From 5795323a535f32e23c61afdcf6f547f5b2d0f2ab Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Fri, 1 Nov 2013 17:04:34 +0100 Subject: [PATCH] don't use xfree in pam_ssh_agent_auth sources (#1024965) --- openssh.spec | 3 + pam_ssh_agent_auth-0.9.3-no-xfree.patch | 430 ++++++++++++++++++++++++ 2 files changed, 433 insertions(+) create mode 100644 pam_ssh_agent_auth-0.9.3-no-xfree.patch diff --git a/openssh.spec b/openssh.spec index d56d595..cf70a37 100644 --- a/openssh.spec +++ b/openssh.spec @@ -111,6 +111,8 @@ Patch300: pam_ssh_agent_auth-0.9.3-build.patch Patch301: pam_ssh_agent_auth-0.9.2-seteuid.patch # explicitly make pam callbacks visible Patch302: pam_ssh_agent_auth-0.9.2-visibility.patch +# don't use xfree (#1024965) +Patch303: pam_ssh_agent_auth-0.9.3-no-xfree.patch #https://bugzilla.mindrot.org/show_bug.cgi?id=1641 (WONTFIX) Patch400: openssh-6.3p1-role-mls.patch #https://bugzilla.redhat.com/show_bug.cgi?id=781634 @@ -355,6 +357,7 @@ pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver} %patch300 -p1 -b .psaa-build %patch301 -p1 -b .psaa-seteuid %patch302 -p1 -b .psaa-visibility +%patch303 -p1 -b .psaa-xfree # Remove duplicate headers rm -f $(cat %{SOURCE5}) popd diff --git a/pam_ssh_agent_auth-0.9.3-no-xfree.patch b/pam_ssh_agent_auth-0.9.3-no-xfree.patch new file mode 100644 index 0000000..ba67c33 --- /dev/null +++ b/pam_ssh_agent_auth-0.9.3-no-xfree.patch @@ -0,0 +1,430 @@ +--- pam_ssh_agent_auth-0.9.3.orig/authfd.c 2013-10-30 17:14:26.013615342 +0100 ++++ pam_ssh_agent_auth-0.9.3.orig/authfd.c 2013-10-30 17:15:07.353327799 +0100 +@@ -260,7 +260,7 @@ + { + buffer_free(&auth->identities); + close(auth->fd); +- xfree(auth); ++ free(auth); + } + + /* Lock/unlock agent */ +@@ -379,7 +379,7 @@ + blob = buffer_get_string(&auth->identities, &blen); + *comment = buffer_get_string(&auth->identities, NULL); + key = key_from_blob(blob, blen); +- xfree(blob); ++ free(blob); + break; + default: + return NULL; +@@ -472,7 +472,7 @@ + buffer_put_string(&msg, blob, blen); + buffer_put_string(&msg, data, datalen); + buffer_put_int(&msg, flags); +- xfree(blob); ++ free(blob); + + if (ssh_request_reply(auth, &msg, &msg) == 0) { + buffer_free(&msg); +@@ -612,7 +612,7 @@ + key_to_blob(key, &blob, &blen); + buffer_put_char(&msg, SSH2_AGENTC_REMOVE_IDENTITY); + buffer_put_string(&msg, blob, blen); +- xfree(blob); ++ free(blob); + } else { + buffer_free(&msg); + return 0; +--- pam_ssh_agent_auth-0.9.3.orig/bufaux.c 2013-10-30 17:14:26.014615310 +0100 ++++ pam_ssh_agent_auth-0.9.3.orig/bufaux.c 2013-10-30 17:15:07.354327768 +0100 +@@ -176,7 +176,7 @@ + /* Get the string. */ + if (buffer_get_ret(buffer, value, len) == -1) { + logerror("buffer_get_string_ret: buffer_get failed"); +- xfree(value); ++ free(value); + return (NULL); + } + /* Append a null character to make processing easier. */ +--- pam_ssh_agent_auth-0.9.3.orig/bufbn.c 2013-10-30 17:14:26.014615310 +0100 ++++ pam_ssh_agent_auth-0.9.3.orig/bufbn.c 2013-10-30 17:15:07.354327768 +0100 +@@ -69,7 +69,7 @@ + if (oi != bin_size) { + logerror("buffer_put_bignum_ret: BN_bn2bin() failed: oi %d != bin_size %d", + oi, bin_size); +- xfree(buf); ++ free(buf); + return (-1); + } + +@@ -80,7 +80,7 @@ + buffer_append(buffer, buf, oi); + + memset(buf, 0, bin_size); +- xfree(buf); ++ free(buf); + + return (0); + } +@@ -167,13 +167,13 @@ + if (oi < 0 || (u_int)oi != bytes - 1) { + logerror("buffer_put_bignum2_ret: BN_bn2bin() failed: " + "oi %d != bin_size %d", oi, bytes); +- xfree(buf); ++ free(buf); + return (-1); + } + hasnohigh = (buf[1] & 0x80) ? 0 : 1; + buffer_put_string(buffer, buf+hasnohigh, bytes-hasnohigh); + memset(buf, 0, bytes); +- xfree(buf); ++ free(buf); + return (0); + } + +@@ -197,21 +197,21 @@ + + if (len > 0 && (bin[0] & 0x80)) { + logerror("buffer_get_bignum2_ret: negative numbers not supported"); +- xfree(bin); ++ free(bin); + return (-1); + } + if (len > 8 * 1024) { + logerror("buffer_get_bignum2_ret: cannot handle BN of size %d", + len); +- xfree(bin); ++ free(bin); + return (-1); + } + if (BN_bin2bn(bin, len, value) == NULL) { + logerror("buffer_get_bignum2_ret: BN_bin2bn failed"); +- xfree(bin); ++ free(bin); + return (-1); + } +- xfree(bin); ++ free(bin); + return (0); + } + +--- pam_ssh_agent_auth-0.9.3.orig/buffer.c 2013-10-30 17:14:26.014615310 +0100 ++++ pam_ssh_agent_auth-0.9.3.orig/buffer.c 2013-10-30 17:15:07.355327737 +0100 +@@ -50,7 +50,7 @@ + if (buffer->alloc > 0) { + memset(buffer->buf, 0, buffer->alloc); + buffer->alloc = 0; +- xfree(buffer->buf); ++ free(buffer->buf); + } + } + +--- pam_ssh_agent_auth-0.9.3.orig/iterate_ssh_agent_keys.c 2013-10-30 17:14:26.031614782 +0100 ++++ pam_ssh_agent_auth-0.9.3.orig/iterate_ssh_agent_keys.c 2013-10-30 17:15:07.357327674 +0100 +@@ -197,9 +197,9 @@ + if(userauth_pubkey_from_id(id)) { + retval = 1; + } +- xfree(id->filename); ++ free(id->filename); + key_free(id->key); +- xfree(id); ++ free(id); + if(retval == 1) + break; + } +@@ -209,7 +209,7 @@ + else { + verbose("No ssh-agent could be contacted"); + } +- xfree(session_id2); ++ free(session_id2); + EVP_cleanup(); + return retval; + } +--- pam_ssh_agent_auth-0.9.3.orig/key.c 2013-10-30 17:14:26.017615218 +0100 ++++ pam_ssh_agent_auth-0.9.3.orig/key.c 2013-10-30 17:15:07.358327643 +0100 +@@ -154,7 +154,7 @@ + fatal("key_free: bad key type %d", k->type); + break; + } +- xfree(k); ++ free(k); + } + + int +@@ -229,7 +229,7 @@ + EVP_DigestUpdate(&ctx, blob, len); + EVP_DigestFinal(&ctx, retval, dgst_raw_length); + memset(blob, 0, len); +- xfree(blob); ++ free(blob); + } else { + fatal("key_fingerprint_raw: blob is null"); + } +@@ -324,7 +324,7 @@ + break; + } + memset(dgst_raw, 0, dgst_raw_len); +- xfree(dgst_raw); ++ free(dgst_raw); + return retval; + } + +@@ -447,11 +447,11 @@ + n = uudecode(cp, blob, len); + if (n < 0) { + logerror("key_read: uudecode %s failed", cp); +- xfree(blob); ++ free(blob); + return -1; + } + k = key_from_blob(blob, (u_int)n); +- xfree(blob); ++ free(blob); + if (k == NULL) { + logerror("key_read: key_from_blob %s failed", cp); + return -1; +@@ -526,8 +526,8 @@ + fprintf(f, "%s %s", key_ssh_name(key), uu); + success = 1; + } +- xfree(blob); +- xfree(uu); ++ free(blob); ++ free(uu); + } + return success; + } +@@ -673,12 +673,12 @@ + switch (key_type_from_name(p)) { + case KEY_RSA1: + case KEY_UNSPEC: +- xfree(s); ++ free(s); + return 0; + } + } + verbose("key names ok: [%s]", names); +- xfree(s); ++ free(s); + return 1; + } + +@@ -743,7 +743,7 @@ + logerror("key_from_blob: remaining bytes in key blob %d", rlen); + out: + if (ktype != NULL) +- xfree(ktype); ++ free(ktype); + buffer_free(&b); + return key; + } +--- pam_ssh_agent_auth-0.9.3.orig/misc.c 2013-10-30 17:14:26.017615218 +0100 ++++ pam_ssh_agent_auth-0.9.3.orig/misc.c 2013-10-30 17:15:07.360327581 +0100 +@@ -251,13 +251,13 @@ + *remote = SSH_TUNID_ANY; + sp = xstrdup(s); + if ((ep = strchr(sp, ':')) == NULL) { +- xfree(sp); ++ free(sp); + return (a2tun(s, NULL)); + } + ep[0] = '\0'; ep++; + *remote = a2tun(ep, NULL); + tun = a2tun(sp, NULL); +- xfree(sp); ++ free(sp); + return (*remote == SSH_TUNID_ERR ? *remote : tun); + } + +@@ -490,7 +490,7 @@ + if (which >= args->num) + fatal("replacearg: tried to replace invalid arg %d >= %d", + which, args->num); +- xfree(args->list[which]); ++ free(args->list[which]); + args->list[which] = cp; + } + +@@ -501,8 +501,8 @@ + + if (args->list != NULL) { + for (i = 0; i < args->num; i++) +- xfree(args->list[i]); +- xfree(args->list); ++ free(args->list[i]); ++ free(args->list); + args->nalloc = args->num = 0; + args->list = NULL; + } +--- pam_ssh_agent_auth-0.9.3.orig/pam_user_authorized_keys.c 2013-10-30 17:14:26.017615218 +0100 ++++ pam_ssh_agent_auth-0.9.3.orig/pam_user_authorized_keys.c 2013-10-30 17:15:07.361327550 +0100 +@@ -121,7 +121,7 @@ + } + authorized_keys_file = tilde_expand_filename(auth_keys_file_buf, authorized_keys_file_allowed_owner_uid); + strncpy(auth_keys_file_buf, authorized_keys_file, sizeof(auth_keys_file_buf) - 1 ); +- xfree(authorized_keys_file) /* when we percent_expand later, we'd step on this, so free it immediately */; ++ free(authorized_keys_file) /* when we percent_expand later, we'd step on this, so free it immediately */; + } + + if(strstr(auth_keys_file_buf, "%h")) { +--- pam_ssh_agent_auth-0.9.3.orig/pam_user_key_allowed2.c 2013-10-30 17:14:26.018615187 +0100 ++++ pam_ssh_agent_auth-0.9.3.orig/pam_user_key_allowed2.c 2013-10-30 17:15:07.361327550 +0100 +@@ -121,7 +121,7 @@ + fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX); + logit("Found matching %s key: %s", + key_type(found), fp); +- xfree(fp); ++ free(fp); + break; + } + } +--- pam_ssh_agent_auth-0.9.3.orig/ssh-dss.c 2013-10-30 17:14:26.014615310 +0100 ++++ pam_ssh_agent_auth-0.9.3.orig/ssh-dss.c 2013-10-30 17:15:07.361327550 +0100 +@@ -135,17 +135,17 @@ + if (strcmp("ssh-dss", ktype) != 0) { + logerror("ssh_dss_verify: cannot handle type %s", ktype); + buffer_free(&b); +- xfree(ktype); ++ free(ktype); + return -1; + } +- xfree(ktype); ++ free(ktype); + sigblob = buffer_get_string(&b, &len); + rlen = buffer_len(&b); + buffer_free(&b); + if (rlen != 0) { + logerror("ssh_dss_verify: " + "remaining bytes in signature %d", rlen); +- xfree(sigblob); ++ free(sigblob); + return -1; + } + } +@@ -167,7 +167,7 @@ + + /* clean up */ + memset(sigblob, 0, len); +- xfree(sigblob); ++ free(sigblob); + + /* sha1 the data */ + EVP_DigestInit(&md, evp_md); +--- pam_ssh_agent_auth-0.9.3.orig/ssh-rsa.c 2013-10-30 17:14:26.015615278 +0100 ++++ pam_ssh_agent_auth-0.9.3.orig/ssh-rsa.c 2013-10-30 17:15:07.362327518 +0100 +@@ -70,7 +70,7 @@ + + logerror("ssh_rsa_sign: RSA_sign failed: %s", + ERR_error_string(ecode, NULL)); +- xfree(sig); ++ free(sig); + return -1; + } + if (len < slen) { +@@ -80,7 +80,7 @@ + memset(sig, 0, diff); + } else if (len > slen) { + logerror("ssh_rsa_sign: slen %u slen2 %u", slen, len); +- xfree(sig); ++ free(sig); + return -1; + } + /* encode signature */ +@@ -96,7 +96,7 @@ + } + buffer_free(&b); + memset(sig, 's', slen); +- xfree(sig); ++ free(sig); + + return 0; + } +@@ -128,23 +128,23 @@ + if (strcmp("ssh-rsa", ktype) != 0) { + logerror("ssh_rsa_verify: cannot handle type %s", ktype); + buffer_free(&b); +- xfree(ktype); ++ free(ktype); + return -1; + } +- xfree(ktype); ++ free(ktype); + sigblob = buffer_get_string(&b, &len); + rlen = buffer_len(&b); + buffer_free(&b); + if (rlen != 0) { + logerror("ssh_rsa_verify: remaining bytes in signature %d", rlen); +- xfree(sigblob); ++ free(sigblob); + return -1; + } + /* RSA_verify expects a signature of RSA_size */ + modlen = RSA_size(key->rsa); + if (len > modlen) { + logerror("ssh_rsa_verify: len %u > modlen %u", len, modlen); +- xfree(sigblob); ++ free(sigblob); + return -1; + } else if (len < modlen) { + u_int diff = modlen - len; +@@ -158,7 +158,7 @@ + nid = (datafellows & SSH_BUG_RSASIGMD5) ? NID_md5 : NID_sha1; + if ((evp_md = EVP_get_digestbynid(nid)) == NULL) { + logerror("ssh_rsa_verify: EVP_get_digestbynid %d failed", nid); +- xfree(sigblob); ++ free(sigblob); + return -1; + } + EVP_DigestInit(&md, evp_md); +@@ -168,7 +168,7 @@ + ret = openssh_RSA_verify(nid, digest, dlen, sigblob, len, key->rsa); + memset(digest, 'd', sizeof(digest)); + memset(sigblob, 's', len); +- xfree(sigblob); ++ free(sigblob); + verbose("ssh_rsa_verify: signature %scorrect", (ret==0) ? "in" : ""); + return ret; + } +@@ -258,6 +258,6 @@ + ret = 1; + done: + if (decrypted) +- xfree(decrypted); ++ free(decrypted); + return ret; + } +--- pam_ssh_agent_auth-0.9.3.orig/userauth_pubkey_from_id.c 2013-10-30 17:14:26.014615310 +0100 ++++ pam_ssh_agent_auth-0.9.3.orig/userauth_pubkey_from_id.c 2013-10-30 17:15:07.362327518 +0100 +@@ -92,9 +92,9 @@ + if(&b != NULL) + buffer_free(&b); + if(sig != NULL) +- xfree(sig); ++ free(sig); + if(pkblob != NULL) +- xfree(pkblob); ++ free(pkblob); + CRYPTO_cleanup_all_ex_data(); + return authenticated; + } +--- pam_ssh_agent_auth-0.9.3.orig/uuencode.c 2013-10-30 17:14:26.015615278 +0100 ++++ pam_ssh_agent_auth-0.9.3.orig/uuencode.c 2013-10-30 17:15:07.362327518 +0100 +@@ -56,7 +56,7 @@ + /* and remove trailing whitespace because __b64_pton needs this */ + *p = '\0'; + len = __b64_pton(encoded, target, targsize); +- xfree(encoded); ++ free(encoded); + return len; + } + +@@ -79,5 +79,5 @@ + } + if (i % 70 != 69) + fprintf(fp, "\n"); +- xfree(buf); ++ free(buf); + }