Upgrade to 6.3p1.

Approved by:	re (gjb)

1 files changed, 58 insertions, 60 deletions

diff --git a/crypto/openssh/session.c b/crypto/openssh/session.c
index 315538e..6d25b87 100644
--- a/crypto/openssh/session.c
+++ b/crypto/openssh/session.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: session.c,v 1.261 2012/12/02 20:46:11 djm Exp $ */
+/* $OpenBSD: session.c,v 1.266 2013/07/19 07:37:48 markus Exp $ */
 /* $FreeBSD$ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -82,6 +82,7 @@ __RCSID("$FreeBSD$");
 #include "hostfile.h"
 #include "auth.h"
 #include "auth-options.h"
+#include "authfd.h"
 #include "pathnames.h"
 #include "log.h"
 #include "servconf.h"
@@ -201,7 +202,7 @@ auth_input_request_forwarding(struct passwd * pw)
 		packet_send_debug("Agent forwarding disabled: "
 		    "mkdtemp() failed: %.100s", strerror(errno));
 		restore_uid();
-		xfree(auth_sock_dir);
+		free(auth_sock_dir);
 		auth_sock_dir = NULL;
 		goto authsock_err;
 	}
@@ -249,11 +250,10 @@ auth_input_request_forwarding(struct passwd * pw)
 	return 1;
 
  authsock_err:
-	if (auth_sock_name != NULL)
-		xfree(auth_sock_name);
+	free(auth_sock_name);
 	if (auth_sock_dir != NULL) {
 		rmdir(auth_sock_dir);
-		xfree(auth_sock_dir);
+		free(auth_sock_dir);
 	}
 	if (sock != -1)
 		close(sock);
@@ -369,8 +369,8 @@ do_authenticated1(Authctxt *authctxt)
 			packet_check_eom();
 			success = session_setup_x11fwd(s);
 			if (!success) {
-				xfree(s->auth_proto);
-				xfree(s->auth_data);
+				free(s->auth_proto);
+				free(s->auth_data);
 				s->auth_proto = NULL;
 				s->auth_data = NULL;
 			}
@@ -417,7 +417,7 @@ do_authenticated1(Authctxt *authctxt)
 				if (do_exec(s, command) != 0)
 					packet_disconnect(
 					    "command execution failed");
-				xfree(command);
+				free(command);
 			} else {
 				if (do_exec(s, NULL) != 0)
 					packet_disconnect(
@@ -982,7 +982,7 @@ child_set_env(char ***envp, u_int *envsizep, const char *name,
 			break;
 	if (env[i]) {
 		/* Reuse the slot. */
-		xfree(env[i]);
+		free(env[i]);
 	} else {
 		/* New variable.  Expand if necessary. */
 		envsize = *envsizep;
@@ -1098,8 +1098,8 @@ read_etc_default_login(char ***env, u_int *envsize, uid_t uid)
 			umask((mode_t)mask);
 
 	for (i = 0; tmpenv[i] != NULL; i++)
-		xfree(tmpenv[i]);
-	xfree(tmpenv);
+		free(tmpenv[i]);
+	free(tmpenv);
 }
 #endif /* HAVE_ETC_DEFAULT_LOGIN */
 
@@ -1115,7 +1115,7 @@ copy_environment(char **source, char ***env, u_int *envsize)
 	for(i = 0; source[i] != NULL; i++) {
 		var_name = xstrdup(source[i]);
 		if ((var_val = strstr(var_name, "=")) == NULL) {
-			xfree(var_name);
+			free(var_name);
 			continue;
 		}
 		*var_val++ = '\0';
@@ -1123,7 +1123,7 @@ copy_environment(char **source, char ***env, u_int *envsize)
 		debug3("Copy environment: %s=%s", var_name, var_val);
 		child_set_env(env, envsize, var_name, var_val);
 
-		xfree(var_name);
+		free(var_name);
 	}
 }
 
@@ -1195,8 +1195,8 @@ do_setup_env(Session *s, const char *shell)
 		    LOGIN_SETENV|LOGIN_SETPATH);
 		copy_environment(environ, &env, &envsize);
 		for (var = environ; *var != NULL; ++var)
-			xfree(*var);
-		xfree(environ);
+			free(*var);
+		free(environ);
 		environ = senv;
 #else /* HAVE_LOGIN_CAP */
 # ifndef HAVE_CYGWIN
@@ -1235,8 +1235,8 @@ do_setup_env(Session *s, const char *shell)
 				child_set_env(&env, &envsize, str, str + i + 1);
 			}
 			custom_environment = ce->next;
-			xfree(ce->s);
-			xfree(ce);
+			free(ce->s);
+			free(ce);
 		}
 	}
 
@@ -1248,7 +1248,7 @@ do_setup_env(Session *s, const char *shell)
 	laddr = get_local_ipaddr(packet_get_connection_in());
 	snprintf(buf, sizeof buf, "%.50s %d %.50s %d",
 	    get_remote_ipaddr(), get_remote_port(), laddr, get_local_port());
-	xfree(laddr);
+	free(laddr);
 	child_set_env(&env, &envsize, "SSH_CONNECTION", buf);
 
 	if (s->ttyfd != -1)
@@ -1419,7 +1419,7 @@ do_nologin(struct passwd *pw)
 #endif
 	if (stat(nl, &sb) == -1) {
 		if (nl != def_nl)
-			xfree(nl);
+			free(nl);
 		return;
 	}
 
@@ -1529,6 +1529,9 @@ do_setusercontext(struct passwd *pw)
 			safely_chroot(chroot_path, pw->pw_uid);
 			free(tmp);
 			free(chroot_path);
+			/* Make sure we don't attempt to chroot again */
+			free(options.chroot_directory);
+			options.chroot_directory = NULL;
 		}
 
 #ifdef HAVE_LOGIN_CAP
@@ -1545,6 +1548,9 @@ do_setusercontext(struct passwd *pw)
 		/* Permanently switch to the desired uid. */
 		permanently_set_uid(pw);
 #endif
+	} else if (options.chroot_directory != NULL &&
+	    strcasecmp(options.chroot_directory, "none") != 0) {
+		fatal("server lacks privileges to chroot to ChrootDirectory");
 	}
 
 	if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
@@ -1600,6 +1606,13 @@ launch_login(struct passwd *pw, const char *hostname)
 static void
 child_close_fds(void)
 {
+	extern AuthenticationConnection *auth_conn;
+
+	if (auth_conn) {
+		ssh_close_authentication_connection(auth_conn);
+		auth_conn = NULL;
+	}
+
 	if (packet_get_connection_in() == packet_get_connection_out())
 		close(packet_get_connection_in());
 	else {
@@ -2064,7 +2077,7 @@ session_pty_req(Session *s)
 	s->ypixel = packet_get_int();
 
 	if (strcmp(s->term, "") == 0) {
-		xfree(s->term);
+		free(s->term);
 		s->term = NULL;
 	}
 
@@ -2072,8 +2085,7 @@ session_pty_req(Session *s)
 	debug("Allocating pty.");
 	if (!PRIVSEP(pty_allocate(&s->ptyfd, &s->ttyfd, s->tty,
 	    sizeof(s->tty)))) {
-		if (s->term)
-			xfree(s->term);
+		free(s->term);
 		s->term = NULL;
 		s->ptyfd = -1;
 		s->ttyfd = -1;
@@ -2134,7 +2146,7 @@ session_subsystem_req(Session *s)
 		logit("subsystem request for %.100s failed, subsystem not found",
 		    subsys);
 
-	xfree(subsys);
+	free(subsys);
 	return success;
 }
 
@@ -2156,8 +2168,8 @@ session_x11_req(Session *s)
 
 	success = session_setup_x11fwd(s);
 	if (!success) {
-		xfree(s->auth_proto);
-		xfree(s->auth_data);
+		free(s->auth_proto);
+		free(s->auth_data);
 		s->auth_proto = NULL;
 		s->auth_data = NULL;
 	}
@@ -2179,7 +2191,7 @@ session_exec_req(Session *s)
 	char *command = packet_get_string(&len);
 	packet_check_eom();
 	success = do_exec(s, command) == 0;
-	xfree(command);
+	free(command);
 	return success;
 }
 
@@ -2225,8 +2237,8 @@ session_env_req(Session *s)
 	debug2("Ignoring env request %s: disallowed name", name);
 
  fail:
-	xfree(name);
-	xfree(val);
+	free(name);
+	free(val);
 	return (0);
 }
 
@@ -2412,24 +2424,16 @@ session_close_single_x11(int id, void *arg)
 		if (s->x11_chanids[i] != id)
 			session_close_x11(s->x11_chanids[i]);
 	}
-	xfree(s->x11_chanids);
+	free(s->x11_chanids);
 	s->x11_chanids = NULL;
-	if (s->display) {
-		xfree(s->display);
-		s->display = NULL;
-	}
-	if (s->auth_proto) {
-		xfree(s->auth_proto);
-		s->auth_proto = NULL;
-	}
-	if (s->auth_data) {
-		xfree(s->auth_data);
-		s->auth_data = NULL;
-	}
-	if (s->auth_display) {
-		xfree(s->auth_display);
-		s->auth_display = NULL;
-	}
+	free(s->display);
+	s->display = NULL;
+	free(s->auth_proto);
+	s->auth_proto = NULL;
+	free(s->auth_data);
+	s->auth_data = NULL;
+	free(s->auth_display);
+	s->auth_display = NULL;
 }
 
 static void
@@ -2491,24 +2495,18 @@ session_close(Session *s)
 	debug("session_close: session %d pid %ld", s->self, (long)s->pid);
 	if (s->ttyfd != -1)
 		session_pty_cleanup(s);
-	if (s->term)
-		xfree(s->term);
-	if (s->display)
-		xfree(s->display);
-	if (s->x11_chanids)
-		xfree(s->x11_chanids);
-	if (s->auth_display)
-		xfree(s->auth_display);
-	if (s->auth_data)
-		xfree(s->auth_data);
-	if (s->auth_proto)
-		xfree(s->auth_proto);
+	free(s->term);
+	free(s->display);
+	free(s->x11_chanids);
+	free(s->auth_display);
+	free(s->auth_data);
+	free(s->auth_proto);
 	if (s->env != NULL) {
 		for (i = 0; i < s->num_env; i++) {
-			xfree(s->env[i].name);
-			xfree(s->env[i].val);
+			free(s->env[i].name);
+			free(s->env[i].val);
 		}
-		xfree(s->env);
+		free(s->env);
 	}
 	session_proctitle(s);
 	session_unused(s->self);