Import openssh_7.8p1.orig.tar.gz

author: Colin Watson <cjwatson@debian.org> 2018-08-24 12:49:36 +0100
committer: Colin Watson <cjwatson@debian.org> 2018-08-24 12:49:36 +0100
commit: e6547182a54f0f268ee36e7c99319eeddffbaff2 (patch)
tree: 417527229ad3f3764ba71ea383f478a168895087 /authfd.c
parent: ed6ae9c1a014a08ff5db3d768f01f2e427eeb476 (diff)
parent: 71508e06fab14bc415a79a08f5535ad7bffa93d9 (diff)
1 files changed, 15 insertions, 13 deletions
diff --git a/authfd.c b/authfd.c
index 1eff7ba94..ecdd869ab 100644
--- a/authfd.c
+++ b/authfd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfd.c,v 1.108 2018/02/23 15:58:37 markus Exp $ */
+/* $OpenBSD: authfd.c,v 1.111 2018/07/09 21:59:10 markus Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -133,7 +133,7 @@ ssh_request_reply(int sock, struct sshbuf *request, struct sshbuf *reply)
        /* Send the length and then the packet to the agent. */
        if (atomicio(vwrite, sock, buf, 4) != 4 ||
-            atomicio(vwrite, sock, (u_char *)sshbuf_ptr(request),
+            atomicio(vwrite, sock, sshbuf_mutable_ptr(request),
            sshbuf_len(request)) != sshbuf_len(request))
                return SSH_ERR_AGENT_COMMUNICATION;
        /*
@@ -323,7 +323,7 @@ ssh_free_identitylist(struct ssh_identitylist *idl)
 */
-/* encode signature algoritm in flag bits, so we can keep the msg format */
+/* encode signature algorithm in flag bits, so we can keep the msg format */
 static u_int
 agent_encode_alg(const struct sshkey *key, const char *alg)
 {
@@ -343,8 +343,8 @@ ssh_agent_sign(int sock, const struct sshkey *key,
    const u_char *data, size_t datalen, const char *alg, u_int compat)
 {
        struct sshbuf *msg;
-        u_char *blob = NULL, type;
+        u_char *sig = NULL, type = 0;
-        size_t blen = 0, len = 0;
+        size_t len = 0;
        u_int flags = 0;
        int r = SSH_ERR_INTERNAL_ERROR;
@@ -355,11 +355,9 @@ ssh_agent_sign(int sock, const struct sshkey *key,
                return SSH_ERR_INVALID_ARGUMENT;
        if ((msg = sshbuf_new()) == NULL)
                return SSH_ERR_ALLOC_FAIL;
-        if ((r = sshkey_to_blob(key, &blob, &blen)) != 0)
-                goto out;
        flags |= agent_encode_alg(key, alg);
        if ((r = sshbuf_put_u8(msg, SSH2_AGENTC_SIGN_REQUEST)) != 0 ||
-            (r = sshbuf_put_string(msg, blob, blen)) != 0 ||
+            (r = sshkey_puts(key, msg)) != 0 ||
            (r = sshbuf_put_string(msg, data, datalen)) != 0 ||
            (r = sshbuf_put_u32(msg, flags)) != 0)
                goto out;
@@ -374,15 +372,19 @@ ssh_agent_sign(int sock, const struct sshkey *key,
                r = SSH_ERR_INVALID_FORMAT;
                goto out;
        }
-        if ((r = sshbuf_get_string(msg, sigp, &len)) != 0)
+        if ((r = sshbuf_get_string(msg, &sig, &len)) != 0)
+                goto out;
+        /* Check what we actually got back from the agent. */
+        if ((r = sshkey_check_sigtype(sig, len, alg)) != 0)
                goto out;
+        /* success */
+        *sigp = sig;
        *lenp = len;
+        sig = NULL;
+        len = 0;
        r = 0;
 out:
-        if (blob != NULL) {
+        freezero(sig, len);
-                explicit_bzero(blob, blen);
-                free(blob);
-        }
        sshbuf_free(msg);
        return r;
 }
author	Colin Watson <cjwatson@debian.org>	2018-08-24 12:49:36 +0100
committer	Colin Watson <cjwatson@debian.org>	2018-08-24 12:49:36 +0100
commit	e6547182a54f0f268ee36e7c99319eeddffbaff2 (patch)
tree	417527229ad3f3764ba71ea383f478a168895087 /authfd.c
parent	ed6ae9c1a014a08ff5db3d768f01f2e427eeb476 (diff)
parent	71508e06fab14bc415a79a08f5535ad7bffa93d9 (diff)