openssh/openssh-5.8p1-audit4a.patch

diff -up openssh-5.8p1/packet.c.audit4a openssh-5.8p1/packet.c
--- openssh-5.8p1/packet.c.audit4a	2011-03-08 08:52:12.000000000 +0100
+++ openssh-5.8p1/packet.c	2011-03-08 08:52:39.000000000 +0100
@@ -473,6 +473,13 @@ packet_get_connection_out(void)
 	return active_state->connection_out;
 }
 
+static int
+packet_state_has_keys (const struct session_state *state)
+{
+	return state != NULL &&
+		(state->newkeys[MODE_IN] != NULL || state->newkeys[MODE_OUT] != NULL);
+}
+
 /* Closes the connection and clears and frees internal data structures. */
 
 void
@@ -481,13 +488,6 @@ packet_close(void)
 	if (!active_state->initialized)
 		return;
 	active_state->initialized = 0;
-	if (active_state->connection_in == active_state->connection_out) {
-		shutdown(active_state->connection_out, SHUT_RDWR);
-		close(active_state->connection_out);
-	} else {
-		close(active_state->connection_in);
-		close(active_state->connection_out);
-	}
 	buffer_free(&active_state->input);
 	buffer_free(&active_state->output);
 	buffer_free(&active_state->outgoing_packet);
@@ -496,9 +496,18 @@ packet_close(void)
 		buffer_free(&active_state->compression_buffer);
 		buffer_compress_uninit();
 	}
-	cipher_cleanup(&active_state->send_context);
-	cipher_cleanup(&active_state->receive_context);
-	audit_session_key_free(2);
+	if (packet_state_has_keys(active_state)) {
+		cipher_cleanup(&active_state->send_context);
+		cipher_cleanup(&active_state->receive_context);
+		audit_session_key_free(2);
+	}
+	if (active_state->connection_in == active_state->connection_out) {
+		shutdown(active_state->connection_out, SHUT_RDWR);
+		close(active_state->connection_out);
+	} else {
+		close(active_state->connection_in);
+		close(active_state->connection_out);
+	}
 }
 
 /* Sets remote side protocol flags. */
@@ -1945,13 +1954,6 @@ packet_destroy_state(struct session_stat
 //	memset(state, 0, sizeof(state));
 }
 
-static int
-packet_state_has_keys (const struct session_state *state)
-{
-	return state != NULL &&
-		(state->newkeys[MODE_IN] != NULL || state->newkeys[MODE_OUT] != NULL);
-}
-
 void
 packet_destroy_all(int audit_it, int privsep)
 {
diff -up openssh-5.8p1/sshd.c.audit4a openssh-5.8p1/sshd.c
--- openssh-5.8p1/sshd.c.audit4a	2011-03-08 08:53:02.000000000 +0100
+++ openssh-5.8p1/sshd.c	2011-03-08 08:55:23.000000000 +0100
@@ -2033,7 +2033,7 @@ main(int ac, char **av)
 	do_authenticated(authctxt);
 
 	/* The connection has been terminated. */
-	packet_destroy_all(1, 0);
+	packet_destroy_all(1, 1);
 
 	packet_get_state(MODE_IN, NULL, NULL, NULL, &ibytes);
 	packet_get_state(MODE_OUT, NULL, NULL, NULL, &obytes);
improve session keys audit 2011-03-09 07:48:51 +00:00			`diff -up openssh-5.8p1/packet.c.audit4a openssh-5.8p1/packet.c`
			`--- openssh-5.8p1/packet.c.audit4a 2011-03-08 08:52:12.000000000 +0100`
			`+++ openssh-5.8p1/packet.c 2011-03-08 08:52:39.000000000 +0100`
			`@@ -473,6 +473,13 @@ packet_get_connection_out(void)`
			`return active_state->connection_out;`
			`}`

			`+static int`
			`+packet_state_has_keys (const struct session_state *state)`
			`+{`
			`+ return state != NULL &&`
			`+ (state->newkeys[MODE_IN] != NULL \|\| state->newkeys[MODE_OUT] != NULL);`
			`+}`
			`+`
			`/* Closes the connection and clears and frees internal data structures. */`

			`void`
			`@@ -481,13 +488,6 @@ packet_close(void)`
			`if (!active_state->initialized)`
			`return;`
			`active_state->initialized = 0;`
			`- if (active_state->connection_in == active_state->connection_out) {`
			`- shutdown(active_state->connection_out, SHUT_RDWR);`
			`- close(active_state->connection_out);`
			`- } else {`
			`- close(active_state->connection_in);`
			`- close(active_state->connection_out);`
			`- }`
			`buffer_free(&active_state->input);`
			`buffer_free(&active_state->output);`
			`buffer_free(&active_state->outgoing_packet);`
			`@@ -496,9 +496,18 @@ packet_close(void)`
			`buffer_free(&active_state->compression_buffer);`
			`buffer_compress_uninit();`
			`}`
			`- cipher_cleanup(&active_state->send_context);`
			`- cipher_cleanup(&active_state->receive_context);`
			`- audit_session_key_free(2);`
			`+ if (packet_state_has_keys(active_state)) {`
			`+ cipher_cleanup(&active_state->send_context);`
			`+ cipher_cleanup(&active_state->receive_context);`
			`+ audit_session_key_free(2);`
			`+ }`
			`+ if (active_state->connection_in == active_state->connection_out) {`
			`+ shutdown(active_state->connection_out, SHUT_RDWR);`
			`+ close(active_state->connection_out);`
			`+ } else {`
			`+ close(active_state->connection_in);`
			`+ close(active_state->connection_out);`
			`+ }`
			`}`

			`/* Sets remote side protocol flags. */`
			`@@ -1945,13 +1954,6 @@ packet_destroy_state(struct session_stat`
			`// memset(state, 0, sizeof(state));`
			`}`

			`-static int`
			`-packet_state_has_keys (const struct session_state *state)`
			`-{`
			`- return state != NULL &&`
			`- (state->newkeys[MODE_IN] != NULL \|\| state->newkeys[MODE_OUT] != NULL);`
			`-}`
			`-`
			`void`
			`packet_destroy_all(int audit_it, int privsep)`
			`{`
			`diff -up openssh-5.8p1/sshd.c.audit4a openssh-5.8p1/sshd.c`
			`--- openssh-5.8p1/sshd.c.audit4a 2011-03-08 08:53:02.000000000 +0100`
			`+++ openssh-5.8p1/sshd.c 2011-03-08 08:55:23.000000000 +0100`
			`@@ -2033,7 +2033,7 @@ main(int ac, char **av)`
			`do_authenticated(authctxt);`

			`/* The connection has been terminated. */`
			`- packet_destroy_all(1, 0);`
			`+ packet_destroy_all(1, 1);`

			`packet_get_state(MODE_IN, NULL, NULL, NULL, &ibytes);`
			`packet_get_state(MODE_OUT, NULL, NULL, NULL, &obytes);`