From 90dcef3d9e60f7f81193e433771bcb11e057cf11 Mon Sep 17 00:00:00 2001 From: Simon Tatham Date: Sat, 22 Nov 2014 09:58:15 +0000 Subject: [PATCH] Fix assorted memory leaks. All spotted by Coverity. --- ssh.c | 3 +++ sshshare.c | 16 ++++++++++++++-- windows/winshare.c | 2 ++ 3 files changed, 19 insertions(+), 2 deletions(-) diff --git a/ssh.c b/ssh.c index 093c40ec..d531dfd4 100644 --- a/ssh.c +++ b/ssh.c @@ -3867,6 +3867,7 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen, s->dlgret = verify_ssh_manual_host_key(ssh, fingerprint, NULL, NULL); if (s->dlgret == 0) { /* did not match */ bombout(("Host key did not appear in manually configured list")); + sfree(keystr); crStop(0); } else if (s->dlgret < 0) { /* none configured; use standard handling */ ssh_set_frozen(ssh, 1); @@ -3893,6 +3894,8 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen, NULL, 0, TRUE); crStop(0); } + } else { + sfree(keystr); } } diff --git a/sshshare.c b/sshshare.c index 5b88eb8e..df64d6fe 100644 --- a/sshshare.c +++ b/sshshare.c @@ -857,6 +857,7 @@ static void share_try_cleanup(struct ssh_sharing_connstate *cs) SSH2_MSG_GLOBAL_REQUEST, packet, pos, "cleanup after" " downstream went away"); + sfree(packet); share_remove_forwarding(cs, fwd); i--; /* don't accidentally skip one as a result */ @@ -1594,6 +1595,9 @@ static void share_got_pkt_from_downstream(struct ssh_sharing_connstate *cs, !ssh_agent_forwarding_permitted(cs->parent->ssh)) { unsigned server_id = GET_32BIT(pkt); unsigned char recipient_id[4]; + + sfree(request_name); + chan = share_find_channel_by_server(cs, server_id); if (chan) { PUT_32BIT(recipient_id, chan->downstream_id); @@ -1625,6 +1629,8 @@ static void share_got_pkt_from_downstream(struct ssh_sharing_connstate *cs, int auth_proto, protolen, datalen; int pos; + sfree(request_name); + chan = share_find_channel_by_server(cs, server_id); if (!chan) { char *buf = dupprintf("X11 forwarding request for " @@ -1646,16 +1652,19 @@ static void share_got_pkt_from_downstream(struct ssh_sharing_connstate *cs, want_reply = pkt[15] != 0; single_connection = pkt[16] != 0; auth_proto_str = getstring(pkt+17, pktlen-17); + auth_proto = x11_identify_auth_proto(auth_proto_str); + sfree(auth_proto_str); pos = 17 + getstring_size(pkt+17, pktlen-17); auth_data = getstring(pkt+pos, pktlen-pos); pos += getstring_size(pkt+pos, pktlen-pos); + if (pktlen < pos+4) { err = dupprintf("Truncated CHANNEL_REQUEST(\"x11\") packet"); + sfree(auth_data); goto confused; } screen = GET_32BIT(pkt+pos); - auth_proto = x11_identify_auth_proto(auth_proto_str); if (auth_proto < 0) { /* Reject due to not understanding downstream's * requested authorisation method. */ @@ -1668,6 +1677,7 @@ static void share_got_pkt_from_downstream(struct ssh_sharing_connstate *cs, chan->x11_auth_proto = auth_proto; chan->x11_auth_data = x11_dehexify(auth_data, &chan->x11_auth_datalen); + sfree(auth_data); chan->x11_auth_upstream = ssh_sharing_add_x11_display(cs->parent->ssh, auth_proto, cs, chan); @@ -1700,6 +1710,8 @@ static void share_got_pkt_from_downstream(struct ssh_sharing_connstate *cs, break; } + + sfree(request_name); } ssh_send_packet_from_downstream(cs->parent->ssh, cs->id, @@ -2099,7 +2111,7 @@ Socket ssh_connection_sharing_init(const char *host, int port, sharestate->connections = newtree234(share_connstate_cmp); sharestate->ssh = ssh; sharestate->server_verstring = NULL; - sharestate->sockname = dupstr(sockname); + sharestate->sockname = sockname; sharestate->nextid = 1; return NULL; } diff --git a/windows/winshare.c b/windows/winshare.c index a63325cb..2f21638e 100644 --- a/windows/winshare.c +++ b/windows/winshare.c @@ -157,6 +157,7 @@ int platform_ssh_share(const char *pi_name, Conf *conf, if (!make_private_security_descriptor(MUTEX_ALL_ACCESS, &psd, &acl, logtext)) { sfree(mutexname); + sfree(name); return SHARE_NONE; } @@ -171,6 +172,7 @@ int platform_ssh_share(const char *pi_name, Conf *conf, *logtext = dupprintf("CreateMutex(\"%s\") failed: %s", mutexname, win_strerror(GetLastError())); sfree(mutexname); + sfree(name); LocalFree(psd); LocalFree(acl); return SHARE_NONE;