diff options
author | nectar <nectar@FreeBSD.org> | 2003-09-17 16:07:48 +0000 |
---|---|---|
committer | nectar <nectar@FreeBSD.org> | 2003-09-17 16:07:48 +0000 |
commit | 028b5a13793bb71c6e7c142efade429712866719 (patch) | |
tree | 639716dd229fa0b4959edd222091c8837a5e7b43 /security/hpn-ssh | |
parent | ea3a16f7c51d6249b252a362627f4df7dfcdb5dd (diff) | |
download | FreeBSD-ports-028b5a13793bb71c6e7c142efade429712866719.zip FreeBSD-ports-028b5a13793bb71c6e7c142efade429712866719.tar.gz |
Add Solar Designer's additional fixes to buffer management.
Diffstat (limited to 'security/hpn-ssh')
-rw-r--r-- | security/hpn-ssh/Makefile | 2 | ||||
-rw-r--r-- | security/hpn-ssh/files/patch-deattack.c | 17 | ||||
-rw-r--r-- | security/hpn-ssh/files/patch-misc.c | 28 | ||||
-rw-r--r-- | security/hpn-ssh/files/patch-session.c | 44 | ||||
-rw-r--r-- | security/hpn-ssh/files/patch-ssh-agent.c | 44 |
5 files changed, 126 insertions, 9 deletions
diff --git a/security/hpn-ssh/Makefile b/security/hpn-ssh/Makefile index 0694889..11edb8a 100644 --- a/security/hpn-ssh/Makefile +++ b/security/hpn-ssh/Makefile @@ -7,7 +7,7 @@ PORTNAME= openssh PORTVERSION= 3.6.1p2 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= security ipv6 MASTER_SITES= ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \ ftp://carroll.cac.psu.edu/pub/OpenBSD/OpenSSH/portable/ diff --git a/security/hpn-ssh/files/patch-deattack.c b/security/hpn-ssh/files/patch-deattack.c new file mode 100644 index 0000000..987f1d2 --- /dev/null +++ b/security/hpn-ssh/files/patch-deattack.c @@ -0,0 +1,17 @@ +--- deattack.c Tue Mar 5 01:53:05 2002 ++++ deattack.c Wed Sep 17 00:18:30 2003 +@@ -100,12 +100,12 @@ detect_attack(u_char *buf, u_int32_t len + + if (h == NULL) { + debug("Installing crc compensation attack detector."); ++ h = (u_int16_t *) xmalloc(l * HASH_ENTRYSIZE); + n = l; +- h = (u_int16_t *) xmalloc(n * HASH_ENTRYSIZE); + } else { + if (l > n) { ++ h = (u_int16_t *) xrealloc(h, l * HASH_ENTRYSIZE); + n = l; +- h = (u_int16_t *) xrealloc(h, n * HASH_ENTRYSIZE); + } + } + diff --git a/security/hpn-ssh/files/patch-misc.c b/security/hpn-ssh/files/patch-misc.c new file mode 100644 index 0000000..b40e6d6 --- /dev/null +++ b/security/hpn-ssh/files/patch-misc.c @@ -0,0 +1,28 @@ +--- misc.c Mon Dec 23 02:44:36 2002 ++++ misc.c Wed Sep 17 00:50:27 2003 +@@ -308,18 +308,21 @@ addargs(arglist *args, char *fmt, ...) + { + va_list ap; + char buf[1024]; ++ int nalloc; + + va_start(ap, fmt); + vsnprintf(buf, sizeof(buf), fmt, ap); + va_end(ap); + ++ nalloc = args->nalloc; + if (args->list == NULL) { +- args->nalloc = 32; ++ nalloc = 32; + args->num = 0; +- } else if (args->num+2 >= args->nalloc) +- args->nalloc *= 2; ++ } else if (args->num+2 >= nalloc) ++ nalloc *= 2; + +- args->list = xrealloc(args->list, args->nalloc * sizeof(char *)); ++ args->list = xrealloc(args->list, nalloc * sizeof(char *)); ++ args->nalloc = nalloc; + args->list[args->num++] = xstrdup(buf); + args->list[args->num] = NULL; + } diff --git a/security/hpn-ssh/files/patch-session.c b/security/hpn-ssh/files/patch-session.c index 251def2..c8baec2 100644 --- a/security/hpn-ssh/files/patch-session.c +++ b/security/hpn-ssh/files/patch-session.c @@ -1,5 +1,5 @@ ---- session.c.orig Fri Mar 21 02:15:18 2003 -+++ session.c Mon Mar 31 16:10:35 2003 +--- session.c.orig Thu Mar 20 19:18:09 2003 ++++ session.c Wed Sep 17 11:05:26 2003 @@ -64,6 +64,11 @@ #define is_winnt (GetVersion() < 0x80000000) #endif @@ -237,7 +237,35 @@ return 0; } -@@ -952,6 +1095,10 @@ +@@ -844,7 +987,7 @@ + child_set_env(char ***envp, u_int *envsizep, const char *name, + const char *value) + { +- u_int i, namelen; ++ u_int i, namelen, envsize; + char **env; + + /* +@@ -862,12 +1005,14 @@ + xfree(env[i]); + } else { + /* New variable. Expand if necessary. */ +- if (i >= (*envsizep) - 1) { +- if (*envsizep >= 1000) ++ envsize = *envsizep; ++ if (i >= envsize - 1) { ++ if (envsize >= 1000) + fatal("child_set_env: too many env vars," + " skipping: %.100s", name); +- (*envsizep) += 50; +- env = (*envp) = xrealloc(env, (*envsizep) * sizeof(char *)); ++ envsize += 50; ++ env = (*envp) = xrealloc(env, envsize * sizeof(char *)); ++ *envsizep = envsize; + } + /* Need to set the NULL pointer at end of array beyond the new slot. */ + env[i + 1] = NULL; +@@ -952,6 +1097,10 @@ char buf[256]; u_int i, envsize; char **env, *laddr; @@ -248,7 +276,7 @@ struct passwd *pw = s->pw; /* Initialize the environment. */ -@@ -959,6 +1106,9 @@ +@@ -959,6 +1108,9 @@ env = xmalloc(envsize * sizeof(char *)); env[0] = NULL; @@ -258,7 +286,7 @@ #ifdef HAVE_CYGWIN /* * The Windows environment contains some setting which are -@@ -1003,9 +1153,21 @@ +@@ -1003,9 +1155,21 @@ /* Normal systems set SHELL by default. */ child_set_env(&env, &envsize, "SHELL", shell); @@ -282,7 +310,7 @@ /* Set custom environment options from RSA authentication. */ if (!options.use_login) { -@@ -1219,7 +1381,7 @@ +@@ -1219,7 +1383,7 @@ setpgid(0, 0); # endif if (setusercontext(lc, pw, pw->pw_uid, @@ -291,7 +319,7 @@ perror("unable to set user context"); exit(1); } -@@ -1382,7 +1544,7 @@ +@@ -1382,7 +1546,7 @@ * initgroups, because at least on Solaris 2.3 it leaves file * descriptors open. */ @@ -300,7 +328,7 @@ close(i); /* -@@ -1412,6 +1574,31 @@ +@@ -1412,6 +1576,31 @@ exit(1); #endif } diff --git a/security/hpn-ssh/files/patch-ssh-agent.c b/security/hpn-ssh/files/patch-ssh-agent.c new file mode 100644 index 0000000..f50ae30 --- /dev/null +++ b/security/hpn-ssh/files/patch-ssh-agent.c @@ -0,0 +1,44 @@ +--- ssh-agent.c Sat Mar 15 00:37:09 2003 ++++ ssh-agent.c Wed Sep 17 00:42:15 2003 +@@ -767,7 +767,7 @@ process_message(SocketEntry *e) + static void + new_socket(sock_type type, int fd) + { +- u_int i, old_alloc; ++ u_int i, old_alloc, new_alloc; + + if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0) + error("fcntl O_NONBLOCK: %s", strerror(errno)); +@@ -778,25 +778,26 @@ new_socket(sock_type type, int fd) + for (i = 0; i < sockets_alloc; i++) + if (sockets[i].type == AUTH_UNUSED) { + sockets[i].fd = fd; +- sockets[i].type = type; + buffer_init(&sockets[i].input); + buffer_init(&sockets[i].output); + buffer_init(&sockets[i].request); ++ sockets[i].type = type; + return; + } + old_alloc = sockets_alloc; +- sockets_alloc += 10; ++ new_alloc = sockets_alloc + 10; + if (sockets) +- sockets = xrealloc(sockets, sockets_alloc * sizeof(sockets[0])); ++ sockets = xrealloc(sockets, new_alloc * sizeof(sockets[0])); + else +- sockets = xmalloc(sockets_alloc * sizeof(sockets[0])); +- for (i = old_alloc; i < sockets_alloc; i++) ++ sockets = xmalloc(new_alloc * sizeof(sockets[0])); ++ for (i = old_alloc; i < new_alloc; i++) + sockets[i].type = AUTH_UNUSED; +- sockets[old_alloc].type = type; ++ sockets_alloc = new_alloc; + sockets[old_alloc].fd = fd; + buffer_init(&sockets[old_alloc].input); + buffer_init(&sockets[old_alloc].output); + buffer_init(&sockets[old_alloc].request); ++ sockets[old_alloc].type = type; + } + + static int |