[kex.c kexgex.c serverloop.c]
parse full kexinit packet.
make server-side more robust, too.
+ - markus@cvs.openbsd.org 2001/04/04 23:09:18
+ [dh.c kex.c packet.c]
+ clear+free keys,iv for rekeying.
+ + fix DH mem leaks. ok niels@
20010404
- OpenBSD CVS Sync
*/
#include "includes.h"
-RCSID("$OpenBSD: dh.c,v 1.12 2001/04/03 19:53:29 markus Exp $");
+RCSID("$OpenBSD: dh.c,v 1.13 2001/04/04 23:09:17 markus Exp $");
#include "xmalloc.h"
while (fgets(line, sizeof(line), f)) {
if (!parse_prime(linenum, line, &dhg))
continue;
- if (dhg.size > max || dhg.size < min)
- continue;
- if (dhg.size != best)
- continue;
- if (linenum++ != which) {
+ if ((dhg.size > max || dhg.size < min) ||
+ dhg.size != best ||
+ linenum++ != which) {
BN_free(dhg.g);
BN_free(dhg.p);
continue;
break;
}
fclose(f);
+ if (linenum != which+1)
+ fatal("WARNING: line %d disappeared in %s, giving up",
+ which, _PATH_DH_PRIMES);
return (dh_new_group(dhg.g, dhg.p));
}
*/
#include "includes.h"
-RCSID("$OpenBSD: kex.c,v 1.31 2001/04/04 22:04:34 markus Exp $");
+RCSID("$OpenBSD: kex.c,v 1.32 2001/04/04 23:09:18 markus Exp $");
#include <openssl/crypto.h>
debug("waiting for SSH2_MSG_NEWKEYS");
packet_read_expect(&plen, SSH2_MSG_NEWKEYS);
debug("SSH2_MSG_NEWKEYS received");
+
kex->done = 1;
buffer_clear(&kex->peer);
/* buffer_clear(&kex->my); */
kex->flags &= ~KEX_INIT_SENT;
+ xfree(kex->name);
+ kex->name = NULL;
}
void
*/
#include "includes.h"
-RCSID("$OpenBSD: packet.c,v 1.58 2001/04/04 09:48:34 markus Exp $");
+RCSID("$OpenBSD: packet.c,v 1.59 2001/04/04 23:09:18 markus Exp $");
#include "xmalloc.h"
#include "buffer.h"
/* Session key information for Encryption and MAC */
Newkeys *newkeys[MODE_MAX];
-void
-clear_enc_keys(Enc *enc, int len)
-{
- memset(enc->iv, 0, len);
- memset(enc->key, 0, len);
- xfree(enc->iv);
- xfree(enc->key);
- enc->iv = NULL;
- enc->key = NULL;
-}
void
packet_set_ssh2_format(void)
{
cc = (mode == MODE_OUT) ? &send_context : &receive_context;
if (newkeys[mode] != NULL) {
debug("newkeys: rekeying");
- memset(cc, 0, sizeof(*cc));
/* todo: free old keys, reset compression/cipher-ctxt; */
+ memset(cc, 0, sizeof(*cc));
+ enc = &newkeys[mode]->enc;
+ mac = &newkeys[mode]->mac;
+ comp = &newkeys[mode]->comp;
+ memset(mac->key, 0, mac->key_len);
+ xfree(enc->name);
+ xfree(enc->iv);
+ xfree(enc->key);
+ xfree(mac->name);
+ xfree(mac->key);
+ xfree(comp->name);
xfree(newkeys[mode]);
}
newkeys[mode] = kex_get_newkeys(mode);
DBG(debug("cipher_init_context: %d", mode));
cipher_init(cc, enc->cipher, enc->key, enc->cipher->key_len,
enc->iv, enc->cipher->block_size);
- clear_enc_keys(enc, enc->cipher->key_len);
+ memset(enc->iv, 0, enc->cipher->block_size);
+ memset(enc->key, 0, enc->cipher->key_len);
if (comp->type != 0 && comp->enabled == 0) {
comp->enabled = 1;
if (! packet_compression)