diff options
author | djm@openbsd.org <djm@openbsd.org> | 2016-05-02 08:49:03 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2016-05-02 20:35:04 +1000 |
commit | 1a31d02b2411c4718de58ce796dbb7b5e14db93e (patch) | |
tree | c6e06a9890e71bc97cd3cdc6ce74919e504c8fd8 /ssh-agent.c | |
parent | d2d6bf864e52af8491a60dd507f85b74361f5da3 (diff) |
upstream commit
fix signed/unsigned errors reported by clang-3.7; add
sshbuf_dup_string() to replace a common idiom of strdup(sshbuf_ptr()) with
better safety checking; feedback and ok markus@
Upstream-ID: 71f926d9bb3f1efed51319a6daf37e93d57c8820
Diffstat (limited to 'ssh-agent.c')
-rw-r--r-- | ssh-agent.c | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/ssh-agent.c b/ssh-agent.c index c38906d94..8aa25b30d 100644 --- a/ssh-agent.c +++ b/ssh-agent.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-agent.c,v 1.212 2016/02/15 09:47:49 dtucker Exp $ */ | 1 | /* $OpenBSD: ssh-agent.c,v 1.213 2016/05/02 08:49:03 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -144,8 +144,8 @@ char socket_dir[PATH_MAX]; | |||
144 | #define LOCK_SALT_SIZE 16 | 144 | #define LOCK_SALT_SIZE 16 |
145 | #define LOCK_ROUNDS 1 | 145 | #define LOCK_ROUNDS 1 |
146 | int locked = 0; | 146 | int locked = 0; |
147 | char lock_passwd[LOCK_SIZE]; | 147 | u_char lock_pwhash[LOCK_SIZE]; |
148 | char lock_salt[LOCK_SALT_SIZE]; | 148 | u_char lock_salt[LOCK_SALT_SIZE]; |
149 | 149 | ||
150 | extern char *__progname; | 150 | extern char *__progname; |
151 | 151 | ||
@@ -677,7 +677,8 @@ static void | |||
677 | process_lock_agent(SocketEntry *e, int lock) | 677 | process_lock_agent(SocketEntry *e, int lock) |
678 | { | 678 | { |
679 | int r, success = 0, delay; | 679 | int r, success = 0, delay; |
680 | char *passwd, passwdhash[LOCK_SIZE]; | 680 | char *passwd; |
681 | u_char passwdhash[LOCK_SIZE]; | ||
681 | static u_int fail_count = 0; | 682 | static u_int fail_count = 0; |
682 | size_t pwlen; | 683 | size_t pwlen; |
683 | 684 | ||
@@ -689,11 +690,11 @@ process_lock_agent(SocketEntry *e, int lock) | |||
689 | if (bcrypt_pbkdf(passwd, pwlen, lock_salt, sizeof(lock_salt), | 690 | if (bcrypt_pbkdf(passwd, pwlen, lock_salt, sizeof(lock_salt), |
690 | passwdhash, sizeof(passwdhash), LOCK_ROUNDS) < 0) | 691 | passwdhash, sizeof(passwdhash), LOCK_ROUNDS) < 0) |
691 | fatal("bcrypt_pbkdf"); | 692 | fatal("bcrypt_pbkdf"); |
692 | if (timingsafe_bcmp(passwdhash, lock_passwd, LOCK_SIZE) == 0) { | 693 | if (timingsafe_bcmp(passwdhash, lock_pwhash, LOCK_SIZE) == 0) { |
693 | debug("agent unlocked"); | 694 | debug("agent unlocked"); |
694 | locked = 0; | 695 | locked = 0; |
695 | fail_count = 0; | 696 | fail_count = 0; |
696 | explicit_bzero(lock_passwd, sizeof(lock_passwd)); | 697 | explicit_bzero(lock_pwhash, sizeof(lock_pwhash)); |
697 | success = 1; | 698 | success = 1; |
698 | } else { | 699 | } else { |
699 | /* delay in 0.1s increments up to 10s */ | 700 | /* delay in 0.1s increments up to 10s */ |
@@ -710,7 +711,7 @@ process_lock_agent(SocketEntry *e, int lock) | |||
710 | locked = 1; | 711 | locked = 1; |
711 | arc4random_buf(lock_salt, sizeof(lock_salt)); | 712 | arc4random_buf(lock_salt, sizeof(lock_salt)); |
712 | if (bcrypt_pbkdf(passwd, pwlen, lock_salt, sizeof(lock_salt), | 713 | if (bcrypt_pbkdf(passwd, pwlen, lock_salt, sizeof(lock_salt), |
713 | lock_passwd, sizeof(lock_passwd), LOCK_ROUNDS) < 0) | 714 | lock_pwhash, sizeof(lock_pwhash), LOCK_ROUNDS) < 0) |
714 | fatal("bcrypt_pbkdf"); | 715 | fatal("bcrypt_pbkdf"); |
715 | success = 1; | 716 | success = 1; |
716 | } | 717 | } |