Add Solar Designer's additional fixes to buffer management.

author: Jacques Vidrine <nectar@FreeBSD.org> 2003-09-17 16:07:48 +0000
committer: Jacques Vidrine <nectar@FreeBSD.org> 2003-09-17 16:07:48 +0000
commit: 17f5a3c9fe04b53e16e5e42247e2cb8c0fb38d2f (patch)
tree: 33b79f1b18d452ba14981f3e0538e9720e2b8b90 /security/hpn-ssh
parent: - Securitry Fix revision 2 (diff)
5 files changed, 126 insertions, 9 deletions
diff --git a/security/hpn-ssh/Makefile b/security/hpn-ssh/Makefile
index 069488921658..11edb8aa95e1 100644
--- a/security/hpn-ssh/Makefile
+++ b/security/hpn-ssh/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	openssh
 PORTVERSION=	3.6.1p2
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	security ipv6
 MASTER_SITES=	ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \
 		ftp://carroll.cac.psu.edu/pub/OpenBSD/OpenSSH/portable/
diff --git a/security/hpn-ssh/files/patch-deattack.c b/security/hpn-ssh/files/patch-deattack.c
new file mode 100644
index 000000000000..987f1d2f959b
--- /dev/null
+++ b/security/hpn-ssh/files/patch-deattack.c
@@ -0,0 +1,17 @@
+--- deattack.c	Tue Mar  5 01:53:05 2002
++++ deattack.c	Wed Sep 17 00:18:30 2003
+@@ -100,12 +100,12 @@ detect_attack(u_char *buf, u_int32_t len
+ 
+ 	if (h == NULL) {
+ 		debug("Installing crc compensation attack detector.");
++		h = (u_int16_t *) xmalloc(l * HASH_ENTRYSIZE);
+ 		n = l;
+-		h = (u_int16_t *) xmalloc(n * HASH_ENTRYSIZE);
+ 	} else {
+ 		if (l > n) {
++			h = (u_int16_t *) xrealloc(h, l * HASH_ENTRYSIZE);
+ 			n = l;
+-			h = (u_int16_t *) xrealloc(h, n * HASH_ENTRYSIZE);
+ 		}
+ 	}
+ 
diff --git a/security/hpn-ssh/files/patch-misc.c b/security/hpn-ssh/files/patch-misc.c
new file mode 100644
index 000000000000..b40e6d62ba4c
--- /dev/null
+++ b/security/hpn-ssh/files/patch-misc.c
@@ -0,0 +1,28 @@
+--- misc.c	Mon Dec 23 02:44:36 2002
++++ misc.c	Wed Sep 17 00:50:27 2003
+@@ -308,18 +308,21 @@ addargs(arglist *args, char *fmt, ...)
+ {
+ 	va_list ap;
+ 	char buf[1024];
++	int nalloc;
+ 
+ 	va_start(ap, fmt);
+ 	vsnprintf(buf, sizeof(buf), fmt, ap);
+ 	va_end(ap);
+ 
++	nalloc = args->nalloc;
+ 	if (args->list == NULL) {
+-		args->nalloc = 32;
++		nalloc = 32;
+ 		args->num = 0;
+-	} else if (args->num+2 >= args->nalloc)
+-		args->nalloc *= 2;
++	} else if (args->num+2 >= nalloc)
++		nalloc *= 2;
+ 
+-	args->list = xrealloc(args->list, args->nalloc * sizeof(char *));
++	args->list = xrealloc(args->list, nalloc * sizeof(char *));
++	args->nalloc = nalloc;
+ 	args->list[args->num++] = xstrdup(buf);
+ 	args->list[args->num] = NULL;
+ }
diff --git a/security/hpn-ssh/files/patch-session.c b/security/hpn-ssh/files/patch-session.c
index 251def26cdcc..c8baec2e3163 100644
--- a/security/hpn-ssh/files/patch-session.c
+++ b/security/hpn-ssh/files/patch-session.c
@@ -1,5 +1,5 @@
---- session.c.orig	Fri Mar 21 02:15:18 2003
-+++ session.c	Mon Mar 31 16:10:35 2003
+--- session.c.orig	Thu Mar 20 19:18:09 2003
++++ session.c	Wed Sep 17 11:05:26 2003
 @@ -64,6 +64,11 @@
  #define is_winnt       (GetVersion() < 0x80000000)
  #endif
@@ -237,7 +237,35 @@
  	return 0;
  }
  
-@@ -952,6 +1095,10 @@
+@@ -844,7 +987,7 @@
+ child_set_env(char ***envp, u_int *envsizep, const char *name,
+ 	const char *value)
+ {
+-	u_int i, namelen;
++	u_int i, namelen, envsize;
+ 	char **env;
+ 
+ 	/*
+@@ -862,12 +1005,14 @@
+ 		xfree(env[i]);
+ 	} else {
+ 		/* New variable.  Expand if necessary. */
+-		if (i >= (*envsizep) - 1) {
+-			if (*envsizep >= 1000)
++		envsize = *envsizep;
++		if (i >= envsize - 1) {
++			if (envsize >= 1000)
+ 				fatal("child_set_env: too many env vars,"
+ 				    " skipping: %.100s", name);
+-			(*envsizep) += 50;
+-			env = (*envp) = xrealloc(env, (*envsizep) * sizeof(char *));
++			envsize += 50;
++			env = (*envp) = xrealloc(env, envsize * sizeof(char *));
++			*envsizep = envsize;
+ 		}
+ 		/* Need to set the NULL pointer at end of array beyond the new slot. */
+ 		env[i + 1] = NULL;
+@@ -952,6 +1097,10 @@
  	char buf[256];
  	u_int i, envsize;
  	char **env, *laddr;
@@ -248,7 +276,7 @@
  	struct passwd *pw = s->pw;
  
  	/* Initialize the environment. */
-@@ -959,6 +1106,9 @@
+@@ -959,6 +1108,9 @@
  	env = xmalloc(envsize * sizeof(char *));
  	env[0] = NULL;
  
@@ -258,7 +286,7 @@
  #ifdef HAVE_CYGWIN
  	/*
  	 * The Windows environment contains some setting which are
-@@ -1003,9 +1153,21 @@
+@@ -1003,9 +1155,21 @@
  
  		/* Normal systems set SHELL by default. */
  		child_set_env(&env, &envsize, "SHELL", shell);
@@ -282,7 +310,7 @@
  
  	/* Set custom environment options from RSA authentication. */
  	if (!options.use_login) {
-@@ -1219,7 +1381,7 @@
+@@ -1219,7 +1383,7 @@
  		setpgid(0, 0);
  # endif
  		if (setusercontext(lc, pw, pw->pw_uid,
@@ -291,7 +319,7 @@
  			perror("unable to set user context");
  			exit(1);
  		}
-@@ -1382,7 +1544,7 @@
+@@ -1382,7 +1546,7 @@
  	 * initgroups, because at least on Solaris 2.3 it leaves file
  	 * descriptors open.
  	 */
@@ -300,7 +328,7 @@
  		close(i);
  
  	/*
-@@ -1412,6 +1574,31 @@
+@@ -1412,6 +1576,31 @@
  			exit(1);
  #endif
  	}
diff --git a/security/hpn-ssh/files/patch-ssh-agent.c b/security/hpn-ssh/files/patch-ssh-agent.c
new file mode 100644
index 000000000000..f50ae308e03c
--- /dev/null
+++ b/security/hpn-ssh/files/patch-ssh-agent.c
@@ -0,0 +1,44 @@
+--- ssh-agent.c	Sat Mar 15 00:37:09 2003
++++ ssh-agent.c	Wed Sep 17 00:42:15 2003
+@@ -767,7 +767,7 @@ process_message(SocketEntry *e)
+ static void
+ new_socket(sock_type type, int fd)
+ {
+-	u_int i, old_alloc;
++	u_int i, old_alloc, new_alloc;
+ 
+ 	if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0)
+ 		error("fcntl O_NONBLOCK: %s", strerror(errno));
+@@ -778,25 +778,26 @@ new_socket(sock_type type, int fd)
+ 	for (i = 0; i < sockets_alloc; i++)
+ 		if (sockets[i].type == AUTH_UNUSED) {
+ 			sockets[i].fd = fd;
+-			sockets[i].type = type;
+ 			buffer_init(&sockets[i].input);
+ 			buffer_init(&sockets[i].output);
+ 			buffer_init(&sockets[i].request);
++			sockets[i].type = type;
+ 			return;
+ 		}
+ 	old_alloc = sockets_alloc;
+-	sockets_alloc += 10;
++	new_alloc = sockets_alloc + 10;
+ 	if (sockets)
+-		sockets = xrealloc(sockets, sockets_alloc * sizeof(sockets[0]));
++		sockets = xrealloc(sockets, new_alloc * sizeof(sockets[0]));
+ 	else
+-		sockets = xmalloc(sockets_alloc * sizeof(sockets[0]));
+-	for (i = old_alloc; i < sockets_alloc; i++)
++		sockets = xmalloc(new_alloc * sizeof(sockets[0]));
++	for (i = old_alloc; i < new_alloc; i++)
+ 		sockets[i].type = AUTH_UNUSED;
+-	sockets[old_alloc].type = type;
++	sockets_alloc = new_alloc;
+ 	sockets[old_alloc].fd = fd;
+ 	buffer_init(&sockets[old_alloc].input);
+ 	buffer_init(&sockets[old_alloc].output);
+ 	buffer_init(&sockets[old_alloc].request);
++	sockets[old_alloc].type = type;
+ }
+ 
+ static int
author	Jacques Vidrine <nectar@FreeBSD.org>	2003-09-17 16:07:48 +0000
committer	Jacques Vidrine <nectar@FreeBSD.org>	2003-09-17 16:07:48 +0000
commit	17f5a3c9fe04b53e16e5e42247e2cb8c0fb38d2f (patch)
tree	33b79f1b18d452ba14981f3e0538e9720e2b8b90 /security/hpn-ssh
parent	- Securitry Fix revision 2 (diff)