- dtucker@cvs.openbsd.org 2009/06/21 07:37:15

[kexdhs.c kexgexs.c] abort if key_sign fails, preventing possible null deref. Based on report from Paolo Ganci, ok markus@ djm@
author: Darren Tucker <dtucker@zip.com.au> 2009-06-21 19:00:20 +1000
committer: Darren Tucker <dtucker@zip.com.au> 2009-06-21 19:00:20 +1000
commit: 6ae35ac5762b6abcbd416e7db9246e730b401f10 (patch)
tree: bbb2d11b32d447355ef49ff3bfe42488e0d613d1 /kexdhs.c
parent: 7b935c79f4f31da21989cc441caee247af417b3b (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/kexdhs.c b/kexdhs.c
index 861708818..a6719f672 100644
--- a/kexdhs.c
+++ b/kexdhs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexdhs.c,v 1.9 2006/11/06 21:25:28 markus Exp $ */
+/* $OpenBSD: kexdhs.c,v 1.10 2009/06/21 07:37:15 dtucker Exp $ */
 /*
 * Copyright (c) 2001 Markus Friedl.  All rights reserved.
 *
@@ -137,7 +137,9 @@ kexdh_server(Kex *kex)
        }
        /* sign H */
-        PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, hashlen));
+        if (PRIVSEP(key_sign(server_host_key, &signature, &slen, hash,
+            hashlen)) < 0)
+                fatal("kexdh_server: key_sign failed");
        /* destroy_sensitive_data(); */
author	Darren Tucker <dtucker@zip.com.au>	2009-06-21 19:00:20 +1000
committer	Darren Tucker <dtucker@zip.com.au>	2009-06-21 19:00:20 +1000
commit	6ae35ac5762b6abcbd416e7db9246e730b401f10 (patch)
tree	bbb2d11b32d447355ef49ff3bfe42488e0d613d1 /kexdhs.c
parent	7b935c79f4f31da21989cc441caee247af417b3b (diff)