summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2006-03-15 11:30:38 +1100
committerDamien Miller <djm@mindrot.org>2006-03-15 11:30:38 +1100
commitb59d4fe8b505f98f1a95da369c0f4c51b642e042 (patch)
treef54562b94c75ff7cea795e7b3eb9520b362d32c9
parent3ec54c7e58eb9724a5d54d3e985992ebecbd7553 (diff)
- djm@cvs.openbsd.org 2006/02/12 10:44:18
[readconf.c] raise error when the user specifies a RekeyLimit that is smaller than 16 (the smallest of our cipher's blocksize) or big enough to cause integer wraparound; ok & feedback dtucker@
-rw-r--r--ChangeLog7
-rw-r--r--readconf.c29
2 files changed, 28 insertions, 8 deletions
diff --git a/ChangeLog b/ChangeLog
index 380b952b8..f8e857153 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -74,6 +74,11 @@
74 add a %l expansion code to the ControlPath, which is filled in with the 74 add a %l expansion code to the ControlPath, which is filled in with the
75 local hostname at runtime. Requested by henning@ to avoid some problems 75 local hostname at runtime. Requested by henning@ to avoid some problems
76 with /home on NFS; ok dtucker@ 76 with /home on NFS; ok dtucker@
77 - djm@cvs.openbsd.org 2006/02/12 10:44:18
78 [readconf.c]
79 raise error when the user specifies a RekeyLimit that is smaller than 16
80 (the smallest of our cipher's blocksize) or big enough to cause integer
81 wraparound; ok & feedback dtucker@
77 82
7820060313 8320060313
79 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) 84 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong)
@@ -3975,4 +3980,4 @@
3975 - (djm) Trim deprecated options from INSTALL. Mention UsePAM 3980 - (djm) Trim deprecated options from INSTALL. Mention UsePAM
3976 - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu 3981 - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
3977 3982
3978$Id: ChangeLog,v 1.4160 2006/03/15 00:30:13 djm Exp $ 3983$Id: ChangeLog,v 1.4161 2006/03/15 00:30:38 djm Exp $
diff --git a/readconf.c b/readconf.c
index 1fbf59793..bc5cf6188 100644
--- a/readconf.c
+++ b/readconf.c
@@ -12,7 +12,7 @@
12 */ 12 */
13 13
14#include "includes.h" 14#include "includes.h"
15RCSID("$OpenBSD: readconf.c,v 1.145 2005/12/08 18:34:11 reyk Exp $"); 15RCSID("$OpenBSD: readconf.c,v 1.146 2006/02/12 10:44:18 djm Exp $");
16 16
17#include "ssh.h" 17#include "ssh.h"
18#include "xmalloc.h" 18#include "xmalloc.h"
@@ -306,7 +306,8 @@ process_config_line(Options *options, const char *host,
306 int *activep) 306 int *activep)
307{ 307{
308 char *s, **charptr, *endofnumber, *keyword, *arg, *arg2, fwdarg[256]; 308 char *s, **charptr, *endofnumber, *keyword, *arg, *arg2, fwdarg[256];
309 int opcode, *intptr, value, value2; 309 int opcode, *intptr, value, value2, scale;
310 long long orig, val64;
310 size_t len; 311 size_t len;
311 Forward fwd; 312 Forward fwd;
312 313
@@ -479,22 +480,36 @@ parse_yesnoask:
479 fatal("%.200s line %d: Missing argument.", filename, linenum); 480 fatal("%.200s line %d: Missing argument.", filename, linenum);
480 if (arg[0] < '0' || arg[0] > '9') 481 if (arg[0] < '0' || arg[0] > '9')
481 fatal("%.200s line %d: Bad number.", filename, linenum); 482 fatal("%.200s line %d: Bad number.", filename, linenum);
482 value = strtol(arg, &endofnumber, 10); 483 orig = val64 = strtoll(arg, &endofnumber, 10);
483 if (arg == endofnumber) 484 if (arg == endofnumber)
484 fatal("%.200s line %d: Bad number.", filename, linenum); 485 fatal("%.200s line %d: Bad number.", filename, linenum);
485 switch (toupper(*endofnumber)) { 486 switch (toupper(*endofnumber)) {
487 case '\0':
488 scale = 1;
489 break;
486 case 'K': 490 case 'K':
487 value *= 1<<10; 491 scale = 1<<10;
488 break; 492 break;
489 case 'M': 493 case 'M':
490 value *= 1<<20; 494 scale = 1<<20;
491 break; 495 break;
492 case 'G': 496 case 'G':
493 value *= 1<<30; 497 scale = 1<<30;
494 break; 498 break;
499 default:
500 fatal("%.200s line %d: Invalid RekeyLimit suffix",
501 filename, linenum);
495 } 502 }
503 val64 *= scale;
504 /* detect integer wrap and too-large limits */
505 if ((val64 / scale) != orig || val64 > INT_MAX)
506 fatal("%.200s line %d: RekeyLimit too large",
507 filename, linenum);
508 if (val64 < 16)
509 fatal("%.200s line %d: RekeyLimit too small",
510 filename, linenum);
496 if (*activep && *intptr == -1) 511 if (*activep && *intptr == -1)
497 *intptr = value; 512 *intptr = (int)val64;
498 break; 513 break;
499 514
500 case oIdentityFile: 515 case oIdentityFile: