summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog6
-rw-r--r--sshbuf-getput-crypto.c10
2 files changed, 12 insertions, 4 deletions
diff --git a/ChangeLog b/ChangeLog
index 99e59c1e4..c7f73af16 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -11,6 +11,12 @@
11 sandbox. 11 sandbox.
12 12
13 ok djm 13 ok djm
14 - naddy@cvs.openbsd.org 2014/06/18 15:42:09
15 [sshbuf-getput-crypto.c]
16 The ssh_get_bignum functions must accept the same range of bignums
17 the corresponding ssh_put_bignum functions create. This fixes the
18 use of 16384-bit RSA keys (bug reported by Eivind Evensen).
19 ok djm@
14 20
1520140618 2120140618
16 - (tim) [openssh/session.c] Work around to get chroot sftp working on UnixWare 22 - (tim) [openssh/session.c] Work around to get chroot sftp working on UnixWare
diff --git a/sshbuf-getput-crypto.c b/sshbuf-getput-crypto.c
index ca1c7ec65..cfe6f7963 100644
--- a/sshbuf-getput-crypto.c
+++ b/sshbuf-getput-crypto.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshbuf-getput-crypto.c,v 1.1 2014/04/30 05:29:56 djm Exp $ */ 1/* $OpenBSD: sshbuf-getput-crypto.c,v 1.2 2014/06/18 15:42:09 naddy Exp $ */
2/* 2/*
3 * Copyright (c) 2011 Damien Miller 3 * Copyright (c) 2011 Damien Miller
4 * 4 *
@@ -38,10 +38,12 @@ sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM *v)
38 38
39 if ((r = sshbuf_peek_string_direct(buf, &d, &len)) < 0) 39 if ((r = sshbuf_peek_string_direct(buf, &d, &len)) < 0)
40 return r; 40 return r;
41 /* Refuse negative (MSB set) and overlong bignums */ 41 /* Refuse negative (MSB set) bignums */
42 if ((len != 0 && (*d & 0x80) != 0)) 42 if ((len != 0 && (*d & 0x80) != 0))
43 return SSH_ERR_BIGNUM_IS_NEGATIVE; 43 return SSH_ERR_BIGNUM_IS_NEGATIVE;
44 if (len > SSHBUF_MAX_BIGNUM) 44 /* Refuse overlong bignums, allow prepended \0 to avoid MSB set */
45 if (len > SSHBUF_MAX_BIGNUM + 1 ||
46 (len == SSHBUF_MAX_BIGNUM + 1 && *d != 0))
45 return SSH_ERR_BIGNUM_TOO_LARGE; 47 return SSH_ERR_BIGNUM_TOO_LARGE;
46 if (v != NULL && BN_bin2bn(d, len, v) == NULL) 48 if (v != NULL && BN_bin2bn(d, len, v) == NULL)
47 return SSH_ERR_ALLOC_FAIL; 49 return SSH_ERR_ALLOC_FAIL;
@@ -67,7 +69,7 @@ sshbuf_get_bignum1(struct sshbuf *buf, BIGNUM *v)
67 return SSH_ERR_MESSAGE_INCOMPLETE; 69 return SSH_ERR_MESSAGE_INCOMPLETE;
68 len_bits = PEEK_U16(d); 70 len_bits = PEEK_U16(d);
69 len_bytes = (len_bits + 7) >> 3; 71 len_bytes = (len_bits + 7) >> 3;
70 if (len_bytes > SSHBUF_MAX_BIGNUM + 1) 72 if (len_bytes > SSHBUF_MAX_BIGNUM)
71 return SSH_ERR_BIGNUM_TOO_LARGE; 73 return SSH_ERR_BIGNUM_TOO_LARGE;
72 if (sshbuf_len(buf) < 2 + len_bytes) 74 if (sshbuf_len(buf) < 2 + len_bytes)
73 return SSH_ERR_MESSAGE_INCOMPLETE; 75 return SSH_ERR_MESSAGE_INCOMPLETE;
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-10 05:54:19 +0000