From ff96c0c81d9ee141236b95d52ad0578684d59ab5 Mon Sep 17 00:00:00 2001 From: Xin LI Date: Mon, 11 Nov 2013 09:13:37 +0000 Subject: [PATCH] Vendor import of OpenSSH 6.4p1. Approved by: des --- ChangeLog | 17 +++++++++++++++++ README | 4 ++-- auth-options.c | 4 ++-- auth2-chall.c | 4 ++-- authfd.c | 4 ++-- channels.c | 4 ++-- cipher-3des1.c | 4 ++-- clientloop.c | 8 ++++---- contrib/caldera/openssh.spec | 4 ++-- contrib/redhat/openssh.spec | 2 +- contrib/suse/openssh.spec | 2 +- gss-genr.c | 4 ++-- monitor_mm.c | 7 ++++--- monitor_wrap.c | 4 ++-- packet.c | 4 ++-- schnorr.c | 4 ++-- sftp-client.c | 12 ++++++------ sftp-glob.c | 4 ++-- sftp-server.0 | 5 ++--- sftp.0 | 5 ++--- umac.c | 4 ++-- version.h | 4 ++-- 22 files changed, 65 insertions(+), 49 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1a0d2545eeeb..6175764f5bfd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,20 @@ +20131108 + - (djm) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2013/11/06 16:52:11 + [monitor_wrap.c] + fix rekeying for AES-GCM modes; ok deraadt + - djm@cvs.openbsd.org 2013/11/08 00:39:15 + [auth-options.c auth2-chall.c authfd.c channels.c cipher-3des1.c] + [clientloop.c gss-genr.c monitor_mm.c packet.c schnorr.c umac.c] + [sftp-client.c sftp-glob.c] + use calloc for all structure allocations; from markus@ + - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] + [contrib/suse/openssh.spec] update version numbers + - djm@cvs.openbsd.org 2013/11/08 01:38:11 + [version.h] + openssh-6.4 + - (djm) Release 6.4p1 + 20130913 - (djm) [channels.c] Fix unaligned access on sparc machines in SOCKS5 code; ok dtucker@ diff --git a/README b/README index ece2dba19c2e..0c52f1371482 100644 --- a/README +++ b/README @@ -1,4 +1,4 @@ -See http://www.openssh.com/txt/release-6.3 for the release notes. +See http://www.openssh.com/txt/release-6.4 for the release notes. - A Japanese translation of this document and of the OpenSSH FAQ is - available at http://www.unixuser.org/~haruyama/security/openssh/index.html @@ -62,4 +62,4 @@ References - [6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9 [7] http://www.openssh.com/faq.html -$Id: README,v 1.83 2013/07/25 02:34:00 djm Exp $ +$Id: README,v 1.83.4.1 2013/11/08 01:36:17 djm Exp $ diff --git a/auth-options.c b/auth-options.c index 80d59ee95c52..12e2e1dcac9e 100644 --- a/auth-options.c +++ b/auth-options.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-options.c,v 1.59 2013/07/12 00:19:58 djm Exp $ */ +/* $OpenBSD: auth-options.c,v 1.61 2013/11/08 00:39:14 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -239,7 +239,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) auth_debug_add("Adding to environment: %.900s", s); debug("Adding to environment: %.900s", s); opts++; - new_envstring = xmalloc(sizeof(struct envstring)); + new_envstring = xcalloc(1, sizeof(struct envstring)); new_envstring->s = s; new_envstring->next = custom_environment; custom_environment = new_envstring; diff --git a/auth2-chall.c b/auth2-chall.c index 98f3093ce2fd..031c2828c986 100644 --- a/auth2-chall.c +++ b/auth2-chall.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-chall.c,v 1.38 2013/05/17 00:13:13 djm Exp $ */ +/* $OpenBSD: auth2-chall.c,v 1.39 2013/11/08 00:39:14 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2001 Per Allansson. All rights reserved. @@ -111,7 +111,7 @@ kbdint_alloc(const char *devs) remove_kbdint_device("pam"); #endif - kbdintctxt = xmalloc(sizeof(KbdintAuthctxt)); + kbdintctxt = xcalloc(1, sizeof(KbdintAuthctxt)); if (strcmp(devs, "") == 0) { buffer_init(&b); for (i = 0; devices[i]; i++) { diff --git a/authfd.c b/authfd.c index 775786bee13c..5cce93b76a57 100644 --- a/authfd.c +++ b/authfd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfd.c,v 1.87 2013/05/17 00:13:13 djm Exp $ */ +/* $OpenBSD: authfd.c,v 1.88 2013/11/08 00:39:14 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -206,7 +206,7 @@ ssh_get_authentication_connection(void) if (sock < 0) return NULL; - auth = xmalloc(sizeof(*auth)); + auth = xcalloc(1, sizeof(*auth)); auth->fd = sock; buffer_init(&auth->identities); auth->howmany = 0; diff --git a/channels.c b/channels.c index ac675c742d11..a1c31d8a004a 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.324 2013/07/12 00:19:58 djm Exp $ */ +/* $OpenBSD: channels.c,v 1.327 2013/11/08 00:39:15 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -704,7 +704,7 @@ channel_register_status_confirm(int id, channel_confirm_cb *cb, if ((c = channel_lookup(id)) == NULL) fatal("channel_register_expect: %d: bad id", id); - cc = xmalloc(sizeof(*cc)); + cc = xcalloc(1, sizeof(*cc)); cc->cb = cb; cc->abandon_cb = abandon_cb; cc->ctx = ctx; diff --git a/cipher-3des1.c b/cipher-3des1.c index c8a70244b099..56fc777862d6 100644 --- a/cipher-3des1.c +++ b/cipher-3des1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cipher-3des1.c,v 1.8 2013/05/17 00:13:13 djm Exp $ */ +/* $OpenBSD: cipher-3des1.c,v 1.9 2013/11/08 00:39:15 djm Exp $ */ /* * Copyright (c) 2003 Markus Friedl. All rights reserved. * @@ -67,7 +67,7 @@ ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv, u_char *k1, *k2, *k3; if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) { - c = xmalloc(sizeof(*c)); + c = xcalloc(1, sizeof(*c)); EVP_CIPHER_CTX_set_app_data(ctx, c); } if (key == NULL) diff --git a/clientloop.c b/clientloop.c index 7c1f8abba43d..23c2f2396f5b 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.253 2013/06/07 15:37:52 dtucker Exp $ */ +/* $OpenBSD: clientloop.c,v 1.255 2013/11/08 00:39:15 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -837,7 +837,7 @@ void client_expect_confirm(int id, const char *request, enum confirm_action action) { - struct channel_reply_ctx *cr = xmalloc(sizeof(*cr)); + struct channel_reply_ctx *cr = xcalloc(1, sizeof(*cr)); cr->request_type = request; cr->action = action; @@ -860,7 +860,7 @@ client_register_global_confirm(global_confirm_cb *cb, void *ctx) return; } - gc = xmalloc(sizeof(*gc)); + gc = xcalloc(1, sizeof(*gc)); gc->cb = cb; gc->ctx = ctx; gc->ref_count = 1; @@ -1438,7 +1438,7 @@ client_new_escape_filter_ctx(int escape_char) { struct escape_filter_ctx *ret; - ret = xmalloc(sizeof(*ret)); + ret = xcalloc(1, sizeof(*ret)); ret->escape_pending = 0; ret->escape_char = escape_char; return (void *)ret; diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec index b460bfff00f1..d026b72d8e66 100644 --- a/contrib/caldera/openssh.spec +++ b/contrib/caldera/openssh.spec @@ -16,7 +16,7 @@ #old cvs stuff. please update before use. may be deprecated. %define use_stable 1 -%define version 6.3p1 +%define version 6.4p1 %if %{use_stable} %define cvs %{nil} %define release 1 @@ -363,4 +363,4 @@ fi * Mon Jan 01 1998 ... Template Version: 1.31 -$Id: openssh.spec,v 1.80 2013/07/25 02:34:00 djm Exp $ +$Id: openssh.spec,v 1.80.4.1 2013/11/08 01:36:19 djm Exp $ diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec index d1191f4e1a60..29a38dedc1f3 100644 --- a/contrib/redhat/openssh.spec +++ b/contrib/redhat/openssh.spec @@ -1,4 +1,4 @@ -%define ver 6.3p1 +%define ver 6.4p1 %define rel 1 # OpenSSH privilege separation requires a user & group ID diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec index 2866039d1fc1..3a612bd23827 100644 --- a/contrib/suse/openssh.spec +++ b/contrib/suse/openssh.spec @@ -13,7 +13,7 @@ Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation Name: openssh -Version: 6.3p1 +Version: 6.4p1 URL: http://www.openssh.com/ Release: 1 Source0: openssh-%{version}.tar.gz diff --git a/gss-genr.c b/gss-genr.c index bf164a77b60f..b39281bc1e6c 100644 --- a/gss-genr.c +++ b/gss-genr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-genr.c,v 1.21 2013/05/17 00:13:13 djm Exp $ */ +/* $OpenBSD: gss-genr.c,v 1.22 2013/11/08 00:39:15 djm Exp $ */ /* * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved. @@ -62,7 +62,7 @@ ssh_gssapi_set_oid_data(Gssctxt *ctx, void *data, size_t len) free(ctx->oid->elements); free(ctx->oid); } - ctx->oid = xmalloc(sizeof(gss_OID_desc)); + ctx->oid = xcalloc(1, sizeof(gss_OID_desc)); ctx->oid->length = len; ctx->oid->elements = xmalloc(len); memcpy(ctx->oid->elements, data, len); diff --git a/monitor_mm.c b/monitor_mm.c index ee7bad4b454e..d3e6aeee539b 100644 --- a/monitor_mm.c +++ b/monitor_mm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_mm.c,v 1.17 2013/05/17 00:13:13 djm Exp $ */ +/* $OpenBSD: monitor_mm.c,v 1.18 2013/11/08 00:39:15 djm Exp $ */ /* * Copyright 2002 Niels Provos * All rights reserved. @@ -65,7 +65,7 @@ mm_make_entry(struct mm_master *mm, struct mmtree *head, struct mm_share *tmp, *tmp2; if (mm->mmalloc == NULL) - tmp = xmalloc(sizeof(struct mm_share)); + tmp = xcalloc(1, sizeof(struct mm_share)); else tmp = mm_xmalloc(mm->mmalloc, sizeof(struct mm_share)); tmp->address = address; @@ -88,7 +88,7 @@ mm_create(struct mm_master *mmalloc, size_t size) struct mm_master *mm; if (mmalloc == NULL) - mm = xmalloc(sizeof(struct mm_master)); + mm = xcalloc(1, sizeof(struct mm_master)); else mm = mm_xmalloc(mmalloc, sizeof(struct mm_master)); @@ -161,6 +161,7 @@ mm_xmalloc(struct mm_master *mm, size_t size) address = mm_malloc(mm, size); if (address == NULL) fatal("%s: mm_malloc(%lu)", __func__, (u_long)size); + memset(address, 0, size); return (address); } diff --git a/monitor_wrap.c b/monitor_wrap.c index 88ff68330ae9..4ce46960568a 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.76 2013/05/17 00:13:13 djm Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.77 2013/11/06 16:52:11 markus Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -482,7 +482,7 @@ mm_newkeys_from_blob(u_char *blob, int blen) buffer_init(&b); buffer_append(&b, blob, blen); - newkey = xmalloc(sizeof(*newkey)); + newkey = xcalloc(1, sizeof(*newkey)); enc = &newkey->enc; mac = &newkey->mac; comp = &newkey->comp; diff --git a/packet.c b/packet.c index 0d27e759237d..90db33bddb28 100644 --- a/packet.c +++ b/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.188 2013/07/12 00:19:58 djm Exp $ */ +/* $OpenBSD: packet.c,v 1.189 2013/11/08 00:39:15 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -996,7 +996,7 @@ packet_send2(void) (type == SSH2_MSG_SERVICE_REQUEST) || (type == SSH2_MSG_SERVICE_ACCEPT)) { debug("enqueue packet: %u", type); - p = xmalloc(sizeof(*p)); + p = xcalloc(1, sizeof(*p)); p->type = type; memcpy(&p->payload, &active_state->outgoing_packet, sizeof(Buffer)); diff --git a/schnorr.c b/schnorr.c index 9549dcf0e55d..93822fed4bbd 100644 --- a/schnorr.c +++ b/schnorr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: schnorr.c,v 1.7 2013/05/17 00:13:14 djm Exp $ */ +/* $OpenBSD: schnorr.c,v 1.8 2013/11/08 00:39:15 djm Exp $ */ /* * Copyright (c) 2008 Damien Miller. All rights reserved. * @@ -549,7 +549,7 @@ modp_group_from_g_and_safe_p(const char *grp_g, const char *grp_p) { struct modp_group *ret; - ret = xmalloc(sizeof(*ret)); + ret = xcalloc(1, sizeof(*ret)); ret->p = ret->q = ret->g = NULL; if (BN_hex2bn(&ret->p, grp_p) == 0 || BN_hex2bn(&ret->g, grp_g) == 0) diff --git a/sftp-client.c b/sftp-client.c index f4f1970b6c98..2f9793778f97 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.c,v 1.101 2013/07/25 00:56:51 djm Exp $ */ +/* $OpenBSD: sftp-client.c,v 1.108 2013/11/08 00:39:15 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -471,7 +471,7 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag, if (dir) { ents = 0; - *dir = xmalloc(sizeof(**dir)); + *dir = xcalloc(1, sizeof(**dir)); (*dir)[0] = NULL; } @@ -545,7 +545,7 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag, if (dir) { *dir = xrealloc(*dir, ents + 2, sizeof(**dir)); - (*dir)[ents] = xmalloc(sizeof(***dir)); + (*dir)[ents] = xcalloc(1, sizeof(***dir)); (*dir)[ents]->filename = xstrdup(filename); (*dir)[ents]->longname = xstrdup(longname); memcpy(&(*dir)[ents]->a, a, sizeof(*a)); @@ -564,7 +564,7 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag, /* Don't return partial matches on interrupt */ if (interrupted && dir != NULL && *dir != NULL) { free_sftp_dirents(*dir); - *dir = xmalloc(sizeof(**dir)); + *dir = xcalloc(1, sizeof(**dir)); **dir = NULL; } @@ -1105,7 +1105,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, (unsigned long long)offset, (unsigned long long)offset + buflen - 1, num_req, max_req); - req = xmalloc(sizeof(*req)); + req = xcalloc(1, sizeof(*req)); req->id = conn->msg_id++; req->len = buflen; req->offset = offset; @@ -1463,7 +1463,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, strerror(errno)); if (len != 0) { - ack = xmalloc(sizeof(*ack)); + ack = xcalloc(1, sizeof(*ack)); ack->id = ++id; ack->offset = offset; ack->len = len; diff --git a/sftp-glob.c b/sftp-glob.c index 79b7bdb2f4c9..e1f5a6109d6f 100644 --- a/sftp-glob.c +++ b/sftp-glob.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-glob.c,v 1.24 2013/05/17 00:13:14 djm Exp $ */ +/* $OpenBSD: sftp-glob.c,v 1.25 2013/11/08 00:39:15 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -48,7 +48,7 @@ fudge_opendir(const char *path) { struct SFTP_OPENDIR *r; - r = xmalloc(sizeof(*r)); + r = xcalloc(1, sizeof(*r)); if (do_readdir(cur.conn, (char *)path, &r->dir)) { free(r); diff --git a/sftp-server.0 b/sftp-server.0 index bca318b386d9..391f42736f69 100644 --- a/sftp-server.0 +++ b/sftp-server.0 @@ -61,9 +61,8 @@ DESCRIPTION SEE ALSO sftp(1), ssh(1), sshd_config(5), sshd(8) - T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, - draft-ietf-secsh-filexfer-02.txt, October 2001, work in progress - material. + T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh- + filexfer-02.txt, October 2001, work in progress material. HISTORY sftp-server first appeared in OpenBSD 2.8. diff --git a/sftp.0 b/sftp.0 index c5fa17892a7f..8bfc8086bc89 100644 --- a/sftp.0 +++ b/sftp.0 @@ -342,8 +342,7 @@ SEE ALSO ftp(1), ls(1), scp(1), ssh(1), ssh-add(1), ssh-keygen(1), glob(3), ssh_config(5), sftp-server(8), sshd(8) - T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, - draft-ietf-secsh-filexfer-00.txt, January 2001, work in progress - material. + T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh- + filexfer-00.txt, January 2001, work in progress material. OpenBSD 5.4 July 25, 2013 OpenBSD 5.4 diff --git a/umac.c b/umac.c index 99416a5103a1..0c62145fa01e 100644 --- a/umac.c +++ b/umac.c @@ -1,4 +1,4 @@ -/* $OpenBSD: umac.c,v 1.7 2013/07/22 05:00:17 djm Exp $ */ +/* $OpenBSD: umac.c,v 1.8 2013/11/08 00:39:15 djm Exp $ */ /* ----------------------------------------------------------------------- * * umac.c -- C Implementation UMAC Message Authentication @@ -1227,7 +1227,7 @@ struct umac_ctx *umac_new(const u_char key[]) size_t bytes_to_add; aes_int_key prf_key; - octx = ctx = xmalloc(sizeof(*ctx) + ALLOC_BOUNDARY); + octx = ctx = xcalloc(1, sizeof(*ctx) + ALLOC_BOUNDARY); if (ctx) { if (ALLOC_BOUNDARY) { bytes_to_add = ALLOC_BOUNDARY - diff --git a/version.h b/version.h index f6ec0ee3b399..39033ed3e8d3 100644 --- a/version.h +++ b/version.h @@ -1,6 +1,6 @@ -/* $OpenBSD: version.h,v 1.67 2013/07/25 00:57:37 djm Exp $ */ +/* $OpenBSD: version.h,v 1.68 2013/11/08 01:38:11 djm Exp $ */ -#define SSH_VERSION "OpenSSH_6.3" +#define SSH_VERSION "OpenSSH_6.4" #define SSH_PORTABLE "p1" #define SSH_RELEASE SSH_VERSION SSH_PORTABLE