Bug Summary

File:extcap/sshdig.c
Warning:line 242, column 12
Opened stream never closed. Potential resource leak

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple x86_64-pc-linux-gnu -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name sshdig.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 2 -pic-is-pie -fno-delete-null-pointer-checks -mframe-pointer=all -relaxed-aliasing -fmath-errno -ffp-contract=on -fno-rounding-math -ffloat16-excess-precision=fast -fbfloat16-excess-precision=fast -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fdebug-compilation-dir=/builds/wireshark/wireshark/build -fcoverage-compilation-dir=/builds/wireshark/wireshark/build -resource-dir /usr/lib/llvm-19/lib/clang/19 -isystem /usr/include/glib-2.0 -isystem /usr/lib/x86_64-linux-gnu/glib-2.0/include -D G_DISABLE_DEPRECATED -D G_DISABLE_SINGLE_INCLUDES -D WS_DEBUG -D WS_DEBUG_UTF_8 -I /builds/wireshark/wireshark/build -I /builds/wireshark/wireshark -I /builds/wireshark/wireshark/include -D _GLIBCXX_ASSERTIONS -internal-isystem /usr/lib/llvm-19/lib/clang/19/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/14/../../../../x86_64-linux-gnu/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -fmacro-prefix-map=/builds/wireshark/wireshark/= -fmacro-prefix-map=/builds/wireshark/wireshark/build/= -fmacro-prefix-map=../= -Wno-format-truncation -Wno-format-nonliteral -Wno-pointer-sign -std=gnu11 -ferror-limit 19 -fvisibility=hidden -fwrapv -fstrict-flex-arrays=3 -stack-protector 2 -fstack-clash-protection -fcf-protection=full -fgnuc-version=4.2.1 -fskip-odr-check-in-gmf -fexceptions -fcolor-diagnostics -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /builds/wireshark/wireshark/sbout/2025-07-07-100249-3847-1 -x c /builds/wireshark/wireshark/extcap/sshdig.c
1/* sshdig.c
2 * sshdig is extcap tool used to capture events on a remote host via SSH
3 *
4 * Copied from sshdump.c, copyright 2015, Dario Lombardo
5 *
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
9 *
10 * SPDX-License-Identifier: GPL-2.0-or-later
11 */
12
13#include "config.h"
14#define WS_LOG_DOMAIN"sshdig" "sshdig"
15
16#include <extcap/extcap-base.h>
17#include <extcap/ssh-base.h>
18#include <wsutil/application_flavor.h>
19#include <wsutil/interface.h>
20#include <wsutil/file_util.h>
21#include <wsutil/strtoi.h>
22#include <wsutil/filesystem.h>
23#include <wsutil/privileges.h>
24#include <wsutil/please_report_bug.h>
25#include <wsutil/wslog.h>
26
27#include <errno(*__errno_location ()).h>
28#include <string.h>
29#include <fcntl.h>
30
31#include <cli_main.h>
32
33static char* sshdig_extcap_interface;
34#define DEFAULT_SSHDIG_EXTCAP_INTERFACE"sshdig" "sshdig"
35
36#define SSHDIG_VERSION_MAJOR"1" "1"
37#define SSHDIG_VERSION_MINOR"0" "0"
38#define SSHDIG_VERSION_RELEASE"0" "0"
39
40#define SSH_READ_BLOCK_SIZE256 256
41
42enum {
43 EXTCAP_BASE_OPTIONS_ENUMEXTCAP_OPT_LIST_INTERFACES, EXTCAP_OPT_VERSION, EXTCAP_OPT_LIST_DLTS
, EXTCAP_OPT_INTERFACE, EXTCAP_OPT_CONFIG, EXTCAP_OPT_CAPTURE
, EXTCAP_OPT_CAPTURE_FILTER, EXTCAP_OPT_FIFO, EXTCAP_OPT_LOG_LEVEL
, EXTCAP_OPT_LOG_FILE
,
44 OPT_HELP,
45 OPT_VERSION,
46 OPT_REMOTE_HOST,
47 OPT_REMOTE_PORT,
48 OPT_REMOTE_USERNAME,
49 OPT_REMOTE_PASSWORD,
50 OPT_REMOTE_CAPTURE_COMMAND_SELECT,
51 OPT_REMOTE_CAPTURE_COMMAND,
52 OPT_SSHKEY,
53 OPT_SSHKEY_PASSPHRASE,
54 OPT_PROXYCOMMAND,
55 OPT_SSH_SHA1,
56 OPT_REMOTE_COUNT,
57 OPT_REMOTE_PRIV,
58 OPT_REMOTE_PRIV_USER,
59 OPT_REMOTE_MODERN_BPF,
60 OPT_REMOTE_IO_SNAPLEN,
61};
62
63static struct ws_option longopts[] = {
64 EXTCAP_BASE_OPTIONS{ "extcap-interfaces", 0, ((void*)0), EXTCAP_OPT_LIST_INTERFACES
}, { "extcap-version", 2, ((void*)0), EXTCAP_OPT_VERSION}, { "extcap-dlts"
, 0, ((void*)0), EXTCAP_OPT_LIST_DLTS}, { "extcap-interface",
1, ((void*)0), EXTCAP_OPT_INTERFACE}, { "extcap-config", 0, (
(void*)0), EXTCAP_OPT_CONFIG}, { "capture", 0, ((void*)0), EXTCAP_OPT_CAPTURE
}, { "extcap-capture-filter", 1, ((void*)0), EXTCAP_OPT_CAPTURE_FILTER
}, { "fifo", 1, ((void*)0), EXTCAP_OPT_FIFO}, { "log-level", 1
, ((void*)0), EXTCAP_OPT_LOG_LEVEL}, { "log-file", 1, ((void*
)0), EXTCAP_OPT_LOG_FILE}
,
65 {"help", ws_no_argument0, NULL((void*)0), OPT_HELP},
66 {"version", ws_no_argument0, NULL((void*)0), OPT_VERSION},
67 SSH_BASE_OPTIONS{ "remote-host", 1, ((void*)0), OPT_REMOTE_HOST}, { "remote-port"
, 1, ((void*)0), OPT_REMOTE_PORT}, { "remote-username", 1, ((
void*)0), OPT_REMOTE_USERNAME}, { "remote-password", 1, ((void
*)0), OPT_REMOTE_PASSWORD}, { "remote-count", 1, ((void*)0), OPT_REMOTE_COUNT
}, { "sshkey", 1, ((void*)0), OPT_SSHKEY}, { "sshkey-passphrase"
, 1, ((void*)0), OPT_SSHKEY_PASSPHRASE}, { "proxycommand", 1,
((void*)0), OPT_PROXYCOMMAND}, { "ssh-sha1", 0, ((void*)0), OPT_SSH_SHA1
}
,
68 {"remote-capture-command-select", ws_required_argument1, NULL((void*)0), OPT_REMOTE_CAPTURE_COMMAND_SELECT},
69 {"remote-capture-command", ws_required_argument1, NULL((void*)0), OPT_REMOTE_CAPTURE_COMMAND},
70 {"remote-priv", ws_required_argument1, NULL((void*)0), OPT_REMOTE_PRIV},
71 {"remote-priv-user", ws_required_argument1, NULL((void*)0), OPT_REMOTE_PRIV_USER},
72 {"remote-modern-bpf", ws_no_argument0, NULL((void*)0), OPT_REMOTE_MODERN_BPF},
73 {"remote-io-snaplen", ws_required_argument1, NULL((void*)0), OPT_REMOTE_IO_SNAPLEN},
74 {0, 0, 0, 0}};
75
76static int ssh_loop_read(ssh_channel channel, FILE* fp)
77{
78 int nbytes;
79 int ret = EXIT_SUCCESS0;
80 char buffer[SSH_READ_BLOCK_SIZE256];
81
82 /* read from stdin until data are available */
83 while (ssh_channel_is_open(channel) && !ssh_channel_is_eof(channel)) {
84 nbytes = ssh_channel_read(channel, buffer, SSH_READ_BLOCK_SIZE256, 0);
85 if (nbytes < 0) {
86 ws_warning("Error reading from channel")do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c"
, 86, __func__, "Error reading from channel"); } } while (0)
;
87 goto end;
88 }
89 if (nbytes == 0) {
90 break;
91 }
92 if (fwrite(buffer, 1, nbytes, fp) != (unsigned)nbytes) {
93 ws_warning("Error writing to fifo")do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c"
, 93, __func__, "Error writing to fifo"); } } while (0)
;
94 ret = EXIT_FAILURE1;
95 goto end;
96 }
97 fflush(fp);
98 }
99
100 /* read loop finished... maybe something wrong happened. Read from stderr */
101 while (ssh_channel_is_open(channel) && !ssh_channel_is_eof(channel)) {
102 nbytes = ssh_channel_read(channel, buffer, SSH_READ_BLOCK_SIZE256, 1);
103 if (nbytes < 0) {
104 ws_warning("Error reading from channel")do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c"
, 104, __func__, "Error reading from channel"); } } while (0)
;
105 goto end;
106 }
107 if (fwrite(buffer, 1, nbytes, stderrstderr) != (unsigned)nbytes) {
108 ws_warning("Error writing to stderr")do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c"
, 108, __func__, "Error writing to stderr"); } } while (0)
;
109 break;
110 }
111 }
112
113end:
114 if (ssh_channel_send_eof(channel) != SSH_OK0) {
115 ws_warning("Error sending EOF in ssh channel")do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c"
, 115, __func__, "Error sending EOF in ssh channel"); } } while
(0)
;
116 ret = EXIT_FAILURE1;
117 }
118 return ret;
119}
120
121static ssh_channel run_ssh_command(ssh_session sshs, const char* capture_command_select,
122 const char* capture_command, const char* privilege,
123 const char* cfilter, const uint32_t count, bool_Bool modern_bpf, const uint32_t io_snaplen)
124{
125 char* cmdline = NULL((void*)0);
126 ssh_channel channel;
127 unsigned int remote_port = 22;
128
129 channel = ssh_channel_new(sshs);
130 if (!channel) {
131 ws_warning("Can't create channel")do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c"
, 131, __func__, "Can't create channel"); } } while (0)
;
132 return NULL((void*)0);
133 }
134
135 if (ssh_channel_open_session(channel) != SSH_OK0) {
136 ws_warning("Can't open session")do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c"
, 136, __func__, "Can't open session"); } } while (0)
;
137 ssh_channel_free(channel);
138 return NULL((void*)0);
139 }
140
141 ssh_options_get_port(sshs, &remote_port);
142
143 if (capture_command_select == NULL((void*)0) || !g_strcmp0(capture_command_select, "other")) {
144 if (capture_command && *capture_command) {
145 cmdline = g_strdup(capture_command)g_strdup_inline (capture_command);
146 ws_debug("Remote capture command has disabled other options")do { if (1) { ws_log_full("sshdig", LOG_LEVEL_DEBUG, "extcap/sshdig.c"
, 146, __func__, "Remote capture command has disabled other options"
); } } while (0)
;
147 } else {
148 capture_command_select = "sysdig";
149 }
150 }
151
152 /* escape parameters to go save with the shell */
153 if (!g_strcmp0(capture_command_select, "sysdig")) {
154 char *count_str = NULL((void*)0);
155 char *io_snaplen_str = NULL((void*)0);
156 char *quoted_filter = NULL((void*)0);
157
158 quoted_filter = g_shell_quote(cfilter ? cfilter : "");
159 if (count > 0) {
160 count_str = ws_strdup_printf(" --numevents=%u", count)wmem_strdup_printf(((void*)0), " --numevents=%u", count);
161 }
162 if (io_snaplen > 0) {
163 io_snaplen_str = ws_strdup_printf(" --snaplen=%u", io_snaplen)wmem_strdup_printf(((void*)0), " --snaplen=%u", io_snaplen);
164 }
165
166 cmdline = ws_strdup_printf("%s sysdig --unbuffered %s --write=- %s %s %s",wmem_strdup_printf(((void*)0), "%s sysdig --unbuffered %s --write=- %s %s %s"
, privilege, modern_bpf ? " --modern-bpf" : "", count_str ? count_str
: "", io_snaplen_str ? io_snaplen_str : "", quoted_filter)
167 privilege,wmem_strdup_printf(((void*)0), "%s sysdig --unbuffered %s --write=- %s %s %s"
, privilege, modern_bpf ? " --modern-bpf" : "", count_str ? count_str
: "", io_snaplen_str ? io_snaplen_str : "", quoted_filter)
168 modern_bpf ? " --modern-bpf" : "",wmem_strdup_printf(((void*)0), "%s sysdig --unbuffered %s --write=- %s %s %s"
, privilege, modern_bpf ? " --modern-bpf" : "", count_str ? count_str
: "", io_snaplen_str ? io_snaplen_str : "", quoted_filter)
169 count_str ? count_str : "",wmem_strdup_printf(((void*)0), "%s sysdig --unbuffered %s --write=- %s %s %s"
, privilege, modern_bpf ? " --modern-bpf" : "", count_str ? count_str
: "", io_snaplen_str ? io_snaplen_str : "", quoted_filter)
170 io_snaplen_str ? io_snaplen_str : "",wmem_strdup_printf(((void*)0), "%s sysdig --unbuffered %s --write=- %s %s %s"
, privilege, modern_bpf ? " --modern-bpf" : "", count_str ? count_str
: "", io_snaplen_str ? io_snaplen_str : "", quoted_filter)
171 quoted_filter)wmem_strdup_printf(((void*)0), "%s sysdig --unbuffered %s --write=- %s %s %s"
, privilege, modern_bpf ? " --modern-bpf" : "", count_str ? count_str
: "", io_snaplen_str ? io_snaplen_str : "", quoted_filter)
;
172
173 g_free(count_str);
174 g_free(io_snaplen_str);
175 g_free(quoted_filter);
176 }
177
178 ws_debug("Running: %s", cmdline)do { if (1) { ws_log_full("sshdig", LOG_LEVEL_DEBUG, "extcap/sshdig.c"
, 178, __func__, "Running: %s", cmdline); } } while (0)
;
179 if (ssh_channel_request_exec(channel, cmdline) != SSH_OK0) {
180 ws_warning("Can't request exec")do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c"
, 180, __func__, "Can't request exec"); } } while (0)
;
181 ssh_channel_close(channel);
182 ssh_channel_free(channel);
183 channel = NULL((void*)0);
184 }
185
186 g_free(cmdline);
187
188 return channel;
189}
190
191static int ssh_open_remote_connection(const ssh_params_t* params, const char* cfilter,
192 const char* capture_command_select, const char* capture_command, const char* privilege,
193 const uint32_t count, const char* fifo, bool_Bool modern_bpf, const uint32_t io_snaplen)
194{
195 ssh_session sshs = NULL((void*)0);
196 ssh_channel channel = NULL((void*)0);
197 FILE* fp = stdoutstdout;
198 int ret = EXIT_FAILURE1;
199 char* err_info = NULL((void*)0);
200
201 if (g_strcmp0(fifo, "-")) {
23
Assuming the condition is true
24
Taking true branch
202 /* Open or create the output file */
203 fp = fopen(fifo, "wb");
25
Stream opened here
26
Assuming that 'fopen' is successful
204 if (fp
26.1
'fp' is not equal to NULL
== NULL((void*)0)) {
27
Taking false branch
205 ws_warning("Error creating output file: %s (%s)", fifo, g_strerror(errno))do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c"
, 205, __func__, "Error creating output file: %s (%s)", fifo,
g_strerror((*__errno_location ()))); } } while (0)
;
206 return EXIT_FAILURE1;
207 }
208 }
209
210 sshs = create_ssh_connection(params, &err_info);
211
212 if (!sshs) {
28
Assuming 'sshs' is null
29
Taking true branch
213 ws_warning("Error creating connection.")do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c"
, 213, __func__, "Error creating connection."); } } while (0)
;
30
Taking true branch
31
Loop condition is false. Exiting loop
214 goto cleanup;
32
Control jumps to line 233
215 }
216
217 channel = run_ssh_command(sshs, capture_command_select, capture_command, privilege, cfilter, count, modern_bpf, io_snaplen);
218
219 if (!channel) {
220 ws_warning("Can't run ssh command.")do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c"
, 220, __func__, "Can't run ssh command."); } } while (0)
;
221 goto cleanup;
222 }
223
224 /* read from channel and write into fp */
225 if (ssh_loop_read(channel, fp) != EXIT_SUCCESS0) {
226 ws_warning("Error in read loop.")do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c"
, 226, __func__, "Error in read loop."); } } while (0)
;
227 ret = EXIT_FAILURE1;
228 goto cleanup;
229 }
230
231 ret = EXIT_SUCCESS0;
232cleanup:
233 if (err_info)
33
Assuming 'err_info' is null
34
Taking false branch
234 ws_warning("%s", err_info)do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c"
, 234, __func__, "%s", err_info); } } while (0)
;
235 g_free(err_info);
236
237 /* clean up and exit */
238 ssh_cleanup(&sshs, &channel);
239
240 if (g_strcmp0(fifo, "-"))
35
Assuming the condition is false
36
Taking false branch
241 fclose(fp);
242 return ret;
37
Opened stream never closed. Potential resource leak
243}
244
245static int list_config(char *interface)
246{
247 unsigned inc = 0;
248
249 if (!interface) {
250 ws_warning("ERROR: No interface specified.")do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c"
, 250, __func__, "ERROR: No interface specified."); } } while
(0)
;
251 return EXIT_FAILURE1;
252 }
253
254 if (g_strcmp0(interface, sshdig_extcap_interface)) {
255 ws_warning("ERROR: interface must be %s", sshdig_extcap_interface)do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c"
, 255, __func__, "ERROR: interface must be %s", sshdig_extcap_interface
); } } while (0)
;
256 return EXIT_FAILURE1;
257 }
258
259 printf("arg {number=%u}{call=--remote-host}{display=Remote SSH server address}"
260 "{type=string}{tooltip=The remote SSH host. It can be both "
261 "an IP address or a hostname}{required=true}{group=Server}\n", inc++);
262 printf("arg {number=%u}{call=--remote-port}{display=Remote SSH server port}"
263 "{type=unsigned}{default=22}{tooltip=The remote SSH host port (1-65535)}"
264 "{range=1,65535}{group=Server}\n", inc++);
265 printf("arg {number=%u}{call=--remote-username}{display=Remote SSH server username}"
266 "{type=string}{tooltip=The remote SSH username. If not provided, "
267 "the current user will be used}{group=Authentication}\n", inc++);
268 printf("arg {number=%u}{call=--remote-password}{display=Remote SSH server password}"
269 "{type=password}{tooltip=The SSH password, used when other methods (SSH agent "
270 "or key files) are unavailable.}{group=Authentication}\n", inc++);
271 printf("arg {number=%u}{call=--sshkey}{display=Path to SSH private key}"
272 "{type=fileselect}{tooltip=The path on the local filesystem of the private SSH key (OpenSSH format)}"
273 "{mustexist=true}{group=Authentication}\n", inc++);
274 printf("arg {number=%u}{call=--sshkey-passphrase}{display=SSH key passphrase}"
275 "{type=password}{tooltip=Passphrase to unlock the SSH private key}{group=Authentication}\n",
276 inc++);
277 printf("arg {number=%u}{call=--proxycommand}{display=ProxyCommand}"
278 "{type=string}{tooltip=The command to use as proxy for the SSH connection}"
279 "{group=Authentication}\n", inc++);
280 printf("arg {number=%u}{call=--ssh-sha1}{display=Support SHA-1 keys (deprecated)}"
281 "{type=boolflag}{tooltip=Support keys and key exchange algorithms using SHA-1 (deprecated)}{group=Authentication}"
282 "\n", inc++);
283 printf("arg {number=%u}{call=--remote-capture-command-select}{display=Remote capture command selection}"
284 "{type=radio}{tooltip=The remote capture command to build a command line for}{group=Capture}\n", inc);
285 printf("value {arg=%u}{value=sysdig}{display=sysdig}\n", inc);
286 // XXX Add falcodump?
287 printf("value {arg=%u}{value=other}{display=Other:}\n", inc++);
288 printf("arg {number=%u}{call=--remote-capture-command}{display=Remote capture command}"
289 "{type=string}{tooltip=The remote command used to capture}{group=Capture}\n", inc++);
290 printf("arg {number=%u}{call=--remote-priv}{display=Gain capture privilege on the remote machine}"
291 "{type=radio}{tooltip=Optionally prepend the capture command with sudo or doas on the remote machine}"
292 "{group=Capture}\n", inc);
293 printf("value {arg=%u}{value=none}{display=none}{default=true}\n", inc);
294 printf("value {arg=%u}{value=sudo}{display=sudo}\n", inc);
295 printf("value {arg=%u}{value=doas -n}{display=doas}\n", inc++);
296 printf("arg {number=%u}{call=--remote-priv-user}{display=Privileged user name for sudo or doas}"
297 "{type=string}{tooltip=User name of privileged user to execute the capture command on the remote machine}"
298 "{group=Capture}\n", inc++);
299 printf("{group=Capture}\n");
300 printf("arg {number=%u}{call=--remote-count}{display=Events to capture}"
301 "{type=unsigned}{default=0}{tooltip=The number of remote events to capture. (Default: inf)}"
302 "{group=Capture}\n", inc++);
303 printf("arg {number=%u}{call=--remote-io-snaplen}{display=I/O snapshot length}"
304 "{type=unsigned}{default=80}{tooltip=The number of bytes to capture in each I/O event. (Default: 80)}"
305 "{group=Capture}\n", inc++);
306 printf("arg {number=%u}{call=--remote-modern-bpf}{display=Use eBPF}{type=boolflag}{default=true}"
307 "{tooltip=Use eBPF for capture. With this no kernel module is required}{group=Capture}\n", inc++);
308
309 extcap_config_debug(&inc);
310
311 return EXIT_SUCCESS0;
312}
313
314int main(int argc, char *argv[])
315{
316 char* err_msg;
317 int result;
318 int option_idx = 0;
319 ssh_params_t* ssh_params = ssh_params_new();
320 char* remote_capture_command_select = NULL((void*)0);
321 char* remote_capture_command = NULL((void*)0);
322 uint32_t count = 0;
323 uint32_t io_snaplen = 0;
324 int ret = EXIT_FAILURE1;
325 extcap_parameters* extcap_conf = g_new0(extcap_parameters, 1)((extcap_parameters *) g_malloc0_n ((1), sizeof (extcap_parameters
)))
;
326 char* help_url;
327 char* help_header = NULL((void*)0);
328 char* priv = NULL((void*)0);
329 char* priv_user = NULL((void*)0);
330 char* interface_description = g_strdup("SSH remote syscall capture")g_strdup_inline ("SSH remote syscall capture");
331 bool_Bool modern_bpf = 0;
332
333 /* Set the program name. */
334 g_set_prgname("sshdig");
335
336 /* Initialize log handler early so we can have proper logging during startup. */
337 extcap_log_init();
338
339 sshdig_extcap_interface = g_path_get_basename(argv[0]);
340 if (g_str_has_suffix(sshdig_extcap_interface, ".exe")(__builtin_constant_p (".exe")? __extension__ ({ const char *
const __str = (sshdig_extcap_interface); const char * const __suffix
= (".exe"); gboolean __result = (0); if (__str == ((void*)0)
|| __suffix == ((void*)0)) __result = (g_str_has_suffix) (__str
, __suffix); else { const size_t __str_len = strlen (((__str)
+ !(__str))); const size_t __suffix_len = strlen (((__suffix
) + !(__suffix))); if (__str_len >= __suffix_len) __result
= memcmp (__str + __str_len - __suffix_len, ((__suffix) + !(
__suffix)), __suffix_len) == 0; } __result; }) : (g_str_has_suffix
) (sshdig_extcap_interface, ".exe") )
) {
1
'?' condition is true
2
Assuming '__str' is equal to null
3
Assuming the condition is false
4
Taking false branch
341 sshdig_extcap_interface[strlen(sshdig_extcap_interface) - 4] = '\0';
342 }
343
344 /*
345 * Get credential information for later use.
346 */
347 init_process_policies();
348
349 /*
350 * Attempt to get the pathname of the directory containing the
351 * executable file.
352 */
353 err_msg = configuration_init(argv[0]);
354 set_application_flavor(APPLICATION_FLAVOR_STRATOSHARK);
355 if (err_msg != NULL((void*)0)) {
5
Assuming 'err_msg' is equal to NULL
6
Taking false branch
356 ws_warning("Can't get pathname of directory containing the extcap program: %s.",do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c"
, 357, __func__, "Can't get pathname of directory containing the extcap program: %s."
, err_msg); } } while (0)
357 err_msg)do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c"
, 357, __func__, "Can't get pathname of directory containing the extcap program: %s."
, err_msg); } } while (0)
;
358 g_free(err_msg);
359 }
360
361 help_url = data_file_url("sshdig.html");
362 extcap_base_set_util_info(extcap_conf, argv[0], SSHDIG_VERSION_MAJOR"1", SSHDIG_VERSION_MINOR"0",
363 SSHDIG_VERSION_RELEASE"0", help_url);
364 g_free(help_url);
365 add_libssh_info(extcap_conf);
366 if (g_strcmp0(sshdig_extcap_interface, DEFAULT_SSHDIG_EXTCAP_INTERFACE"sshdig")) {
7
Assuming the condition is false
8
Taking false branch
367 char* temp = interface_description;
368 interface_description = ws_strdup_printf("%s, custom version", interface_description)wmem_strdup_printf(((void*)0), "%s, custom version", interface_description
)
;
369 g_free(temp);
370 }
371 extcap_base_register_interface(extcap_conf, sshdig_extcap_interface, interface_description, 147, "Remote capture dependent DLT");
372 g_free(interface_description);
373
374 help_header = ws_strdup_printf(wmem_strdup_printf(((void*)0), " %s --extcap-interfaces\n" " %s --extcap-interface=%s --extcap-dlts\n"
" %s --extcap-interface=%s --extcap-config\n" " %s --extcap-interface=%s --remote-host myhost --remote-port 22222 "
"--fifo=FILENAME --capture\n", argv[0], argv[0], sshdig_extcap_interface
, argv[0], sshdig_extcap_interface, argv[0], sshdig_extcap_interface
)
375 " %s --extcap-interfaces\n"wmem_strdup_printf(((void*)0), " %s --extcap-interfaces\n" " %s --extcap-interface=%s --extcap-dlts\n"
" %s --extcap-interface=%s --extcap-config\n" " %s --extcap-interface=%s --remote-host myhost --remote-port 22222 "
"--fifo=FILENAME --capture\n", argv[0], argv[0], sshdig_extcap_interface
, argv[0], sshdig_extcap_interface, argv[0], sshdig_extcap_interface
)
376 " %s --extcap-interface=%s --extcap-dlts\n"wmem_strdup_printf(((void*)0), " %s --extcap-interfaces\n" " %s --extcap-interface=%s --extcap-dlts\n"
" %s --extcap-interface=%s --extcap-config\n" " %s --extcap-interface=%s --remote-host myhost --remote-port 22222 "
"--fifo=FILENAME --capture\n", argv[0], argv[0], sshdig_extcap_interface
, argv[0], sshdig_extcap_interface, argv[0], sshdig_extcap_interface
)
377 " %s --extcap-interface=%s --extcap-config\n"wmem_strdup_printf(((void*)0), " %s --extcap-interfaces\n" " %s --extcap-interface=%s --extcap-dlts\n"
" %s --extcap-interface=%s --extcap-config\n" " %s --extcap-interface=%s --remote-host myhost --remote-port 22222 "
"--fifo=FILENAME --capture\n", argv[0], argv[0], sshdig_extcap_interface
, argv[0], sshdig_extcap_interface, argv[0], sshdig_extcap_interface
)
378 " %s --extcap-interface=%s --remote-host myhost --remote-port 22222 "wmem_strdup_printf(((void*)0), " %s --extcap-interfaces\n" " %s --extcap-interface=%s --extcap-dlts\n"
" %s --extcap-interface=%s --extcap-config\n" " %s --extcap-interface=%s --remote-host myhost --remote-port 22222 "
"--fifo=FILENAME --capture\n", argv[0], argv[0], sshdig_extcap_interface
, argv[0], sshdig_extcap_interface, argv[0], sshdig_extcap_interface
)
379 "--fifo=FILENAME --capture\n", argv[0], argv[0], sshdig_extcap_interface, argv[0],wmem_strdup_printf(((void*)0), " %s --extcap-interfaces\n" " %s --extcap-interface=%s --extcap-dlts\n"
" %s --extcap-interface=%s --extcap-config\n" " %s --extcap-interface=%s --remote-host myhost --remote-port 22222 "
"--fifo=FILENAME --capture\n", argv[0], argv[0], sshdig_extcap_interface
, argv[0], sshdig_extcap_interface, argv[0], sshdig_extcap_interface
)
380 sshdig_extcap_interface, argv[0], sshdig_extcap_interface)wmem_strdup_printf(((void*)0), " %s --extcap-interfaces\n" " %s --extcap-interface=%s --extcap-dlts\n"
" %s --extcap-interface=%s --extcap-config\n" " %s --extcap-interface=%s --remote-host myhost --remote-port 22222 "
"--fifo=FILENAME --capture\n", argv[0], argv[0], sshdig_extcap_interface
, argv[0], sshdig_extcap_interface, argv[0], sshdig_extcap_interface
)
;
381 extcap_help_add_header(extcap_conf, help_header);
382 g_free(help_header);
383 extcap_help_add_option(extcap_conf, "--help", "print this help");
384 extcap_help_add_option(extcap_conf, "--version", "print the version");
385 extcap_help_add_option(extcap_conf, "--remote-host <host>", "the remote SSH host");
386 extcap_help_add_option(extcap_conf, "--remote-port <port>", "the remote SSH port");
387 extcap_help_add_option(extcap_conf, "--remote-username <username>", "the remote SSH username");
388 extcap_help_add_option(extcap_conf, "--remote-password <password>", "the remote SSH password. If not specified, ssh-agent and ssh-key are used");
389 extcap_help_add_option(extcap_conf, "--sshkey <private key path>", "the path of the SSH key (OpenSSH format)");
390 extcap_help_add_option(extcap_conf, "--sshkey-passphrase <private key passphrase>", "the passphrase to unlock private SSH key");
391 extcap_help_add_option(extcap_conf, "--proxycommand <proxy command>", "the command to use as proxy for the SSH connection");
392 extcap_help_add_option(extcap_conf, "--ssh-sha1", "support keys and key exchange using SHA-1 (deprecated)");
393 extcap_help_add_option(extcap_conf, "--remote-capture-command-select <selection>", "sysdig or other remote capture command");
394 extcap_help_add_option(extcap_conf, "--remote-capture-command <capture command>", "the remote capture command");
395 extcap_help_add_option(extcap_conf, "--remote-priv <selection>", "none, sudo or doas");
396 extcap_help_add_option(extcap_conf, "--remote-priv-user <username>", "privileged user name");
397 extcap_help_add_option(extcap_conf, "--remote-count <count>", "the number of events to capture");
398 extcap_help_add_option(extcap_conf, "--remote-modern-bpf", "use eBPF");
399 extcap_help_add_option(extcap_conf, "--remote-io-snaplen <snaplen>", "the number of bytes to capture in each I/O event");
400
401 ws_opterr = 0;
402 ws_optind = 0;
403
404 if (argc == 1) {
9
Assuming 'argc' is not equal to 1
10
Taking false branch
405 extcap_help_print(extcap_conf);
406 goto end;
407 }
408
409 while ((result = ws_getopt_long(argc, argv, ":", longopts, &option_idx)) != -1) {
11
Assuming the condition is false
12
Loop condition is false. Execution continues on line 517
410
411 switch (result) {
412
413 case OPT_HELP:
414 extcap_help_print(extcap_conf);
415 ret = EXIT_SUCCESS0;
416 goto end;
417
418 case OPT_VERSION:
419 extcap_version_print(extcap_conf);
420 ret = EXIT_SUCCESS0;
421 goto end;
422
423 case OPT_REMOTE_HOST:
424 g_free(ssh_params->host);
425 ssh_params->host = g_strdup(ws_optarg)g_strdup_inline (ws_optarg);
426 break;
427
428 case OPT_REMOTE_PORT:
429 if (!ws_strtou16(ws_optarg, NULL((void*)0), &ssh_params->port) || ssh_params->port == 0) {
430 ws_warning("Invalid port: %s", ws_optarg)do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c"
, 430, __func__, "Invalid port: %s", ws_optarg); } } while (0
)
;
431 goto end;
432 }
433 break;
434
435 case OPT_REMOTE_USERNAME:
436 g_free(ssh_params->username);
437 ssh_params->username = g_strdup(ws_optarg)g_strdup_inline (ws_optarg);
438 break;
439
440 case OPT_REMOTE_PASSWORD:
441 g_free(ssh_params->password);
442 ssh_params->password = g_strdup(ws_optarg)g_strdup_inline (ws_optarg);
443 memset(ws_optarg, 'X', strlen(ws_optarg));
444 break;
445
446 case OPT_SSHKEY:
447 g_free(ssh_params->sshkey_path);
448 ssh_params->sshkey_path = g_strdup(ws_optarg)g_strdup_inline (ws_optarg);
449 break;
450
451 case OPT_SSHKEY_PASSPHRASE:
452 g_free(ssh_params->sshkey_passphrase);
453 ssh_params->sshkey_passphrase = g_strdup(ws_optarg)g_strdup_inline (ws_optarg);
454 memset(ws_optarg, 'X', strlen(ws_optarg));
455 break;
456
457 case OPT_PROXYCOMMAND:
458 g_free(ssh_params->proxycommand);
459 ssh_params->proxycommand = g_strdup(ws_optarg)g_strdup_inline (ws_optarg);
460 break;
461
462 case OPT_SSH_SHA1:
463 ssh_params->ssh_sha1 = true1;
464 break;
465
466 case OPT_REMOTE_CAPTURE_COMMAND_SELECT:
467 g_free(remote_capture_command_select);
468 remote_capture_command_select = g_strdup(ws_optarg)g_strdup_inline (ws_optarg);
469 break;
470
471 case OPT_REMOTE_CAPTURE_COMMAND:
472 g_free(remote_capture_command);
473 remote_capture_command = g_strdup(ws_optarg)g_strdup_inline (ws_optarg);
474 break;
475
476 case OPT_REMOTE_PRIV:
477 g_free(priv);
478 priv = g_strdup(ws_optarg)g_strdup_inline (ws_optarg);
479 break;
480
481 case OPT_REMOTE_PRIV_USER:
482 g_free(priv_user);
483 priv_user = g_strdup(ws_optarg)g_strdup_inline (ws_optarg);
484 break;
485
486 case OPT_REMOTE_COUNT:
487 if (!ws_strtou32(ws_optarg, NULL((void*)0), &count)) {
488 ws_warning("Invalid value for count: %s", ws_optarg)do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c"
, 488, __func__, "Invalid value for count: %s", ws_optarg); }
} while (0)
;
489 goto end;
490 }
491 break;
492
493 case OPT_REMOTE_MODERN_BPF:
494 modern_bpf = true1;
495 break;
496
497 case OPT_REMOTE_IO_SNAPLEN:
498 if (!ws_strtou32(ws_optarg, NULL((void*)0), &io_snaplen)) {
499 ws_warning("Invalid value for I/O snapshot length: %s", ws_optarg)do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c"
, 499, __func__, "Invalid value for I/O snapshot length: %s",
ws_optarg); } } while (0)
;
500 goto end;
501 }
502 break;
503
504 case ':':
505 /* missing option argument */
506 ws_warning("Option '%s' requires an argument", argv[ws_optind - 1])do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c"
, 506, __func__, "Option '%s' requires an argument", argv[ws_optind
- 1]); } } while (0)
;
507 break;
508
509 default:
510 if (!extcap_base_parse_options(extcap_conf, result - EXTCAP_OPT_LIST_INTERFACES, ws_optarg)) {
511 ws_warning("Invalid option: %s", argv[ws_optind - 1])do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c"
, 511, __func__, "Invalid option: %s", argv[ws_optind - 1]); }
} while (0)
;
512 goto end;
513 }
514 }
515 }
516
517 extcap_cmdline_debug(argv, argc);
518
519 if (extcap_base_handle_interface(extcap_conf)) {
13
Assuming the condition is false
14
Taking false branch
520 ret = EXIT_SUCCESS0;
521 goto end;
522 }
523
524 if (extcap_conf->show_config) {
15
Assuming field 'show_config' is 0
16
Taking false branch
525 ret = list_config(extcap_conf->interface);
526 goto end;
527 }
528
529 err_msg = ws_init_sockets();
530 if (err_msg != NULL((void*)0)) {
17
Assuming 'err_msg' is equal to NULL
18
Taking false branch
531 ws_warning("ERROR: %s", err_msg)do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c"
, 531, __func__, "ERROR: %s", err_msg); } } while (0)
;
532 g_free(err_msg);
533 ws_warning("%s", please_report_bug())do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c"
, 533, __func__, "%s", please_report_bug()); } } while (0)
;
534 goto end;
535 }
536
537 if (extcap_conf->capture) {
19
Assuming field 'capture' is not equal to 0
20
Taking true branch
538 char* privilege;
539
540 if (!ssh_params->host) {
21
Assuming field 'host' is non-null
541 ws_warning("Missing parameter: --remote-host")do { if (1) { ws_log_full("sshdig", LOG_LEVEL_WARNING, "extcap/sshdig.c"
, 541, __func__, "Missing parameter: --remote-host"); } } while
(0)
;
542 goto end;
543 }
544
545 if ((priv
21.1
'priv' is null
) && g_strcmp0(priv, "none") && strlen(g_strstrip(priv)g_strchomp (g_strchug (priv)))) {
546 if ((priv_user) && strlen(g_strstrip(priv_user)g_strchomp (g_strchug (priv_user))))
547 /* Both sudo and doas use the same command line option */
548 privilege = g_strconcat(priv, " -u ", priv_user, NULL((void*)0));
549 else
550 privilege = g_strdup(priv)g_strdup_inline (priv);
551 } else {
552 privilege = g_strdup("")g_strdup_inline ("");
553 }
554
555 ssh_params_set_log_level(ssh_params, extcap_conf->debug);
556 ret = ssh_open_remote_connection(ssh_params, extcap_conf->capture_filter,
22
Calling 'ssh_open_remote_connection'
557 remote_capture_command_select, remote_capture_command,
558 privilege, count, extcap_conf->fifo, modern_bpf, io_snaplen);
559 g_free(privilege);
560 } else {
561 ws_debug("You should not come here... maybe some parameter missing?")do { if (1) { ws_log_full("sshdig", LOG_LEVEL_DEBUG, "extcap/sshdig.c"
, 561, __func__, "You should not come here... maybe some parameter missing?"
); } } while (0)
;
562 ret = EXIT_FAILURE1;
563 }
564
565end:
566 /* clean up stuff */
567 ssh_params_free(ssh_params);
568 g_free(remote_capture_command_select);
569 g_free(remote_capture_command);
570 g_free(priv);
571 g_free(priv_user);
572 extcap_base_cleanup(&extcap_conf);
573 return ret;
574}