From d477025000c4d6717f9501cc8d382eed06fbe868 Mon Sep 17 00:00:00 2001
From: Aris Adamantiadis <aris@0xbadc0de.be>
Date: Mon, 30 Jun 2008 22:28:11 +0000
Subject: [PATCH] fix bug 0000015 about memory leak in server path

git-svn-id: svn+ssh://svn.berlios.de/svnroot/repos/libssh/trunk@180 7dcaeef0-15fb-0310-b436-a5af3365683c
---
 libssh/messages.c |  9 +++++++++
 libssh/server.c   |  4 ++++
 libssh/wrapper.c  | 21 ++++++++++++++++++++-
 samplesshd.c      |  2 ++
 4 files changed, 35 insertions(+), 1 deletion(-)

diff --git a/libssh/messages.c b/libssh/messages.c
index e609cbc6..e9c99b1a 100644
--- a/libssh/messages.c
+++ b/libssh/messages.c
@@ -84,6 +84,8 @@ static SSH_MESSAGE *handle_userauth_request(SSH_SESSION *session){
     free(user);
     service_c=string_to_char(service);
     method_c=string_to_char(method);
+    free(service);
+    free(method);
     ssh_say(2,"auth request for service %s, method %s for user '%s'\n",service_c,method_c,
             msg->auth_request.username);
     free(service_c);
@@ -182,10 +184,12 @@ static SSH_MESSAGE *handle_channel_request_open(SSH_SESSION *session){
     msg->channel_request_open.packet_size=ntohl(packet);
     if(!strcmp(type_c,"session")){
         msg->channel_request_open.type=SSH_CHANNEL_SESSION;
+        free(type_c);
         leave_function();
         return msg;
     }
     msg->channel_request_open.type=SSH_CHANNEL_UNKNOWN;
+    free(type_c);
     leave_function();
     return msg;
 }
@@ -247,6 +251,7 @@ static SSH_MESSAGE *handle_channel_request(SSH_SESSION *session){
     if(!strcmp(type_c,"pty-req")){
         STRING *term;
         char *term_c;
+        free(type_c);
         term=buffer_get_ssh_string(session->in_buffer);
         term_c=string_to_char(term);
         free(term);
@@ -267,6 +272,7 @@ static SSH_MESSAGE *handle_channel_request(SSH_SESSION *session){
     if(!strcmp(type_c,"subsystem")){
         STRING *subsys;
         char *subsys_c;
+        free(type_c);
         subsys=buffer_get_ssh_string(session->in_buffer);
         subsys_c=string_to_char(subsys);
         free(subsys);
@@ -276,12 +282,14 @@ static SSH_MESSAGE *handle_channel_request(SSH_SESSION *session){
         return msg;
     }
     if(!strcmp(type_c,"shell")){
+    	free(type_c);
         msg->channel_request.type=SSH_CHANNEL_REQUEST_SHELL;
         leave_function();
         return msg;
     }
     if(!strcmp(type_c,"exec")){
         STRING *cmd=buffer_get_ssh_string(session->in_buffer);
+        free(type_c);
         msg->channel_request.type=SSH_CHANNEL_REQUEST_EXEC;
         msg->channel_request.command=string_to_char(cmd);
         free(cmd);
@@ -290,6 +298,7 @@ static SSH_MESSAGE *handle_channel_request(SSH_SESSION *session){
     }
     
     msg->channel_request.type=SSH_CHANNEL_UNKNOWN;
+    free(type_c);
     leave_function();
     return msg;
 }
diff --git a/libssh/server.c b/libssh/server.c
index 58fbb615..538ec80a 100644
--- a/libssh/server.c
+++ b/libssh/server.c
@@ -163,6 +163,7 @@ SSH_SESSION *ssh_bind_accept(SSH_BIND *ssh_bind){
     session=ssh_new();
     session->server=1;
     session->version=2;
+    ssh_socket_free(session->socket);
     session->socket=ssh_socket_new(session);
     ssh_socket_set_fd(session->socket,fd);
     session->options=ssh_options_copy(ssh_bind->options);
@@ -175,6 +176,8 @@ void ssh_bind_free(SSH_BIND *ssh_bind){
     if(ssh_bind->bindfd>=0)
         close(ssh_bind->bindfd);
     ssh_bind->bindfd=-1;
+    if(ssh_bind->options)
+    	ssh_options_free(ssh_bind->options);
     free(ssh_bind);
 }
 
@@ -223,6 +226,7 @@ static int dh_handshake_server(SSH_SESSION *session){
         return -1;
     }
     dh_import_e(session,e);
+    free(e);
     dh_generate_y(session);
     dh_generate_f(session);
     f=dh_get_f(session);
diff --git a/libssh/wrapper.c b/libssh/wrapper.c
index b5906ff6..1c848c97 100644
--- a/libssh/wrapper.c
+++ b/libssh/wrapper.c
@@ -447,6 +447,8 @@ void crypto_free(CRYPTO *crypto){
         bignum_free(crypto->f);
     if(crypto->x)
         bignum_free(crypto->x);
+    if(crypto->y)
+    	bignum_free(crypto->y);
     if(crypto->k)
         bignum_free(crypto->k);
     /* lot of other things */
@@ -509,6 +511,7 @@ int crypt_set_algorithms(SSH_SESSION *session){
 // TODO Obviously too much cut and paste here
 int crypt_set_algorithms_server(SSH_SESSION *session){
     /* we must scan the kex entries to find crypto algorithms and set their appropriate structure */
+	enter_function();
     int i=0;
     /* out */
     char *server=session->server_kex.methods[SSH_CRYPT_S_C];
@@ -516,16 +519,21 @@ int crypt_set_algorithms_server(SSH_SESSION *session){
     char *match=ssh_find_matching(client,server);
     if(!match){
         ssh_set_error(session,SSH_FATAL,"Crypt_set_algorithms_server : no matching algorithm function found for %s",server);
+        free(match);
+        leave_function();
         return SSH_ERROR;
     }
     while(ssh_ciphertab[i].name && strcmp(match,ssh_ciphertab[i].name))
         i++;
     if(!ssh_ciphertab[i].name){
         ssh_set_error(session,SSH_FATAL,"Crypt_set_algorithms_server : no crypto algorithm function found for %s",server);
+        free(match);
+        leave_function();
         return SSH_ERROR;
     }
     ssh_log(session,SSH_LOG_PACKET,"Set output algorithm %s",match);
     session->next_crypto->out_cipher=cipher_new(i);
+    free(match);
     i=0;
     /* in */
     client=session->client_kex.methods[SSH_CRYPT_C_S];
@@ -533,16 +541,21 @@ int crypt_set_algorithms_server(SSH_SESSION *session){
     match=ssh_find_matching(client,server);
     if(!match){
         ssh_set_error(session,SSH_FATAL,"Crypt_set_algorithms_server : no matching algorithm function found for %s",server);
+        free(match);
+        leave_function();
         return SSH_ERROR;
     }
     while(ssh_ciphertab[i].name && strcmp(match,ssh_ciphertab[i].name))
         i++;
     if(!ssh_ciphertab[i].name){
         ssh_set_error(session,SSH_FATAL,"Crypt_set_algorithms_server : no crypto algorithm function found for %s",server);
+        free(match);
+        leave_function();
         return SSH_ERROR;
     }
     ssh_log(session,SSH_LOG_PACKET,"Set input algorithm %s",match);
     session->next_crypto->in_cipher=cipher_new(i);
+    free(match);
     /* compression */
     client=session->client_kex.methods[SSH_CRYPT_C_S];
     server=session->server_kex.methods[SSH_CRYPT_C_S];
@@ -551,6 +564,7 @@ int crypt_set_algorithms_server(SSH_SESSION *session){
         ssh_log(session,SSH_LOG_PACKET,"enabling C->S compression");
         session->next_crypto->do_compress_in=1;
     }
+    free(match);
     
     client=session->client_kex.methods[SSH_CRYPT_S_C];
     server=session->server_kex.methods[SSH_CRYPT_S_C];
@@ -559,7 +573,8 @@ int crypt_set_algorithms_server(SSH_SESSION *session){
         ssh_log(session,SSH_LOG_PACKET,"enabling S->C compression\n");
         session->next_crypto->do_compress_out=1;
     }
-
+    free(match);
+    
     server=session->server_kex.methods[SSH_HOSTKEYS];
     client=session->client_kex.methods[SSH_HOSTKEYS];
     match=ssh_find_matching(client,server);
@@ -569,7 +584,11 @@ int crypt_set_algorithms_server(SSH_SESSION *session){
         session->hostkeys=TYPE_RSA;
     else {
         ssh_set_error(session,SSH_FATAL,"cannot know what %s is into %s",match,server);
+        free(match);
+        leave_function();
         return SSH_ERROR;
     }
+    free(match);
+    leave_function();
     return SSH_OK;
 }
diff --git a/samplesshd.c b/samplesshd.c
index c6088d0b..3e98b3e5 100644
--- a/samplesshd.c
+++ b/samplesshd.c
@@ -148,7 +148,9 @@ int main(int argc, char **argv){
         if(i>0)
             write(1,buffer_get(buf),buffer_get_len(buf));
     } while (i>0);
+    buffer_free(buf);
     ssh_disconnect(session);
+    ssh_bind_free(ssh_bind);
     ssh_finalize();
     return 0;
 }