diff options
author | Colin Watson <cjwatson@debian.org> | 2014-03-20 00:32:39 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2014-03-20 00:34:16 +0000 |
commit | 2ee2de47fd0f684f54218d31b4ec83930e69c18e (patch) | |
tree | 86848a7668424b392d48791a0e41e05f9df7b62b /bufbn.c | |
parent | c9947303ad3c432b1cadfbeb1d95a7cd38662d66 (diff) | |
parent | 9cbb60f5e4932634db04c330c88abc49cc5567bd (diff) |
Merge 6.6p1.
* New upstream release (http://www.openssh.com/txt/release-6.6).
Diffstat (limited to 'bufbn.c')
-rw-r--r-- | bufbn.c | 11 |
1 files changed, 8 insertions, 3 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: bufbn.c,v 1.8 2013/11/08 11:15:19 dtucker Exp $*/ | 1 | /* $OpenBSD: bufbn.c,v 1.11 2014/02/27 08:25:09 djm Exp $*/ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -80,7 +80,7 @@ buffer_put_bignum_ret(Buffer *buffer, const BIGNUM *value) | |||
80 | /* Store the binary data. */ | 80 | /* Store the binary data. */ |
81 | buffer_append(buffer, buf, oi); | 81 | buffer_append(buffer, buf, oi); |
82 | 82 | ||
83 | memset(buf, 0, bin_size); | 83 | explicit_bzero(buf, bin_size); |
84 | free(buf); | 84 | free(buf); |
85 | 85 | ||
86 | return (0); | 86 | return (0); |
@@ -108,6 +108,11 @@ buffer_get_bignum_ret(Buffer *buffer, BIGNUM *value) | |||
108 | return (-1); | 108 | return (-1); |
109 | } | 109 | } |
110 | bits = get_u16(buf); | 110 | bits = get_u16(buf); |
111 | if (bits > 65535-7) { | ||
112 | error("buffer_get_bignum_ret: cannot handle BN of size %d", | ||
113 | bits); | ||
114 | return (-1); | ||
115 | } | ||
111 | /* Compute the number of binary bytes that follow. */ | 116 | /* Compute the number of binary bytes that follow. */ |
112 | bytes = (bits + 7) / 8; | 117 | bytes = (bits + 7) / 8; |
113 | if (bytes > 8 * 1024) { | 118 | if (bytes > 8 * 1024) { |
@@ -173,7 +178,7 @@ buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value) | |||
173 | } | 178 | } |
174 | hasnohigh = (buf[1] & 0x80) ? 0 : 1; | 179 | hasnohigh = (buf[1] & 0x80) ? 0 : 1; |
175 | buffer_put_string(buffer, buf+hasnohigh, bytes-hasnohigh); | 180 | buffer_put_string(buffer, buf+hasnohigh, bytes-hasnohigh); |
176 | memset(buf, 0, bytes); | 181 | explicit_bzero(buf, bytes); |
177 | free(buf); | 182 | free(buf); |
178 | return (0); | 183 | return (0); |
179 | } | 184 | } |