From bacf67e6ca3931195d8874d7bf269cbea204a325 Mon Sep 17 00:00:00 2001 From: nectar Date: Wed, 17 Sep 2003 14:36:14 +0000 Subject: Correct more cases of allocation size bookkeeping being updated before calling functions which can potentially fail and cause cleanups to be invoked. Submitted by: Solar Designer --- crypto/openssh/session.c | 16 +++++++++------- crypto/openssh/ssh-agent.c | 15 ++++++++------- crypto/openssh/version.h | 2 +- 3 files changed, 18 insertions(+), 15 deletions(-) (limited to 'crypto/openssh') diff --git a/crypto/openssh/session.c b/crypto/openssh/session.c index 06ddb4c..f2d73a4 100644 --- a/crypto/openssh/session.c +++ b/crypto/openssh/session.c @@ -863,8 +863,9 @@ static void child_set_env(char ***envp, u_int *envsizep, const char *name, const char *value) { - u_int i, namelen; char **env; + u_int envsize; + u_int i, namelen; /* * Find the slot where the value should be stored. If the variable @@ -881,12 +882,13 @@ child_set_env(char ***envp, u_int *envsizep, const char *name, xfree(env[i]); } else { /* New variable. Expand if necessary. */ - if (i >= (*envsizep) - 1) { - if (*envsizep >= 1000) - fatal("child_set_env: too many env vars," - " skipping: %.100s", name); - (*envsizep) += 50; - env = (*envp) = xrealloc(env, (*envsizep) * sizeof(char *)); + envsize = *envsizep; + if (i >= envsize - 1) { + if (envsize >= 1000) + fatal("child_set_env: too many env vars"); + envsize += 50; + env = (*envp) = xrealloc(env, envsize * sizeof(char *)); + *envsizep = envsize; } /* Need to set the NULL pointer at end of array beyond the new slot. */ env[i + 1] = NULL; diff --git a/crypto/openssh/ssh-agent.c b/crypto/openssh/ssh-agent.c index 041105c..097fad9 100644 --- a/crypto/openssh/ssh-agent.c +++ b/crypto/openssh/ssh-agent.c @@ -768,7 +768,7 @@ process_message(SocketEntry *e) static void new_socket(sock_type type, int fd) { - u_int i, old_alloc; + u_int i, old_alloc, new_alloc; if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0) error("fcntl O_NONBLOCK: %s", strerror(errno)); @@ -779,25 +779,26 @@ new_socket(sock_type type, int fd) for (i = 0; i < sockets_alloc; i++) if (sockets[i].type == AUTH_UNUSED) { sockets[i].fd = fd; - sockets[i].type = type; buffer_init(&sockets[i].input); buffer_init(&sockets[i].output); buffer_init(&sockets[i].request); + sockets[i].type = type; return; } old_alloc = sockets_alloc; - sockets_alloc += 10; + new_alloc = sockets_alloc + 10; if (sockets) - sockets = xrealloc(sockets, sockets_alloc * sizeof(sockets[0])); + sockets = xrealloc(sockets, new_alloc * sizeof(sockets[0])); else - sockets = xmalloc(sockets_alloc * sizeof(sockets[0])); - for (i = old_alloc; i < sockets_alloc; i++) + sockets = xmalloc(new_alloc * sizeof(sockets[0])); + for (i = old_alloc; i < new_alloc; i++) sockets[i].type = AUTH_UNUSED; - sockets[old_alloc].type = type; + sockets_alloc = new_alloc; sockets[old_alloc].fd = fd; buffer_init(&sockets[old_alloc].input); buffer_init(&sockets[old_alloc].output); buffer_init(&sockets[old_alloc].request); + sockets[old_alloc].type = type; } static int diff --git a/crypto/openssh/version.h b/crypto/openssh/version.h index f4b3f9f..d07a692 100644 --- a/crypto/openssh/version.h +++ b/crypto/openssh/version.h @@ -5,7 +5,7 @@ #define SSH_VERSION (ssh_version_get()) #define SSH_VERSION_BASE "OpenSSH_3.6.1p1" -#define SSH_VERSION_ADDENDUM "FreeBSD-20030916" +#define SSH_VERSION_ADDENDUM "FreeBSD-20030917" const char *ssh_version_get(void); void ssh_version_set_addendum(const char *add); -- cgit v1.1