Fix assorted memory leaks.

All spotted by Coverity.

diff --git a/ssh.c b/ssh.c
index 093c40ec5cd8050160318e475283dd33fc41fff9..d531dfd49d2d95fc956f4f8e0635608f0d7099ca 100644 (file)
--- a/ssh.c
+++ b/ssh.c
@@ -3867,6 +3867,7 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen,
         s->dlgret = verify_ssh_manual_host_key(ssh, fingerprint, NULL, NULL);
         if (s->dlgret == 0) {          /* did not match */
             bombout(("Host key did not appear in manually configured list"));
+            sfree(keystr);
             crStop(0);
         } else if (s->dlgret < 0) { /* none configured; use standard handling */
             ssh_set_frozen(ssh, 1);
@@ -3893,6 +3894,8 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen,
                                NULL, 0, TRUE);
                 crStop(0);
             }
+        } else {
+            sfree(keystr);
         }
     }
 

diff --git a/sshshare.c b/sshshare.c
index 5b88eb8ed1d3965795ce35788727916e30db3243..df64d6fe150492894a03934326c0bafddace930f 100644 (file)
--- a/sshshare.c
+++ b/sshshare.c
@@ -857,6 +857,7 @@ static void share_try_cleanup(struct ssh_sharing_connstate *cs)
                                             SSH2_MSG_GLOBAL_REQUEST,
                                             packet, pos, "cleanup after"
                                             " downstream went away");
+            sfree(packet);
 
             share_remove_forwarding(cs, fwd);
             i--;    /* don't accidentally skip one as a result */
@@ -1594,6 +1595,9 @@ static void share_got_pkt_from_downstream(struct ssh_sharing_connstate *cs,
                 !ssh_agent_forwarding_permitted(cs->parent->ssh)) {
                 unsigned server_id = GET_32BIT(pkt);
                 unsigned char recipient_id[4];
+
+                sfree(request_name);
+
                 chan = share_find_channel_by_server(cs, server_id);
                 if (chan) {
                     PUT_32BIT(recipient_id, chan->downstream_id);
@@ -1625,6 +1629,8 @@ static void share_got_pkt_from_downstream(struct ssh_sharing_connstate *cs,
                 int auth_proto, protolen, datalen;
                 int pos;
 
+                sfree(request_name);
+
                 chan = share_find_channel_by_server(cs, server_id);
                 if (!chan) {
                     char *buf = dupprintf("X11 forwarding request for "
@@ -1646,16 +1652,19 @@ static void share_got_pkt_from_downstream(struct ssh_sharing_connstate *cs,
                 want_reply = pkt[15] != 0;
                 single_connection = pkt[16] != 0;
                 auth_proto_str = getstring(pkt+17, pktlen-17);
+                auth_proto = x11_identify_auth_proto(auth_proto_str);
+                sfree(auth_proto_str);
                 pos = 17 + getstring_size(pkt+17, pktlen-17);
                 auth_data = getstring(pkt+pos, pktlen-pos);
                 pos += getstring_size(pkt+pos, pktlen-pos);
+
                 if (pktlen < pos+4) {
                     err = dupprintf("Truncated CHANNEL_REQUEST(\"x11\") packet");
+                    sfree(auth_data);
                     goto confused;
                 }
                 screen = GET_32BIT(pkt+pos);
 
-                auth_proto = x11_identify_auth_proto(auth_proto_str);
                 if (auth_proto < 0) {
                     /* Reject due to not understanding downstream's
                      * requested authorisation method. */
@@ -1668,6 +1677,7 @@ static void share_got_pkt_from_downstream(struct ssh_sharing_connstate *cs,
                 chan->x11_auth_proto = auth_proto;
                 chan->x11_auth_data = x11_dehexify(auth_data,
                                                    &chan->x11_auth_datalen);
+                sfree(auth_data);
                 chan->x11_auth_upstream =
                     ssh_sharing_add_x11_display(cs->parent->ssh, auth_proto,
                                                 cs, chan);
@@ -1700,6 +1710,8 @@ static void share_got_pkt_from_downstream(struct ssh_sharing_connstate *cs,
 
                 break;
             }
+
+            sfree(request_name);
         }
 
         ssh_send_packet_from_downstream(cs->parent->ssh, cs->id,
@@ -2099,7 +2111,7 @@ Socket ssh_connection_sharing_init(const char *host, int port,
         sharestate->connections = newtree234(share_connstate_cmp);
         sharestate->ssh = ssh;
         sharestate->server_verstring = NULL;
-        sharestate->sockname = dupstr(sockname);
+        sharestate->sockname = sockname;
         sharestate->nextid = 1;
         return NULL;
     }

diff --git a/windows/winshare.c b/windows/winshare.c
index a63325cb8abd24bd200797bfcc04061dac55e6d4..2f21638e76c6c01b914a576291c171b4c0768156 100644 (file)
--- a/windows/winshare.c
+++ b/windows/winshare.c
@@ -157,6 +157,7 @@ int platform_ssh_share(const char *pi_name, Conf *conf,
         if (!make_private_security_descriptor(MUTEX_ALL_ACCESS,
                                               &psd, &acl, logtext)) {
             sfree(mutexname);
+            sfree(name);
             return SHARE_NONE;
         }
 
@@ -171,6 +172,7 @@ int platform_ssh_share(const char *pi_name, Conf *conf,
             *logtext = dupprintf("CreateMutex(\"%s\") failed: %s",
                                  mutexname, win_strerror(GetLastError()));
             sfree(mutexname);
+            sfree(name);
             LocalFree(psd);
             LocalFree(acl);
             return SHARE_NONE;