diff options
author | nectar <nectar@FreeBSD.org> | 2003-09-17 14:36:14 +0000 |
---|---|---|
committer | nectar <nectar@FreeBSD.org> | 2003-09-17 14:36:14 +0000 |
commit | bacf67e6ca3931195d8874d7bf269cbea204a325 (patch) | |
tree | c525a53d68d3652b2c3f23b11d6a4b2644005e41 /crypto | |
parent | 0c91aa7050a5a698cd77122c7a51de20355ce314 (diff) | |
download | FreeBSD-src-bacf67e6ca3931195d8874d7bf269cbea204a325.zip FreeBSD-src-bacf67e6ca3931195d8874d7bf269cbea204a325.tar.gz |
Correct more cases of allocation size bookkeeping being updated before
calling functions which can potentially fail and cause cleanups to be
invoked.
Submitted by: Solar Designer <solar@openwall.com>
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/openssh/session.c | 16 | ||||
-rw-r--r-- | crypto/openssh/ssh-agent.c | 15 | ||||
-rw-r--r-- | crypto/openssh/version.h | 2 |
3 files changed, 18 insertions, 15 deletions
diff --git a/crypto/openssh/session.c b/crypto/openssh/session.c index 06ddb4c..f2d73a4 100644 --- a/crypto/openssh/session.c +++ b/crypto/openssh/session.c @@ -863,8 +863,9 @@ static void child_set_env(char ***envp, u_int *envsizep, const char *name, const char *value) { - u_int i, namelen; char **env; + u_int envsize; + u_int i, namelen; /* * Find the slot where the value should be stored. If the variable @@ -881,12 +882,13 @@ child_set_env(char ***envp, u_int *envsizep, const char *name, xfree(env[i]); } else { /* New variable. Expand if necessary. */ - if (i >= (*envsizep) - 1) { - if (*envsizep >= 1000) - fatal("child_set_env: too many env vars," - " skipping: %.100s", name); - (*envsizep) += 50; - env = (*envp) = xrealloc(env, (*envsizep) * sizeof(char *)); + envsize = *envsizep; + if (i >= envsize - 1) { + if (envsize >= 1000) + fatal("child_set_env: too many env vars"); + envsize += 50; + env = (*envp) = xrealloc(env, envsize * sizeof(char *)); + *envsizep = envsize; } /* Need to set the NULL pointer at end of array beyond the new slot. */ env[i + 1] = NULL; diff --git a/crypto/openssh/ssh-agent.c b/crypto/openssh/ssh-agent.c index 041105c..097fad9 100644 --- a/crypto/openssh/ssh-agent.c +++ b/crypto/openssh/ssh-agent.c @@ -768,7 +768,7 @@ process_message(SocketEntry *e) static void new_socket(sock_type type, int fd) { - u_int i, old_alloc; + u_int i, old_alloc, new_alloc; if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0) error("fcntl O_NONBLOCK: %s", strerror(errno)); @@ -779,25 +779,26 @@ new_socket(sock_type type, int fd) for (i = 0; i < sockets_alloc; i++) if (sockets[i].type == AUTH_UNUSED) { sockets[i].fd = fd; - sockets[i].type = type; buffer_init(&sockets[i].input); buffer_init(&sockets[i].output); buffer_init(&sockets[i].request); + sockets[i].type = type; return; } old_alloc = sockets_alloc; - sockets_alloc += 10; + new_alloc = sockets_alloc + 10; if (sockets) - sockets = xrealloc(sockets, sockets_alloc * sizeof(sockets[0])); + sockets = xrealloc(sockets, new_alloc * sizeof(sockets[0])); else - sockets = xmalloc(sockets_alloc * sizeof(sockets[0])); - for (i = old_alloc; i < sockets_alloc; i++) + sockets = xmalloc(new_alloc * sizeof(sockets[0])); + for (i = old_alloc; i < new_alloc; i++) sockets[i].type = AUTH_UNUSED; - sockets[old_alloc].type = type; + sockets_alloc = new_alloc; sockets[old_alloc].fd = fd; buffer_init(&sockets[old_alloc].input); buffer_init(&sockets[old_alloc].output); buffer_init(&sockets[old_alloc].request); + sockets[old_alloc].type = type; } static int diff --git a/crypto/openssh/version.h b/crypto/openssh/version.h index f4b3f9f..d07a692 100644 --- a/crypto/openssh/version.h +++ b/crypto/openssh/version.h @@ -5,7 +5,7 @@ #define SSH_VERSION (ssh_version_get()) #define SSH_VERSION_BASE "OpenSSH_3.6.1p1" -#define SSH_VERSION_ADDENDUM "FreeBSD-20030916" +#define SSH_VERSION_ADDENDUM "FreeBSD-20030917" const char *ssh_version_get(void); void ssh_version_set_addendum(const char *add); |