summaryrefslogtreecommitdiff
path: root/sshd.c
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2016-05-02 08:49:03 +0000
committerDamien Miller <djm@mindrot.org>2016-05-02 20:35:04 +1000
commit1a31d02b2411c4718de58ce796dbb7b5e14db93e (patch)
treec6e06a9890e71bc97cd3cdc6ce74919e504c8fd8 /sshd.c
parentd2d6bf864e52af8491a60dd507f85b74361f5da3 (diff)
upstream commit
fix signed/unsigned errors reported by clang-3.7; add sshbuf_dup_string() to replace a common idiom of strdup(sshbuf_ptr()) with better safety checking; feedback and ok markus@ Upstream-ID: 71f926d9bb3f1efed51319a6daf37e93d57c8820
Diffstat (limited to 'sshd.c')
-rw-r--r--sshd.c51
1 files changed, 31 insertions, 20 deletions
diff --git a/sshd.c b/sshd.c
index d21aed515..8b8af2494 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshd.c,v 1.466 2016/03/07 19:02:43 djm Exp $ */ 1/* $OpenBSD: sshd.c,v 1.467 2016/05/02 08:49:03 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -845,8 +845,8 @@ list_hostkey_types(void)
845 break; 845 break;
846 } 846 }
847 } 847 }
848 buffer_append(&b, "\0", 1); 848 if ((ret = sshbuf_dup_string(&b)) == NULL)
849 ret = xstrdup(buffer_ptr(&b)); 849 fatal("%s: sshbuf_dup_string failed", __func__);
850 buffer_free(&b); 850 buffer_free(&b);
851 debug("list_hostkey_types: %s", ret); 851 debug("list_hostkey_types: %s", ret);
852 return ret; 852 return ret;
@@ -1027,12 +1027,13 @@ usage(void)
1027} 1027}
1028 1028
1029static void 1029static void
1030send_rexec_state(int fd, Buffer *conf) 1030send_rexec_state(int fd, struct sshbuf *conf)
1031{ 1031{
1032 Buffer m; 1032 struct sshbuf *m;
1033 int r;
1033 1034
1034 debug3("%s: entering fd = %d config len %d", __func__, fd, 1035 debug3("%s: entering fd = %d config len %zu", __func__, fd,
1035 buffer_len(conf)); 1036 sshbuf_len(conf));
1036 1037
1037 /* 1038 /*
1038 * Protocol from reexec master to child: 1039 * Protocol from reexec master to child:
@@ -1046,31 +1047,41 @@ send_rexec_state(int fd, Buffer *conf)
1046 * bignum q " 1047 * bignum q "
1047 * string rngseed (only if OpenSSL is not self-seeded) 1048 * string rngseed (only if OpenSSL is not self-seeded)
1048 */ 1049 */
1049 buffer_init(&m); 1050 if ((m = sshbuf_new()) == NULL)
1050 buffer_put_cstring(&m, buffer_ptr(conf)); 1051 fatal("%s: sshbuf_new failed", __func__);
1052 if ((r = sshbuf_put_stringb(m, conf)) != 0)
1053 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1051 1054
1052#ifdef WITH_SSH1 1055#ifdef WITH_SSH1
1053 if (sensitive_data.server_key != NULL && 1056 if (sensitive_data.server_key != NULL &&
1054 sensitive_data.server_key->type == KEY_RSA1) { 1057 sensitive_data.server_key->type == KEY_RSA1) {
1055 buffer_put_int(&m, 1); 1058 if ((r = sshbuf_put_u32(m, 1)) != 0 ||
1056 buffer_put_bignum(&m, sensitive_data.server_key->rsa->e); 1059 (r = sshbuf_put_bignum1(m,
1057 buffer_put_bignum(&m, sensitive_data.server_key->rsa->n); 1060 sensitive_data.server_key->rsa->e)) != 0 ||
1058 buffer_put_bignum(&m, sensitive_data.server_key->rsa->d); 1061 (r = sshbuf_put_bignum1(m,
1059 buffer_put_bignum(&m, sensitive_data.server_key->rsa->iqmp); 1062 sensitive_data.server_key->rsa->n)) != 0 ||
1060 buffer_put_bignum(&m, sensitive_data.server_key->rsa->p); 1063 (r = sshbuf_put_bignum1(m,
1061 buffer_put_bignum(&m, sensitive_data.server_key->rsa->q); 1064 sensitive_data.server_key->rsa->d)) != 0 ||
1065 (r = sshbuf_put_bignum1(m,
1066 sensitive_data.server_key->rsa->iqmp)) != 0 ||
1067 (r = sshbuf_put_bignum1(m,
1068 sensitive_data.server_key->rsa->p)) != 0 ||
1069 (r = sshbuf_put_bignum1(m,
1070 sensitive_data.server_key->rsa->q)) != 0)
1071 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1062 } else 1072 } else
1063#endif 1073#endif
1064 buffer_put_int(&m, 0); 1074 if ((r = sshbuf_put_u32(m, 1)) != 0)
1075 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1065 1076
1066#if defined(WITH_OPENSSL) && !defined(OPENSSL_PRNG_ONLY) 1077#if defined(WITH_OPENSSL) && !defined(OPENSSL_PRNG_ONLY)
1067 rexec_send_rng_seed(&m); 1078 rexec_send_rng_seed(m);
1068#endif 1079#endif
1069 1080
1070 if (ssh_msg_send(fd, 0, &m) == -1) 1081 if (ssh_msg_send(fd, 0, m) == -1)
1071 fatal("%s: ssh_msg_send failed", __func__); 1082 fatal("%s: ssh_msg_send failed", __func__);
1072 1083
1073 buffer_free(&m); 1084 sshbuf_free(m);
1074 1085
1075 debug3("%s: done", __func__); 1086 debug3("%s: done", __func__);
1076} 1087}
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-29 16:19:27 +0000