xfree DSA blobs

author markus <markus@openbsd.org>

Thu, 27 Apr 2000 08:01:25 +0000 (08:01 +0000)

committer markus <markus@openbsd.org>

Thu, 27 Apr 2000 08:01:25 +0000 (08:01 +0000)
author markus <markus@openbsd.org>
Thu, 27 Apr 2000 08:01:25 +0000 (08:01 +0000)
committer markus <markus@openbsd.org>
Thu, 27 Apr 2000 08:01:25 +0000 (08:01 +0000)
diff --git a/usr.bin/ssh/auth2.c b/usr.bin/ssh/auth2.c

index b896bc2..35060a8 100644 (file)
--- a/usr.bin/ssh/auth2.c
+++ b/usr.bin/ssh/auth2.c
@@ -27,7 +27,7 @@
   * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
   */
  #include "includes.h"
-RCSID("$OpenBSD: auth2.c,v 1.1 2000/04/26 21:28:32 markus Exp $");
+RCSID("$OpenBSD: auth2.c,v 1.2 2000/04/27 08:01:25 markus Exp $");
  
  #include <openssl/dsa.h>
  #include <openssl/rsa.h>
@@ -237,38 +237,40 @@ ssh2_auth_pubkey(struct passwd *pw, unsigned char *raw, unsigned int rlen)
         }
         pkblob = packet_get_string(&blen);
         key = dsa_key_from_blob(pkblob, blen);
-       
-       if (have_sig && key != NULL) {
-               sig = packet_get_string(&slen);
-               packet_done();
-               buffer_init(&b);
-               buffer_append(&b, session_id2, session_id2_len);
-               buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
-               if (slen + 4 > rlen)
-                       fatal("bad rlen/slen");
-               buffer_append(&b, raw, rlen - slen - 4);
+       if (key != NULL) {
+               if (have_sig) {
+                       sig = packet_get_string(&slen);
+                       packet_done();
+                       buffer_init(&b);
+                       buffer_append(&b, session_id2, session_id2_len);
+                       buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
+                       if (slen + 4 > rlen)
+                               fatal("bad rlen/slen");
+                       buffer_append(&b, raw, rlen - slen - 4);
  #ifdef DEBUG_DSS
-               buffer_dump(&b);
+                       buffer_dump(&b);
  #endif
-               /* test for correct signature */
-               if (user_dsa_key_allowed(pw, key) &&
-                   dsa_verify(key, sig, slen, buffer_ptr(&b), buffer_len(&b)) == 1)
-                       authenticated = 1;
-               buffer_clear(&b);
-               xfree(sig);
-       } else if (!have_sig && key != NULL) {
-               packet_done();
-               debug("test key...");
-               /* test whether pkalg/pkblob are acceptable */
-               /* XXX fake reply and always send PK_OK ? */
-               if (user_dsa_key_allowed(pw, key)) {
-                       packet_start(SSH2_MSG_USERAUTH_PK_OK);
-                       packet_put_string(pkalg, alen);
-                       packet_put_string(pkblob, blen);
-                       packet_send();
-                       packet_write_wait();
-                       authenticated = -1;
+                       /* test for correct signature */
+                       if (user_dsa_key_allowed(pw, key) &&
+                           dsa_verify(key, sig, slen, buffer_ptr(&b), buffer_len(&b)) == 1)
+                               authenticated = 1;
+                       buffer_clear(&b);
+                       xfree(sig);
+               } else {
+                       packet_done();
+                       debug("test key...");
+                       /* test whether pkalg/pkblob are acceptable */
+                       /* XXX fake reply and always send PK_OK ? */
+                       if (user_dsa_key_allowed(pw, key)) {
+                               packet_start(SSH2_MSG_USERAUTH_PK_OK);
+                               packet_put_string(pkalg, alen);
+                               packet_put_string(pkblob, blen);
+                               packet_send();
+                               packet_write_wait();
+                               authenticated = -1;
+                       }
                 }
+               key_free(key);
         }
         xfree(pkalg);
         xfree(pkblob);
diff --git a/usr.bin/ssh/ssh-keygen.c b/usr.bin/ssh/ssh-keygen.c

index eae6650..51ff058 100644 (file)
--- a/usr.bin/ssh/ssh-keygen.c
+++ b/usr.bin/ssh/ssh-keygen.c
@@ -7,7 +7,7 @@
   */
  
  #include "includes.h"
-RCSID("$Id: ssh-keygen.c,v 1.20 2000/04/26 21:55:04 deraadt Exp $");
+RCSID("$Id: ssh-keygen.c,v 1.21 2000/04/27 08:01:27 markus Exp $");
  
  #include <openssl/evp.h>
  #include <openssl/pem.h>
@@ -130,6 +130,7 @@ do_convert_to_ssh2(struct passwd *pw)
         dump_base64(stdout, blob, len);
         fprintf(stdout, SSH_COM_MAGIC_END "\n");
         key_free(k);
+       xfree(blob);
         exit(0);
  }
  
@@ -206,6 +207,7 @@ do_print_public(struct passwd *pw)
         if (!key_write(k, stdout))
                 fprintf(stderr, "key_write failed");
         key_free(k);
+       xfree(blob);
         fprintf(stdout, "\n");
         exit(0);
  }
diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c

index e29eb49..1b64fb9 100644 (file)
--- a/usr.bin/ssh/sshconnect2.c
+++ b/usr.bin/ssh/sshconnect2.c
@@ -28,7 +28,7 @@
   */
  
  #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.2 2000/04/26 21:33:53 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.3 2000/04/27 08:01:27 markus Exp $");
  
  #include <openssl/bn.h>
  #include <openssl/rsa.h>
@@ -231,6 +231,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
             dh_server_pub,
             shared_secret
         );
+       xfree(server_host_key_blob);
         buffer_free(client_kexinit);
         buffer_free(server_kexinit);
         xfree(client_kexinit);
@@ -341,6 +342,7 @@ ssh2_try_pubkey(char *filename,
         buffer_put_char(&b, 1);
         buffer_put_cstring(&b, KEX_DSS); 
         buffer_put_string(&b, blob, bloblen);
+       xfree(blob);
  
         /* generate signature */
         dsa_sign(k, &signature, &slen, buffer_ptr(&b), buffer_len(&b));
diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c

index 4dbfa0a..14f3eb9 100644 (file)
--- a/usr.bin/ssh/sshd.c
+++ b/usr.bin/ssh/sshd.c
@@ -14,7 +14,7 @@
   */
  
  #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.110 2000/04/26 22:36:06 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.111 2000/04/27 08:01:28 markus Exp $");
  
  #include "xmalloc.h"
  #include "rsa.h"
@@ -1270,6 +1270,7 @@ do_ssh2_kex()
         memset(kbuf, 0, klen);
         xfree(kbuf);
  
+       /* XXX precompute? */
         dsa_make_key_blob(sensitive_data.dsa_host_key, &server_host_key_blob, &sbloblen);
  
         /* calc H */                    /* XXX depends on 'kex' */
@@ -1312,6 +1313,7 @@ do_ssh2_kex()
         packet_put_string((char *)signature, slen);
         packet_send();
         xfree(signature);
+       xfree(server_host_key_blob);
         packet_write_wait();
  
         kex_derive_keys(kex, hash, shared_secret);
author	markus <markus@openbsd.org>
	Thu, 27 Apr 2000 08:01:25 +0000 (08:01 +0000)
committer	markus <markus@openbsd.org>
	Thu, 27 Apr 2000 08:01:25 +0000 (08:01 +0000)
usr.bin/ssh/auth2.c		patch \| blob \| history
usr.bin/ssh/ssh-keygen.c		patch \| blob \| history
usr.bin/ssh/sshconnect2.c		patch \| blob \| history
usr.bin/ssh/sshd.c		patch \| blob \| history