diff options
| author |   djm <djm@openbsd.org> | 2009-01-22 09:46:01 +0000 |
|---|---|---|
| committer | djm <djm@openbsd.org> | 2009-01-22 09:46:01 +0000 |
| commit | d7e9630197a4ae75bae1857914791bc97e757580 (patch) | |
| tree | 7e26aea19a278f47333ab1dc671cf86edc92b354 | |
| parent | Call checkdisklabel() for labels built from native info. This will (diff) | |
| download | wireguard-openbsd-d7e9630197a4ae75bae1857914791bc97e757580.tar.xz wireguard-openbsd-d7e9630197a4ae75bae1857914791bc97e757580.zip | |
make Channel->path an allocated string, saving a few bytes here and
there and fixing bz#1380 in the process; ok markus@
| -rw-r--r-- | usr.bin/ssh/channels.c | 48 | ||||
| -rw-r--r-- | usr.bin/ssh/channels.h | 6 | ||||
| -rw-r--r-- | usr.bin/ssh/session.c | 4 |
3 files changed, 39 insertions, 19 deletions
diff --git a/usr.bin/ssh/channels.c b/usr.bin/ssh/channels.c index c9bc01e08bd..d01ff5620d7 100644 --- a/usr.bin/ssh/channels.c +++ b/usr.bin/ssh/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.292 2009/01/14 01:38:06 djm Exp $ */ +/* $OpenBSD: channels.c,v 1.293 2009/01/22 09:46:01 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -291,6 +291,7 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd, buffer_init(&c->input); buffer_init(&c->output); buffer_init(&c->extended); + c->path = NULL; c->ostate = CHAN_OUTPUT_OPEN; c->istate = CHAN_INPUT_OPEN; c->flags = 0; @@ -397,6 +398,10 @@ channel_free(Channel *c) xfree(c->remote_name); c->remote_name = NULL; } + if (c->path) { + xfree(c->path); + c->path = NULL; + } while ((cc = TAILQ_FIRST(&c->status_confirms)) != NULL) { if (cc->abandon_cb != NULL) cc->abandon_cb(c, cc->ctx); @@ -1030,9 +1035,13 @@ channel_decode_socks4(Channel *c, fd_set *readset, fd_set *writeset) strlcpy(username, p, sizeof(username)); buffer_consume(&c->input, len); + if (c->path != NULL) { + xfree(c->path); + c->path = NULL; + } if (need == 1) { /* SOCKS4: one string */ host = inet_ntoa(s4_req.dest_addr); - strlcpy(c->path, host, sizeof(c->path)); + c->path = xstrdup(host); } else { /* SOCKS4A: two strings */ have = buffer_len(&c->input); p = buffer_ptr(&c->input); @@ -1043,11 +1052,12 @@ channel_decode_socks4(Channel *c, fd_set *readset, fd_set *writeset) if (len > have) fatal("channel %d: decode socks4a: len %d > have %d", c->self, len, have); - if (strlcpy(c->path, p, sizeof(c->path)) >= sizeof(c->path)) { + if (len > NI_MAXHOST) { error("channel %d: hostname \"%.100s\" too long", c->self, p); return -1; } + c->path = xstrdup(p); buffer_consume(&c->input, len); } c->host_port = ntohs(s4_req.dest_port); @@ -1088,7 +1098,7 @@ channel_decode_socks5(Channel *c, fd_set *readset, fd_set *writeset) u_int8_t atyp; } s5_req, s5_rsp; u_int16_t dest_port; - u_char *p, dest_addr[255+1]; + u_char *p, dest_addr[255+1], ntop[INET6_ADDRSTRLEN]; u_int have, need, i, found, nmethods, addrlen, af; debug2("channel %d: decode socks5", c->self); @@ -1161,10 +1171,22 @@ channel_decode_socks5(Channel *c, fd_set *readset, fd_set *writeset) buffer_get(&c->input, (char *)&dest_addr, addrlen); buffer_get(&c->input, (char *)&dest_port, 2); dest_addr[addrlen] = '\0'; - if (s5_req.atyp == SSH_SOCKS5_DOMAIN) - strlcpy(c->path, (char *)dest_addr, sizeof(c->path)); - else if (inet_ntop(af, dest_addr, c->path, sizeof(c->path)) == NULL) - return -1; + if (c->path != NULL) { + xfree(c->path); + c->path = NULL; + } + if (s5_req.atyp == SSH_SOCKS5_DOMAIN) { + if (addrlen > NI_MAXHOST - 1) { + error("channel %d: dynamic request: socks5 hostname " + "\"%.100s\" too long", c->self, dest_addr); + return -1; + } + c->path = xstrdup(dest_addr); + } else { + if (inet_ntop(af, dest_addr, ntop, sizeof(ntop)) == NULL) + return -1; + c->path = xstrdup(ntop); + } c->host_port = ntohs(dest_port); debug2("channel %d: dynamic request: socks5 host %s port %u command %u", @@ -1393,7 +1415,8 @@ channel_post_port_listener(Channel *c, fd_set *readset, fd_set *writeset) c->local_window_max, c->local_maxpacket, 0, rtype, 1); nc->listening_port = c->listening_port; nc->host_port = c->host_port; - strlcpy(nc->path, c->path, sizeof(nc->path)); + if (c->path != NULL) + nc->path = xstrdup(c->path); if (nextstate == SSH_CHANNEL_DYNAMIC) { /* @@ -2432,7 +2455,7 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por error("No forward host name."); return 0; } - if (strlen(host) > SSH_CHANNEL_PATH_LEN - 1) { + if (strlen(host) > NI_MAXHOST) { error("Forward host name too long."); return 0; } @@ -2529,7 +2552,7 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por c = channel_new("port listener", type, sock, sock, -1, CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "port listener", 1); - strlcpy(c->path, host, sizeof(c->path)); + c->path = xstrdup(host); c->host_port = port_to_connect; c->listening_port = listen_port; success = 1; @@ -2551,8 +2574,7 @@ channel_cancel_rport_listener(const char *host, u_short port) Channel *c = channels[i]; if (c != NULL && c->type == SSH_CHANNEL_RPORT_LISTENER && - strncmp(c->path, host, sizeof(c->path)) == 0 && - c->listening_port == port) { + strcmp(c->path, host) == 0 && c->listening_port == port) { debug2("%s: close channel %d", __func__, i); channel_free(c); found = 1; diff --git a/usr.bin/ssh/channels.h b/usr.bin/ssh/channels.h index d82e44f3f87..185b477b014 100644 --- a/usr.bin/ssh/channels.h +++ b/usr.bin/ssh/channels.h @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.h,v 1.96 2008/06/15 20:06:26 djm Exp $ */ +/* $OpenBSD: channels.h,v 1.97 2009/01/22 09:46:01 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -55,8 +55,6 @@ #define SSH_CHANNEL_ZOMBIE 14 /* Almost dead. */ #define SSH_CHANNEL_MAX_TYPE 15 -#define SSH_CHANNEL_PATH_LEN 256 - struct Channel; typedef struct Channel Channel; @@ -104,7 +102,7 @@ struct Channel { Buffer output; /* data received over encrypted connection for * send on socket */ Buffer extended; - char path[SSH_CHANNEL_PATH_LEN]; + char *path; /* path for unix domain sockets, or host name for forwards */ int listening_port; /* port being listened for forwards */ int host_port; /* remote port to connect for forwards */ diff --git a/usr.bin/ssh/session.c b/usr.bin/ssh/session.c index b5d36435bbb..9e86691c8f3 100644 --- a/usr.bin/ssh/session.c +++ b/usr.bin/ssh/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.244 2008/11/09 12:34:47 tobias Exp $ */ +/* $OpenBSD: session.c,v 1.245 2009/01/22 09:46:01 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -221,7 +221,7 @@ auth_input_request_forwarding(struct passwd * pw) SSH_CHANNEL_AUTH_SOCKET, sock, sock, -1, CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 0, "auth socket", 1); - strlcpy(nc->path, auth_sock_name, sizeof(nc->path)); + nc->path = xstrdup(auth_sock_name); return 1; authsock_err: |