diff options
author | djm@openbsd.org <djm@openbsd.org> | 2016-05-02 08:49:03 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2016-05-02 20:35:04 +1000 |
commit | 1a31d02b2411c4718de58ce796dbb7b5e14db93e (patch) | |
tree | c6e06a9890e71bc97cd3cdc6ce74919e504c8fd8 | |
parent | d2d6bf864e52af8491a60dd507f85b74361f5da3 (diff) |
upstream commit
fix signed/unsigned errors reported by clang-3.7; add
sshbuf_dup_string() to replace a common idiom of strdup(sshbuf_ptr()) with
better safety checking; feedback and ok markus@
Upstream-ID: 71f926d9bb3f1efed51319a6daf37e93d57c8820
-rw-r--r-- | auth2-chall.c | 6 | ||||
-rw-r--r-- | auth2.c | 6 | ||||
-rw-r--r-- | kex.h | 7 | ||||
-rw-r--r-- | kexc25519.c | 6 | ||||
-rw-r--r-- | monitor.c | 27 | ||||
-rw-r--r-- | servconf.c | 5 | ||||
-rw-r--r-- | sftp-client.c | 5 | ||||
-rw-r--r-- | ssh-agent.c | 15 | ||||
-rw-r--r-- | ssh-keygen.c | 8 | ||||
-rw-r--r-- | sshbuf-misc.c | 25 | ||||
-rw-r--r-- | sshbuf.h | 9 | ||||
-rw-r--r-- | sshconnect2.c | 6 | ||||
-rw-r--r-- | sshd.c | 51 |
13 files changed, 112 insertions, 64 deletions
diff --git a/auth2-chall.c b/auth2-chall.c index 4aff09d80..ead480318 100644 --- a/auth2-chall.c +++ b/auth2-chall.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth2-chall.c,v 1.43 2015/07/18 07:57:14 djm Exp $ */ | 1 | /* $OpenBSD: auth2-chall.c,v 1.44 2016/05/02 08:49:03 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2001 Per Allansson. All rights reserved. | 4 | * Copyright (c) 2001 Per Allansson. All rights reserved. |
@@ -122,8 +122,8 @@ kbdint_alloc(const char *devs) | |||
122 | buffer_append(&b, devices[i]->name, | 122 | buffer_append(&b, devices[i]->name, |
123 | strlen(devices[i]->name)); | 123 | strlen(devices[i]->name)); |
124 | } | 124 | } |
125 | buffer_append(&b, "\0", 1); | 125 | if ((kbdintctxt->devices = sshbuf_dup_string(&b)) == NULL) |
126 | kbdintctxt->devices = xstrdup(buffer_ptr(&b)); | 126 | fatal("%s: sshbuf_dup_string failed", __func__); |
127 | buffer_free(&b); | 127 | buffer_free(&b); |
128 | } else { | 128 | } else { |
129 | kbdintctxt->devices = xstrdup(devs); | 129 | kbdintctxt->devices = xstrdup(devs); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth2.c,v 1.135 2015/01/19 20:07:45 markus Exp $ */ | 1 | /* $OpenBSD: auth2.c,v 1.136 2016/05/02 08:49:03 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -424,8 +424,8 @@ authmethods_get(Authctxt *authctxt) | |||
424 | buffer_append(&b, authmethods[i]->name, | 424 | buffer_append(&b, authmethods[i]->name, |
425 | strlen(authmethods[i]->name)); | 425 | strlen(authmethods[i]->name)); |
426 | } | 426 | } |
427 | buffer_append(&b, "\0", 1); | 427 | if ((list = sshbuf_dup_string(&b)) == NULL) |
428 | list = xstrdup(buffer_ptr(&b)); | 428 | fatal("%s: sshbuf_dup_string failed", __func__); |
429 | buffer_free(&b); | 429 | buffer_free(&b); |
430 | return list; | 430 | return list; |
431 | } | 431 | } |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kex.h,v 1.76 2016/02/08 10:57:07 djm Exp $ */ | 1 | /* $OpenBSD: kex.h,v 1.77 2016/05/02 08:49:03 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
@@ -205,8 +205,9 @@ int kex_ecdh_hash(int, const EC_GROUP *, const char *, const char *, | |||
205 | const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, | 205 | const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, |
206 | const EC_POINT *, const EC_POINT *, const BIGNUM *, u_char *, size_t *); | 206 | const EC_POINT *, const EC_POINT *, const BIGNUM *, u_char *, size_t *); |
207 | 207 | ||
208 | int kex_c25519_hash(int, const char *, const char *, const char *, size_t, | 208 | int kex_c25519_hash(int, const char *, const char *, |
209 | const char *, size_t, const u_char *, size_t, const u_char *, const u_char *, | 209 | const u_char *, size_t, const u_char *, size_t, |
210 | const u_char *, size_t, const u_char *, const u_char *, | ||
210 | const u_char *, size_t, u_char *, size_t *); | 211 | const u_char *, size_t, u_char *, size_t *); |
211 | 212 | ||
212 | void kexc25519_keygen(u_char key[CURVE25519_SIZE], u_char pub[CURVE25519_SIZE]) | 213 | void kexc25519_keygen(u_char key[CURVE25519_SIZE], u_char pub[CURVE25519_SIZE]) |
diff --git a/kexc25519.c b/kexc25519.c index 8d8cd4a2b..0897b8c51 100644 --- a/kexc25519.c +++ b/kexc25519.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kexc25519.c,v 1.9 2015/03/26 07:00:04 djm Exp $ */ | 1 | /* $OpenBSD: kexc25519.c,v 1.10 2016/05/02 08:49:03 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001, 2013 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001, 2013 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2010 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2010 Damien Miller. All rights reserved. |
@@ -86,8 +86,8 @@ kex_c25519_hash( | |||
86 | int hash_alg, | 86 | int hash_alg, |
87 | const char *client_version_string, | 87 | const char *client_version_string, |
88 | const char *server_version_string, | 88 | const char *server_version_string, |
89 | const char *ckexinit, size_t ckexinitlen, | 89 | const u_char *ckexinit, size_t ckexinitlen, |
90 | const char *skexinit, size_t skexinitlen, | 90 | const u_char *skexinit, size_t skexinitlen, |
91 | const u_char *serverhostkeyblob, size_t sbloblen, | 91 | const u_char *serverhostkeyblob, size_t sbloblen, |
92 | const u_char client_dh_pub[CURVE25519_SIZE], | 92 | const u_char client_dh_pub[CURVE25519_SIZE], |
93 | const u_char server_dh_pub[CURVE25519_SIZE], | 93 | const u_char server_dh_pub[CURVE25519_SIZE], |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: monitor.c,v 1.158 2016/03/07 19:02:43 djm Exp $ */ | 1 | /* $OpenBSD: monitor.c,v 1.159 2016/05/02 08:49:03 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> | 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> |
4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> | 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> |
@@ -34,6 +34,7 @@ | |||
34 | 34 | ||
35 | #include <errno.h> | 35 | #include <errno.h> |
36 | #include <fcntl.h> | 36 | #include <fcntl.h> |
37 | #include <limits.h> | ||
37 | #ifdef HAVE_PATHS_H | 38 | #ifdef HAVE_PATHS_H |
38 | #include <paths.h> | 39 | #include <paths.h> |
39 | #endif | 40 | #endif |
@@ -688,7 +689,8 @@ mm_answer_sign(int sock, Buffer *m) | |||
688 | u_char *p = NULL, *signature = NULL; | 689 | u_char *p = NULL, *signature = NULL; |
689 | char *alg = NULL; | 690 | char *alg = NULL; |
690 | size_t datlen, siglen, alglen; | 691 | size_t datlen, siglen, alglen; |
691 | int r, keyid, is_proof = 0; | 692 | int r, is_proof = 0; |
693 | u_int keyid; | ||
692 | const char proof_req[] = "hostkeys-prove-00@openssh.com"; | 694 | const char proof_req[] = "hostkeys-prove-00@openssh.com"; |
693 | 695 | ||
694 | debug3("%s", __func__); | 696 | debug3("%s", __func__); |
@@ -697,6 +699,8 @@ mm_answer_sign(int sock, Buffer *m) | |||
697 | (r = sshbuf_get_string(m, &p, &datlen)) != 0 || | 699 | (r = sshbuf_get_string(m, &p, &datlen)) != 0 || |
698 | (r = sshbuf_get_cstring(m, &alg, &alglen)) != 0) | 700 | (r = sshbuf_get_cstring(m, &alg, &alglen)) != 0) |
699 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 701 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
702 | if (keyid > INT_MAX) | ||
703 | fatal("%s: invalid key ID", __func__); | ||
700 | 704 | ||
701 | /* | 705 | /* |
702 | * Supported KEX types use SHA1 (20 bytes), SHA256 (32 bytes), | 706 | * Supported KEX types use SHA1 (20 bytes), SHA256 (32 bytes), |
@@ -1289,7 +1293,8 @@ static int | |||
1289 | monitor_valid_userblob(u_char *data, u_int datalen) | 1293 | monitor_valid_userblob(u_char *data, u_int datalen) |
1290 | { | 1294 | { |
1291 | Buffer b; | 1295 | Buffer b; |
1292 | char *p, *userstyle; | 1296 | u_char *p; |
1297 | char *userstyle, *cp; | ||
1293 | u_int len; | 1298 | u_int len; |
1294 | int fail = 0; | 1299 | int fail = 0; |
1295 | 1300 | ||
@@ -1314,26 +1319,26 @@ monitor_valid_userblob(u_char *data, u_int datalen) | |||
1314 | } | 1319 | } |
1315 | if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) | 1320 | if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) |
1316 | fail++; | 1321 | fail++; |
1317 | p = buffer_get_cstring(&b, NULL); | 1322 | cp = buffer_get_cstring(&b, NULL); |
1318 | xasprintf(&userstyle, "%s%s%s", authctxt->user, | 1323 | xasprintf(&userstyle, "%s%s%s", authctxt->user, |
1319 | authctxt->style ? ":" : "", | 1324 | authctxt->style ? ":" : "", |
1320 | authctxt->style ? authctxt->style : ""); | 1325 | authctxt->style ? authctxt->style : ""); |
1321 | if (strcmp(userstyle, p) != 0) { | 1326 | if (strcmp(userstyle, cp) != 0) { |
1322 | logit("wrong user name passed to monitor: expected %s != %.100s", | 1327 | logit("wrong user name passed to monitor: " |
1323 | userstyle, p); | 1328 | "expected %s != %.100s", userstyle, cp); |
1324 | fail++; | 1329 | fail++; |
1325 | } | 1330 | } |
1326 | free(userstyle); | 1331 | free(userstyle); |
1327 | free(p); | 1332 | free(cp); |
1328 | buffer_skip_string(&b); | 1333 | buffer_skip_string(&b); |
1329 | if (datafellows & SSH_BUG_PKAUTH) { | 1334 | if (datafellows & SSH_BUG_PKAUTH) { |
1330 | if (!buffer_get_char(&b)) | 1335 | if (!buffer_get_char(&b)) |
1331 | fail++; | 1336 | fail++; |
1332 | } else { | 1337 | } else { |
1333 | p = buffer_get_cstring(&b, NULL); | 1338 | cp = buffer_get_cstring(&b, NULL); |
1334 | if (strcmp("publickey", p) != 0) | 1339 | if (strcmp("publickey", cp) != 0) |
1335 | fail++; | 1340 | fail++; |
1336 | free(p); | 1341 | free(cp); |
1337 | if (!buffer_get_char(&b)) | 1342 | if (!buffer_get_char(&b)) |
1338 | fail++; | 1343 | fail++; |
1339 | buffer_skip_string(&b); | 1344 | buffer_skip_string(&b); |
diff --git a/servconf.c b/servconf.c index ba39dce1d..6111c5a94 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -1,5 +1,5 @@ | |||
1 | 1 | ||
2 | /* $OpenBSD: servconf.c,v 1.286 2016/03/07 19:02:43 djm Exp $ */ | 2 | /* $OpenBSD: servconf.c,v 1.287 2016/05/02 08:49:03 djm Exp $ */ |
3 | /* | 3 | /* |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
5 | * All rights reserved | 5 | * All rights reserved |
@@ -2059,7 +2059,8 @@ parse_server_config(ServerOptions *options, const char *filename, Buffer *conf, | |||
2059 | 2059 | ||
2060 | debug2("%s: config %s len %d", __func__, filename, buffer_len(conf)); | 2060 | debug2("%s: config %s len %d", __func__, filename, buffer_len(conf)); |
2061 | 2061 | ||
2062 | obuf = cbuf = xstrdup(buffer_ptr(conf)); | 2062 | if ((obuf = cbuf = sshbuf_dup_string(conf)) == NULL) |
2063 | fatal("%s: sshbuf_dup_string failed", __func__); | ||
2063 | active = connectinfo ? 0 : 1; | 2064 | active = connectinfo ? 0 : 1; |
2064 | linenum = 1; | 2065 | linenum = 1; |
2065 | while ((cp = strsep(&cbuf, "\n")) != NULL) { | 2066 | while ((cp = strsep(&cbuf, "\n")) != NULL) { |
diff --git a/sftp-client.c b/sftp-client.c index cd990579e..faf14684c 100644 --- a/sftp-client.c +++ b/sftp-client.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sftp-client.c,v 1.122 2016/04/08 08:19:17 djm Exp $ */ | 1 | /* $OpenBSD: sftp-client.c,v 1.123 2016/05/02 08:49:03 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> | 3 | * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> |
4 | * | 4 | * |
@@ -515,8 +515,7 @@ do_lsreaddir(struct sftp_conn *conn, const char *path, int print_flag, | |||
515 | struct sshbuf *msg; | 515 | struct sshbuf *msg; |
516 | u_int count, id, i, expected_id, ents = 0; | 516 | u_int count, id, i, expected_id, ents = 0; |
517 | size_t handle_len; | 517 | size_t handle_len; |
518 | u_char type; | 518 | u_char type, *handle; |
519 | char *handle; | ||
520 | int status = SSH2_FX_FAILURE; | 519 | int status = SSH2_FX_FAILURE; |
521 | int r; | 520 | int r; |
522 | 521 | ||
diff --git a/ssh-agent.c b/ssh-agent.c index c38906d94..8aa25b30d 100644 --- a/ssh-agent.c +++ b/ssh-agent.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-agent.c,v 1.212 2016/02/15 09:47:49 dtucker Exp $ */ | 1 | /* $OpenBSD: ssh-agent.c,v 1.213 2016/05/02 08:49:03 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -144,8 +144,8 @@ char socket_dir[PATH_MAX]; | |||
144 | #define LOCK_SALT_SIZE 16 | 144 | #define LOCK_SALT_SIZE 16 |
145 | #define LOCK_ROUNDS 1 | 145 | #define LOCK_ROUNDS 1 |
146 | int locked = 0; | 146 | int locked = 0; |
147 | char lock_passwd[LOCK_SIZE]; | 147 | u_char lock_pwhash[LOCK_SIZE]; |
148 | char lock_salt[LOCK_SALT_SIZE]; | 148 | u_char lock_salt[LOCK_SALT_SIZE]; |
149 | 149 | ||
150 | extern char *__progname; | 150 | extern char *__progname; |
151 | 151 | ||
@@ -677,7 +677,8 @@ static void | |||
677 | process_lock_agent(SocketEntry *e, int lock) | 677 | process_lock_agent(SocketEntry *e, int lock) |
678 | { | 678 | { |
679 | int r, success = 0, delay; | 679 | int r, success = 0, delay; |
680 | char *passwd, passwdhash[LOCK_SIZE]; | 680 | char *passwd; |
681 | u_char passwdhash[LOCK_SIZE]; | ||
681 | static u_int fail_count = 0; | 682 | static u_int fail_count = 0; |
682 | size_t pwlen; | 683 | size_t pwlen; |
683 | 684 | ||
@@ -689,11 +690,11 @@ process_lock_agent(SocketEntry *e, int lock) | |||
689 | if (bcrypt_pbkdf(passwd, pwlen, lock_salt, sizeof(lock_salt), | 690 | if (bcrypt_pbkdf(passwd, pwlen, lock_salt, sizeof(lock_salt), |
690 | passwdhash, sizeof(passwdhash), LOCK_ROUNDS) < 0) | 691 | passwdhash, sizeof(passwdhash), LOCK_ROUNDS) < 0) |
691 | fatal("bcrypt_pbkdf"); | 692 | fatal("bcrypt_pbkdf"); |
692 | if (timingsafe_bcmp(passwdhash, lock_passwd, LOCK_SIZE) == 0) { | 693 | if (timingsafe_bcmp(passwdhash, lock_pwhash, LOCK_SIZE) == 0) { |
693 | debug("agent unlocked"); | 694 | debug("agent unlocked"); |
694 | locked = 0; | 695 | locked = 0; |
695 | fail_count = 0; | 696 | fail_count = 0; |
696 | explicit_bzero(lock_passwd, sizeof(lock_passwd)); | 697 | explicit_bzero(lock_pwhash, sizeof(lock_pwhash)); |
697 | success = 1; | 698 | success = 1; |
698 | } else { | 699 | } else { |
699 | /* delay in 0.1s increments up to 10s */ | 700 | /* delay in 0.1s increments up to 10s */ |
@@ -710,7 +711,7 @@ process_lock_agent(SocketEntry *e, int lock) | |||
710 | locked = 1; | 711 | locked = 1; |
711 | arc4random_buf(lock_salt, sizeof(lock_salt)); | 712 | arc4random_buf(lock_salt, sizeof(lock_salt)); |
712 | if (bcrypt_pbkdf(passwd, pwlen, lock_salt, sizeof(lock_salt), | 713 | if (bcrypt_pbkdf(passwd, pwlen, lock_salt, sizeof(lock_salt), |
713 | lock_passwd, sizeof(lock_passwd), LOCK_ROUNDS) < 0) | 714 | lock_pwhash, sizeof(lock_pwhash), LOCK_ROUNDS) < 0) |
714 | fatal("bcrypt_pbkdf"); | 715 | fatal("bcrypt_pbkdf"); |
715 | success = 1; | 716 | success = 1; |
716 | } | 717 | } |
diff --git a/ssh-keygen.c b/ssh-keygen.c index 478520123..079f10321 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-keygen.c,v 1.288 2016/02/15 09:47:49 dtucker Exp $ */ | 1 | /* $OpenBSD: ssh-keygen.c,v 1.289 2016/05/02 08:49:03 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -883,7 +883,7 @@ do_fingerprint(struct passwd *pw) | |||
883 | char *comment = NULL, *cp, *ep, line[SSH_MAX_PUBKEY_BYTES]; | 883 | char *comment = NULL, *cp, *ep, line[SSH_MAX_PUBKEY_BYTES]; |
884 | int i, invalid = 1; | 884 | int i, invalid = 1; |
885 | const char *path; | 885 | const char *path; |
886 | long int lnum = 0; | 886 | u_long lnum = 0; |
887 | 887 | ||
888 | if (!have_identity) | 888 | if (!have_identity) |
889 | ask_filename(pw, "Enter file in which the key is"); | 889 | ask_filename(pw, "Enter file in which the key is"); |
@@ -946,7 +946,7 @@ do_fingerprint(struct passwd *pw) | |||
946 | } | 946 | } |
947 | /* Retry after parsing leading hostname/key options */ | 947 | /* Retry after parsing leading hostname/key options */ |
948 | if (public == NULL && (public = try_read_key(&cp)) == NULL) { | 948 | if (public == NULL && (public = try_read_key(&cp)) == NULL) { |
949 | debug("%s:%ld: not a public key", path, lnum); | 949 | debug("%s:%lu: not a public key", path, lnum); |
950 | continue; | 950 | continue; |
951 | } | 951 | } |
952 | 952 | ||
@@ -1920,7 +1920,7 @@ do_show_cert(struct passwd *pw) | |||
1920 | FILE *f; | 1920 | FILE *f; |
1921 | char *cp, line[SSH_MAX_PUBKEY_BYTES]; | 1921 | char *cp, line[SSH_MAX_PUBKEY_BYTES]; |
1922 | const char *path; | 1922 | const char *path; |
1923 | long int lnum = 0; | 1923 | u_long lnum = 0; |
1924 | 1924 | ||
1925 | if (!have_identity) | 1925 | if (!have_identity) |
1926 | ask_filename(pw, "Enter file in which the key is"); | 1926 | ask_filename(pw, "Enter file in which the key is"); |
diff --git a/sshbuf-misc.c b/sshbuf-misc.c index 3da4b80e7..15dcfbc79 100644 --- a/sshbuf-misc.c +++ b/sshbuf-misc.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshbuf-misc.c,v 1.5 2015/10/05 17:11:21 djm Exp $ */ | 1 | /* $OpenBSD: sshbuf-misc.c,v 1.6 2016/05/02 08:49:03 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2011 Damien Miller | 3 | * Copyright (c) 2011 Damien Miller |
4 | * | 4 | * |
@@ -136,3 +136,26 @@ sshbuf_b64tod(struct sshbuf *buf, const char *b64) | |||
136 | return 0; | 136 | return 0; |
137 | } | 137 | } |
138 | 138 | ||
139 | char * | ||
140 | sshbuf_dup_string(struct sshbuf *buf) | ||
141 | { | ||
142 | const u_char *p = NULL, *s = sshbuf_ptr(buf); | ||
143 | size_t l = sshbuf_len(buf); | ||
144 | char *r; | ||
145 | |||
146 | if (s == NULL || l > SIZE_MAX) | ||
147 | return NULL; | ||
148 | /* accept a nul only as the last character in the buffer */ | ||
149 | if (l > 0 && (p = memchr(s, '\0', l)) != NULL) { | ||
150 | if (p != s + l - 1) | ||
151 | return NULL; | ||
152 | l--; /* the nul is put back below */ | ||
153 | } | ||
154 | if ((r = malloc(l + 1)) == NULL) | ||
155 | return NULL; | ||
156 | if (l > 0) | ||
157 | memcpy(r, s, l); | ||
158 | r[l] = '\0'; | ||
159 | return r; | ||
160 | } | ||
161 | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshbuf.h,v 1.6 2015/12/10 07:01:35 mmcc Exp $ */ | 1 | /* $OpenBSD: sshbuf.h,v 1.7 2016/05/02 08:49:03 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2011 Damien Miller | 3 | * Copyright (c) 2011 Damien Miller |
4 | * | 4 | * |
@@ -239,6 +239,13 @@ char *sshbuf_dtob64(struct sshbuf *buf); | |||
239 | /* Decode base64 data and append it to the buffer */ | 239 | /* Decode base64 data and append it to the buffer */ |
240 | int sshbuf_b64tod(struct sshbuf *buf, const char *b64); | 240 | int sshbuf_b64tod(struct sshbuf *buf, const char *b64); |
241 | 241 | ||
242 | /* | ||
243 | * Duplicate the contents of a buffer to a string (caller to free). | ||
244 | * Returns NULL on buffer error, or if the buffer contains a premature | ||
245 | * nul character. | ||
246 | */ | ||
247 | char *sshbuf_dup_string(struct sshbuf *buf); | ||
248 | |||
242 | /* Macros for decoding/encoding integers */ | 249 | /* Macros for decoding/encoding integers */ |
243 | #define PEEK_U64(p) \ | 250 | #define PEEK_U64(p) \ |
244 | (((u_int64_t)(((const u_char *)(p))[0]) << 56) | \ | 251 | (((u_int64_t)(((const u_char *)(p))[0]) << 56) | \ |
diff --git a/sshconnect2.c b/sshconnect2.c index f7d0644e8..1dddf75aa 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshconnect2.c,v 1.241 2016/04/28 14:30:21 djm Exp $ */ | 1 | /* $OpenBSD: sshconnect2.c,v 1.242 2016/05/02 08:49:03 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2008 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2008 Damien Miller. All rights reserved. |
@@ -1922,8 +1922,8 @@ authmethods_get(void) | |||
1922 | buffer_append(&b, method->name, strlen(method->name)); | 1922 | buffer_append(&b, method->name, strlen(method->name)); |
1923 | } | 1923 | } |
1924 | } | 1924 | } |
1925 | buffer_append(&b, "\0", 1); | 1925 | if ((list = sshbuf_dup_string(&b)) == NULL) |
1926 | list = xstrdup(buffer_ptr(&b)); | 1926 | fatal("%s: sshbuf_dup_string failed", __func__); |
1927 | buffer_free(&b); | 1927 | buffer_free(&b); |
1928 | return list; | 1928 | return list; |
1929 | } | 1929 | } |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshd.c,v 1.466 2016/03/07 19:02:43 djm Exp $ */ | 1 | /* $OpenBSD: sshd.c,v 1.467 2016/05/02 08:49:03 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -845,8 +845,8 @@ list_hostkey_types(void) | |||
845 | break; | 845 | break; |
846 | } | 846 | } |
847 | } | 847 | } |
848 | buffer_append(&b, "\0", 1); | 848 | if ((ret = sshbuf_dup_string(&b)) == NULL) |
849 | ret = xstrdup(buffer_ptr(&b)); | 849 | fatal("%s: sshbuf_dup_string failed", __func__); |
850 | buffer_free(&b); | 850 | buffer_free(&b); |
851 | debug("list_hostkey_types: %s", ret); | 851 | debug("list_hostkey_types: %s", ret); |
852 | return ret; | 852 | return ret; |
@@ -1027,12 +1027,13 @@ usage(void) | |||
1027 | } | 1027 | } |
1028 | 1028 | ||
1029 | static void | 1029 | static void |
1030 | send_rexec_state(int fd, Buffer *conf) | 1030 | send_rexec_state(int fd, struct sshbuf *conf) |
1031 | { | 1031 | { |
1032 | Buffer m; | 1032 | struct sshbuf *m; |
1033 | int r; | ||
1033 | 1034 | ||
1034 | debug3("%s: entering fd = %d config len %d", __func__, fd, | 1035 | debug3("%s: entering fd = %d config len %zu", __func__, fd, |
1035 | buffer_len(conf)); | 1036 | sshbuf_len(conf)); |
1036 | 1037 | ||
1037 | /* | 1038 | /* |
1038 | * Protocol from reexec master to child: | 1039 | * Protocol from reexec master to child: |
@@ -1046,31 +1047,41 @@ send_rexec_state(int fd, Buffer *conf) | |||
1046 | * bignum q " | 1047 | * bignum q " |
1047 | * string rngseed (only if OpenSSL is not self-seeded) | 1048 | * string rngseed (only if OpenSSL is not self-seeded) |
1048 | */ | 1049 | */ |
1049 | buffer_init(&m); | 1050 | if ((m = sshbuf_new()) == NULL) |
1050 | buffer_put_cstring(&m, buffer_ptr(conf)); | 1051 | fatal("%s: sshbuf_new failed", __func__); |
1052 | if ((r = sshbuf_put_stringb(m, conf)) != 0) | ||
1053 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | ||
1051 | 1054 | ||
1052 | #ifdef WITH_SSH1 | 1055 | #ifdef WITH_SSH1 |
1053 | if (sensitive_data.server_key != NULL && | 1056 | if (sensitive_data.server_key != NULL && |
1054 | sensitive_data.server_key->type == KEY_RSA1) { | 1057 | sensitive_data.server_key->type == KEY_RSA1) { |
1055 | buffer_put_int(&m, 1); | 1058 | if ((r = sshbuf_put_u32(m, 1)) != 0 || |
1056 | buffer_put_bignum(&m, sensitive_data.server_key->rsa->e); | 1059 | (r = sshbuf_put_bignum1(m, |
1057 | buffer_put_bignum(&m, sensitive_data.server_key->rsa->n); | 1060 | sensitive_data.server_key->rsa->e)) != 0 || |
1058 | buffer_put_bignum(&m, sensitive_data.server_key->rsa->d); | 1061 | (r = sshbuf_put_bignum1(m, |
1059 | buffer_put_bignum(&m, sensitive_data.server_key->rsa->iqmp); | 1062 | sensitive_data.server_key->rsa->n)) != 0 || |
1060 | buffer_put_bignum(&m, sensitive_data.server_key->rsa->p); | 1063 | (r = sshbuf_put_bignum1(m, |
1061 | buffer_put_bignum(&m, sensitive_data.server_key->rsa->q); | 1064 | sensitive_data.server_key->rsa->d)) != 0 || |
1065 | (r = sshbuf_put_bignum1(m, | ||
1066 | sensitive_data.server_key->rsa->iqmp)) != 0 || | ||
1067 | (r = sshbuf_put_bignum1(m, | ||
1068 | sensitive_data.server_key->rsa->p)) != 0 || | ||
1069 | (r = sshbuf_put_bignum1(m, | ||
1070 | sensitive_data.server_key->rsa->q)) != 0) | ||
1071 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | ||
1062 | } else | 1072 | } else |
1063 | #endif | 1073 | #endif |
1064 | buffer_put_int(&m, 0); | 1074 | if ((r = sshbuf_put_u32(m, 1)) != 0) |
1075 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | ||
1065 | 1076 | ||
1066 | #if defined(WITH_OPENSSL) && !defined(OPENSSL_PRNG_ONLY) | 1077 | #if defined(WITH_OPENSSL) && !defined(OPENSSL_PRNG_ONLY) |
1067 | rexec_send_rng_seed(&m); | 1078 | rexec_send_rng_seed(m); |
1068 | #endif | 1079 | #endif |
1069 | 1080 | ||
1070 | if (ssh_msg_send(fd, 0, &m) == -1) | 1081 | if (ssh_msg_send(fd, 0, m) == -1) |
1071 | fatal("%s: ssh_msg_send failed", __func__); | 1082 | fatal("%s: ssh_msg_send failed", __func__); |
1072 | 1083 | ||
1073 | buffer_free(&m); | 1084 | sshbuf_free(m); |
1074 | 1085 | ||
1075 | debug3("%s: done", __func__); | 1086 | debug3("%s: done", __func__); |
1076 | } | 1087 | } |