /* _CHANSESSION_H_ */ +#endif /* DROPBEAR_CHANSESSION_H_ */ diff --git a/circbuffer.h b/circbuffer.h index 21c5134..32ed13c 100644 --- a/circbuffer.h +++ b/circbuffer.h @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _CIRCBUFFER_H_ -#define _CIRCBUFFER_H_ +#ifndef DROPBEAR_CIRCBUFFER_H_ +#define DROPBEAR_CIRCBUFFER_H_ struct circbuf { unsigned int size; diff --git a/cli-main.c b/cli-main.c index 0b4047c..a956721 100644 --- a/cli-main.c +++ b/cli-main.c @@ -72,8 +72,7 @@ int main(int argc, char ** argv) { } else #endif { - int sock = connect_remote(cli_opts.remotehost, cli_opts.remoteport, - 0, &error); + int sock = connect_remote(cli_opts.remotehost, cli_opts.remoteport, &error); sock_in = sock_out = sock; } diff --git a/cli-session.c b/cli-session.c index a484bf7..6be8472 100644 --- a/cli-session.c +++ b/cli-session.c @@ -38,10 +38,10 @@ #include "agentfwd.h" #include "crypto_desc.h" -static void cli_remoteclosed(); +static void cli_remoteclosed() ATTRIB_NORETURN; static void cli_sessionloop(); static void cli_session_init(); -static void cli_finished(); +static void cli_finished() ATTRIB_NORETURN; static void recv_msg_service_accept(void); static void cli_session_cleanup(void); static void recv_msg_global_request_cli(void); diff --git a/cli-tcpfwd.c b/cli-tcpfwd.c index fa61d13..3894044 100644 --- a/cli-tcpfwd.c +++ b/cli-tcpfwd.c @@ -254,7 +254,7 @@ static int newtcpforwarded(struct Channel * channel) { } snprintf(portstring, sizeof(portstring), "%d", fwd->connectport); - sock = connect_remote(fwd->connectaddr, portstring, 1, NULL); + sock = connect_remote(fwd->connectaddr, portstring, NULL); if (sock < 0) { TRACE(("leave newtcpdirect: sock failed")) err = SSH_OPEN_CONNECT_FAILED; diff --git a/common-algo.c b/common-algo.c index 6a20282..a3e9d78 100644 --- a/common-algo.c +++ b/common-algo.c @@ -87,7 +87,7 @@ const struct dropbear_cipher dropbear_nocipher = #ifdef DROPBEAR_ENABLE_CBC_MODE const struct dropbear_cipher_mode dropbear_mode_cbc = {(void*)cbc_start, (void*)cbc_encrypt, (void*)cbc_decrypt}; -#endif // DROPBEAR_ENABLE_CBC_MODE +#endif /* DROPBEAR_ENABLE_CBC_MODE */ const struct dropbear_cipher_mode dropbear_mode_none = {void_start, void_cipher, void_cipher}; @@ -102,7 +102,7 @@ static int dropbear_big_endian_ctr_start(int cipher, } const struct dropbear_cipher_mode dropbear_mode_ctr = {(void*)dropbear_big_endian_ctr_start, (void*)ctr_encrypt, (void*)ctr_decrypt}; -#endif // DROPBEAR_ENABLE_CTR_MODE +#endif /* DROPBEAR_ENABLE_CTR_MODE */ /* Mapping of ssh hashes to libtomcrypt hashes, including keysize etc. {&hash_desc, keysize, hashsize} */ @@ -183,18 +183,18 @@ algo_type sshciphers[] = { }; algo_type sshhashes[] = { -#ifdef DROPBEAR_SHA2_256_HMAC - {"hmac-sha2-256", 0, &dropbear_sha2_256, 1, NULL}, -#endif -#ifdef DROPBEAR_SHA2_512_HMAC - {"hmac-sha2-512", 0, &dropbear_sha2_512, 1, NULL}, -#endif #ifdef DROPBEAR_SHA1_96_HMAC {"hmac-sha1-96", 0, &dropbear_sha1_96, 1, NULL}, #endif #ifdef DROPBEAR_SHA1_HMAC {"hmac-sha1", 0, &dropbear_sha1, 1, NULL}, #endif +#ifdef DROPBEAR_SHA2_256_HMAC + {"hmac-sha2-256", 0, &dropbear_sha2_256, 1, NULL}, +#endif +#ifdef DROPBEAR_SHA2_512_HMAC + {"hmac-sha2-512", 0, &dropbear_sha2_512, 1, NULL}, +#endif #ifdef DROPBEAR_MD5_HMAC {"hmac-md5", 0, (void*)&dropbear_md5, 1, NULL}, #endif diff --git a/common-channel.c b/common-channel.c index 049658d..a683448 100644 --- a/common-channel.c +++ b/common-channel.c @@ -402,7 +402,7 @@ static void check_in_progress(struct Channel *channel) { /* Send the close message and set the channel as closed */ static void send_msg_channel_close(struct Channel *channel) { - TRACE(("enter send_msg_channel_close %p", channel)) + TRACE(("enter send_msg_channel_close %p", (void*)channel)) if (channel->type->closehandler && !channel->close_handler_done) { channel->type->closehandler(channel); @@ -586,11 +586,11 @@ static void remove_channel(struct Channel * channel) { /* close the FDs in case they haven't been done * yet (they might have been shutdown etc) */ TRACE(("CLOSE writefd %d", channel->writefd)) - close(channel->writefd); + m_close(channel->writefd); TRACE(("CLOSE readfd %d", channel->readfd)) - close(channel->readfd); + m_close(channel->readfd); TRACE(("CLOSE errfd %d", channel->errfd)) - close(channel->errfd); + m_close(channel->errfd); } if (!channel->close_handler_done @@ -616,7 +616,7 @@ void recv_msg_channel_request() { channel = getchannel(); - TRACE(("enter recv_msg_channel_request %p", channel)) + TRACE(("enter recv_msg_channel_request %p", (void*)channel)) if (channel->sent_close) { TRACE(("leave recv_msg_channel_request: already closed channel")) @@ -1001,7 +1001,7 @@ static void close_chan_fd(struct Channel *channel, int fd, int how) { } } else { TRACE(("CLOSE some fd %d", fd)) - close(fd); + m_close(fd); closein = closeout = 1; } @@ -1024,7 +1024,7 @@ static void close_chan_fd(struct Channel *channel, int fd, int how) { if (channel->type->sepfds && channel->readfd == FD_CLOSED && channel->writefd == FD_CLOSED && channel->errfd == FD_CLOSED) { TRACE(("CLOSE (finally) of %d", fd)) - close(fd); + m_close(fd); } } @@ -1141,10 +1141,10 @@ void send_msg_request_failure() { } struct Channel* get_any_ready_channel() { + size_t i; if (ses.chancount == 0) { return NULL; } - size_t i; for (i = 0; i < ses.chansize; i++) { struct Channel *chan = ses.channels[i]; if (chan diff --git a/common-session.c b/common-session.c index 83fb7f4..971955a 100644 --- a/common-session.c +++ b/common-session.c @@ -53,6 +53,10 @@ int exitflag = 0; /* GLOBAL */ void common_session_init(int sock_in, int sock_out) { time_t now; +#ifdef DEBUG_TRACE + debug_start_net(); +#endif + TRACE(("enter session_init")) ses.sock_in = sock_in; @@ -236,6 +240,15 @@ void session_loop(void(*loophandler)()) { /* Not reached */ } +static void cleanup_buf(buffer **buf) { + if (!*buf) { + return; + } + buf_burn(*buf); + buf_free(*buf); + *buf = NULL; +} + /* clean up a session on exit */ void session_cleanup() { @@ -247,24 +260,45 @@ void session_cleanup() { return; } + /* Beware of changing order of functions here. */ + + /* Must be before extra_session_cleanup() */ + chancleanup(); + if (ses.extra_session_cleanup) { ses.extra_session_cleanup(); } - chancleanup(); - - /* Cleaning up keys must happen after other cleanup - functions which might queue packets */ - if (ses.session_id) { - buf_burn(ses.session_id); - buf_free(ses.session_id); - ses.session_id = NULL; + /* After these are freed most functions will exit */ +#ifdef DROPBEAR_CLEANUP + /* listeners call cleanup functions, this should occur before + other session state is freed. */ + remove_all_listeners(); + + while (!isempty(&ses.writequeue)) { + buf_free(dequeue(&ses.writequeue)); } - if (ses.hash) { - buf_burn(ses.hash); - buf_free(ses.hash); - ses.hash = NULL; + + m_free(ses.remoteident); + m_free(ses.authstate.pw_dir); + m_free(ses.authstate.pw_name); + m_free(ses.authstate.pw_shell); + m_free(ses.authstate.pw_passwd); + m_free(ses.authstate.username); +#endif + + cleanup_buf(&ses.session_id); + cleanup_buf(&ses.hash); + cleanup_buf(&ses.payload); + cleanup_buf(&ses.readbuf); + cleanup_buf(&ses.writepayload); + cleanup_buf(&ses.kexhashbuf); + cleanup_buf(&ses.transkexinit); + if (ses.dh_K) { + mp_clear(ses.dh_K); } + m_free(ses.dh_K); + m_burn(ses.keys, sizeof(struct key_context)); m_free(ses.keys); @@ -395,16 +429,16 @@ static int ident_readln(int fd, char* buf, int count) { } void ignore_recv_response() { - // Do nothing + /* Do nothing */ TRACE(("Ignored msg_request_response")) } static void send_msg_keepalive() { - CHECKCLEARTOWRITE(); time_t old_time_idle = ses.last_packet_time_idle; - struct Channel *chan = get_any_ready_channel(); + CHECKCLEARTOWRITE(); + if (chan) { /* Channel requests are preferable, more implementations handle them than SSH_MSG_GLOBAL_REQUEST */ @@ -573,7 +607,7 @@ void update_channel_prio() { } if (new_prio != ses.socket_prio) { - TRACE(("Dropbear priority transitioning %4.4s -> %4.4s", (char*)&ses.socket_prio, (char*)&new_prio)) + TRACE(("Dropbear priority transitioning %d -> %d", ses.socket_prio, new_prio)) set_sock_priority(ses.sock_out, new_prio); ses.socket_prio = new_prio; } diff --git a/compat.h b/compat.h index 1ab344f..4bd1a12 100644 --- a/compat.h +++ b/compat.h @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _COMPAT_H_ -#define _COMPAT_H_ +#ifndef DROPBEAR_COMPAT_H_ +#define DROPBEAR_COMPAT_H_ #include "includes.h" @@ -49,8 +49,8 @@ void setusershell(); void endusershell(); #endif -#ifndef _PATH_DEVNULL -#define _PATH_DEVNULL "/dev/null" +#ifndef DROPBEAR_PATH_DEVNULL +#define DROPBEAR_PATH_DEVNULL "/dev/null" #endif -#endif /* _COMPAT_H_ */ +#endif /* DROPBEAR_COMPAT_H_ */ diff --git a/crypto_desc.h b/crypto_desc.h index d05096b..54da734 100644 --- a/crypto_desc.h +++ b/crypto_desc.h @@ -1,9 +1,9 @@ -#ifndef _CRYPTO_DESC_H -#define _CRYPTO_DESC_H +#ifndef DROPBEAR_CRYPTO_DESC_H +#define DROPBEAR_CRYPTO_DESC_H void crypto_init(); extern int dropbear_ltc_prng; -#endif /* _CRYPTO_DESC_H */ +#endif /* DROPBEAR_CRYPTO_DESC_H */ diff --git a/curve25519-donna.c b/curve25519-donna.c index bb1262e..3309610 100644 --- a/curve25519-donna.c +++ b/curve25519-donna.c @@ -527,7 +527,7 @@ static void fmonty(limb *x2, limb *z2, /* output 2Q */ memcpy(origx, x, 10 * sizeof(limb)); fsum(x, z); - fdifference(z, origx); // does x - z + fdifference(z, origx); /* does x - z */ memcpy(origxprime, xprime, sizeof(limb) * 10); fsum(xprime, zprime); @@ -554,7 +554,7 @@ static void fmonty(limb *x2, limb *z2, /* output 2Q */ fproduct(x2, xx, zz); freduce_degree(x2); freduce_coefficients(x2); - fdifference(zz, xx); // does zz = xx - zz + fdifference(zz, xx); /* does zz = xx - zz */ memset(zzz + 10, 0, sizeof(limb) * 9); fscalar_product(zzz, zz, 121665); /* No need to call freduce_degree here: @@ -641,9 +641,9 @@ cmult(limb *resultx, limb *resultz, const u8 *n, const limb *q) { memcpy(resultz, nqz, sizeof(limb) * 10); } -// ----------------------------------------------------------------------------- -// Shamelessly copied from djb's code -// ----------------------------------------------------------------------------- +/* ----------------------------------------------------------------------------- + * Shamelessly copied from djb's code + * ----------------------------------------------------------------------------- */ static void crecip(limb *out, const limb *z) { limb z2[10]; diff --git a/dbrandom.h b/dbrandom.h index 2c79ec3..3434f69 100644 --- a/dbrandom.h +++ b/dbrandom.h @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _RANDOM_H_ -#define _RANDOM_H_ +#ifndef DROPBEAR_RANDOM_H_ +#define DROPBEAR_RANDOM_H_ #include "includes.h" @@ -32,4 +32,4 @@ void genrandom(unsigned char* buf, unsigned int len); void addrandom(char * buf, unsigned int len); void gen_random_mpint(mp_int *max, mp_int *rand); -#endif /* _RANDOM_H_ */ +#endif /* DROPBEAR_RANDOM_H_ */ diff --git a/dbutil.c b/dbutil.c index ae73132..eb781c3 100644 --- a/dbutil.c +++ b/dbutil.c @@ -150,18 +150,44 @@ void dropbear_log(int priority, const char* format, ...) { #ifdef DEBUG_TRACE + +static double debug_start_time = -1; + +void debug_start_net() +{ + if (getenv("DROPBEAR_DEBUG_NET_TIMESTAMP")) + { + /* Timestamps start from first network activity */ + struct timeval tv; + gettimeofday(&tv, NULL); + debug_start_time = tv.tv_sec + (tv.tv_usec / 1000000.0); + TRACE(("Resetting Dropbear TRACE timestamps")) + } +} + +static double time_since_start() +{ + double nowf; + struct timeval tv; + gettimeofday(&tv, NULL); + nowf = tv.tv_sec + (tv.tv_usec / 1000000.0); + if (debug_start_time < 0) + { + debug_start_time = nowf; + return 0; + } + return nowf - debug_start_time; +} + void dropbear_trace(const char* format, ...) { va_list param; - struct timeval tv; if (!debug_trace) { return; } - gettimeofday(&tv, NULL); - va_start(param, format); - fprintf(stderr, "TRACE (%d) %d.%d: ", getpid(), (int)tv.tv_sec, (int)tv.tv_usec); + fprintf(stderr, "TRACE (%d) %f: ", getpid(), time_since_start()); vfprintf(stderr, format, param); fprintf(stderr, "\n"); va_end(param); @@ -170,7 +196,6 @@ void dropbear_trace(const char* format, ...) { void dropbear_trace2(const char* format, ...) { static int trace_env = -1; va_list param; - struct timeval tv; if (trace_env == -1) { trace_env = getenv("DROPBEAR_TRACE2") ? 1 : 0; @@ -180,10 +205,8 @@ void dropbear_trace2(const char* format, ...) { return; } - gettimeofday(&tv, NULL); - va_start(param, format); - fprintf(stderr, "TRACE2 (%d) %d.%d: ", getpid(), (int)tv.tv_sec, (int)tv.tv_usec); + fprintf(stderr, "TRACE2 (%d) %f: ", getpid(), time_since_start()); vfprintf(stderr, format, param); fprintf(stderr, "\n"); va_end(param); @@ -390,13 +413,29 @@ int connect_unix(const char* path) { } #endif +#if defined(__linux__) && defined(TCP_DEFER_ACCEPT) +static void set_piggyback_ack(int sock) { + /* Undocumented Linux feature - set TCP_DEFER_ACCEPT and data will be piggybacked + on the 3rd packet (ack) of the TCP handshake. Saves a IP packet. + http://thread.gmane.org/gmane.linux.network/224627/focus=224727 + "Piggyback the final ACK of the three way TCP connection establishment with the data" */ + int val = 1; + /* No error checking, this is opportunistic */ + int err = setsockopt(sock, IPPROTO_TCP, TCP_DEFER_ACCEPT, (void*)&val, sizeof(val)); + if (err) + { + TRACE(("Failed setsockopt TCP_DEFER_ACCEPT: %s", strerror(errno))) + } +} +#endif + + /* Connect via TCP to a host. Connection will try ipv4 or ipv6, will * return immediately if nonblocking is set. On failure, if errstring * wasn't null, it will be a newly malloced error message */ /* TODO: maxfd */ -int connect_remote(const char* remotehost, const char* remoteport, - int nonblocking, char ** errstring) { +int connect_remote(const char* remotehost, const char* remoteport, char ** errstring) { struct addrinfo *res0 = NULL, *res = NULL, hints; int sock; @@ -435,12 +474,14 @@ int connect_remote(const char* remotehost, const char* remoteport, continue; } - if (nonblocking) { - setnonblocking(sock); - } + setnonblocking(sock); + +#if defined(__linux__) && defined(TCP_DEFER_ACCEPT) + set_piggyback_ack(sock); +#endif if (connect(sock, res->ai_addr, res->ai_addrlen) < 0) { - if (errno == EINPROGRESS && nonblocking) { + if (errno == EINPROGRESS) { TRACE(("Connect in progress")) break; } else { @@ -454,7 +495,7 @@ int connect_remote(const char* remotehost, const char* remoteport, break; /* Success */ } - if (sock < 0 && !(errno == EINPROGRESS && nonblocking)) { + if (sock < 0 && !(errno == EINPROGRESS)) { /* Failed */ if (errstring != NULL && *errstring == NULL) { int len; @@ -827,12 +868,12 @@ out: /* make sure that the socket closes */ void m_close(int fd) { + int val; if (fd == -1) { return; } - int val; do { val = close(fd); } while (val < 0 && errno == EINTR); diff --git a/dbutil.h b/dbutil.h index cdad9bc..ae9645c 100644 --- a/dbutil.h +++ b/dbutil.h @@ -22,9 +22,9 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _DBUTIL_H_ +#ifndef DROPBEAR_DBUTIL_H_ -#define _DBUTIL_H_ +#define DROPBEAR_DBUTIL_H_ #include "includes.h" #include "buffer.h" @@ -58,6 +58,7 @@ void dropbear_trace(const char* format, ...) ATTRIB_PRINTF(1,2); void dropbear_trace2(const char* format, ...) ATTRIB_PRINTF(1,2); void printhex(const char * label, const unsigned char * buf, int len); void printmpint(const char *label, mp_int *mp); +void debug_start_net(); extern int debug_trace; #endif @@ -82,8 +83,7 @@ void run_shell_command(const char* cmd, unsigned int maxfd, char* usershell); #ifdef ENABLE_CONNECT_UNIX int connect_unix(const char* addr); #endif -int connect_remote(const char* remotehost, const char* remoteport, - int nonblocking, char ** errstring); +int connect_remote(const char* remotehost, const char* remoteport, char ** errstring); int buf_readfile(buffer* buf, const char* filename); int buf_getline(buffer * line, FILE * authfile); @@ -112,4 +112,4 @@ time_t monotonic_now(); char * expand_tilde(const char *inpath); -#endif /* _DBUTIL_H_ */ +#endif /* DROPBEAR_DBUTIL_H_ */ diff --git a/debug.h b/debug.h index be09865..cbfa7e9 100644 --- a/debug.h +++ b/debug.h @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _DEBUG_H_ -#define _DEBUG_H_ +#ifndef DROPBEAR_DEBUG_H_ +#define DROPBEAR_DEBUG_H_ #include "includes.h" @@ -39,7 +39,7 @@ * Caution: Don't use this in an unfriendly environment (ie unfirewalled), * since the printing may not sanitise strings etc. This will add a reasonable * amount to your executable size. */ -#define DEBUG_TRACE +/*#define DEBUG_TRACE*/ /* All functions writing to the cleartext payload buffer call * CHECKCLEARTOWRITE() before writing. This is only really useful if you're diff --git a/dss.h b/dss.h index f921ae4..4f164f3 100644 --- a/dss.h +++ b/dss.h @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _DSS_H_ -#define _DSS_H_ +#ifndef DROPBEAR_DSS_H_ +#define DROPBEAR_DSS_H_ #include "includes.h" #include "buffer.h" @@ -53,4 +53,4 @@ void dss_key_free(dropbear_dss_key *key); #endif /* DROPBEAR_DSS */ -#endif /* _DSS_H_ */ +#endif /* DROPBEAR_DSS_H_ */ diff --git a/ecc.h b/ecc.h index 40213f4..703c717 100644 --- a/ecc.h +++ b/ecc.h @@ -1,5 +1,5 @@ -#ifndef _DROPBEAR_ECC_H -#define _DROPBEAR_ECC_H +#ifndef DROPBEAR_DROPBEAR_ECC_H +#define DROPBEAR_DROPBEAR_ECC_H #include "includes.h" #include "options.h" @@ -33,4 +33,4 @@ mp_int * dropbear_ecc_shared_secret(ecc_key *pub_key, ecc_key *priv_key); #endif -#endif /* _DROPBEAR_ECC_H */ +#endif /* DROPBEAR_DROPBEAR_ECC_H */ diff --git a/ecdsa.h b/ecdsa.h index f578171..24792cb 100644 --- a/ecdsa.h +++ b/ecdsa.h @@ -1,5 +1,5 @@ -#ifndef _ECDSA_H_ -#define _ECDSA_H_ +#ifndef DROPBEAR_ECDSA_H_ +#define DROPBEAR_ECDSA_H_ #include "includes.h" #include "buffer.h" @@ -32,4 +32,4 @@ int signkey_is_ecdsa(enum signkey_type type); #endif -#endif /* _ECDSA_H_ */ +#endif /* DROPBEAR_ECDSA_H_ */ diff --git a/fake-rfc2553.h b/fake-rfc2553.h index 876fa14..c64136c 100644 --- a/fake-rfc2553.h +++ b/fake-rfc2553.h @@ -39,8 +39,8 @@ * that ai_family is AF_INET. Don't use it for another purpose. */ -#ifndef _FAKE_RFC2553_H -#define _FAKE_RFC2553_H +#ifndef DROPBEAR_FAKE_RFC2553_H +#define DROPBEAR_FAKE_RFC2553_H #include "includes.h" #include diff --git a/gendss.h b/gendss.h index 44335bc..8292ac9 100644 --- a/gendss.h +++ b/gendss.h @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _GENDSS_H_ -#define _GENDSS_H_ +#ifndef DROPBEAR_GENDSS_H_ +#define DROPBEAR_GENDSS_H_ #include "dss.h" @@ -33,4 +33,4 @@ dropbear_dss_key * gen_dss_priv_key(unsigned int size); #endif /* DROPBEAR_DSS */ -#endif /* _GENDSS_H_ */ +#endif /* DROPBEAR_GENDSS_H_ */ diff --git a/genrsa.h b/genrsa.h index 4aad948..acb43fb 100644 --- a/genrsa.h +++ b/genrsa.h @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _GENRSA_H_ -#define _GENRSA_H_ +#ifndef DROPBEAR_GENRSA_H_ +#define DROPBEAR_GENRSA_H_ #include "rsa.h" @@ -33,4 +33,4 @@ dropbear_rsa_key * gen_rsa_priv_key(unsigned int size); #endif /* DROPBEAR_RSA */ -#endif /* _GENRSA_H_ */ +#endif /* DROPBEAR_GENRSA_H_ */ diff --git a/gensignkey.h b/gensignkey.h index b463a42..508eca0 100644 --- a/gensignkey.h +++ b/gensignkey.h @@ -1,5 +1,5 @@ -#ifndef _GENSIGNKEY_H -#define _GENSIGNKEY_H +#ifndef DROPBEAR_GENSIGNKEY_H +#define DROPBEAR_GENSIGNKEY_H #include "signkey.h" diff --git a/includes.h b/includes.h index 2a5b6c1..f91a2c2 100644 --- a/includes.h +++ b/includes.h @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _INCLUDES_H_ -#define _INCLUDES_H_ +#ifndef DROPBEAR_INCLUDES_H_ +#define DROPBEAR_INCLUDES_H_ #include "config.h" @@ -177,4 +177,4 @@ typedef u_int32_t uint32_t; # define UNUSED(x) x #endif -#endif /* _INCLUDES_H_ */ +#endif /* DROPBEAR_INCLUDES_H_ */ diff --git a/kex.h b/kex.h index 144df59..4cee8e3 100644 --- a/kex.h +++ b/kex.h @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _KEX_H_ -#define _KEX_H_ +#ifndef DROPBEAR_KEX_H_ +#define DROPBEAR_KEX_H_ #include "includes.h" #include "algo.h" @@ -113,4 +113,4 @@ int curve25519_donna(unsigned char *out, const unsigned char *secret, const unsi #define MAX_KEXHASHBUF 2000 -#endif /* _KEX_H_ */ +#endif /* DROPBEAR_KEX_H_ */ diff --git a/keyimport.c b/keyimport.c index 6f2634f..8a0d525 100644 --- a/keyimport.c +++ b/keyimport.c @@ -464,17 +464,16 @@ static struct openssh_key *load_openssh_key(const char *filename) goto error; } - memset(buffer, 0, sizeof(buffer)); + m_burn(buffer, sizeof(buffer)); return ret; error: - memset(buffer, 0, sizeof(buffer)); + m_burn(buffer, sizeof(buffer)); if (ret) { if (ret->keyblob) { - memset(ret->keyblob, 0, ret->keyblob_size); + m_burn(ret->keyblob, ret->keyblob_size); m_free(ret->keyblob); } - memset(&ret, 0, sizeof(ret)); m_free(ret); } if (fp) { @@ -494,9 +493,8 @@ static int openssh_encrypted(const char *filename) if (!key) return 0; ret = key->encrypted; - memset(key->keyblob, 0, key->keyblob_size); + m_burn(key->keyblob, key->keyblob_size); m_free(key->keyblob); - memset(&key, 0, sizeof(key)); m_free(key); return ret; } @@ -1046,6 +1044,7 @@ static int openssh_write(const char *filename, sign_key *key, const void* curve_oid = NULL; unsigned long pubkey_size = 2*curve_size+1; unsigned int k_size; + int err = 0; /* version. less than 10 bytes */ buf_incrwritepos(seq_buf, @@ -1091,7 +1090,7 @@ static int openssh_write(const char *filename, sign_key *key, buf_incrwritepos(seq_buf, ber_write_id_len(buf_getwriteptr(seq_buf, 10), 3, 1+pubkey_size, 0)); buf_putbyte(seq_buf, 0); - int err = ecc_ansi_x963_export(*eck, buf_getwriteptr(seq_buf, pubkey_size), &pubkey_size); + err = ecc_ansi_x963_export(*eck, buf_getwriteptr(seq_buf, pubkey_size), &pubkey_size); if (err != CRYPT_OK) { dropbear_exit("ECC error"); } diff --git a/keyimport.h b/keyimport.h index 19f212f..af9a300 100644 --- a/keyimport.h +++ b/keyimport.h @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _KEYIMPORT_H_ -#define _KEYIMPORT_H_ +#ifndef DROPBEAR_KEYIMPORT_H_ +#define DROPBEAR_KEYIMPORT_H_ #include "includes.h" #include "signkey.h" @@ -39,4 +39,4 @@ int import_write(const char *filename, sign_key *key, char *passphrase, sign_key *import_read(const char *filename, char *passphrase, int filetype); int import_encrypted(const char* filename, int filetype); -#endif /* _KEYIMPORT_H_ */ +#endif /* DROPBEAR_KEYIMPORT_H_ */ diff --git a/libtomcrypt/src/headers/tomcrypt_argchk.h b/libtomcrypt/src/headers/tomcrypt_argchk.h index cfc93ad..38e1bdd 100644 --- a/libtomcrypt/src/headers/tomcrypt_argchk.h +++ b/libtomcrypt/src/headers/tomcrypt_argchk.h @@ -4,8 +4,16 @@ #include +/* portability macros for compiler-specific code attributes */ +#ifdef __GNUC__ +#define ATTRIB_NORETURN __attribute__((noreturn)) +#else +#define ATTRIB_NORETURN +#endif + + /* this is the default LibTomCrypt macro */ -void crypt_argchk(char *v, char *s, int d); +void crypt_argchk(char *v, char *s, int d) ATTRIB_NORETURN; #define LTC_ARGCHK(x) if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } #define LTC_ARGCHKVD(x) LTC_ARGCHK(x) diff --git a/list.h b/list.h index 23ef9bb..35c0d49 100644 --- a/list.h +++ b/list.h @@ -1,5 +1,5 @@ -#ifndef _DROPBEAR_LIST_H -#define _DROPBEAR_LIST_H +#ifndef DROPBEAR_DROPBEAR_LIST_H +#define DROPBEAR_DROPBEAR_LIST_H struct _m_list; @@ -25,4 +25,4 @@ void list_append(m_list *list, void *item); void * list_remove(m_list_elem *elem); -#endif /* _DROPBEAR_LIST_H */ +#endif /* DROPBEAR_DROPBEAR_LIST_H */ diff --git a/listener.c b/listener.c index dd90c6b..a7f0730 100644 --- a/listener.c +++ b/listener.c @@ -161,5 +161,14 @@ void remove_listener(struct Listener* listener) { } ses.listeners[listener->index] = NULL; m_free(listener); - +} + +void remove_all_listeners(void) { + unsigned int i; + for (i = 0; i < ses.listensize; i++) { + if (ses.listeners[i]) { + remove_listener(ses.listeners[i]); + } + } + m_free(ses.listeners); } diff --git a/listener.h b/listener.h index 5092efd..b531ed6 100644 --- a/listener.h +++ b/listener.h @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _LISTENER_H -#define _LISTENER_H +#ifndef DROPBEAR_LISTENER_H +#define DROPBEAR_LISTENER_H #define MAX_LISTENERS 20 #define LISTENER_EXTEND_SIZE 1 @@ -60,4 +60,6 @@ struct Listener * get_listener(int type, void* typedata, void remove_listener(struct Listener* listener); -#endif /* _LISTENER_H */ +void remove_all_listeners(void); + +#endif /* DROPBEAR_LISTENER_H */ diff --git a/loginrec.h b/loginrec.h index d2da8d2..830c045 100644 --- a/loginrec.h +++ b/loginrec.h @@ -1,5 +1,5 @@ -#ifndef _HAVE_LOGINREC_H_ -#define _HAVE_LOGINREC_H_ +#ifndef DROPBEAR_HAVE_LOGINREC_H_ +#define DROPBEAR_HAVE_LOGINREC_H_ /* * Copyright (c) 2000 Andre Lucas. All rights reserved. @@ -182,4 +182,4 @@ char *line_fullname(char *dst, const char *src, size_t dstsize); char *line_stripname(char *dst, const char *src, size_t dstsize); char *line_abbrevname(char *dst, const char *src, size_t dstsize); -#endif /* _HAVE_LOGINREC_H_ */ +#endif /* DROPBEAR_HAVE_LOGINREC_H_ */ diff --git a/ltc_prng.h b/ltc_prng.h index f5391e0..6888512 100644 --- a/ltc_prng.h +++ b/ltc_prng.h @@ -1,5 +1,5 @@ -#ifndef _LTC_PRNG_H_DROPBEAR -#define _LTC_PRNG_H_DROPBEAR +#ifndef DROPBEAR_LTC_PRNG_H_DROPBEAR +#define DROPBEAR_LTC_PRNG_H_DROPBEAR #include "options.h" #include "includes.h" @@ -10,4 +10,4 @@ extern const struct ltc_prng_descriptor dropbear_prng_desc; #endif /* DROPBEAR_LTC_PRNG */ -#endif /* _LTC_PRNG_H_DROPBEAR */ +#endif /* DROPBEAR_LTC_PRNG_H_DROPBEAR */ diff --git a/options.h b/options.h index 5c86834..e2d69a9 100644 --- a/options.h +++ b/options.h @@ -2,8 +2,8 @@ * Copyright (c) 2002,2003 Matt Johnston * All rights reserved. See LICENSE for the license. */ -#ifndef _OPTIONS_H_ -#define _OPTIONS_H_ +#ifndef DROPBEAR_OPTIONS_H_ +#define DROPBEAR_OPTIONS_H_ /* Define compile-time options below - the "#ifndef DROPBEAR_XXX .... #endif" * parts are to allow for commandline -DDROPBEAR_XXX options etc. */ @@ -289,7 +289,7 @@ much traffic. */ /* This is used by the scp binary when used as a client binary. If you're * not using the Dropbear client, you'll need to change it */ -#define _PATH_SSH_PROGRAM "/usr/bin/dbclient" +#define DROPBEAR_PATH_SSH_PROGRAM "/usr/bin/dbclient" /* Whether to log commands executed by a client. This only logs the * (single) command sent to the server, not what a user did in a @@ -337,4 +337,4 @@ be overridden at runtime with -I. 0 disables idle timeouts */ * in sysoptions.h */ #include "sysoptions.h" -#endif /* _OPTIONS_H_ */ +#endif /* DROPBEAR_OPTIONS_H_ */ diff --git a/packet.h b/packet.h index 4645b14..3252fe0 100644 --- a/packet.h +++ b/packet.h @@ -22,9 +22,9 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _PACKET_H_ +#ifndef DROPBEAR_PACKET_H_ -#define _PACKET_H_ +#define DROPBEAR_PACKET_H_ #include "includes.h" @@ -46,4 +46,4 @@ typedef struct PacketType { #define INIT_READBUF 128 -#endif /* _PACKET_H_ */ +#endif /* DROPBEAR_PACKET_H_ */ diff --git a/queue.h b/queue.h index 8cffab7..d2227ac 100644 --- a/queue.h +++ b/queue.h @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _QUEUE_H_ -#define _QUEUE_H_ +#ifndef DROPBEAR_QUEUE_H_ +#define DROPBEAR_QUEUE_H_ struct Link { diff --git a/rsa.h b/rsa.h index 7c99282..800be59 100644 --- a/rsa.h +++ b/rsa.h @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _RSA_H_ -#define _RSA_H_ +#ifndef DROPBEAR_RSA_H_ +#define DROPBEAR_RSA_H_ #include "includes.h" #include "buffer.h" @@ -55,4 +55,4 @@ void rsa_key_free(dropbear_rsa_key *key); #endif /* DROPBEAR_RSA */ -#endif /* _RSA_H_ */ +#endif /* DROPBEAR_RSA_H_ */ diff --git a/runopts.h b/runopts.h index 8756716..062cfd8 100644 --- a/runopts.h +++ b/runopts.h @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _RUNOPTS_H_ -#define _RUNOPTS_H_ +#ifndef DROPBEAR_RUNOPTS_H_ +#define DROPBEAR_RUNOPTS_H_ #include "includes.h" #include "signkey.h" @@ -170,4 +170,4 @@ void parse_ciphers_macs(); void print_version(void); -#endif /* _RUNOPTS_H_ */ +#endif /* DROPBEAR_RUNOPTS_H_ */ diff --git a/scp.c b/scp.c index 11c9665..710d9d2 100644 --- a/scp.c +++ b/scp.c @@ -437,7 +437,7 @@ main(int argc, char **argv) } /* * Finally check the exit status of the ssh process, if one was forked - * and no error has occured yet + * and no error has occurred yet */ if (do_cmd_pid != -1 && errs == 0) { if (remin != -1) diff --git a/service.h b/service.h index 9c60c09..de35724 100644 --- a/service.h +++ b/service.h @@ -22,9 +22,9 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _SERVICE_H_ -#define _SERVICE_H_ +#ifndef DROPBEAR_SERVICE_H_ +#define DROPBEAR_SERVICE_H_ void recv_msg_service_request(); /* Server */ -#endif /* _SERVICE_H_ */ +#endif /* DROPBEAR_SERVICE_H_ */ diff --git a/session.h b/session.h index ed0f5be..189e335 100644 --- a/session.h +++ b/session.h @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _SESSION_H_ -#define _SESSION_H_ +#ifndef DROPBEAR_SESSION_H_ +#define DROPBEAR_SESSION_H_ #include "includes.h" #include "options.h" @@ -43,7 +43,7 @@ extern int sessinitdone; /* Is set to 0 somewhere */ extern int exitflag; void common_session_init(int sock_in, int sock_out); -void session_loop(void(*loophandler)()); +void session_loop(void(*loophandler)()) ATTRIB_NORETURN; void session_cleanup(); void send_session_identification(); void send_msg_ignore(); @@ -55,12 +55,12 @@ const char* get_user_shell(); void fill_passwd(const char* username); /* Server */ -void svr_session(int sock, int childpipe); +void svr_session(int sock, int childpipe) ATTRIB_NORETURN; void svr_dropbear_exit(int exitcode, const char* format, va_list param) ATTRIB_NORETURN; void svr_dropbear_log(int priority, const char* format, va_list param); /* Client */ -void cli_session(int sock_in, int sock_out); +void cli_session(int sock_in, int sock_out) ATTRIB_NORETURN; void cleantext(unsigned char* dirtytext); /* crypto parameters that are stored individually for transmit and receive */ @@ -309,4 +309,4 @@ extern struct serversession svr_ses; extern struct clientsession cli_ses; #endif /* DROPBEAR_CLIENT */ -#endif /* _SESSION_H_ */ +#endif /* DROPBEAR_SESSION_H_ */ diff --git a/signkey.h b/signkey.h index 60c04d9..475b51a 100644 --- a/signkey.h +++ b/signkey.h @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _SIGNKEY_H_ -#define _SIGNKEY_H_ +#ifndef DROPBEAR_SIGNKEY_H_ +#define DROPBEAR_SIGNKEY_H_ #include "buffer.h" #include "dss.h" @@ -101,4 +101,4 @@ int cmp_base64_key(const unsigned char* keyblob, unsigned int keybloblen, void** signkey_key_ptr(sign_key *key, enum signkey_type type); -#endif /* _SIGNKEY_H_ */ +#endif /* DROPBEAR_SIGNKEY_H_ */ diff --git a/svr-agentfwd.c b/svr-agentfwd.c index 3c4daab..512cbd2 100644 --- a/svr-agentfwd.c +++ b/svr-agentfwd.c @@ -117,7 +117,7 @@ static void agentaccept(struct Listener *UNUSED(listener), int sock) { } /* set up the environment variable pointing to the socket. This is called - * just before command/shell execution, after dropping priveleges */ + * just before command/shell execution, after dropping privileges */ void svr_agentset(struct ChanSess * chansess) { char *path = NULL; diff --git a/svr-chansession.c b/svr-chansession.c index 67122bb..5bed8fc 100644 --- a/svr-chansession.c +++ b/svr-chansession.c @@ -234,7 +234,7 @@ static int newchansess(struct Channel *channel) { struct ChanSess *chansess; - TRACE(("new chansess %p", channel)) + TRACE(("new chansess %p", (void*)channel)) dropbear_assert(channel->typedata == NULL); diff --git a/svr-session.c b/svr-session.c index 343cb30..8485905 100644 --- a/svr-session.c +++ b/svr-session.c @@ -78,10 +78,14 @@ static const struct ChanType *svr_chantypes[] = { }; static void -svr_session_cleanup(void) -{ +svr_session_cleanup(void) { /* free potential public key options */ svr_pubkey_options_cleanup(); + + m_free(svr_ses.addrstring); + m_free(svr_ses.remotehost); + m_free(svr_ses.childpids); + svr_ses.childpidsize = 0; } static void @@ -150,6 +154,7 @@ void svr_session(int sock, int childpipe) { void svr_dropbear_exit(int exitcode, const char* format, va_list param) { char fmtbuf[300]; + int i; if (!sessinitdone) { /* before session init */ @@ -183,6 +188,15 @@ void svr_dropbear_exit(int exitcode, const char* format, va_list param) { session_cleanup(); } + if (svr_opts.hostkey) { + sign_key_free(svr_opts.hostkey); + svr_opts.hostkey = NULL; + } + for (i = 0; i < DROPBEAR_MAX_PORTS; i++) { + m_free(svr_opts.addresses[i]); + m_free(svr_opts.ports[i]); + } + exit(exitcode); } diff --git a/svr-tcpfwd.c b/svr-tcpfwd.c index e5f219e..f2c4b93 100644 --- a/svr-tcpfwd.c +++ b/svr-tcpfwd.c @@ -270,7 +270,7 @@ static int newtcpdirect(struct Channel * channel) { } snprintf(portstring, sizeof(portstring), "%d", destport); - sock = connect_remote(desthost, portstring, 1, NULL); + sock = connect_remote(desthost, portstring, NULL); if (sock < 0) { err = SSH_OPEN_CONNECT_FAILED; TRACE(("leave newtcpdirect: sock failed")) diff --git a/svr-x11fwd.c b/svr-x11fwd.c index ceca26a..6400c06 100644 --- a/svr-x11fwd.c +++ b/svr-x11fwd.c @@ -175,7 +175,7 @@ void x11cleanup(struct ChanSess *chansess) { m_free(chansess->x11authprot); m_free(chansess->x11authcookie); - TRACE(("chansess %p", chansess)) + TRACE(("chansess %p", (void*)chansess)) if (chansess->x11listener != NULL) { remove_listener(chansess->x11listener); chansess->x11listener = NULL; diff --git a/sysoptions.h b/sysoptions.h index bec7246..03f4076 100644 --- a/sysoptions.h +++ b/sysoptions.h @@ -256,6 +256,9 @@ #define DROPBEAR_LISTEN_BACKLOG MAX_CHANNELS #endif +/* free memory before exiting */ +#define DROPBEAR_CLEANUP + /* Use this string since some implementations might special-case it */ #define DROPBEAR_KEEPALIVE_STRING "keepalive@openssh.com" diff --git a/tcpfwd.h b/tcpfwd.h index 654664c..51a1575 100644 --- a/tcpfwd.h +++ b/tcpfwd.h @@ -21,8 +21,8 @@ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _TCPFWD_H -#define _TCPFWD_H +#ifndef DROPBEAR_TCPFWD_H +#define DROPBEAR_TCPFWD_H #include "channel.h" #include "list.h" diff --git a/termcodes.h b/termcodes.h index 00792ea..cd76b7f 100644 --- a/termcodes.h +++ b/termcodes.h @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _TERMCODES_H_ -#define _TERMCODES_H_ +#ifndef DROPBEAR_TERMCODES_H_ +#define DROPBEAR_TERMCODES_H_ #define TERMCODE_NONE 0 #define TERMCODE_CONTROL 1 @@ -43,4 +43,4 @@ struct TermCode { extern const struct TermCode termcodes[]; -#endif /* _TERMCODES_H_ */ +#endif /* DROPBEAR_TERMCODES_H_ */ diff --git a/x11fwd.h b/x11fwd.h index 5855a68..e142226 100644 --- a/x11fwd.h +++ b/x11fwd.h @@ -21,8 +21,8 @@ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _X11FWD_H_ -#define _X11FWD_H_ +#ifndef DROPBEAR__X11FWD_H_ +#define DROPBEAR__X11FWD_H_ #ifndef DISABLE_X11FWD #include "includes.h" @@ -34,4 +34,4 @@ void x11setauth(struct ChanSess *chansess); void x11cleanup(struct ChanSess *chansess); #endif /* DROPBEAR_X11FWD */ -#endif /* _X11FWD_H_ */ +#endif /* DROPBEAR__X11FWD_H_ */