Some packet error messages show the address of the peer, but might be

generated after the socket to the peer has suffered a TCP reset. In
these cases, getpeername() won't work so cache the address earlier.

spotted in the wild via deraadt@ and tedu@

1 files changed, 7 insertions, 5 deletions

diff --git a/usr.bin/ssh/packet.c b/usr.bin/ssh/packet.c
index e0100e9aedd..3e38e889e5b 100644
--- a/usr.bin/ssh/packet.c
+++ b/usr.bin/ssh/packet.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.c,v 1.206 2015/02/09 23:22:37 jsg Exp $ */
+/* $OpenBSD: packet.c,v 1.207 2015/02/11 01:20:38 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -284,11 +284,15 @@ ssh_packet_set_connection(struct ssh *ssh, int fd_in, int fd_out)
 	    (r = cipher_init(&state->receive_context, none,
 	    (const u_char *)"", 0, NULL, 0, CIPHER_DECRYPT)) != 0) {
 		error("%s: cipher_init failed: %s", __func__, ssh_err(r));
-		free(ssh);
 		return NULL;
 	}
 	state->newkeys[MODE_IN] = state->newkeys[MODE_OUT] = NULL;
 	deattack_init(&state->deattack);
+	/*
+	 * Cache the IP address of the remote connection for use in error
+	 * messages that might be generated after the connection has closed.
+	 */
+	(void)ssh_remote_ipaddr(ssh);
 	return ssh;
 }
 
@@ -1263,10 +1267,8 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
 	 * Since we are blocking, ensure that all written packets have
 	 * been sent.
 	 */
-	if ((r = ssh_packet_write_wait(ssh)) != 0) {
-		free(setp);
+	if ((r = ssh_packet_write_wait(ssh)) != 0)
 		return r;
-	}
 
 	/* Stay in the loop until we have received a complete packet. */
 	for (;;) {