X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=blobdiff_plain;f=sshshare.c;h=54d58a6624bfdb9b19b4d32afb37b2943e9e3751;hb=a8c4e67ff9ebdced0a4fb393f934b22cb5aae02f;hp=bd4602b5bb26400e56554facaea43b4558821cf7;hpb=bb78583ad29084f16db994d66895917e1b20346e;p=PuTTY.git diff --git a/sshshare.c b/sshshare.c index bd4602b5..54d58a66 100644 --- a/sshshare.c +++ b/sshshare.c @@ -517,6 +517,10 @@ void sharestate_free(void *v) share_connstate_free(cs); } freetree234(sharestate->connections); + if (sharestate->listensock) { + sk_close(sharestate->listensock); + sharestate->listensock = NULL; + } sfree(sharestate->server_verstring); sfree(sharestate->sockname); sfree(sharestate); @@ -853,6 +857,7 @@ static void share_try_cleanup(struct ssh_sharing_connstate *cs) SSH2_MSG_GLOBAL_REQUEST, packet, pos, "cleanup after" " downstream went away"); + sfree(packet); share_remove_forwarding(cs, fwd); i--; /* don't accidentally skip one as a result */ @@ -1590,6 +1595,9 @@ static void share_got_pkt_from_downstream(struct ssh_sharing_connstate *cs, !ssh_agent_forwarding_permitted(cs->parent->ssh)) { unsigned server_id = GET_32BIT(pkt); unsigned char recipient_id[4]; + + sfree(request_name); + chan = share_find_channel_by_server(cs, server_id); if (chan) { PUT_32BIT(recipient_id, chan->downstream_id); @@ -1621,6 +1629,8 @@ static void share_got_pkt_from_downstream(struct ssh_sharing_connstate *cs, int auth_proto, protolen, datalen; int pos; + sfree(request_name); + chan = share_find_channel_by_server(cs, server_id); if (!chan) { char *buf = dupprintf("X11 forwarding request for " @@ -1642,16 +1652,19 @@ static void share_got_pkt_from_downstream(struct ssh_sharing_connstate *cs, want_reply = pkt[15] != 0; single_connection = pkt[16] != 0; auth_proto_str = getstring(pkt+17, pktlen-17); + auth_proto = x11_identify_auth_proto(auth_proto_str); + sfree(auth_proto_str); pos = 17 + getstring_size(pkt+17, pktlen-17); auth_data = getstring(pkt+pos, pktlen-pos); pos += getstring_size(pkt+pos, pktlen-pos); + if (pktlen < pos+4) { err = dupprintf("Truncated CHANNEL_REQUEST(\"x11\") packet"); + sfree(auth_data); goto confused; } screen = GET_32BIT(pkt+pos); - auth_proto = x11_identify_auth_proto(auth_proto_str); if (auth_proto < 0) { /* Reject due to not understanding downstream's * requested authorisation method. */ @@ -1659,11 +1672,14 @@ static void share_got_pkt_from_downstream(struct ssh_sharing_connstate *cs, PUT_32BIT(recipient_id, chan->downstream_id); send_packet_to_downstream(cs, SSH2_MSG_CHANNEL_FAILURE, recipient_id, 4, NULL); + sfree(auth_data); + break; } chan->x11_auth_proto = auth_proto; chan->x11_auth_data = x11_dehexify(auth_data, &chan->x11_auth_datalen); + sfree(auth_data); chan->x11_auth_upstream = ssh_sharing_add_x11_display(cs->parent->ssh, auth_proto, cs, chan); @@ -1696,6 +1712,8 @@ static void share_got_pkt_from_downstream(struct ssh_sharing_connstate *cs, break; } + + sfree(request_name); } ssh_send_packet_from_downstream(cs->parent->ssh, cs->id, @@ -1763,7 +1781,7 @@ static int share_receive(Plug plug, int urgent, char *data, int len) crGetChar(c); if (c == '\012') break; - if (cs->recvlen > sizeof(cs->recvbuf)) { + if (cs->recvlen >= sizeof(cs->recvbuf)) { char *buf = dupprintf("Version string far too long\n"); share_disconnect(cs, buf); sfree(buf); @@ -1843,6 +1861,7 @@ static int share_listen_closing(Plug plug, const char *error_msg, ssh_sharing_logf(sharestate->ssh, 0, "listening socket: %s", error_msg); sk_close(sharestate->listensock); + sharestate->listensock = NULL; return 1; } @@ -2094,7 +2113,7 @@ Socket ssh_connection_sharing_init(const char *host, int port, sharestate->connections = newtree234(share_connstate_cmp); sharestate->ssh = ssh; sharestate->server_verstring = NULL; - sharestate->sockname = dupstr(sockname); + sharestate->sockname = sockname; sharestate->nextid = 1; return NULL; }