diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2016-05-02 08:49:03 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2016-05-02 20:35:04 +1000 |
| commit | 1a31d02b2411c4718de58ce796dbb7b5e14db93e (patch) | |
| tree | c6e06a9890e71bc97cd3cdc6ce74919e504c8fd8 /ssh-agent.c | |
| parent | d2d6bf864e52af8491a60dd507f85b74361f5da3 (diff) | |
upstream commit
fix signed/unsigned errors reported by clang-3.7; add
sshbuf_dup_string() to replace a common idiom of strdup(sshbuf_ptr()) with
better safety checking; feedback and ok markus@
Upstream-ID: 71f926d9bb3f1efed51319a6daf37e93d57c8820
Diffstat (limited to 'ssh-agent.c')
| -rw-r--r-- | ssh-agent.c | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/ssh-agent.c b/ssh-agent.c index c38906d94..8aa25b30d 100644 --- a/ssh-agent.c +++ b/ssh-agent.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh-agent.c,v 1.212 2016/02/15 09:47:49 dtucker Exp $ */ | 1 | /* $OpenBSD: ssh-agent.c,v 1.213 2016/05/02 08:49:03 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -144,8 +144,8 @@ char socket_dir[PATH_MAX]; | |||
| 144 | #define LOCK_SALT_SIZE 16 | 144 | #define LOCK_SALT_SIZE 16 |
| 145 | #define LOCK_ROUNDS 1 | 145 | #define LOCK_ROUNDS 1 |
| 146 | int locked = 0; | 146 | int locked = 0; |
| 147 | char lock_passwd[LOCK_SIZE]; | 147 | u_char lock_pwhash[LOCK_SIZE]; |
| 148 | char lock_salt[LOCK_SALT_SIZE]; | 148 | u_char lock_salt[LOCK_SALT_SIZE]; |
| 149 | 149 | ||
| 150 | extern char *__progname; | 150 | extern char *__progname; |
| 151 | 151 | ||
| @@ -677,7 +677,8 @@ static void | |||
| 677 | process_lock_agent(SocketEntry *e, int lock) | 677 | process_lock_agent(SocketEntry *e, int lock) |
| 678 | { | 678 | { |
| 679 | int r, success = 0, delay; | 679 | int r, success = 0, delay; |
| 680 | char *passwd, passwdhash[LOCK_SIZE]; | 680 | char *passwd; |
| 681 | u_char passwdhash[LOCK_SIZE]; | ||
| 681 | static u_int fail_count = 0; | 682 | static u_int fail_count = 0; |
| 682 | size_t pwlen; | 683 | size_t pwlen; |
| 683 | 684 | ||
| @@ -689,11 +690,11 @@ process_lock_agent(SocketEntry *e, int lock) | |||
| 689 | if (bcrypt_pbkdf(passwd, pwlen, lock_salt, sizeof(lock_salt), | 690 | if (bcrypt_pbkdf(passwd, pwlen, lock_salt, sizeof(lock_salt), |
| 690 | passwdhash, sizeof(passwdhash), LOCK_ROUNDS) < 0) | 691 | passwdhash, sizeof(passwdhash), LOCK_ROUNDS) < 0) |
| 691 | fatal("bcrypt_pbkdf"); | 692 | fatal("bcrypt_pbkdf"); |
| 692 | if (timingsafe_bcmp(passwdhash, lock_passwd, LOCK_SIZE) == 0) { | 693 | if (timingsafe_bcmp(passwdhash, lock_pwhash, LOCK_SIZE) == 0) { |
| 693 | debug("agent unlocked"); | 694 | debug("agent unlocked"); |
| 694 | locked = 0; | 695 | locked = 0; |
| 695 | fail_count = 0; | 696 | fail_count = 0; |
| 696 | explicit_bzero(lock_passwd, sizeof(lock_passwd)); | 697 | explicit_bzero(lock_pwhash, sizeof(lock_pwhash)); |
| 697 | success = 1; | 698 | success = 1; |
| 698 | } else { | 699 | } else { |
| 699 | /* delay in 0.1s increments up to 10s */ | 700 | /* delay in 0.1s increments up to 10s */ |
| @@ -710,7 +711,7 @@ process_lock_agent(SocketEntry *e, int lock) | |||
| 710 | locked = 1; | 711 | locked = 1; |
| 711 | arc4random_buf(lock_salt, sizeof(lock_salt)); | 712 | arc4random_buf(lock_salt, sizeof(lock_salt)); |
| 712 | if (bcrypt_pbkdf(passwd, pwlen, lock_salt, sizeof(lock_salt), | 713 | if (bcrypt_pbkdf(passwd, pwlen, lock_salt, sizeof(lock_salt), |
| 713 | lock_passwd, sizeof(lock_passwd), LOCK_ROUNDS) < 0) | 714 | lock_pwhash, sizeof(lock_pwhash), LOCK_ROUNDS) < 0) |
| 714 | fatal("bcrypt_pbkdf"); | 715 | fatal("bcrypt_pbkdf"); |
| 715 | success = 1; | 716 | success = 1; |
| 716 | } | 717 | } |