- djm@cvs.openbsd.org 2013/05/17 00:13:13

     [xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
     ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
     gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
     auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
     servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
     auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
     sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
     kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
     kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
     monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
     ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
     sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
     ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
     dns.c packet.c readpass.c authfd.c moduli.c]
     bye, bye xfree(); ok markus@

1 files changed, 68 insertions, 77 deletions

diff --git a/sshconnect2.c b/sshconnect2.c
index 7b83c591..19ed3459 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.196 2013/05/16 02:00:34 dtucker Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.197 2013/05/17 00:13:14 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -146,10 +146,10 @@ order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port)
 	if (*first != '\0')
 		debug3("%s: prefer hostkeyalgs: %s", __func__, first);
 
-	xfree(first);
-	xfree(last);
-	xfree(hostname);
-	xfree(oavail);
+	free(first);
+	free(last);
+	free(hostname);
+	free(oavail);
 	free_hostkeys(hostkeys);
 
 	return ret;
@@ -384,7 +384,7 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host,
 	if (packet_remaining() > 0) {
 		char *reply = packet_get_string(NULL);
 		debug2("service_accept: %s", reply);
-		xfree(reply);
+		free(reply);
 	} else {
 		debug2("buggy server: service_accept w/o service");
 	}
@@ -431,15 +431,12 @@ userauth(Authctxt *authctxt, char *authlist)
 	if (authctxt->method != NULL && authctxt->method->cleanup != NULL)
 		authctxt->method->cleanup(authctxt);
 
-	if (authctxt->methoddata) {
-		xfree(authctxt->methoddata);
-		authctxt->methoddata = NULL;
-	}
+	free(authctxt->methoddata);
+	authctxt->methoddata = NULL;
 	if (authlist == NULL) {
 		authlist = authctxt->authlist;
 	} else {
-		if (authctxt->authlist)
-			xfree(authctxt->authlist);
+		free(authctxt->authlist);
 		authctxt->authlist = authlist;
 	}
 	for (;;) {
@@ -487,10 +484,10 @@ input_userauth_banner(int type, u_int32_t seq, void *ctxt)
 		msg = xmalloc(len * 4 + 1); /* max expansion from strnvis() */
 		strnvis(msg, raw, len * 4 + 1, VIS_SAFE|VIS_OCTAL|VIS_NOSLASH);
 		fprintf(stderr, "%s", msg);
-		xfree(msg);
+		free(msg);
 	}
-	xfree(raw);
-	xfree(lang);
+	free(raw);
+	free(lang);
 }
 
 /* ARGSUSED */
@@ -501,16 +498,12 @@ input_userauth_success(int type, u_int32_t seq, void *ctxt)
 
 	if (authctxt == NULL)
 		fatal("input_userauth_success: no authentication context");
-	if (authctxt->authlist) {
-		xfree(authctxt->authlist);
-		authctxt->authlist = NULL;
-	}
+	free(authctxt->authlist);
+	authctxt->authlist = NULL;
 	if (authctxt->method != NULL && authctxt->method->cleanup != NULL)
 		authctxt->method->cleanup(authctxt);
-	if (authctxt->methoddata) {
-		xfree(authctxt->methoddata);
-		authctxt->methoddata = NULL;
-	}
+	free(authctxt->methoddata);
+	authctxt->methoddata = NULL;
 	authctxt->success = 1;			/* break out */
 }
 
@@ -599,7 +592,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt)
 	}
 	fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
 	debug2("input_userauth_pk_ok: fp %s", fp);
-	xfree(fp);
+	free(fp);
 
 	/*
 	 * search keys in the reverse order, because last candidate has been
@@ -615,8 +608,8 @@ input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt)
 done:
 	if (key != NULL)
 		key_free(key);
-	xfree(pkalg);
-	xfree(pkblob);
+	free(pkalg);
+	free(pkblob);
 
 	/* try another method if we did not send a packet */
 	if (sent == 0)
@@ -754,7 +747,7 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt)
 	if (oidlen <= 2 ||
 	    oidv[0] != SSH_GSS_OIDTYPE ||
 	    oidv[1] != oidlen - 2) {
-		xfree(oidv);
+		free(oidv);
 		debug("Badly encoded mechanism OID received");
 		userauth(authctxt, NULL);
 		return;
@@ -765,7 +758,7 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt)
 
 	packet_check_eom();
 
-	xfree(oidv);
+	free(oidv);
 
 	if (GSS_ERROR(process_gssapi_token(ctxt, GSS_C_NO_BUFFER))) {
 		/* Start again with next method on list */
@@ -794,7 +787,7 @@ input_gssapi_token(int type, u_int32_t plen, void *ctxt)
 
 	status = process_gssapi_token(ctxt, &recv_tok);
 
-	xfree(recv_tok.value);
+	free(recv_tok.value);
 
 	if (GSS_ERROR(status)) {
 		/* Start again with the next method in the list */
@@ -827,7 +820,7 @@ input_gssapi_errtok(int type, u_int32_t plen, void *ctxt)
 	(void)ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds,
 	    &recv_tok, &send_tok, NULL);
 
-	xfree(recv_tok.value);
+	free(recv_tok.value);
 	gss_release_buffer(&ms, &send_tok);
 
 	/* Server will be returning a failed packet after this one */
@@ -848,8 +841,8 @@ input_gssapi_error(int type, u_int32_t plen, void *ctxt)
 	packet_check_eom();
 
 	debug("Server GSSAPI Error:\n%s", msg);
-	xfree(msg);
-	xfree(lang);
+	free(msg);
+	free(lang);
 }
 #endif /* GSSAPI */
 
@@ -890,7 +883,7 @@ userauth_passwd(Authctxt *authctxt)
 	packet_put_char(0);
 	packet_put_cstring(password);
 	memset(password, 0, strlen(password));
-	xfree(password);
+	free(password);
 	packet_add_padding(64);
 	packet_send();
 
@@ -923,8 +916,8 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt)
 	lang = packet_get_string(NULL);
 	if (strlen(info) > 0)
 		logit("%s", info);
-	xfree(info);
-	xfree(lang);
+	free(info);
+	free(lang);
 	packet_start(SSH2_MSG_USERAUTH_REQUEST);
 	packet_put_cstring(authctxt->server_user);
 	packet_put_cstring(authctxt->service);
@@ -936,7 +929,7 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt)
 	password = read_passphrase(prompt, 0);
 	packet_put_cstring(password);
 	memset(password, 0, strlen(password));
-	xfree(password);
+	free(password);
 	password = NULL;
 	while (password == NULL) {
 		snprintf(prompt, sizeof(prompt),
@@ -953,16 +946,16 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt)
 		retype = read_passphrase(prompt, 0);
 		if (strcmp(password, retype) != 0) {
 			memset(password, 0, strlen(password));
-			xfree(password);
+			free(password);
 			logit("Mismatch; try again, EOF to quit.");
 			password = NULL;
 		}
 		memset(retype, 0, strlen(retype));
-		xfree(retype);
+		free(retype);
 	}
 	packet_put_cstring(password);
 	memset(password, 0, strlen(password));
-	xfree(password);
+	free(password);
 	packet_add_padding(64);
 	packet_send();
 
@@ -1017,13 +1010,13 @@ jpake_password_to_secret(Authctxt *authctxt, const char *crypt_scheme,
 
 	bzero(password, strlen(password));
 	bzero(crypted, strlen(crypted));
-	xfree(password);
-	xfree(crypted);
+	free(password);
+	free(crypted);
 
 	if ((ret = BN_bin2bn(secret, secret_len, NULL)) == NULL)
 		fatal("%s: BN_bin2bn (secret)", __func__);
 	bzero(secret, secret_len);
-	xfree(secret);
+	free(secret);
 
 	return ret;
 }
@@ -1061,8 +1054,8 @@ input_userauth_jpake_server_step1(int type, u_int32_t seq, void *ctxt)
 	pctx->s = jpake_password_to_secret(authctxt, crypt_scheme, salt);
 	bzero(crypt_scheme, strlen(crypt_scheme));
 	bzero(salt, strlen(salt));
-	xfree(crypt_scheme);
-	xfree(salt);
+	free(crypt_scheme);
+	free(salt);
 	JPAKE_DEBUG_BN((pctx->s, "%s: s = ", __func__));
 
 	/* Calculate step 2 values */
@@ -1077,8 +1070,8 @@ input_userauth_jpake_server_step1(int type, u_int32_t seq, void *ctxt)
 
 	bzero(x3_proof, x3_proof_len);
 	bzero(x4_proof, x4_proof_len);
-	xfree(x3_proof);
-	xfree(x4_proof);
+	free(x3_proof);
+	free(x4_proof);
 
 	JPAKE_DEBUG_CTX((pctx, "step 2 sending in %s", __func__));
 
@@ -1089,7 +1082,7 @@ input_userauth_jpake_server_step1(int type, u_int32_t seq, void *ctxt)
 	packet_send();
 
 	bzero(x2_s_proof, x2_s_proof_len);
-	xfree(x2_s_proof);
+	free(x2_s_proof);
 
 	/* Expect step 2 packet from peer */
 	dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP2,
@@ -1129,7 +1122,7 @@ input_userauth_jpake_server_step2(int type, u_int32_t seq, void *ctxt)
 	    &pctx->h_k_cid_sessid, &pctx->h_k_cid_sessid_len);
 
 	bzero(x4_s_proof, x4_s_proof_len);
-	xfree(x4_s_proof);
+	free(x4_s_proof);
 
 	JPAKE_DEBUG_CTX((pctx, "confirm sending in %s", __func__));
 
@@ -1211,7 +1204,7 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
 
 	fp = key_fingerprint(id->key, SSH_FP_MD5, SSH_FP_HEX);
 	debug3("sign_and_send_pubkey: %s %s", key_type(id->key), fp);
-	xfree(fp);
+	free(fp);
 
 	if (key_to_blob(id->key, &blob, &bloblen) == 0) {
 		/* we cannot handle this key */
@@ -1246,7 +1239,7 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
 	ret = identity_sign(id, &signature, &slen,
 	    buffer_ptr(&b), buffer_len(&b));
 	if (ret == -1) {
-		xfree(blob);
+		free(blob);
 		buffer_free(&b);
 		return 0;
 	}
@@ -1266,11 +1259,11 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
 			buffer_put_cstring(&b, key_ssh_name(id->key));
 		buffer_put_string(&b, blob, bloblen);
 	}
-	xfree(blob);
+	free(blob);
 
 	/* append signature */
 	buffer_put_string(&b, signature, slen);
-	xfree(signature);
+	free(signature);
 
 	/* skip session id and packet type */
 	if (buffer_len(&b) < skip + 1)
@@ -1310,7 +1303,7 @@ send_pubkey_test(Authctxt *authctxt, Identity *id)
 	if (!(datafellows & SSH_BUG_PKAUTH))
 		packet_put_cstring(key_ssh_name(id->key));
 	packet_put_string(blob, bloblen);
-	xfree(blob);
+	free(blob);
 	packet_send();
 	return 1;
 }
@@ -1347,7 +1340,7 @@ load_identity_file(char *filename, int userprovided)
 				quit = 1;
 			}
 			memset(passphrase, 0, strlen(passphrase));
-			xfree(passphrase);
+			free(passphrase);
 			if (private != NULL || quit)
 				break;
 			debug2("bad passphrase given, try again...");
@@ -1424,7 +1417,7 @@ pubkey_prepare(Authctxt *authctxt)
 				/* agent keys from the config file are preferred */
 				if (key_equal(key, id->key)) {
 					key_free(key);
-					xfree(comment);
+					free(comment);
 					TAILQ_REMOVE(&files, id, next);
 					TAILQ_INSERT_TAIL(preferred, id, next);
 					id->ac = ac;
@@ -1470,9 +1463,8 @@ pubkey_cleanup(Authctxt *authctxt)
 		TAILQ_REMOVE(&authctxt->keys, id, next);
 		if (id->key)
 			key_free(id->key);
-		if (id->filename)
-			xfree(id->filename);
-		xfree(id);
+		free(id->filename);
+		free(id);
 	}
 }
 
@@ -1570,9 +1562,9 @@ input_userauth_info_req(int type, u_int32_t seq, void *ctxt)
 		logit("%s", name);
 	if (strlen(inst) > 0)
 		logit("%s", inst);
-	xfree(name);
-	xfree(inst);
-	xfree(lang);
+	free(name);
+	free(inst);
+	free(lang);
 
 	num_prompts = packet_get_int();
 	/*
@@ -1593,8 +1585,8 @@ input_userauth_info_req(int type, u_int32_t seq, void *ctxt)
 
 		packet_put_cstring(response);
 		memset(response, 0, strlen(response));
-		xfree(response);
-		xfree(prompt);
+		free(response);
+		free(prompt);
 	}
 	packet_check_eom(); /* done with parsing incoming message. */
 
@@ -1714,12 +1706,12 @@ userauth_hostbased(Authctxt *authctxt)
 	if (p == NULL) {
 		error("userauth_hostbased: cannot get local ipaddr/name");
 		key_free(private);
-		xfree(blob);
+		free(blob);
 		return 0;
 	}
 	xasprintf(&chost, "%s.", p);
 	debug2("userauth_hostbased: chost %s", chost);
-	xfree(p);
+	free(p);
 
 	service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" :
 	    authctxt->service;
@@ -1748,9 +1740,9 @@ userauth_hostbased(Authctxt *authctxt)
 	buffer_free(&b);
 	if (ok != 0) {
 		error("key_sign failed");
-		xfree(chost);
-		xfree(pkalg);
-		xfree(blob);
+		free(chost);
+		free(pkalg);
+		free(blob);
 		return 0;
 	}
 	packet_start(SSH2_MSG_USERAUTH_REQUEST);
@@ -1763,10 +1755,10 @@ userauth_hostbased(Authctxt *authctxt)
 	packet_put_cstring(authctxt->local_user);
 	packet_put_string(signature, slen);
 	memset(signature, 's', slen);
-	xfree(signature);
-	xfree(chost);
-	xfree(pkalg);
-	xfree(blob);
+	free(signature);
+	free(chost);
+	free(pkalg);
+	free(blob);
 
 	packet_send();
 	return 1;
@@ -1821,8 +1813,8 @@ userauth_jpake(Authctxt *authctxt)
 
 	bzero(x1_proof, x1_proof_len);
 	bzero(x2_proof, x2_proof_len);
-	xfree(x1_proof);
-	xfree(x2_proof);
+	free(x1_proof);
+	free(x2_proof);
 
 	/* Expect step 1 packet from peer */
 	dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP1,
@@ -1899,8 +1891,7 @@ authmethod_get(char *authlist)
 
 	if (supported == NULL || strcmp(authlist, supported) != 0) {
 		debug3("start over, passed a different list %s", authlist);
-		if (supported != NULL)
-			xfree(supported);
+		free(supported);
 		supported = xstrdup(authlist);
 		preferred = options.preferred_authentications;
 		debug3("preferred %s", preferred);
@@ -1921,7 +1912,7 @@ authmethod_get(char *authlist)
 		    authmethod_is_enabled(current)) {
 			debug3("authmethod_is_enabled %s", name);
 			debug("Next authentication method: %s", name);
-			xfree(name);
+			free(name);
 			return current;
 		}
 	}