/src/openssh/kex-names.c

Source (jump to first uncovered line)
/* $OpenBSD: kex-names.c,v 1.1 2024/05/17 00:32:32 djm Exp $ */
/*
 * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

#include "includes.h"

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <signal.h>

#ifdef WITH_OPENSSL
#include <openssl/crypto.h>
#include <openssl/evp.h>
#endif

#include "kex.h"
#include "log.h"
#include "match.h"
#include "digest.h"
#include "misc.h"

#include "ssherr.h"
#include "xmalloc.h"

struct kexalg {
  char *name;
  u_int type;
  int ec_nid;
  int hash_alg;
};
static const struct kexalg kexalgs[] = {
#ifdef WITH_OPENSSL
  { KEX_DH1, KEX_DH_GRP1_SHA1, 0, SSH_DIGEST_SHA1 },
  { KEX_DH14_SHA1, KEX_DH_GRP14_SHA1, 0, SSH_DIGEST_SHA1 },
  { KEX_DH14_SHA256, KEX_DH_GRP14_SHA256, 0, SSH_DIGEST_SHA256 },
  { KEX_DH16_SHA512, KEX_DH_GRP16_SHA512, 0, SSH_DIGEST_SHA512 },
  { KEX_DH18_SHA512, KEX_DH_GRP18_SHA512, 0, SSH_DIGEST_SHA512 },
  { KEX_DHGEX_SHA1, KEX_DH_GEX_SHA1, 0, SSH_DIGEST_SHA1 },
#ifdef HAVE_EVP_SHA256
  { KEX_DHGEX_SHA256, KEX_DH_GEX_SHA256, 0, SSH_DIGEST_SHA256 },
#endif /* HAVE_EVP_SHA256 */
#ifdef OPENSSL_HAS_ECC
  { KEX_ECDH_SHA2_NISTP256, KEX_ECDH_SHA2,
      NID_X9_62_prime256v1, SSH_DIGEST_SHA256 },
  { KEX_ECDH_SHA2_NISTP384, KEX_ECDH_SHA2, NID_secp384r1,
      SSH_DIGEST_SHA384 },
# ifdef OPENSSL_HAS_NISTP521
  { KEX_ECDH_SHA2_NISTP521, KEX_ECDH_SHA2, NID_secp521r1,
      SSH_DIGEST_SHA512 },
# endif /* OPENSSL_HAS_NISTP521 */
#endif /* OPENSSL_HAS_ECC */
#endif /* WITH_OPENSSL */
#if defined(HAVE_EVP_SHA256) || !defined(WITH_OPENSSL)
  { KEX_CURVE25519_SHA256, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 },
  { KEX_CURVE25519_SHA256_OLD, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 },
#ifdef USE_SNTRUP761X25519
  { KEX_SNTRUP761X25519_SHA512, KEX_KEM_SNTRUP761X25519_SHA512, 0,
      SSH_DIGEST_SHA512 },
#endif
#endif /* HAVE_EVP_SHA256 || !WITH_OPENSSL */
  { NULL, 0, -1, -1},
};

char *
kex_alg_list(char sep)
{
  char *ret = NULL, *tmp;
  size_t nlen, rlen = 0;
  const struct kexalg *k;

  for (k = kexalgs; k->name != NULL; k++) {
    if (ret != NULL)
      ret[rlen++] = sep;
    nlen = strlen(k->name);
    if ((tmp = realloc(ret, rlen + nlen + 2)) == NULL) {
      free(ret);
      return NULL;
    }
    ret = tmp;
    memcpy(ret + rlen, k->name, nlen + 1);
    rlen += nlen;
  }
  return ret;
}

static const struct kexalg *
kex_alg_by_name(const char *name)
{
  const struct kexalg *k;

  for (k = kexalgs; k->name != NULL; k++) {
    if (strcmp(k->name, name) == 0)
      return k;
  }
  return NULL;
}

int
kex_name_valid(const char *name)
{
  return kex_alg_by_name(name) != NULL;
}

u_int
kex_type_from_name(const char *name)
{
  const struct kexalg *k;

  if ((k = kex_alg_by_name(name)) == NULL)
    return 0;
  return k->type;
}

int
kex_hash_from_name(const char *name)
{
  const struct kexalg *k;

  if ((k = kex_alg_by_name(name)) == NULL)
    return -1;
  return k->hash_alg;
}

int
kex_nid_from_name(const char *name)
{
  const struct kexalg *k;

  if ((k = kex_alg_by_name(name)) == NULL)
    return -1;
  return k->ec_nid;
}

/* Validate KEX method name list */
int
kex_names_valid(const char *names)
{
  char *s, *cp, *p;

  if (names == NULL || strcmp(names, "") == 0)
    return 0;
  if ((s = cp = strdup(names)) == NULL)
    return 0;
  for ((p = strsep(&cp, ",")); p && *p != '\0';
      (p = strsep(&cp, ","))) {
    if (kex_alg_by_name(p) == NULL) {
      error("Unsupported KEX algorithm \"%.100s\"", p);
      free(s);
      return 0;
    }
  }
  debug3("kex names ok: [%s]", names);
  free(s);
  return 1;
}

/* returns non-zero if proposal contains any algorithm from algs */
int
kex_has_any_alg(const char *proposal, const char *algs)
{
  char *cp;

  if ((cp = match_list(proposal, algs, NULL)) == NULL)
    return 0;
  free(cp);
  return 1;
}

/*
 * Concatenate algorithm names, avoiding duplicates in the process.
 * Caller must free returned string.
 */
char *
kex_names_cat(const char *a, const char *b)
{
  char *ret = NULL, *tmp = NULL, *cp, *p;
  size_t len;

  if (a == NULL || *a == '\0')
    return strdup(b);
  if (b == NULL || *b == '\0')
    return strdup(a);
  if (strlen(b) > 1024*1024)
    return NULL;
  len = strlen(a) + strlen(b) + 2;
  if ((tmp = cp = strdup(b)) == NULL ||
      (ret = calloc(1, len)) == NULL) {
    free(tmp);
    return NULL;
  }
  strlcpy(ret, a, len);
  for ((p = strsep(&cp, ",")); p && *p != '\0'; (p = strsep(&cp, ","))) {
    if (kex_has_any_alg(ret, p))
      continue; /* Algorithm already present */
    if (strlcat(ret, ",", len) >= len ||
        strlcat(ret, p, len) >= len) {
      free(tmp);
      free(ret);
      return NULL; /* Shouldn't happen */
    }
  }
  free(tmp);
  return ret;
}

/*
 * Assemble a list of algorithms from a default list and a string from a
 * configuration file. The user-provided string may begin with '+' to
 * indicate that it should be appended to the default, '-' that the
 * specified names should be removed, or '^' that they should be placed
 * at the head.
 */
int
kex_assemble_names(char **listp, const char *def, const char *all)
{
  char *cp, *tmp, *patterns;
  char *list = NULL, *ret = NULL, *matching = NULL, *opatterns = NULL;
  int r = SSH_ERR_INTERNAL_ERROR;

  if (listp == NULL || def == NULL || all == NULL)
    return SSH_ERR_INVALID_ARGUMENT;

  if (*listp == NULL || **listp == '\0') {
    if ((*listp = strdup(def)) == NULL)
      return SSH_ERR_ALLOC_FAIL;
    return 0;
  }

  list = *listp;
  *listp = NULL;
  if (*list == '+') {
    /* Append names to default list */
    if ((tmp = kex_names_cat(def, list + 1)) == NULL) {
      r = SSH_ERR_ALLOC_FAIL;
      goto fail;
    }
    free(list);
    list = tmp;
  } else if (*list == '-') {
    /* Remove names from default list */
    if ((*listp = match_filter_denylist(def, list + 1)) == NULL) {
      r = SSH_ERR_ALLOC_FAIL;
      goto fail;
    }
    free(list);
    /* filtering has already been done */
    return 0;
  } else if (*list == '^') {
    /* Place names at head of default list */
    if ((tmp = kex_names_cat(list + 1, def)) == NULL) {
      r = SSH_ERR_ALLOC_FAIL;
      goto fail;
    }
    free(list);
    list = tmp;
  } else {
    /* Explicit list, overrides default - just use "list" as is */
  }

  /*
   * The supplied names may be a pattern-list. For the -list case,
   * the patterns are applied above. For the +list and explicit list
   * cases we need to do it now.
   */
  ret = NULL;
  if ((patterns = opatterns = strdup(list)) == NULL) {
    r = SSH_ERR_ALLOC_FAIL;
    goto fail;
  }
  /* Apply positive (i.e. non-negated) patterns from the list */
  while ((cp = strsep(&patterns, ",")) != NULL) {
    if (*cp == '!') {
      /* negated matches are not supported here */
      r = SSH_ERR_INVALID_ARGUMENT;
      goto fail;
    }
    free(matching);
    if ((matching = match_filter_allowlist(all, cp)) == NULL) {
      r = SSH_ERR_ALLOC_FAIL;
      goto fail;
    }
    if ((tmp = kex_names_cat(ret, matching)) == NULL) {
      r = SSH_ERR_ALLOC_FAIL;
      goto fail;
    }
    free(ret);
    ret = tmp;
  }
  if (ret == NULL || *ret == '\0') {
    /* An empty name-list is an error */
    /* XXX better error code? */
    r = SSH_ERR_INVALID_ARGUMENT;
    goto fail;
  }

  /* success */
  *listp = ret;
  ret = NULL;
  r = 0;

 fail:
  free(matching);
  free(opatterns);
  free(list);
  free(ret);
  return r;
}

Coverage Report

Created: 2024-07-27 06:19

Line	Count	Source (jump to first uncovered line)
1		/* $OpenBSD: kex-names.c,v 1.1 2024/05/17 00:32:32 djm Exp $ */
2		/*
3		* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
4		*
5		* Redistribution and use in source and binary forms, with or without
6		* modification, are permitted provided that the following conditions
7		* are met:
8		* 1. Redistributions of source code must retain the above copyright
9		* notice, this list of conditions and the following disclaimer.
10		* 2. Redistributions in binary form must reproduce the above copyright
11		* notice, this list of conditions and the following disclaimer in the
12		* documentation and/or other materials provided with the distribution.
13		*
14		* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15		* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16		* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17		* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18		* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19		* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20		* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21		* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22		* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23		* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24		*/
25
26		#include "includes.h"
27
28		#include <stdio.h>
29		#include <stdlib.h>
30		#include <string.h>
31		#include <unistd.h>
32		#include <signal.h>
33
34		#ifdef WITH_OPENSSL
35		#include <openssl/crypto.h>
36		#include <openssl/evp.h>
37		#endif
38
39		#include "kex.h"
40		#include "log.h"
41		#include "match.h"
42		#include "digest.h"
43		#include "misc.h"
44
45		#include "ssherr.h"
46		#include "xmalloc.h"
47
48		struct kexalg {
49		char *name;
50		u_int type;
51		int ec_nid;
52		int hash_alg;
53		};
54		static const struct kexalg kexalgs[] = {
55		#ifdef WITH_OPENSSL
56		{ KEX_DH1, KEX_DH_GRP1_SHA1, 0, SSH_DIGEST_SHA1 },
57		{ KEX_DH14_SHA1, KEX_DH_GRP14_SHA1, 0, SSH_DIGEST_SHA1 },
58		{ KEX_DH14_SHA256, KEX_DH_GRP14_SHA256, 0, SSH_DIGEST_SHA256 },
59		{ KEX_DH16_SHA512, KEX_DH_GRP16_SHA512, 0, SSH_DIGEST_SHA512 },
60		{ KEX_DH18_SHA512, KEX_DH_GRP18_SHA512, 0, SSH_DIGEST_SHA512 },
61		{ KEX_DHGEX_SHA1, KEX_DH_GEX_SHA1, 0, SSH_DIGEST_SHA1 },
62		#ifdef HAVE_EVP_SHA256
63		{ KEX_DHGEX_SHA256, KEX_DH_GEX_SHA256, 0, SSH_DIGEST_SHA256 },
64		#endif /* HAVE_EVP_SHA256 */
65		#ifdef OPENSSL_HAS_ECC
66		{ KEX_ECDH_SHA2_NISTP256, KEX_ECDH_SHA2,
67		NID_X9_62_prime256v1, SSH_DIGEST_SHA256 },
68		{ KEX_ECDH_SHA2_NISTP384, KEX_ECDH_SHA2, NID_secp384r1,
69		SSH_DIGEST_SHA384 },
70		# ifdef OPENSSL_HAS_NISTP521
71		{ KEX_ECDH_SHA2_NISTP521, KEX_ECDH_SHA2, NID_secp521r1,
72		SSH_DIGEST_SHA512 },
73		# endif /* OPENSSL_HAS_NISTP521 */
74		#endif /* OPENSSL_HAS_ECC */
75		#endif /* WITH_OPENSSL */
76		#if defined(HAVE_EVP_SHA256) \|\| !defined(WITH_OPENSSL)
77		{ KEX_CURVE25519_SHA256, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 },
78		{ KEX_CURVE25519_SHA256_OLD, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 },
79		#ifdef USE_SNTRUP761X25519
80		{ KEX_SNTRUP761X25519_SHA512, KEX_KEM_SNTRUP761X25519_SHA512, 0,
81		SSH_DIGEST_SHA512 },
82		#endif
83		#endif /* HAVE_EVP_SHA256 \|\| !WITH_OPENSSL */
84		{ NULL, 0, -1, -1},
85		};
86
87		char *
88		kex_alg_list(char sep)
89	0	{
90	0	char ret = NULL, tmp;
91	0	size_t nlen, rlen = 0;
92	0	const struct kexalg *k;
93
94	0	for (k = kexalgs; k->name != NULL; k++) {
95	0	if (ret != NULL)
96	0	ret[rlen++] = sep;
97	0	nlen = strlen(k->name);
98	0	if ((tmp = realloc(ret, rlen + nlen + 2)) == NULL) {
99	0	free(ret);
100	0	return NULL;
101	0	}
102	0	ret = tmp;
103	0	memcpy(ret + rlen, k->name, nlen + 1);
104	0	rlen += nlen;
105	0	}
106	0	return ret;
107	0	}
108
109		static const struct kexalg *
110		kex_alg_by_name(const char *name)
111	80.4k	{
112	80.4k	const struct kexalg *k;
113
114	671k	for (k = kexalgs; k->name != NULL; k++) {
115	671k	if (strcmp(k->name, name) == 0)
116	80.4k	return k;
117	671k	}
118	60	return NULL;
119	80.4k	}
120
121		int
122		kex_name_valid(const char *name)
123	20.1k	{
124	20.1k	return kex_alg_by_name(name) != NULL;
125	20.1k	}
126
127		u_int
128		kex_type_from_name(const char *name)
129	20.1k	{
130	20.1k	const struct kexalg *k;
131
132	20.1k	if ((k = kex_alg_by_name(name)) == NULL)
133	0	return 0;
134	20.1k	return k->type;
135	20.1k	}
136
137		int
138		kex_hash_from_name(const char *name)
139	20.1k	{
140	20.1k	const struct kexalg *k;
141
142	20.1k	if ((k = kex_alg_by_name(name)) == NULL)
143	0	return -1;
144	20.1k	return k->hash_alg;
145	20.1k	}
146
147		int
148		kex_nid_from_name(const char *name)
149	20.1k	{
150	20.1k	const struct kexalg *k;
151
152	20.1k	if ((k = kex_alg_by_name(name)) == NULL)
153	0	return -1;
154	20.1k	return k->ec_nid;
155	20.1k	}
156
157		/* Validate KEX method name list */
158		int
159		kex_names_valid(const char *names)
160	0	{
161	0	char s, cp, *p;
162
163	0	if (names == NULL \|\| strcmp(names, "") == 0)
164	0	return 0;
165	0	if ((s = cp = strdup(names)) == NULL)
166	0	return 0;
167	0	for ((p = strsep(&cp, ",")); p && *p != '\0';
168	0	(p = strsep(&cp, ","))) {
169	0	if (kex_alg_by_name(p) == NULL) {
170	0	error("Unsupported KEX algorithm \"%.100s\"", p);
171	0	free(s);
172	0	return 0;
173	0	}
174	0	}
175	0	debug3("kex names ok: [%s]", names);
176	0	free(s);
177	0	return 1;
178	0	}
179
180		/* returns non-zero if proposal contains any algorithm from algs */
181		int
182		kex_has_any_alg(const char proposal, const char algs)
183	558k	{
184	558k	char *cp;
185
186	558k	if ((cp = match_list(proposal, algs, NULL)) == NULL)
187	541k	return 0;
188	16.4k	free(cp);
189	16.4k	return 1;
190	558k	}
191
192		/*
193		* Concatenate algorithm names, avoiding duplicates in the process.
194		* Caller must free returned string.
195		*/
196		char *
197		kex_names_cat(const char a, const char b)
198	172k	{
199	172k	char ret = NULL, tmp = NULL, cp, p;
200	172k	size_t len;
201
202	172k	if (a == NULL \|\| *a == '\0')
203	0	return strdup(b);
204	172k	if (b == NULL \|\| *b == '\0')
205	0	return strdup(a);
206	172k	if (strlen(b) > 1024*1024)
207	0	return NULL;
208	172k	len = strlen(a) + strlen(b) + 2;
209	172k	if ((tmp = cp = strdup(b)) == NULL \|\|
210	172k	(ret = calloc(1, len)) == NULL) {
211	0	free(tmp);
212	0	return NULL;
213	0	}
214	172k	strlcpy(ret, a, len);
215	518k	for ((p = strsep(&cp, ",")); p && *p != '\0'; (p = strsep(&cp, ","))) {
216	345k	if (kex_has_any_alg(ret, p))
217	0	continue; /* Algorithm already present */
218	345k	if (strlcat(ret, ",", len) >= len \|\|
219	345k	strlcat(ret, p, len) >= len) {
220	0	free(tmp);
221	0	free(ret);
222	0	return NULL; /* Shouldn't happen */
223	0	}
224	345k	}
225	172k	free(tmp);
226	172k	return ret;
227	172k	}
228
229		/*
230		* Assemble a list of algorithms from a default list and a string from a
231		* configuration file. The user-provided string may begin with '+' to
232		* indicate that it should be appended to the default, '-' that the
233		* specified names should be removed, or '^' that they should be placed
234		* at the head.
235		*/
236		int
237		kex_assemble_names(char *listp, const char def, const char *all)
238	0	{
239	0	char cp, tmp, *patterns;
240	0	char list = NULL, ret = NULL, matching = NULL, opatterns = NULL;
241	0	int r = SSH_ERR_INTERNAL_ERROR;
242
243	0	if (listp == NULL \|\| def == NULL \|\| all == NULL)
244	0	return SSH_ERR_INVALID_ARGUMENT;
245
246	0	if (listp == NULL \|\| *listp == '\0') {
247	0	if ((*listp = strdup(def)) == NULL)
248	0	return SSH_ERR_ALLOC_FAIL;
249	0	return 0;
250	0	}
251
252	0	list = *listp;
253	0	*listp = NULL;
254	0	if (*list == '+') {
255		/* Append names to default list */
256	0	if ((tmp = kex_names_cat(def, list + 1)) == NULL) {
257	0	r = SSH_ERR_ALLOC_FAIL;
258	0	goto fail;
259	0	}
260	0	free(list);
261	0	list = tmp;
262	0	} else if (*list == '-') {
263		/* Remove names from default list */
264	0	if ((*listp = match_filter_denylist(def, list + 1)) == NULL) {
265	0	r = SSH_ERR_ALLOC_FAIL;
266	0	goto fail;
267	0	}
268	0	free(list);
269		/* filtering has already been done */
270	0	return 0;
271	0	} else if (*list == '^') {
272		/* Place names at head of default list */
273	0	if ((tmp = kex_names_cat(list + 1, def)) == NULL) {
274	0	r = SSH_ERR_ALLOC_FAIL;
275	0	goto fail;
276	0	}
277	0	free(list);
278	0	list = tmp;
279	0	} else {
280		/* Explicit list, overrides default - just use "list" as is */
281	0	}
282
283		/*
284		* The supplied names may be a pattern-list. For the -list case,
285		* the patterns are applied above. For the +list and explicit list
286		* cases we need to do it now.
287		*/
288	0	ret = NULL;
289	0	if ((patterns = opatterns = strdup(list)) == NULL) {
290	0	r = SSH_ERR_ALLOC_FAIL;
291	0	goto fail;
292	0	}
293		/* Apply positive (i.e. non-negated) patterns from the list */
294	0	while ((cp = strsep(&patterns, ",")) != NULL) {
295	0	if (*cp == '!') {
296		/* negated matches are not supported here */
297	0	r = SSH_ERR_INVALID_ARGUMENT;
298	0	goto fail;
299	0	}
300	0	free(matching);
301	0	if ((matching = match_filter_allowlist(all, cp)) == NULL) {
302	0	r = SSH_ERR_ALLOC_FAIL;
303	0	goto fail;
304	0	}
305	0	if ((tmp = kex_names_cat(ret, matching)) == NULL) {
306	0	r = SSH_ERR_ALLOC_FAIL;
307	0	goto fail;
308	0	}
309	0	free(ret);
310	0	ret = tmp;
311	0	}
312	0	if (ret == NULL \|\| *ret == '\0') {
313		/* An empty name-list is an error */
314		/* XXX better error code? */
315	0	r = SSH_ERR_INVALID_ARGUMENT;
316	0	goto fail;
317	0	}
318
319		/* success */
320	0	*listp = ret;
321	0	ret = NULL;
322	0	r = 0;
323
324	0	fail:
325	0	free(matching);
326	0	free(opatterns);
327	0	free(list);
328	0	free(ret);
329	0	return r;
330	0	}