X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=blobdiff_plain;f=pageant.c;h=2d9a740236739923800f4d2cfc79a540302c5fdb;hb=510f49e405e71ba5c97875e7a019364e1ef5fac9;hp=c008f008030b8619092f7eac3e74acf36decfe45;hpb=c8f83979a368d10e8def1796cdadd7f8f3bebf74;p=PuTTY.git diff --git a/pageant.c b/pageant.c index c008f008..2d9a7402 100644 --- a/pageant.c +++ b/pageant.c @@ -406,6 +406,7 @@ void *pageant_handle_msg(const void *msg, int msglen, int *outlen, if (i < 0) { freebn(reqkey.exponent); freebn(reqkey.modulus); + freebn(challenge); fail_reason = "request truncated before challenge"; goto failure; } @@ -1196,12 +1197,12 @@ void *pageant_get_keylist1(int *length) if (!pageant_local) { unsigned char request[5], *response; void *vresponse; - int resplen, retval; + int resplen; + request[4] = SSH1_AGENTC_REQUEST_RSA_IDENTITIES; PUT_32BIT(request, 1); - retval = agent_query(request, 5, &vresponse, &resplen, NULL, NULL); - assert(retval == 1); + agent_query_synchronous(request, 5, &vresponse, &resplen); response = vresponse; if (resplen < 5 || response[4] != SSH1_AGENT_RSA_IDENTITIES_ANSWER) { sfree(response); @@ -1227,13 +1228,12 @@ void *pageant_get_keylist2(int *length) if (!pageant_local) { unsigned char request[5], *response; void *vresponse; - int resplen, retval; + int resplen; request[4] = SSH2_AGENTC_REQUEST_IDENTITIES; PUT_32BIT(request, 1); - retval = agent_query(request, 5, &vresponse, &resplen, NULL, NULL); - assert(retval == 1); + agent_query_synchronous(request, 5, &vresponse, &resplen); response = vresponse; if (resplen < 5 || response[4] != SSH2_AGENT_IDENTITIES_ANSWER) { sfree(response); @@ -1313,11 +1313,15 @@ int pageant_add_keyfile(Filename *filename, const char *passphrase, if (keylist) { if (keylistlen < 4) { *retstr = dupstr("Received broken key list from agent"); + sfree(keylist); + sfree(blob); return PAGEANT_ACTION_FAILURE; } nkeys = toint(GET_32BIT(keylist)); if (nkeys < 0) { *retstr = dupstr("Received broken key list from agent"); + sfree(keylist); + sfree(blob); return PAGEANT_ACTION_FAILURE; } p = keylist + 4; @@ -1335,6 +1339,8 @@ int pageant_add_keyfile(Filename *filename, const char *passphrase, int n = rsa_public_blob_len(p, keylistlen); if (n < 0) { *retstr = dupstr("Received broken key list from agent"); + sfree(keylist); + sfree(blob); return PAGEANT_ACTION_FAILURE; } p += n; @@ -1343,11 +1349,18 @@ int pageant_add_keyfile(Filename *filename, const char *passphrase, int n; if (keylistlen < 4) { *retstr = dupstr("Received broken key list from agent"); + sfree(keylist); + sfree(blob); return PAGEANT_ACTION_FAILURE; } - n = toint(4 + GET_32BIT(p)); - if (n < 0 || keylistlen < n) { + n = GET_32BIT(p); + p += 4; + keylistlen -= 4; + + if (n < 0 || n > keylistlen) { *retstr = dupstr("Received broken key list from agent"); + sfree(keylist); + sfree(blob); return PAGEANT_ACTION_FAILURE; } p += n; @@ -1358,11 +1371,18 @@ int pageant_add_keyfile(Filename *filename, const char *passphrase, int n; if (keylistlen < 4) { *retstr = dupstr("Received broken key list from agent"); + sfree(keylist); + sfree(blob); return PAGEANT_ACTION_FAILURE; } - n = toint(4 + GET_32BIT(p)); - if (n < 0 || keylistlen < n) { + n = GET_32BIT(p); + p += 4; + keylistlen -= 4; + + if (n < 0 || n > keylistlen) { *retstr = dupstr("Received broken key list from agent"); + sfree(keylist); + sfree(blob); return PAGEANT_ACTION_FAILURE; } p += n; @@ -1409,6 +1429,7 @@ int pageant_add_keyfile(Filename *filename, const char *passphrase, * Run out of passphrases to try. */ *retstr = comment; + sfree(rkey); return PAGEANT_ACTION_NEED_PP; } } else @@ -1432,6 +1453,7 @@ int pageant_add_keyfile(Filename *filename, const char *passphrase, * a bad passphrase. */ *retstr = dupstr(error); + sfree(rkey); return PAGEANT_ACTION_FAILURE; } else if (ret == 1) { /* @@ -1471,7 +1493,7 @@ int pageant_add_keyfile(Filename *filename, const char *passphrase, if (!pageant_local) { unsigned char *request, *response; void *vresponse; - int reqlen, clen, resplen, ret; + int reqlen, clen, resplen; clen = strlen(rkey->comment); @@ -1504,19 +1526,24 @@ int pageant_add_keyfile(Filename *filename, const char *passphrase, reqlen += 4 + clen; PUT_32BIT(request, reqlen - 4); - ret = agent_query(request, reqlen, &vresponse, &resplen, - NULL, NULL); - assert(ret == 1); + agent_query_synchronous(request, reqlen, &vresponse, &resplen); response = vresponse; if (resplen < 5 || response[4] != SSH_AGENT_SUCCESS) { *retstr = dupstr("The already running Pageant " "refused to add the key."); + freersakey(rkey); + sfree(rkey); + sfree(request); + sfree(response); return PAGEANT_ACTION_FAILURE; } + freersakey(rkey); + sfree(rkey); sfree(request); sfree(response); } else { if (!pageant_add_ssh1_key(rkey)) { + freersakey(rkey); sfree(rkey); /* already present, don't waste RAM */ } } @@ -1524,7 +1551,7 @@ int pageant_add_keyfile(Filename *filename, const char *passphrase, if (!pageant_local) { unsigned char *request, *response; void *vresponse; - int reqlen, alglen, clen, keybloblen, resplen, ret; + int reqlen, alglen, clen, keybloblen, resplen; alglen = strlen(skey->alg->name); clen = strlen(skey->comment); @@ -1552,13 +1579,13 @@ int pageant_add_keyfile(Filename *filename, const char *passphrase, reqlen += clen + 4; PUT_32BIT(request, reqlen - 4); - ret = agent_query(request, reqlen, &vresponse, &resplen, - NULL, NULL); - assert(ret == 1); + agent_query_synchronous(request, reqlen, &vresponse, &resplen); response = vresponse; if (resplen < 5 || response[4] != SSH_AGENT_SUCCESS) { *retstr = dupstr("The already running Pageant " "refused to add the key."); + sfree(request); + sfree(response); return PAGEANT_ACTION_FAILURE; } @@ -1741,8 +1768,7 @@ int pageant_delete_key(struct pageant_pubkey *key, char **retstr) memcpy(request + 9, key->blob, key->bloblen); } - ret = agent_query(request, reqlen, &vresponse, &resplen, NULL, NULL); - assert(ret == 1); + agent_query_synchronous(request, reqlen, &vresponse, &resplen); response = vresponse; if (resplen < 5 || response[4] != SSH_AGENT_SUCCESS) { *retstr = dupstr("Agent failed to delete key"); @@ -1759,14 +1785,13 @@ int pageant_delete_key(struct pageant_pubkey *key, char **retstr) int pageant_delete_all_keys(char **retstr) { unsigned char request[5], *response; - int reqlen, resplen, success, ret; + int reqlen, resplen, success; void *vresponse; PUT_32BIT(request, 1); request[4] = SSH2_AGENTC_REMOVE_ALL_IDENTITIES; reqlen = 5; - ret = agent_query(request, reqlen, &vresponse, &resplen, NULL, NULL); - assert(ret == 1); + agent_query_synchronous(request, reqlen, &vresponse, &resplen); response = vresponse; success = (resplen >= 4 && response[4] == SSH_AGENT_SUCCESS); sfree(response); @@ -1778,8 +1803,7 @@ int pageant_delete_all_keys(char **retstr) PUT_32BIT(request, 1); request[4] = SSH1_AGENTC_REMOVE_ALL_RSA_IDENTITIES; reqlen = 5; - ret = agent_query(request, reqlen, &vresponse, &resplen, NULL, NULL); - assert(ret == 1); + agent_query_synchronous(request, reqlen, &vresponse, &resplen); response = vresponse; success = (resplen >= 4 && response[4] == SSH_AGENT_SUCCESS); sfree(response);