aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJulien Dessaux2018-08-23 14:07:58 +0200
committerJulien Dessaux2018-08-23 17:41:44 +0200
commit4da77dcb10c74c4f369d731addf19c6a065e0684 (patch)
tree7b98cd7c8680ad6d90a4fcbd27f5020eb433adf5
parentCode cleaning and added error handling (diff)
downloadbastion-4da77dcb10c74c4f369d731addf19c6a065e0684.tar.gz
bastion-4da77dcb10c74c4f369d731addf19c6a065e0684.tar.bz2
bastion-4da77dcb10c74c4f369d731addf19c6a065e0684.zip
Added address sanitization and fixed found bugs
Diffstat (limited to '')
-rw-r--r--GNUmakefile8
-rw-r--r--src/client.c3
-rw-r--r--src/proxy.c21
-rw-r--r--src/session.c5
4 files changed, 16 insertions, 21 deletions
diff --git a/GNUmakefile b/GNUmakefile
index 38004ed..00f18ad 100644
--- a/GNUmakefile
+++ b/GNUmakefile
@@ -1,5 +1,5 @@
CC=clang
-DEBUG=-g
+DEBUG=-g -fsanitize=address
CFLAGS= ${DEBUG} -Wall -Werror -Wextra -Weverything -Wno-disabled-macro-expansion
sources=$(wildcard src/*.c)
@@ -22,6 +22,12 @@ clean:
@sed -e 's/.*://' -e 's/\\$$//' < $*.d.tmp | fmt -1 | sed -e 's/^ *//' -e 's/$$/:/' >> $*.d
@rm -f $*.d.tmp
+# You must compile without -fsanitize=address to use valgrind
valgrind:
valgrind --leak-check=full --show-leak-kinds=all --trace-children=yes --suppressions=${HOME}/.valgrind_suppressions ./bastion
#valgrind -v --leak-check=full --show-leak-kinds=all --trace-children=yes --suppressions=${HOME}/.valgrind_suppressions --gen-suppressions=yes ./bastion
+
+debug:
+ ASAN_OPTIONS=allow_user_segv_handler=true:detect_leaks=true:fast_unwind_on_malloc=0:check_initialization_order=1:suppressions=asan.supp \
+ ASAN_SYMBOLIZER_PATH=/usr/lib/llvm-6.0/bin/llvm-symbolizer \
+ ./bastion
diff --git a/src/client.c b/src/client.c
index 64df1eb..d7ecca6 100644
--- a/src/client.c
+++ b/src/client.c
@@ -139,6 +139,7 @@ struct client_channel_data_struct* client_dial(ssh_event event, struct proxy_cha
}
cdata->client_channel_cb = malloc(sizeof(*cdata->client_channel_cb));
+ memset(cdata->client_channel_cb, 0, sizeof(*cdata->client_channel_cb));
cdata->client_channel_cb->userdata = cdata;
cdata->client_channel_cb->channel_data_function = client_data_function;
cdata->client_channel_cb->channel_eof_function = client_channel_eof_callback;
@@ -160,7 +161,7 @@ struct client_channel_data_struct* client_dial(ssh_event event, struct proxy_cha
channel_clean:
ssh_channel_free(cdata->my_channel);
auth_clean:
- // TODO
+ // TODO when pubkey match implemented fix this
//pubkey_nomatch_clean:
ssh_string_free_char(hexa);
pubkey_hash_clean:
diff --git a/src/proxy.c b/src/proxy.c
index bfeeed8..3bbecf3 100644
--- a/src/proxy.c
+++ b/src/proxy.c
@@ -104,7 +104,7 @@ static int proxy_subsystem_request(ssh_session session, ssh_channel channel,
(void) channel;
(void) subsystem;
(void) userdata;
- return SSH_ERROR; // TODO
+ return SSH_ERROR; // TODO ssh subsystem request
//if (ssh_channel_is_open(pdata->client_channel)) {
//}
}
@@ -190,21 +190,10 @@ void handle_proxy_session(ssh_event event, ssh_session session, ssh_channel my_c
.channel_pty_window_change_function = proxy_pty_resize,
.channel_exec_request_function = proxy_exec_request,
.channel_subsystem_request_function = proxy_subsystem_request,
- /** This function will be called when a client requests agent
- * authentication forwarding.
- */
- //ssh_channel_auth_agent_req_callback channel_auth_agent_req_function;
- /** This function will be called when a client requests X11
- * forwarding.
- */
- //ssh_channel_x11_req_callback channel_x11_req_function;
- /** This function will be called when a client requests an environment
- * variable to be set.
- */
- /** This function will be called when the channel write is guaranteed
- * not to block.
- */
- // .channel_write_wontblock_function = proxy_channel_write_wontblock,
+ .channel_auth_agent_req_function = NULL,
+ .channel_x11_req_function = NULL,
+ .channel_env_request_function = NULL,
+ .channel_write_wontblock_function = NULL,
};
ssh_callbacks_init(&channel_cb);
ssh_set_channel_callbacks(my_channel, &channel_cb);
diff --git a/src/session.c b/src/session.c
index 22d10de..1031f7d 100644
--- a/src/session.c
+++ b/src/session.c
@@ -30,7 +30,7 @@ static int auth_pubkey(ssh_session session, const char *user,
// TODO check for an invite
- ssh_key reference_key = ssh_key_new();
+ ssh_key reference_key;
ssh_pki_import_pubkey_base64(USER_RSA_PUBKEY, SSH_KEYTYPE_RSA, &reference_key); // TODO fetch all pubkeys from db
if (!ssh_key_cmp(pubkey, reference_key, SSH_KEY_CMP_PUBLIC)) {
sdata->authenticated = 1;
@@ -41,8 +41,7 @@ static int auth_pubkey(ssh_session session, const char *user,
return SSH_ERROR;
}
sdata->login_username = malloc(len+1);
- memset(sdata->login_username, 0, len+1);
- strncpy(sdata->login_username, user, len);
+ strncpy(sdata->login_username, user, len+1);
return SSH_AUTH_SUCCESS;
} else {
ssh_key_free(reference_key);