NOTE: this is the second revision of this patch

Apply by doing:
       cd /usr/src
       patch -p0 < 017_sshbuffer.patch
       cd usr.bin/ssh
       make obj
       make cleandir
       make depend
       make && make install

Do not forget to restart sshd(8).  If you started sshd(8) with
a full path (i.e. /usr/sbin/sshd) you can simply send it a SIGHUP
and it will re-exec itself.  E.g.
       kill -HUP `cat /var/run/sshd.pid`

Index: usr.bin/ssh/buffer.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/buffer.c,v
retrieving revision 1.16
diff -u -r1.16 buffer.c
--- usr.bin/ssh/buffer.c        26 Jun 2002 08:54:18 -0000      1.16
+++ usr.bin/ssh/buffer.c        17 Sep 2003 00:53:39 -0000
@@ -23,8 +23,11 @@
void
buffer_init(Buffer *buffer)
{
-       buffer->alloc = 4096;
-       buffer->buf = xmalloc(buffer->alloc);
+       const u_int len = 4096;
+
+       buffer->alloc = 0;
+       buffer->buf = xmalloc(len);
+       buffer->alloc = len;
       buffer->offset = 0;
       buffer->end = 0;
}
@@ -34,8 +37,10 @@
void
buffer_free(Buffer *buffer)
{
-       memset(buffer->buf, 0, buffer->alloc);
-       xfree(buffer->buf);
+       if (buffer->alloc > 0) {
+               memset(buffer->buf, 0, buffer->alloc);
+               xfree(buffer->buf);
+       }
}

/*
@@ -69,6 +74,7 @@
void *
buffer_append_space(Buffer *buffer, u_int len)
{
+       u_int newlen;
       void *p;

       if (len > 0x100000)
@@ -98,11 +104,13 @@
               goto restart;
       }
       /* Increase the size of the buffer and retry. */
-       buffer->alloc += len + 32768;
-       if (buffer->alloc > 0xa00000)
+
+       newlen = buffer->alloc + len + 32768;
+       if (newlen > 0xa00000)
               fatal("buffer_append_space: alloc %u not supported",
-                   buffer->alloc);
-       buffer->buf = xrealloc(buffer->buf, buffer->alloc);
+                   newlen);
+       buffer->buf = xrealloc(buffer->buf, newlen);
+       buffer->alloc = newlen;
       goto restart;
       /* NOTREACHED */
}
Index: usr.bin/ssh/channels.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/channels.c,v
retrieving revision 1.183
diff -u -r1.183 channels.c
--- usr.bin/ssh/channels.c      17 Sep 2002 07:47:02 -0000      1.183
+++ usr.bin/ssh/channels.c      17 Sep 2003 00:53:41 -0000
@@ -228,12 +228,13 @@
       if (found == -1) {
               /* There are no free slots.  Take last+1 slot and expand the array.  */
               found = channels_alloc;
-               channels_alloc += 10;
               if (channels_alloc > 10000)
                       fatal("channel_new: internal error: channels_alloc %d "
                           "too big.", channels_alloc);
+               channels = xrealloc(channels,
+                   (channels_alloc + 10) * sizeof(Channel *));
+               channels_alloc += 10;
               debug2("channel: expanding %d", channels_alloc);
-               channels = xrealloc(channels, channels_alloc * sizeof(Channel *));
               for (i = found; i < channels_alloc; i++)
                       channels[i] = NULL;
       }

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.