Unix Pageant: provide public-key extraction options.

[PuTTY.git] / sshshare.c

diff --git a/sshshare.c b/sshshare.c
index bd4602b5bb26400e56554facaea43b4558821cf7..54d58a6624bfdb9b19b4d32afb37b2943e9e3751 100644 (file)
--- a/sshshare.c
+++ b/sshshare.c
@@ -517,6 +517,10 @@ void sharestate_free(void *v)
         share_connstate_free(cs);
     }
     freetree234(sharestate->connections);
+    if (sharestate->listensock) {
+        sk_close(sharestate->listensock);
+        sharestate->listensock = NULL;
+    }
     sfree(sharestate->server_verstring);
     sfree(sharestate->sockname);
     sfree(sharestate);
@@ -853,6 +857,7 @@ static void share_try_cleanup(struct ssh_sharing_connstate *cs)
                                             SSH2_MSG_GLOBAL_REQUEST,
                                             packet, pos, "cleanup after"
                                             " downstream went away");
+            sfree(packet);
 
             share_remove_forwarding(cs, fwd);
             i--;    /* don't accidentally skip one as a result */
@@ -1590,6 +1595,9 @@ static void share_got_pkt_from_downstream(struct ssh_sharing_connstate *cs,
                 !ssh_agent_forwarding_permitted(cs->parent->ssh)) {
                 unsigned server_id = GET_32BIT(pkt);
                 unsigned char recipient_id[4];
+
+                sfree(request_name);
+
                 chan = share_find_channel_by_server(cs, server_id);
                 if (chan) {
                     PUT_32BIT(recipient_id, chan->downstream_id);
@@ -1621,6 +1629,8 @@ static void share_got_pkt_from_downstream(struct ssh_sharing_connstate *cs,
                 int auth_proto, protolen, datalen;
                 int pos;
 
+                sfree(request_name);
+
                 chan = share_find_channel_by_server(cs, server_id);
                 if (!chan) {
                     char *buf = dupprintf("X11 forwarding request for "
@@ -1642,16 +1652,19 @@ static void share_got_pkt_from_downstream(struct ssh_sharing_connstate *cs,
                 want_reply = pkt[15] != 0;
                 single_connection = pkt[16] != 0;
                 auth_proto_str = getstring(pkt+17, pktlen-17);
+                auth_proto = x11_identify_auth_proto(auth_proto_str);
+                sfree(auth_proto_str);
                 pos = 17 + getstring_size(pkt+17, pktlen-17);
                 auth_data = getstring(pkt+pos, pktlen-pos);
                 pos += getstring_size(pkt+pos, pktlen-pos);
+
                 if (pktlen < pos+4) {
                     err = dupprintf("Truncated CHANNEL_REQUEST(\"x11\") packet");
+                    sfree(auth_data);
                     goto confused;
                 }
                 screen = GET_32BIT(pkt+pos);
 
-                auth_proto = x11_identify_auth_proto(auth_proto_str);
                 if (auth_proto < 0) {
                     /* Reject due to not understanding downstream's
                      * requested authorisation method. */
@@ -1659,11 +1672,14 @@ static void share_got_pkt_from_downstream(struct ssh_sharing_connstate *cs,
                     PUT_32BIT(recipient_id, chan->downstream_id);
                     send_packet_to_downstream(cs, SSH2_MSG_CHANNEL_FAILURE,
                                               recipient_id, 4, NULL);
+                    sfree(auth_data);
+                    break;
                 }
 
                 chan->x11_auth_proto = auth_proto;
                 chan->x11_auth_data = x11_dehexify(auth_data,
                                                    &chan->x11_auth_datalen);
+                sfree(auth_data);
                 chan->x11_auth_upstream =
                     ssh_sharing_add_x11_display(cs->parent->ssh, auth_proto,
                                                 cs, chan);
@@ -1696,6 +1712,8 @@ static void share_got_pkt_from_downstream(struct ssh_sharing_connstate *cs,
 
                 break;
             }
+
+            sfree(request_name);
         }
 
         ssh_send_packet_from_downstream(cs->parent->ssh, cs->id,
@@ -1763,7 +1781,7 @@ static int share_receive(Plug plug, int urgent, char *data, int len)
         crGetChar(c);
         if (c == '\012')
             break;
-        if (cs->recvlen > sizeof(cs->recvbuf)) {
+        if (cs->recvlen >= sizeof(cs->recvbuf)) {
             char *buf = dupprintf("Version string far too long\n");
             share_disconnect(cs, buf);
             sfree(buf);
@@ -1843,6 +1861,7 @@ static int share_listen_closing(Plug plug, const char *error_msg,
         ssh_sharing_logf(sharestate->ssh, 0,
                          "listening socket: %s", error_msg);
     sk_close(sharestate->listensock);
+    sharestate->listensock = NULL;
     return 1;
 }
 
@@ -2094,7 +2113,7 @@ Socket ssh_connection_sharing_init(const char *host, int port,
         sharestate->connections = newtree234(share_connstate_cmp);
         sharestate->ssh = ssh;
         sharestate->server_verstring = NULL;
-        sharestate->sockname = dupstr(sockname);
+        sharestate->sockname = sockname;
         sharestate->nextid = 1;
         return NULL;
     }