svnno****@sourc*****
svnno****@sourc*****
2017年 6月 19日 (月) 21:51:45 JST
Tera TermRevision: 6812
http://sourceforge.jp/projects/ttssh2/scm/svn/commits/6812
Author: doda
Date: 2017-06-19 21:51:45 +0900 (Mon, 19 Jun 2017)
Log Message:
-----------
・buffer_get_string が返した領域の free 漏れを修正
・buffer_get_string の戻り値のチェックの強化
・ログ出力強化
Modified Paths:
--------------
trunk/ttssh2/ttxssh/buffer.c
trunk/ttssh2/ttxssh/ssh.c
-------------- next part --------------
Modified: trunk/ttssh2/ttxssh/buffer.c
===================================================================
--- trunk/ttssh2/ttxssh/buffer.c 2017-06-19 12:51:25 UTC (rev 6811)
+++ trunk/ttssh2/ttxssh/buffer.c 2017-06-19 12:51:45 UTC (rev 6812)
@@ -227,6 +227,7 @@
ptr = malloc(buflen + 1);
if (ptr == NULL) {
+ logputs(LOG_LEVEL_ERROR, __FUNCTION__ ": malloc failed.");
if (buflen_ptr != NULL)
*buflen_ptr = 0;
return NULL;
Modified: trunk/ttssh2/ttxssh/ssh.c
===================================================================
--- trunk/ttssh2/ttxssh/ssh.c 2017-06-19 12:51:25 UTC (rev 6811)
+++ trunk/ttssh2/ttxssh/ssh.c 2017-06-19 12:51:45 UTC (rev 6812)
@@ -78,6 +78,10 @@
// channel data structure
#define CHANNEL_MAX 100
+//
+// msg \x82\xAA NULL \x82ł͖\xB3\x82\xA2\x8E\x96\x82̕ۏBNULL \x82̏ꍇ\x82\xCD "(null)" \x82\xF0\x95Ԃ\xB7\x81B
+//
+#define NonNull(msg) ((msg)?(msg):"(null)")
static struct global_confirm global_confirms;
@@ -6333,13 +6337,16 @@
static BOOL handle_SSH2_service_accept(PTInstVar pvar)
{
- char *data, *s;
+ char *data, *svc;
// 6byte\x81i\x83T\x83C\x83Y\x81{\x83p\x83f\x83B\x83\x93\x83O\x81{\x83^\x83C\x83v\x81j\x82\xF0\x8E\xE6\x82菜\x82\xA2\x82\xBD\x88ȍ~\x82̃y\x83C\x83\x8D\x81[\x83h
data = pvar->ssh_state.payload;
- s = buffer_get_string(&data, NULL);
- logprintf(LOG_LEVEL_VERBOSE, "SSH2_MSG_SERVICE_ACCEPT was received. service name=%s", s);
+ if ((svc = buffer_get_string(&data, NULL)) == NULL) {
+ logputs(LOG_LEVEL_ERROR, __FUNCTION__ ": buffer_get_string returns NULL.");
+ }
+ logprintf(LOG_LEVEL_VERBOSE, "SSH2_MSG_SERVICE_ACCEPT was received. service-name=%s", NonNull(svc));
+ free(svc);
SSH2_dispatch_init(5);
SSH2_dispatch_add_message(SSH2_MSG_IGNORE); // XXX: Tru64 UNIX workaround (2005.3.5 yutaka)
@@ -6937,14 +6944,24 @@
inst = buffer_get_string(&data, NULL);
lang = buffer_get_string(&data, NULL);
lprompt[0] = 0;
- if (strlen(inst) > 0) {
+ if (inst == NULL) {
+ logputs(LOG_LEVEL_ERROR, __FUNCTION__ ": buffer_get_string returns NULL. (inst)");
+ }
+ else if (strlen(inst) > 0) {
strncat_s(lprompt, sizeof(lprompt), inst, _TRUNCATE);
strncat_s(lprompt, sizeof(lprompt), "\r\n", _TRUNCATE);
}
- if (strlen(lang) > 0) {
+ if (lang == NULL) {
+ logputs(LOG_LEVEL_ERROR, __FUNCTION__ ": buffer_get_string returns NULL. (lang)");
+ }
+ else if (strlen(lang) > 0) {
strncat_s(lprompt, sizeof(lprompt), lang, _TRUNCATE);
strncat_s(lprompt, sizeof(lprompt), "\r\n", _TRUNCATE);
}
+
+ logprintf(LOG_LEVEL_VERBOSE, __FUNCTION__ ": user=%s, inst=%s, lang=%s",
+ NonNull(name), NonNull(inst), NonNull(lang));
+
free(name);
free(inst);
free(lang);
@@ -7256,7 +7273,14 @@
info = buffer_get_string(&data, NULL);
lang = buffer_get_string(&data, NULL);
- logprintf(LOG_LEVEL_VERBOSE, __FUNCTION__ ": info %s lang %s\n", info, lang);
+ if (info == NULL || lang == NULL) {
+ logprintf(LOG_LEVEL_ERROR,
+ __FUNCTION__ ": buffer_get_string returns NULL. info=%s, lang=%s",
+ NonNull(info), NonNull(lang));
+ }
+ else {
+ logprintf(LOG_LEVEL_VERBOSE, __FUNCTION__ ": info=%s, lang=%s\n", info, lang);
+ }
free(info);
free(lang);
@@ -7587,10 +7611,13 @@
cstring = buffer_get_string(&data, NULL);
+ if (cstring == NULL) {
+ logputs(LOG_LEVEL_ERROR, __FUNCTION__ ": buffer_get_string returns NULL");
+ }
UTIL_get_lang_msg("MSG_SSH_CHANNEL_OPEN_ERROR", pvar,
"SSH2_MSG_CHANNEL_OPEN_FAILURE was received.\r\nchannel [%d]: reason: %s(%d) message: %s");
_snprintf_s(tmpbuf, sizeof(tmpbuf), _TRUNCATE, pvar->ts->UIMsg,
- id, rmsg, reason, cstring);
+ id, rmsg, reason, NonNull(cstring));
notify_nonfatal_error(pvar, tmpbuf);
free(cstring);
@@ -7641,8 +7668,12 @@
data++;
len--;
- // OpenSSH 6.8\x82ł́A\x83T\x81[\x83o\x82̃z\x83X\x83g\x8C\xAE\x82\xAA\x8DX\x90V\x82\xB3\x82\xEA\x82\xE9\x82ƁA\x89\xBA\x8BL\x82̒ʒm\x82\xAA\x97\x88\x82\xE9\x81B
- if (strcmp(rtype, "hostk****@opens*****") == 0) {
+ if (rtype == NULL) {
+ // rtype \x82\xAA NULL \x82Ŗ\xB3\x82\xA2\x8E\x96\x82̕ۏ\xD8
+ logputs(LOG_LEVEL_ERROR, __FUNCTION__ ": buffer_get_string returns NULL.");
+ }
+ else if (strcmp(rtype, "hostk****@opens*****") == 0) {
+ // OpenSSH 6.8\x82ł́A\x83T\x81[\x83o\x82̃z\x83X\x83g\x8C\xAE\x82\xAA\x8DX\x90V\x82\xB3\x82\xEA\x82\xE9\x82ƁA\x82\xB1\x82̒ʒm\x82\xAA\x97\x88\x82\xE9\x81B
// OpenSSH 6.8\x82̎\xC0\x91\x95\x82ł́A\x8F\xED\x82ɐ\xAC\x8C\xF7\x82ŕԂ\xB7\x82悤\x82ɂȂ\xC1\x82Ă\xA2\x82邽\x82߁A
// \x82\xBB\x82\xEA\x82ɍ\x87\x82킹\x82\xC4 Tera Term \x82ł\xE0\x90\xAC\x8C\xF7\x82ƕԂ\xB7\x82\xB1\x82Ƃɂ\xB7\x82\xE9\x81B
success = update_client_input_hostkeys(pvar, data, len);
@@ -8701,7 +8732,7 @@
buffer_t *msg;
unsigned char *outmsg;
- logputs(LOG_LEVEL_VERBOSE, "SSH2_MSG_CHANNEL_OPEN was received.");
+ logputs(LOG_LEVEL_VERBOSE, __FUNCTION__ ": SSH2_MSG_CHANNEL_OPEN was received.");
// 6byte\x81i\x83T\x83C\x83Y\x81{\x83p\x83f\x83B\x83\x93\x83O\x81{\x83^\x83C\x83v\x81j\x82\xF0\x8E\xE6\x82菜\x82\xA2\x82\xBD\x88ȍ~\x82̃y\x83C\x83\x8D\x81[\x83h
data = pvar->ssh_state.payload;
@@ -8719,8 +8750,16 @@
remote_maxpacket = get_uint32_MSBfirst(data);
data += 4;
+ logprintf(LOG_LEVEL_VERBOSE, __FUNCTION__
+ ": type=%s, channel=%d, init_winsize=%d, max_packetsize:%d",
+ NonNull(ctype), remote_id, remote_window, remote_maxpacket);
+
// check Channel Type(string)
- if (strcmp(ctype, "forwarded-tcpip") == 0) { // port-forwarding(remote to local)
+ if (ctype == NULL) {
+ // ctype \x82\xAA NULL \x82Ŗ\xB3\x82\xA2\x8E\x96\x82̕ۏׁ̈A\x90\xE6\x82Ƀ`\x83F\x83b\x83N\x82\xB7\x82\xE9
+ logputs(LOG_LEVEL_ERROR, __FUNCTION__ ": buffer_get_string returns NULL. (ctype)");
+ }
+ else if (strcmp(ctype, "forwarded-tcpip") == 0) { // port-forwarding(remote to local)
char *listen_addr, *orig_addr;
int listen_port, orig_port;
@@ -8732,29 +8771,37 @@
orig_port = get_uint32_MSBfirst(data); // 32776
data += 4;
- // searching request entry by listen_port & create_local_channel
- FWD_open(pvar, remote_id, listen_addr, listen_port, orig_addr, orig_port,
- &chan_num);
+ if (listen_addr && orig_addr) {
+ logprintf(LOG_LEVEL_VERBOSE, __FUNCTION__
+ ": %s: listen_addr=%s, listen_port=%d, orig_addr=%s, orig_port=%d",
+ ctype, listen_addr, listen_port, orig_addr, orig_port);
+ // searching request entry by listen_port & create_local_channel
+ FWD_open(pvar, remote_id, listen_addr, listen_port, orig_addr, orig_port, &chan_num);
+ // channel\x82\xF0\x83A\x83\x8D\x83P\x81[\x83g\x82\xB5\x81A\x95K\x97v\x82ȏ\xEE\x95\xF1\x81iremote window size\x81j\x82\xF0\x82\xB1\x82\xB1\x82Ŏ\xE6\x82\xC1\x82Ă\xA8\x82\xAD\x81B
+ // changed window size from 128KB to 32KB. (2006.3.6 yutaka)
+ // changed window size from 32KB to 128KB. (2007.10.29 maya)
+ c = ssh2_channel_new(CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, TYPE_PORTFWD, chan_num);
+ if (c == NULL) {
+ // \x93]\x91\x97\x83`\x83\x83\x83l\x83\x8B\x93\xE0\x82ɂ\xA0\x82\xE9\x83\\x83P\x83b\x83g\x82̉\xF0\x95\xFA\x98R\x82\xEA\x82\xF0\x8FC\x90\xB3 (2007.7.26 maya)
+ FWD_free_channel(pvar, chan_num);
+ UTIL_get_lang_msg("MSG_SSH_NO_FREE_CHANNEL", pvar,
+ "Could not open new channel. TTSSH is already opening too many channels.");
+ notify_nonfatal_error(pvar, pvar->ts->UIMsg);
+ return FALSE;
+ }
+ c->remote_id = remote_id;
+ c->remote_window = remote_window;
+ c->remote_maxpacket = remote_maxpacket;
+ }
+ else {
+ logprintf(LOG_LEVEL_ERROR, __FUNCTION__ ": %s: buffer_get_string returns NULL. "
+ "linsten_addr=%s, orig_addr=%s",
+ ctype, NonNull(listen_addr), NonNull(orig_addr));
+ }
free(listen_addr);
free(orig_addr);
- // channel\x82\xF0\x83A\x83\x8D\x83P\x81[\x83g\x82\xB5\x81A\x95K\x97v\x82ȏ\xEE\x95\xF1\x81iremote window size\x81j\x82\xF0\x82\xB1\x82\xB1\x82Ŏ\xE6\x82\xC1\x82Ă\xA8\x82\xAD\x81B
- // changed window size from 128KB to 32KB. (2006.3.6 yutaka)
- // changed window size from 32KB to 128KB. (2007.10.29 maya)
- c = ssh2_channel_new(CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, TYPE_PORTFWD, chan_num);
- if (c == NULL) {
- // \x93]\x91\x97\x83`\x83\x83\x83l\x83\x8B\x93\xE0\x82ɂ\xA0\x82\xE9\x83\\x83P\x83b\x83g\x82̉\xF0\x95\xFA\x98R\x82\xEA\x82\xF0\x8FC\x90\xB3 (2007.7.26 maya)
- FWD_free_channel(pvar, chan_num);
- UTIL_get_lang_msg("MSG_SSH_NO_FREE_CHANNEL", pvar,
- "Could not open new channel. TTSSH is already opening too many channels.");
- notify_nonfatal_error(pvar, pvar->ts->UIMsg);
- return FALSE;
- }
- c->remote_id = remote_id;
- c->remote_window = remote_window;
- c->remote_maxpacket = remote_maxpacket;
-
} else if (strcmp(ctype, "x11") == 0) { // port-forwarding(X11)
// X application\x82\xF0\x83^\x81[\x83~\x83i\x83\x8B\x8F\xE3\x82Ŏ\xC0\x8Ds\x82\xB7\x82\xE9\x82ƁASSH2_MSG_CHANNEL_OPEN \x82\xAA\x91\x97\x82\xE7\x82\xEA\x82Ă\xAD\x82\xE9\x81B
char *orig_str;
@@ -8763,6 +8810,10 @@
orig_str = buffer_get_string(&data, NULL); // "127.0.0.1"
orig_port = get_uint32_MSBfirst(data);
data += 4;
+
+ logprintf(LOG_LEVEL_VERBOSE, __FUNCTION__ ": %s: orig_addr=%s, orig_port=%d",
+ ctype, orig_str, orig_port);
+
free(orig_str);
// X server(port 6000)\x82ڑ\xB1\x82\xB7\x82\xE9\x81B\x90ڑ\xB1\x82Ɏ\xB8\x94s\x82\xB7\x82\xE9\x82\xC6Tera Term\x8E\xA9\x90g\x82\xAA\x90ؒf\x82\xB3\x82\xEA\x82\xE9\x81B
@@ -8817,12 +8868,11 @@
finish_send_packet(pvar);
buffer_free(msg);
- logputs(LOG_LEVEL_VERBOSE, "SSH2_MSG_CHANNEL_OPEN_FAILURE was sent at handle_SSH2_channel_open().");
+ logputs(LOG_LEVEL_VERBOSE, __FUNCTION__ ": SSH2_MSG_CHANNEL_OPEN_FAILURE was sent.");
}
} else {
// unknown type(unsupported)
-
}
free(ctype);
@@ -8900,6 +8950,8 @@
int success = 0;
Channel_t *c;
+ logputs(LOG_LEVEL_VERBOSE, "SSH2_MSG_CHANNEL_REQUEST was received.");
+
// 6byte\x81i\x83T\x83C\x83Y\x81{\x83p\x83f\x83B\x83\x93\x83O\x81{\x83^\x83C\x83v\x81j\x82\xF0\x8E\xE6\x82菜\x82\xA2\x82\xBD\x88ȍ~\x82̃y\x83C\x83\x8D\x81[\x83h
data = pvar->ssh_state.payload;
// \x83p\x83P\x83b\x83g\x83T\x83C\x83Y - (\x83p\x83f\x83B\x83\x93\x83O\x83T\x83C\x83Y+1)\x81G\x90^\x82̃p\x83P\x83b\x83g\x83T\x83C\x83Y
@@ -8919,27 +8971,29 @@
want_reply = data[0];
data += 1;
- logprintf(LOG_LEVEL_VERBOSE, "SSH2_MSG_CHANNEL_REQUEST was received. "
- "local:%d remote:%d request:%s want_reply:%d",
- c->self_id, c->remote_id, request?request:"(null)", want_reply);
+ logprintf(LOG_LEVEL_VERBOSE, __FUNCTION__
+ ": local=%d, remote=%d, request=%s, want_reply=%d",
+ c->self_id, c->remote_id, NonNull(request), want_reply);
- if (request) {
- if (strcmp(request, "exit-status") == 0) {
- // \x8FI\x97\xB9\x83R\x81[\x83h\x82\xAA\x8A܂܂\xEA\x82Ă\xA2\x82\xE9\x82Ȃ\xE7\x82\xCE
- int estat = get_uint32_MSBfirst(data);
- success = 1;
- logprintf(LOG_LEVEL_VERBOSE, __FUNCTION__ ": exit-status=%d", estat);
- }
- else if (strcmp(request, "keepa****@opens*****") == 0) {
- // OpenSSH client \x82ł\xCD success = 1 \x82ɂ\xB5\x82Ă\xA2\x82Ȃ\xA2\x82\xAF\x82\xEA\x82ǁA
- // server \x91\xA4\x82\xCD SUCCESS/FAILURE \x82ǂ\xBF\x82\xE7\x82ł\xE0 OK \x82Ȃ̂\xC5
- // \x82Ƃ肠\x82\xA6\x82\xB8 SUCCESS \x82\xF0\x95Ԃ\xB7\x81B
- success = 1;
- }
-
- free(request);
+ if (request == NULL) {
+ // request \x82\xAA NULL \x82Ŗ\xB3\x82\xA2\x8E\x96\x82̕ۏ\xD8
+ logprintf(LOG_LEVEL_ERROR, __FUNCTION__ ": buffer_get_string returns NULL. (request)");
}
+ else if (strcmp(request, "exit-status") == 0) {
+ // \x8FI\x97\xB9\x83R\x81[\x83h\x82\xAA\x8A܂܂\xEA\x82Ă\xA2\x82\xE9\x82Ȃ\xE7\x82\xCE
+ int estat = get_uint32_MSBfirst(data);
+ success = 1;
+ logprintf(LOG_LEVEL_VERBOSE, __FUNCTION__ ": exit-status=%d", estat);
+ }
+ else if (strcmp(request, "keepa****@opens*****") == 0) {
+ // OpenSSH client \x82ł\xCD success = 1 \x82ɂ\xB5\x82Ă\xA2\x82Ȃ\xA2\x82\xAF\x82\xEA\x82ǁA
+ // server \x91\xA4\x82\xCD SUCCESS/FAILURE \x82ǂ\xBF\x82\xE7\x82ł\xE0 OK \x82Ȃ̂\xC5
+ // \x82Ƃ肠\x82\xA6\x82\xB8 SUCCESS \x82\xF0\x95Ԃ\xB7\x81B
+ success = 1;
+ }
+ free(request);
+
if (want_reply) {
buffer_t *msg;
unsigned char *outmsg;