Merged OpenBSD CVS changes that go away

author: Damien Miller <djm@mindrot.org> 1999-11-08 16:15:55 +1100
committer: Damien Miller <djm@mindrot.org> 1999-11-08 16:15:55 +1100
commit: fd7c911f090749774cf1869420523c4811beeeb0 (patch)
tree: cd57567ddb3371c0c805a8bd8ace0c66df02fa53
parent: 5ac5f1ca6b5270e1a755d75120f8217f5850c9b2 (diff)
13 files changed, 96 insertions, 43 deletions
diff --git a/ChangeLog b/ChangeLog
index 57f9a00ee..088ee0489 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -19,9 +19,9 @@
   - Added support for PAM_TEXT_INFO messages
   - Disable internal /etc/nologin support if PAM enabled
 - Merged latest OpenBSD CVS changes:
+   - [all] replace assert() with error, fatal or packet_disconnect
   - [sshd.c] don't send fail-msg but disconnect if too many authentication
     failures
-   - [sshd.c] replace assert() with error, fatal or packet_disconnect
   - [sshd.c] remove unused argument. ok dugsong
   - [sshd.c] typo
   - [rsa.c] clear buffers used for encryption. ok: niels
diff --git a/auth-rsa.c b/auth-rsa.c
index 3be37ffcb..dc1ad81a2 100644
--- a/auth-rsa.c
+++ b/auth-rsa.c
@@ -17,7 +17,7 @@ validity of the host key.
 #include "config.h"
 #include "includes.h"
-RCSID("$Id: auth-rsa.c,v 1.3 1999/10/28 05:23:30 damien Exp $");
+RCSID("$Id: auth-rsa.c,v 1.4 1999/11/08 05:15:55 damien Exp $");
 #include "rsa.h"
 #include "packet.h"
@@ -98,7 +98,9 @@ auth_rsa_challenge_dialog(unsigned int bits, BIGNUM *e, BIGNUM *n)
  /* The response is MD5 of decrypted challenge plus session id. */
  len = BN_num_bytes(challenge);
-  assert(len <= 32 && len);
+  if (len <= 0 || len > 32)
+    fatal("auth_rsa_challenge_dialog: bad challenge length %d", len);
  memset(buf, 0, 32);
  BN_bn2bin(challenge, buf + 32 - len);
  MD5_Init(&md);
diff --git a/bufaux.c b/bufaux.c
index 9d5776f56..31e1ae9ee 100644
--- a/bufaux.c
+++ b/bufaux.c
@@ -16,7 +16,7 @@ Buffers.
 #include "config.h"
 #include "includes.h"
-RCSID("$Id: bufaux.c,v 1.2 1999/10/28 03:25:17 damien Exp $");
+RCSID("$Id: bufaux.c,v 1.3 1999/11/08 05:15:55 damien Exp $");
 #include "ssh.h"
@@ -45,7 +45,9 @@ buffer_put_bignum(Buffer *buffer, BIGNUM *value)
  
  /* Get the value of in binary */
  oi = BN_bn2bin(value, buf);
-  assert(oi == bin_size);
+  if (oi != bin_size)
+    fatal("buffer_put_bignum: BN_bn2bin() failed: oi %d != bin_size %d",
+          oi, bin_size);
  /* Store the number of bits in the buffer in two bytes, msb first. */
  PUT_16BIT(msg, bits);
diff --git a/channels.c b/channels.c
index 79a02c88b..032e8f2af 100644
--- a/channels.c
+++ b/channels.c
@@ -16,7 +16,7 @@ arbitrary tcp/ip connections, and the authentication agent connection.
 */
 #include "includes.h"
-RCSID("$Id: channels.c,v 1.3 1999/10/30 01:39:56 damien Exp $");
+RCSID("$Id: channels.c,v 1.4 1999/11/08 05:15:55 damien Exp $");
 #include "ssh.h"
 #include "packet.h"
@@ -166,8 +166,10 @@ int channel_allocate(int type, int sock, char *remote_name)
 void channel_free(int channel)
 {
-  assert(channel >= 0 && channel < channels_alloc &&
+  if (channel < 0 || channel >= channels_alloc ||
-         channels[channel].type != SSH_CHANNEL_FREE);
+      channels[channel].type == SSH_CHANNEL_FREE)
+    packet_disconnect("channel free: bad local channel %d", channel);
  if(compat13)
    shutdown(channels[channel].sock, SHUT_RDWR);
  close(channels[channel].sock);
@@ -307,9 +309,17 @@ void channel_prepare_select(fd_set *readset, fd_set *writeset)
              goto reject;
            }
+          /* Check fake data length */
+          if (x11_fake_data_len != x11_saved_data_len)
+            {
+              error("X11 fake_data_len %d != saved_data_len %d",
+                     x11_fake_data_len, x11_saved_data_len);
+              ch->type = SSH_CHANNEL_OPEN;
+              goto reject;
+            }
          /* Received authentication protocol and data match our fake data.
             Substitute the fake data with real data. */
-          assert(x11_fake_data_len == x11_saved_data_len);
          memcpy(ucp + 12 + ((proto_len + 3) & ~3),
                 x11_saved_data, x11_saved_data_len);
diff --git a/cipher.c b/cipher.c
index e611d6c71..074913512 100644
--- a/cipher.c
+++ b/cipher.c
@@ -13,7 +13,7 @@ Created: Wed Apr 19 17:41:39 1995 ylo
 #include "config.h"
 #include "includes.h"
-RCSID("$Id: cipher.c,v 1.3 1999/10/28 05:23:30 damien Exp $");
+RCSID("$Id: cipher.c,v 1.4 1999/11/08 05:15:55 damien Exp $");
 #include "ssh.h"
 #include "cipher.h"
@@ -93,8 +93,6 @@ swap_bytes(const unsigned char *src, unsigned char *dst_, int n)
    char c[4];
  } t;
-  /* assert((n & 7) == 0); */
  /* Process 8 bytes every lap. */
  for (n = n / 8; n > 0; n--)
    {
@@ -248,7 +246,8 @@ void cipher_set_key(CipherContext *context, int cipher,
 void cipher_encrypt(CipherContext *context, unsigned char *dest,
                    const unsigned char *src, unsigned int len)
 {
-  assert((len & 7) == 0);
+  if ((len & 7) != 0)
+    fatal("cipher_encrypt: bad plaintext length %d", len);
  switch (context->type)
    {
@@ -280,7 +279,8 @@ void cipher_encrypt(CipherContext *context, unsigned char *dest,
 void cipher_decrypt(CipherContext *context, unsigned char *dest,
                    const unsigned char *src, unsigned int len)
 {
-  assert((len & 7) == 0);
+  if ((len & 7) != 0)
+    fatal("cipher_decrypt: bad ciphertext length %d", len);
  switch (context->type)
    {
diff --git a/deattack.c b/deattack.c
index d5f8608ca..afd96e4e4 100644
--- a/deattack.c
+++ b/deattack.c
@@ -1,5 +1,5 @@
 /*
- * $Id: deattack.c,v 1.1 1999/10/27 03:42:44 damien Exp $
+ * $Id: deattack.c,v 1.2 1999/11/08 05:15:55 damien Exp $
 * Cryptographic attack detector for ssh - source code
 *
 * Copyright (c) 1998 CORE SDI S.A., Buenos Aires, Argentina.
@@ -100,9 +100,10 @@ detect_attack(unsigned char *buf, u_int32_t len, unsigned char *IV)
  register unsigned char *c;
  unsigned char  *d;
+  if (len > (SSH_MAXBLOCKS * SSH_BLOCKSIZE) ||
-  assert(len <= (SSH_MAXBLOCKS * SSH_BLOCKSIZE));
+      len % SSH_BLOCKSIZE != 0) {
-  assert(len % SSH_BLOCKSIZE == 0);
+    fatal("detect_attack: bad length %d", len);
+  }
  for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2);
diff --git a/hostfile.c b/hostfile.c
index ca0fe88a2..0e65bfe5f 100644
--- a/hostfile.c
+++ b/hostfile.c
@@ -14,7 +14,7 @@ Functions for manipulating the known hosts files.
 */
 #include "includes.h"
-RCSID("$Id: hostfile.c,v 1.1 1999/10/27 03:42:44 damien Exp $");
+RCSID("$Id: hostfile.c,v 1.2 1999/11/08 05:15:55 damien Exp $");
 #include "packet.h"
 #include "ssh.h"
@@ -265,11 +265,19 @@ add_host_to_hostfile(const char *filename, const char *host,
  /* Print the host name and key to the file. */
  fprintf(f, "%s %u ", host, bits);
  buf = BN_bn2dec(e);
-  assert(buf != NULL);
+  if (buf == NULL) {
+    error("add_host_to_hostfile: BN_bn2dec #1 failed");
+    fclose(f);
+    return 0;
+  }
  fprintf(f, "%s ", buf);
  free (buf);
  buf = BN_bn2dec(n);
-  assert(buf != NULL);
+  if (buf == NULL) {
+    error("add_host_to_hostfile: BN_bn2dec #2 failed");
+    fclose(f);
+    return 0;
+  }
  fprintf(f, "%s\n", buf);
  free (buf);
diff --git a/packet.c b/packet.c
index 7e74c73b3..6dfd492a1 100644
--- a/packet.c
+++ b/packet.c
@@ -15,7 +15,7 @@ with the other side.  This same code is used both on client and server side.
 */
 #include "includes.h"
-RCSID("$Id: packet.c,v 1.1 1999/10/27 03:42:44 damien Exp $");
+RCSID("$Id: packet.c,v 1.2 1999/11/08 05:15:55 damien Exp $");
 #include "xmalloc.h"
 #include "buffer.h"
@@ -194,7 +194,6 @@ void
 packet_encrypt(CipherContext *cc, void *dest, void *src, 
               unsigned int bytes)
 {
-  assert((bytes % 8) == 0);
  cipher_encrypt(cc, dest, src, bytes);
 }
@@ -207,7 +206,8 @@ packet_decrypt(CipherContext *cc, void *dest, void *src,
 {
  int i;
  
-  assert((bytes % 8) == 0);
+  if ((bytes % 8) != 0)
+    fatal("packet_decrypt: bad ciphertext length %d", bytes);
  
  /*
    Cryptographic attack detector for ssh - Modifications for packet.c 
@@ -500,7 +500,11 @@ packet_read_poll(int *payload_len_ptr)
  buffer_consume(&incoming_packet, 8 - len % 8);
  /* Test check bytes. */
-  assert(len == buffer_len(&incoming_packet));
+  if (len != buffer_len(&incoming_packet))
+    packet_disconnect("packet_read_poll: len %d != buffer_len %d.",
+                      len, buffer_len(&incoming_packet));
  ucp = (unsigned char *)buffer_ptr(&incoming_packet) + len - 4;
  stored_checksum = GET_32BIT(ucp);
  if (checksum != stored_checksum)
diff --git a/ssh-add.c b/ssh-add.c
index 8effcdb07..07c33d87b 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -14,7 +14,7 @@ Adds an identity to the authentication server, or removes an identity.
 */
 #include "includes.h"
-RCSID("$Id: ssh-add.c,v 1.3 1999/11/08 04:30:59 damien Exp $");
+RCSID("$Id: ssh-add.c,v 1.4 1999/11/08 05:15:55 damien Exp $");
 #include "rsa.h"
 #include "ssh.h"
@@ -201,13 +201,19 @@ list_identities(AuthenticationConnection *ac)
      had_identities = 1;
      printf("%d ", bits);
      buf = BN_bn2dec(e);
-      assert(buf != NULL);
+      if (buf != NULL) {
-      printf("%s ", buf);
+        printf("%s ", buf);
-      free (buf);
+        free (buf);
+      } else {
+        error("list_identities: BN_bn2dec #1 failed.");
+      }
      buf = BN_bn2dec(n);
-      assert(buf != NULL);
+      if (buf != NULL) {
-      printf("%s %s\n", buf, comment);
+        printf("%s %s\n", buf, comment);
-      free (buf);
+        free (buf);
+      } else {
+        error("list_identities: BN_bn2dec #2 failed.");
+      }
      xfree(comment);
    }
  BN_clear_free(e);
diff --git a/ssh-agent.c b/ssh-agent.c
index 4f7f57f03..96bd021eb 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -16,7 +16,7 @@ The authentication agent program.
 */
 #include "includes.h"
-RCSID("$OpenBSD: ssh-agent.c,v 1.16 1999/10/28 20:41:23 markus Exp $");
+RCSID("$OpenBSD: ssh-agent.c,v 1.17 1999/11/02 19:42:36 markus Exp $");
 #include "ssh.h"
 #include "rsa.h"
@@ -136,7 +136,12 @@ process_authentication_challenge(SocketEntry *e)
          case 1: /* As of protocol 1.1 */
            /* The response is MD5 of decrypted challenge plus session id. */
            len = BN_num_bytes(challenge);
-            assert(len <= 32 && len);
+            if (len <= 0 || len > 32) {
+              fatal("process_authentication_challenge: "
+                    "bad challenge length %d", len);
+            }
            memset(buf, 0, 32);
            BN_bn2bin(challenge, buf + 32 - len);
            MD5_Init(&md);
diff --git a/ssh.h b/ssh.h
index 841633c76..1fd17c1aa 100644
--- a/ssh.h
+++ b/ssh.h
@@ -13,7 +13,7 @@ Generic header file for ssh.
 */
-/* RCSID("$Id: ssh.h,v 1.6 1999/11/08 04:30:59 damien Exp $"); */
+/* RCSID("$Id: ssh.h,v 1.7 1999/11/08 05:15:55 damien Exp $"); */
 #ifndef SSH_H
 #define SSH_H
@@ -597,7 +597,7 @@ int ssh_tf_init(uid_t uid);
 /* Accept passed Kerberos v4 ticket-granting ticket and AFS tokens. */
 int auth_kerberos_tgt(struct passwd *pw, const char *string);
-int auth_afs_token(char *server_user, uid_t uid, const char *string);
+int auth_afs_token(struct passwd *pw, const char *token_string);
 int creds_to_radix(CREDENTIALS *creds, unsigned char *buf);
 int radix_to_creds(const char *buf, CREDENTIALS *creds);
diff --git a/sshconnect.c b/sshconnect.c
index 4222646d9..a6f3788f5 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -16,7 +16,7 @@ login (authentication) dialog.
 #include "config.h"
 #include "includes.h"
-RCSID("$Id: sshconnect.c,v 1.3 1999/10/28 05:23:30 damien Exp $");
+RCSID("$Id: sshconnect.c,v 1.4 1999/11/08 05:15:55 damien Exp $");
 #ifdef HAVE_OPENSSL
 #include <openssl/bn.h>
@@ -457,7 +457,10 @@ respond_to_rsa_challenge(BIGNUM *challenge, RSA *prv)
  /* Compute the response. */
  /* The response is MD5 of decrypted challenge plus session id. */
  len = BN_num_bytes(challenge);
-  assert(len <= sizeof(buf) && len);
+  if (len <= 0 || len > sizeof(buf))
+    packet_disconnect("respond_to_rsa_challenge: bad challenge length %d",
+                      len);
  memset(buf, 0, sizeof(buf));
  BN_bn2bin(challenge, buf + sizeof(buf) - len);
  MD5_Init(&md);
@@ -1298,8 +1301,14 @@ void ssh_login(int host_key_valid,
  if (BN_cmp(public_key->n, host_key->n) < 0)
    {
      /* Public key has smaller modulus. */
-      assert(BN_num_bits(host_key->n) >= 
+      if (BN_num_bits(host_key->n) < 
-             BN_num_bits(public_key->n) + SSH_KEY_BITS_RESERVED);
+          BN_num_bits(public_key->n) + SSH_KEY_BITS_RESERVED) {
+        fatal("respond_to_rsa_challenge: host_key %d < public_key %d + "
+              "SSH_KEY_BITS_RESERVED %d",
+              BN_num_bits(host_key->n),
+              BN_num_bits(public_key->n),
+              SSH_KEY_BITS_RESERVED);
+      }
      rsa_public_encrypt(key, key, public_key);
      rsa_public_encrypt(key, key, host_key);
@@ -1307,8 +1316,14 @@ void ssh_login(int host_key_valid,
  else
    {
      /* Host key has smaller modulus (or they are equal). */
-      assert(BN_num_bits(public_key->n) >=
+      if (BN_num_bits(public_key->n) < 
-             BN_num_bits(host_key->n) + SSH_KEY_BITS_RESERVED);
+          BN_num_bits(host_key->n) + SSH_KEY_BITS_RESERVED) {
+        fatal("respond_to_rsa_challenge: public_key %d < host_key %d + "
+              "SSH_KEY_BITS_RESERVED %d",
+              BN_num_bits(public_key->n),
+              BN_num_bits(host_key->n),
+              SSH_KEY_BITS_RESERVED);
+      }
      rsa_public_encrypt(key, key, host_key);
      rsa_public_encrypt(key, key, public_key);
diff --git a/sshd.c b/sshd.c
index 6cdcf75ed..a1f9449e2 100644
--- a/sshd.c
+++ b/sshd.c
@@ -18,7 +18,7 @@ agent connections.
 */
 #include "includes.h"
-RCSID("$Id: sshd.c,v 1.11 1999/11/08 04:30:59 damien Exp $");
+RCSID("$Id: sshd.c,v 1.12 1999/11/08 05:15:55 damien Exp $");
 #include "xmalloc.h"
 #include "rsa.h"
author	Damien Miller <djm@mindrot.org>	1999-11-08 16:15:55 +1100
committer	Damien Miller <djm@mindrot.org>	1999-11-08 16:15:55 +1100
commit	fd7c911f090749774cf1869420523c4811beeeb0 (patch)
tree	cd57567ddb3371c0c805a8bd8ace0c66df02fa53
parent	5ac5f1ca6b5270e1a755d75120f8217f5850c9b2 (diff)

diff --git a/ChangeLog b/ChangeLog index 57f9a00ee..088ee0489 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -19,9 +19,9 @@
19	- Added support for PAM_TEXT_INFO messages	19	- Added support for PAM_TEXT_INFO messages
20	- Disable internal /etc/nologin support if PAM enabled	20	- Disable internal /etc/nologin support if PAM enabled
21	- Merged latest OpenBSD CVS changes:	21	- Merged latest OpenBSD CVS changes:
		22	- [all] replace assert() with error, fatal or packet_disconnect
22	- [sshd.c] don't send fail-msg but disconnect if too many authentication	23	- [sshd.c] don't send fail-msg but disconnect if too many authentication
23	failures	24	failures
24	- [sshd.c] replace assert() with error, fatal or packet_disconnect
25	- [sshd.c] remove unused argument. ok dugsong	25	- [sshd.c] remove unused argument. ok dugsong
26	- [sshd.c] typo	26	- [sshd.c] typo
27	- [rsa.c] clear buffers used for encryption. ok: niels	27	- [rsa.c] clear buffers used for encryption. ok: niels


diff --git a/auth-rsa.c b/auth-rsa.c index 3be37ffcb..dc1ad81a2 100644 --- a/auth-rsa.c +++ b/auth-rsa.c
@@ -17,7 +17,7 @@ validity of the host key.
17		17
18	#include "config.h"	18	#include "config.h"
19	#include "includes.h"	19	#include "includes.h"
20	RCSID("$Id: auth-rsa.c,v 1.3 1999/10/28 05:23:30 damien Exp $");	20	RCSID("$Id: auth-rsa.c,v 1.4 1999/11/08 05:15:55 damien Exp $");
21		21
22	#include "rsa.h"	22	#include "rsa.h"
23	#include "packet.h"	23	#include "packet.h"
@@ -98,7 +98,9 @@ auth_rsa_challenge_dialog(unsigned int bits, BIGNUM e, BIGNUM n)
98		98
99	/* The response is MD5 of decrypted challenge plus session id. */	99	/* The response is MD5 of decrypted challenge plus session id. */
100	len = BN_num_bytes(challenge);	100	len = BN_num_bytes(challenge);
101	assert(len <= 32 && len);	101	if (len <= 0 \|\| len > 32)
		102	fatal("auth_rsa_challenge_dialog: bad challenge length %d", len);
		103
102	memset(buf, 0, 32);	104	memset(buf, 0, 32);
103	BN_bn2bin(challenge, buf + 32 - len);	105	BN_bn2bin(challenge, buf + 32 - len);
104	MD5_Init(&md);	106	MD5_Init(&md);


diff --git a/bufaux.c b/bufaux.c index 9d5776f56..31e1ae9ee 100644 --- a/bufaux.c +++ b/bufaux.c
@@ -16,7 +16,7 @@ Buffers.
16		16
17	#include "config.h"	17	#include "config.h"
18	#include "includes.h"	18	#include "includes.h"
19	RCSID("$Id: bufaux.c,v 1.2 1999/10/28 03:25:17 damien Exp $");	19	RCSID("$Id: bufaux.c,v 1.3 1999/11/08 05:15:55 damien Exp $");
20		20
21	#include "ssh.h"	21	#include "ssh.h"
22		22
@@ -45,7 +45,9 @@ buffer_put_bignum(Buffer buffer, BIGNUM value)
45		45
46	/* Get the value of in binary */	46	/* Get the value of in binary */
47	oi = BN_bn2bin(value, buf);	47	oi = BN_bn2bin(value, buf);
48	assert(oi == bin_size);	48	if (oi != bin_size)
		49	fatal("buffer_put_bignum: BN_bn2bin() failed: oi %d != bin_size %d",
		50	oi, bin_size);
49		51
50	/* Store the number of bits in the buffer in two bytes, msb first. */	52	/* Store the number of bits in the buffer in two bytes, msb first. */
51	PUT_16BIT(msg, bits);	53	PUT_16BIT(msg, bits);


diff --git a/channels.c b/channels.c index 79a02c88b..032e8f2af 100644 --- a/channels.c +++ b/channels.c
@@ -16,7 +16,7 @@ arbitrary tcp/ip connections, and the authentication agent connection.
16	*/	16	*/
17		17
18	#include "includes.h"	18	#include "includes.h"
19	RCSID("$Id: channels.c,v 1.3 1999/10/30 01:39:56 damien Exp $");	19	RCSID("$Id: channels.c,v 1.4 1999/11/08 05:15:55 damien Exp $");
20		20
21	#include "ssh.h"	21	#include "ssh.h"
22	#include "packet.h"	22	#include "packet.h"
@@ -166,8 +166,10 @@ int channel_allocate(int type, int sock, char *remote_name)
166		166
167	void channel_free(int channel)	167	void channel_free(int channel)
168	{	168	{
169	assert(channel >= 0 && channel < channels_alloc &&	169	if (channel < 0 \|\| channel >= channels_alloc \|\|
170	channels[channel].type != SSH_CHANNEL_FREE);	170	channels[channel].type == SSH_CHANNEL_FREE)
		171	packet_disconnect("channel free: bad local channel %d", channel);
		172
171	if(compat13)	173	if(compat13)
172	shutdown(channels[channel].sock, SHUT_RDWR);	174	shutdown(channels[channel].sock, SHUT_RDWR);
173	close(channels[channel].sock);	175	close(channels[channel].sock);
@@ -307,9 +309,17 @@ void channel_prepare_select(fd_set readset, fd_set writeset)
307	goto reject;	309	goto reject;
308	}	310	}
309		311
		312	/* Check fake data length */
		313	if (x11_fake_data_len != x11_saved_data_len)
		314	{
		315	error("X11 fake_data_len %d != saved_data_len %d",
		316	x11_fake_data_len, x11_saved_data_len);
		317	ch->type = SSH_CHANNEL_OPEN;
		318	goto reject;
		319	}
		320
310	/* Received authentication protocol and data match our fake data.	321	/* Received authentication protocol and data match our fake data.
311	Substitute the fake data with real data. */	322	Substitute the fake data with real data. */
312	assert(x11_fake_data_len == x11_saved_data_len);
313	memcpy(ucp + 12 + ((proto_len + 3) & ~3),	323	memcpy(ucp + 12 + ((proto_len + 3) & ~3),
314	x11_saved_data, x11_saved_data_len);	324	x11_saved_data, x11_saved_data_len);
315		325


diff --git a/cipher.c b/cipher.c index e611d6c71..074913512 100644 --- a/cipher.c +++ b/cipher.c
@@ -13,7 +13,7 @@ Created: Wed Apr 19 17:41:39 1995 ylo
13		13
14	#include "config.h"	14	#include "config.h"
15	#include "includes.h"	15	#include "includes.h"
16	RCSID("$Id: cipher.c,v 1.3 1999/10/28 05:23:30 damien Exp $");	16	RCSID("$Id: cipher.c,v 1.4 1999/11/08 05:15:55 damien Exp $");
17		17
18	#include "ssh.h"	18	#include "ssh.h"
19	#include "cipher.h"	19	#include "cipher.h"
@@ -93,8 +93,6 @@ swap_bytes(const unsigned char src, unsigned char dst_, int n)
93	char c[4];	93	char c[4];
94	} t;	94	} t;
95		95
96	/* assert((n & 7) == 0); */
97
98	/* Process 8 bytes every lap. */	96	/* Process 8 bytes every lap. */
99	for (n = n / 8; n > 0; n--)	97	for (n = n / 8; n > 0; n--)
100	{	98	{
@@ -248,7 +246,8 @@ void cipher_set_key(CipherContext *context, int cipher,
248	void cipher_encrypt(CipherContext context, unsigned char dest,	246	void cipher_encrypt(CipherContext context, unsigned char dest,
249	const unsigned char *src, unsigned int len)	247	const unsigned char *src, unsigned int len)
250	{	248	{
251	assert((len & 7) == 0);	249	if ((len & 7) != 0)
		250	fatal("cipher_encrypt: bad plaintext length %d", len);
252		251
253	switch (context->type)	252	switch (context->type)
254	{	253	{
@@ -280,7 +279,8 @@ void cipher_encrypt(CipherContext context, unsigned char dest,
280	void cipher_decrypt(CipherContext context, unsigned char dest,	279	void cipher_decrypt(CipherContext context, unsigned char dest,
281	const unsigned char *src, unsigned int len)	280	const unsigned char *src, unsigned int len)
282	{	281	{
283	assert((len & 7) == 0);	282	if ((len & 7) != 0)
		283	fatal("cipher_decrypt: bad ciphertext length %d", len);
284		284
285	switch (context->type)	285	switch (context->type)
286	{	286	{


diff --git a/deattack.c b/deattack.c index d5f8608ca..afd96e4e4 100644 --- a/deattack.c +++ b/deattack.c
@@ -1,5 +1,5 @@
1	/*	1	/*
2	* $Id: deattack.c,v 1.1 1999/10/27 03:42:44 damien Exp $	2	* $Id: deattack.c,v 1.2 1999/11/08 05:15:55 damien Exp $
3	* Cryptographic attack detector for ssh - source code	3	* Cryptographic attack detector for ssh - source code
4	*	4	*
5	* Copyright (c) 1998 CORE SDI S.A., Buenos Aires, Argentina.	5	* Copyright (c) 1998 CORE SDI S.A., Buenos Aires, Argentina.
@@ -100,9 +100,10 @@ detect_attack(unsigned char buf, u_int32_t len, unsigned char IV)
100	register unsigned char *c;	100	register unsigned char *c;
101	unsigned char *d;	101	unsigned char *d;
102		102
103		103	if (len > (SSH_MAXBLOCKS * SSH_BLOCKSIZE) \|\|
104	assert(len <= (SSH_MAXBLOCKS * SSH_BLOCKSIZE));	104	len % SSH_BLOCKSIZE != 0) {
105	assert(len % SSH_BLOCKSIZE == 0);	105	fatal("detect_attack: bad length %d", len);
		106	}
106		107
107	for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2);	108	for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2);
108		109


diff --git a/hostfile.c b/hostfile.c index ca0fe88a2..0e65bfe5f 100644 --- a/hostfile.c +++ b/hostfile.c
@@ -14,7 +14,7 @@ Functions for manipulating the known hosts files.
14	*/	14	*/
15		15
16	#include "includes.h"	16	#include "includes.h"
17	RCSID("$Id: hostfile.c,v 1.1 1999/10/27 03:42:44 damien Exp $");	17	RCSID("$Id: hostfile.c,v 1.2 1999/11/08 05:15:55 damien Exp $");
18		18
19	#include "packet.h"	19	#include "packet.h"
20	#include "ssh.h"	20	#include "ssh.h"
@@ -265,11 +265,19 @@ add_host_to_hostfile(const char filename, const char host,
265	/* Print the host name and key to the file. */	265	/* Print the host name and key to the file. */
266	fprintf(f, "%s %u ", host, bits);	266	fprintf(f, "%s %u ", host, bits);
267	buf = BN_bn2dec(e);	267	buf = BN_bn2dec(e);
268	assert(buf != NULL);	268	if (buf == NULL) {
		269	error("add_host_to_hostfile: BN_bn2dec #1 failed");
		270	fclose(f);
		271	return 0;
		272	}
269	fprintf(f, "%s ", buf);	273	fprintf(f, "%s ", buf);
270	free (buf);	274	free (buf);
271	buf = BN_bn2dec(n);	275	buf = BN_bn2dec(n);
272	assert(buf != NULL);	276	if (buf == NULL) {
		277	error("add_host_to_hostfile: BN_bn2dec #2 failed");
		278	fclose(f);
		279	return 0;
		280	}
273	fprintf(f, "%s\n", buf);	281	fprintf(f, "%s\n", buf);
274	free (buf);	282	free (buf);
275		283


diff --git a/packet.c b/packet.c index 7e74c73b3..6dfd492a1 100644 --- a/packet.c +++ b/packet.c
@@ -15,7 +15,7 @@ with the other side. This same code is used both on client and server side.
15	*/	15	*/
16		16
17	#include "includes.h"	17	#include "includes.h"
18	RCSID("$Id: packet.c,v 1.1 1999/10/27 03:42:44 damien Exp $");	18	RCSID("$Id: packet.c,v 1.2 1999/11/08 05:15:55 damien Exp $");
19		19
20	#include "xmalloc.h"	20	#include "xmalloc.h"
21	#include "buffer.h"	21	#include "buffer.h"
@@ -194,7 +194,6 @@ void
194	packet_encrypt(CipherContext cc, void dest, void *src,	194	packet_encrypt(CipherContext cc, void dest, void *src,
195	unsigned int bytes)	195	unsigned int bytes)
196	{	196	{
197	assert((bytes % 8) == 0);
198	cipher_encrypt(cc, dest, src, bytes);	197	cipher_encrypt(cc, dest, src, bytes);
199	}	198	}
200		199
@@ -207,7 +206,8 @@ packet_decrypt(CipherContext cc, void dest, void *src,
207	{	206	{
208	int i;	207	int i;
209		208
210	assert((bytes % 8) == 0);	209	if ((bytes % 8) != 0)
		210	fatal("packet_decrypt: bad ciphertext length %d", bytes);
211		211
212	/*	212	/*
213	Cryptographic attack detector for ssh - Modifications for packet.c	213	Cryptographic attack detector for ssh - Modifications for packet.c
@@ -500,7 +500,11 @@ packet_read_poll(int *payload_len_ptr)
500	buffer_consume(&incoming_packet, 8 - len % 8);	500	buffer_consume(&incoming_packet, 8 - len % 8);
501		501
502	/* Test check bytes. */	502	/* Test check bytes. */
503	assert(len == buffer_len(&incoming_packet));	503
		504	if (len != buffer_len(&incoming_packet))
		505	packet_disconnect("packet_read_poll: len %d != buffer_len %d.",
		506	len, buffer_len(&incoming_packet));
		507
504	ucp = (unsigned char *)buffer_ptr(&incoming_packet) + len - 4;	508	ucp = (unsigned char *)buffer_ptr(&incoming_packet) + len - 4;
505	stored_checksum = GET_32BIT(ucp);	509	stored_checksum = GET_32BIT(ucp);
506	if (checksum != stored_checksum)	510	if (checksum != stored_checksum)


diff --git a/ssh-add.c b/ssh-add.c index 8effcdb07..07c33d87b 100644 --- a/ssh-add.c +++ b/ssh-add.c
@@ -14,7 +14,7 @@ Adds an identity to the authentication server, or removes an identity.
14	*/	14	*/
15		15
16	#include "includes.h"	16	#include "includes.h"
17	RCSID("$Id: ssh-add.c,v 1.3 1999/11/08 04:30:59 damien Exp $");	17	RCSID("$Id: ssh-add.c,v 1.4 1999/11/08 05:15:55 damien Exp $");
18		18
19	#include "rsa.h"	19	#include "rsa.h"
20	#include "ssh.h"	20	#include "ssh.h"
@@ -201,13 +201,19 @@ list_identities(AuthenticationConnection *ac)
201	had_identities = 1;	201	had_identities = 1;
202	printf("%d ", bits);	202	printf("%d ", bits);
203	buf = BN_bn2dec(e);	203	buf = BN_bn2dec(e);
204	assert(buf != NULL);	204	if (buf != NULL) {
205	printf("%s ", buf);	205	printf("%s ", buf);
206	free (buf);	206	free (buf);
		207	} else {
		208	error("list_identities: BN_bn2dec #1 failed.");
		209	}
207	buf = BN_bn2dec(n);	210	buf = BN_bn2dec(n);
208	assert(buf != NULL);	211	if (buf != NULL) {
209	printf("%s %s\n", buf, comment);	212	printf("%s %s\n", buf, comment);
210	free (buf);	213	free (buf);
		214	} else {
		215	error("list_identities: BN_bn2dec #2 failed.");
		216	}
211	xfree(comment);	217	xfree(comment);
212	}	218	}
213	BN_clear_free(e);	219	BN_clear_free(e);


diff --git a/ssh-agent.c b/ssh-agent.c index 4f7f57f03..96bd021eb 100644 --- a/ssh-agent.c +++ b/ssh-agent.c
@@ -16,7 +16,7 @@ The authentication agent program.
16	*/	16	*/
17		17
18	#include "includes.h"	18	#include "includes.h"
19	RCSID("$OpenBSD: ssh-agent.c,v 1.16 1999/10/28 20:41:23 markus Exp $");	19	RCSID("$OpenBSD: ssh-agent.c,v 1.17 1999/11/02 19:42:36 markus Exp $");
20		20
21	#include "ssh.h"	21	#include "ssh.h"
22	#include "rsa.h"	22	#include "rsa.h"
@@ -136,7 +136,12 @@ process_authentication_challenge(SocketEntry *e)
136	case 1: /* As of protocol 1.1 */	136	case 1: /* As of protocol 1.1 */
137	/* The response is MD5 of decrypted challenge plus session id. */	137	/* The response is MD5 of decrypted challenge plus session id. */
138	len = BN_num_bytes(challenge);	138	len = BN_num_bytes(challenge);
139	assert(len <= 32 && len);	139
		140	if (len <= 0 \|\| len > 32) {
		141	fatal("process_authentication_challenge: "
		142	"bad challenge length %d", len);
		143	}
		144
140	memset(buf, 0, 32);	145	memset(buf, 0, 32);
141	BN_bn2bin(challenge, buf + 32 - len);	146	BN_bn2bin(challenge, buf + 32 - len);
142	MD5_Init(&md);	147	MD5_Init(&md);


diff --git a/ssh.h b/ssh.h index 841633c76..1fd17c1aa 100644 --- a/ssh.h +++ b/ssh.h
@@ -13,7 +13,7 @@ Generic header file for ssh.
13		13
14	*/	14	*/
15		15
16	/* RCSID("$Id: ssh.h,v 1.6 1999/11/08 04:30:59 damien Exp $"); */	16	/* RCSID("$Id: ssh.h,v 1.7 1999/11/08 05:15:55 damien Exp $"); */
17		17
18	#ifndef SSH_H	18	#ifndef SSH_H
19	#define SSH_H	19	#define SSH_H
@@ -597,7 +597,7 @@ int ssh_tf_init(uid_t uid);
597		597
598	/* Accept passed Kerberos v4 ticket-granting ticket and AFS tokens. */	598	/* Accept passed Kerberos v4 ticket-granting ticket and AFS tokens. */
599	int auth_kerberos_tgt(struct passwd pw, const char string);	599	int auth_kerberos_tgt(struct passwd pw, const char string);
600	int auth_afs_token(char server_user, uid_t uid, const char string);	600	int auth_afs_token(struct passwd pw, const char token_string);
601		601
602	int creds_to_radix(CREDENTIALS creds, unsigned char buf);	602	int creds_to_radix(CREDENTIALS creds, unsigned char buf);
603	int radix_to_creds(const char buf, CREDENTIALS creds);	603	int radix_to_creds(const char buf, CREDENTIALS creds);


diff --git a/sshconnect.c b/sshconnect.c index 4222646d9..a6f3788f5 100644 --- a/sshconnect.c +++ b/sshconnect.c
@@ -16,7 +16,7 @@ login (authentication) dialog.
16		16
17	#include "config.h"	17	#include "config.h"
18	#include "includes.h"	18	#include "includes.h"
19	RCSID("$Id: sshconnect.c,v 1.3 1999/10/28 05:23:30 damien Exp $");	19	RCSID("$Id: sshconnect.c,v 1.4 1999/11/08 05:15:55 damien Exp $");
20		20
21	#ifdef HAVE_OPENSSL	21	#ifdef HAVE_OPENSSL
22	#include <openssl/bn.h>	22	#include <openssl/bn.h>
@@ -457,7 +457,10 @@ respond_to_rsa_challenge(BIGNUM challenge, RSA prv)
457	/* Compute the response. */	457	/* Compute the response. */
458	/* The response is MD5 of decrypted challenge plus session id. */	458	/* The response is MD5 of decrypted challenge plus session id. */
459	len = BN_num_bytes(challenge);	459	len = BN_num_bytes(challenge);
460	assert(len <= sizeof(buf) && len);	460	if (len <= 0 \|\| len > sizeof(buf))
		461	packet_disconnect("respond_to_rsa_challenge: bad challenge length %d",
		462	len);
		463
461	memset(buf, 0, sizeof(buf));	464	memset(buf, 0, sizeof(buf));
462	BN_bn2bin(challenge, buf + sizeof(buf) - len);	465	BN_bn2bin(challenge, buf + sizeof(buf) - len);
463	MD5_Init(&md);	466	MD5_Init(&md);
@@ -1298,8 +1301,14 @@ void ssh_login(int host_key_valid,
1298	if (BN_cmp(public_key->n, host_key->n) < 0)	1301	if (BN_cmp(public_key->n, host_key->n) < 0)
1299	{	1302	{
1300	/* Public key has smaller modulus. */	1303	/* Public key has smaller modulus. */
1301	assert(BN_num_bits(host_key->n) >=	1304	if (BN_num_bits(host_key->n) <
1302	BN_num_bits(public_key->n) + SSH_KEY_BITS_RESERVED);	1305	BN_num_bits(public_key->n) + SSH_KEY_BITS_RESERVED) {
		1306	fatal("respond_to_rsa_challenge: host_key %d < public_key %d + "
		1307	"SSH_KEY_BITS_RESERVED %d",
		1308	BN_num_bits(host_key->n),
		1309	BN_num_bits(public_key->n),
		1310	SSH_KEY_BITS_RESERVED);
		1311	}
1303		1312
1304	rsa_public_encrypt(key, key, public_key);	1313	rsa_public_encrypt(key, key, public_key);
1305	rsa_public_encrypt(key, key, host_key);	1314	rsa_public_encrypt(key, key, host_key);
@@ -1307,8 +1316,14 @@ void ssh_login(int host_key_valid,
1307	else	1316	else
1308	{	1317	{
1309	/* Host key has smaller modulus (or they are equal). */	1318	/* Host key has smaller modulus (or they are equal). */
1310	assert(BN_num_bits(public_key->n) >=	1319	if (BN_num_bits(public_key->n) <
1311	BN_num_bits(host_key->n) + SSH_KEY_BITS_RESERVED);	1320	BN_num_bits(host_key->n) + SSH_KEY_BITS_RESERVED) {
		1321	fatal("respond_to_rsa_challenge: public_key %d < host_key %d + "
		1322	"SSH_KEY_BITS_RESERVED %d",
		1323	BN_num_bits(public_key->n),
		1324	BN_num_bits(host_key->n),
		1325	SSH_KEY_BITS_RESERVED);
		1326	}
1312		1327
1313	rsa_public_encrypt(key, key, host_key);	1328	rsa_public_encrypt(key, key, host_key);
1314	rsa_public_encrypt(key, key, public_key);	1329	rsa_public_encrypt(key, key, public_key);


diff --git a/sshd.c b/sshd.c index 6cdcf75ed..a1f9449e2 100644 --- a/sshd.c +++ b/sshd.c
@@ -18,7 +18,7 @@ agent connections.
18	*/	18	*/
19		19
20	#include "includes.h"	20	#include "includes.h"
21	RCSID("$Id: sshd.c,v 1.11 1999/11/08 04:30:59 damien Exp $");	21	RCSID("$Id: sshd.c,v 1.12 1999/11/08 05:15:55 damien Exp $");
22		22
23	#include "xmalloc.h"	23	#include "xmalloc.h"
24	#include "rsa.h"	24	#include "rsa.h"