From a5fc95b715256a7db4492ccf6872788613f105c4 Mon Sep 17 00:00:00 2001
From: Simon Tatham <anakin@pobox.com>
Date: Fri, 15 May 2015 10:12:06 +0100
Subject: [PATCH] Const-correctness of name fields in struct ssh_*.

All the name strings in ssh_cipher, ssh_mac, ssh_hash, ssh_signkey
point to compile-time string literals, hence should obviously be const
char *.

Most of these const-correctness patches are just a mechanical job of
adding a 'const' in the one place you need it right now, and then
chasing the implications through the code adding further consts until
it compiles. But this one has actually shown up a bug: the 'algorithm'
output parameter in ssh2_userkey_loadpub was sometimes returning a
pointer to a string literal, and sometimes a pointer to dynamically
allocated memory, so callers were forced to either sometimes leak
memory or sometimes free a bad thing. Now it's consistently
dynamically allocated, and should be freed everywhere too.
---
 cmdgen.c          |  1 +
 macosx/osxdlg.m   |  4 ++--
 putty.h           |  4 ++--
 ssh.c             |  1 +
 ssh.h             | 16 ++++++++--------
 sshpubk.c         |  2 +-
 unix/gtkdlg.c     |  4 ++--
 unix/uxcons.c     |  4 ++--
 windows/wincons.c |  4 ++--
 windows/windlg.c  |  4 ++--
 10 files changed, 23 insertions(+), 21 deletions(-)

diff --git a/cmdgen.c b/cmdgen.c
index df3fd9af..3d51347b 100644
--- a/cmdgen.c
+++ b/cmdgen.c
@@ -790,6 +790,7 @@ int main(int argc, char **argv)
                     else
                         bits = -1;
                 }
+                sfree(ssh2alg);
 	    } else {
 		ssh2key = ssh2_load_userkey(infilename, passphrase, &error);
 	    }
diff --git a/macosx/osxdlg.m b/macosx/osxdlg.m
index 295b6755..09407819 100644
--- a/macosx/osxdlg.m
+++ b/macosx/osxdlg.m
@@ -410,8 +410,8 @@ static void verify_ssh_host_key_callback(void *ctx, int result)
     sfree(state);
 }
 
-int verify_ssh_host_key(void *frontend, char *host, int port, char *keytype,
-                        char *keystr, char *fingerprint,
+int verify_ssh_host_key(void *frontend, char *host, int port,
+                        const char *keytype, char *keystr, char *fingerprint,
                         void (*callback)(void *ctx, int result), void *ctx)
 {
     static const char absenttxt[] =
diff --git a/putty.h b/putty.h
index 6351a78f..60a0b9fc 100644
--- a/putty.h
+++ b/putty.h
@@ -1193,8 +1193,8 @@ void pgp_fingerprints(void);
  *    back via the provided function with a result that's either 0
  *    or +1'.
  */
-int verify_ssh_host_key(void *frontend, char *host, int port, char *keytype,
-                        char *keystr, char *fingerprint,
+int verify_ssh_host_key(void *frontend, char *host, int port,
+                        const char *keytype, char *keystr, char *fingerprint,
                         void (*callback)(void *ctx, int result), void *ctx);
 /*
  * askalg has the same set of return values as verify_ssh_host_key.
diff --git a/ssh.c b/ssh.c
index 0f4712d8..db820050 100644
--- a/ssh.c
+++ b/ssh.c
@@ -10275,6 +10275,7 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
 
     /* Clear up various bits and pieces from authentication. */
     if (s->publickey_blob) {
+	sfree(s->publickey_algorithm);
 	sfree(s->publickey_blob);
 	sfree(s->publickey_comment);
     }
diff --git a/ssh.h b/ssh.h
index 272bc8b9..ffa88665 100644
--- a/ssh.h
+++ b/ssh.h
@@ -293,7 +293,7 @@ struct ssh_cipher {
     void (*encrypt) (void *, unsigned char *blk, int len);
     void (*decrypt) (void *, unsigned char *blk, int len);
     int blksize;
-    char *text_name;
+    const char *text_name;
 };
 
 struct ssh2_cipher {
@@ -308,7 +308,7 @@ struct ssh2_cipher {
     int keylen;
     unsigned int flags;
 #define SSH_CIPHER_IS_CBC	1
-    char *text_name;
+    const char *text_name;
 };
 
 struct ssh2_ciphers {
@@ -328,9 +328,9 @@ struct ssh_mac {
     void (*bytes) (void *, unsigned char const *, int);
     void (*genresult) (void *, unsigned char *);
     int (*verresult) (void *, unsigned char const *);
-    char *name, *etm_name;
+    const char *name, *etm_name;
     int len;
-    char *text_name;
+    const char *text_name;
 };
 
 struct ssh_hash {
@@ -338,7 +338,7 @@ struct ssh_hash {
     void (*bytes)(void *, const void *, int);
     void (*final)(void *, unsigned char *); /* also frees context */
     int hlen; /* output length in bytes */
-    char *text_name;
+    const char *text_name;
 };   
 
 struct ssh_kex {
@@ -379,8 +379,8 @@ struct ssh_signkey {
 		      const char *data, int datalen);
     unsigned char *(*sign) (void *key, const char *data, int datalen,
 			    int *siglen);
-    char *name;
-    char *keytype;		       /* for host key cache */
+    const char *name;
+    const char *keytype;               /* for host key cache */
 };
 
 struct ssh_compress {
@@ -397,7 +397,7 @@ struct ssh_compress {
     int (*decompress) (void *, unsigned char *block, int len,
 		       unsigned char **outblock, int *outlen);
     int (*disable_compression) (void *);
-    char *text_name;
+    const char *text_name;
 };
 
 struct ssh2_userkey {
diff --git a/sshpubk.c b/sshpubk.c
index e5952a0a..2070fe41 100644
--- a/sshpubk.c
+++ b/sshpubk.c
@@ -1191,7 +1191,7 @@ unsigned char *ssh2_userkey_loadpub(const Filename *filename, char **algorithm,
     if (pub_blob_len)
 	*pub_blob_len = public_blob_len;
     if (algorithm)
-	*algorithm = alg->name;
+	*algorithm = dupstr(alg->name);
     return public_blob;
 
     /*
diff --git a/unix/gtkdlg.c b/unix/gtkdlg.c
index 19061988..8007b75c 100644
--- a/unix/gtkdlg.c
+++ b/unix/gtkdlg.c
@@ -3257,8 +3257,8 @@ int reallyclose(void *frontend)
     return ret;
 }
 
-int verify_ssh_host_key(void *frontend, char *host, int port, char *keytype,
-                        char *keystr, char *fingerprint,
+int verify_ssh_host_key(void *frontend, char *host, int port,
+                        const char *keytype, char *keystr, char *fingerprint,
                         void (*callback)(void *ctx, int result), void *ctx)
 {
     static const char absenttxt[] =
diff --git a/unix/uxcons.c b/unix/uxcons.c
index 882d2c9b..ea6297c4 100644
--- a/unix/uxcons.c
+++ b/unix/uxcons.c
@@ -74,8 +74,8 @@ void timer_change_notify(unsigned long next)
 {
 }
 
-int verify_ssh_host_key(void *frontend, char *host, int port, char *keytype,
-                        char *keystr, char *fingerprint,
+int verify_ssh_host_key(void *frontend, char *host, int port,
+                        const char *keytype, char *keystr, char *fingerprint,
                         void (*callback)(void *ctx, int result), void *ctx)
 {
     int ret;
diff --git a/windows/wincons.c b/windows/wincons.c
index 508be3f8..a470e744 100644
--- a/windows/wincons.c
+++ b/windows/wincons.c
@@ -45,8 +45,8 @@ void timer_change_notify(unsigned long next)
 {
 }
 
-int verify_ssh_host_key(void *frontend, char *host, int port, char *keytype,
-                        char *keystr, char *fingerprint,
+int verify_ssh_host_key(void *frontend, char *host, int port,
+                        const char *keytype, char *keystr, char *fingerprint,
                         void (*callback)(void *ctx, int result), void *ctx)
 {
     int ret;
diff --git a/windows/windlg.c b/windows/windlg.c
index aadf88ea..c6e9c85e 100644
--- a/windows/windlg.c
+++ b/windows/windlg.c
@@ -745,8 +745,8 @@ void showabout(HWND hwnd)
     DialogBox(hinst, MAKEINTRESOURCE(IDD_ABOUTBOX), hwnd, AboutProc);
 }
 
-int verify_ssh_host_key(void *frontend, char *host, int port, char *keytype,
-                        char *keystr, char *fingerprint,
+int verify_ssh_host_key(void *frontend, char *host, int port,
+                        const char *keytype, char *keystr, char *fingerprint,
                         void (*callback)(void *ctx, int result), void *ctx)
 {
     int ret;
-- 
2.45.2