1 files changed, 22 insertions, 22 deletions
diff --git a/ssh.c b/ssh.c
index 33d7ea2ba..609c209d1 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.485 2018/07/16 11:05:41 dtucker Exp $ */
+/* $OpenBSD: ssh.c,v 1.486 2018/07/16 22:25:01 dtucker Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1418,34 +1418,34 @@ main(int ac, char **av)
        sensitive_data.nkeys = 0;
        sensitive_data.keys = NULL;
        if (options.hostbased_authentication) {
-                sensitive_data.nkeys = 11;
+                sensitive_data.nkeys = 10;
                sensitive_data.keys = xcalloc(sensitive_data.nkeys,
                    sizeof(struct sshkey));
                /* XXX check errors? */
-#define L_KEY(t,p,o) \
+#define L_PUBKEY(p,o) do { \
-        check_load(sshkey_load_private_type(t, p, "", \
+        if ((o) >= sensitive_data.nkeys) \
-            &(sensitive_data.keys[o]), NULL, NULL), p, "key")
+                fatal("%s pubkey out of array bounds", __func__); \
-#define L_KEYCERT(t,p,o) \
-        check_load(sshkey_load_private_cert(t, p, "", \
-            &(sensitive_data.keys[o]), NULL), p, "cert and key")
-#define L_PUBKEY(p,o) \
        check_load(sshkey_load_public(p, &(sensitive_data.keys[o]), NULL), \
-            p, "pubkey")
+            p, "pubkey"); \
-#define L_CERT(p,o) \
+} while (0)
-        check_load(sshkey_load_cert(p, &(sensitive_data.keys[o])), p, "cert")
+#define L_CERT(p,o) do { \
+        if ((o) >= sensitive_data.nkeys) \
+                fatal("%s cert out of array bounds", __func__); \
+        check_load(sshkey_load_cert(p, &(sensitive_data.keys[o])), p, "cert"); \
+} while (0)
                if (options.hostbased_authentication == 1) {
-                        L_CERT(_PATH_HOST_ECDSA_KEY_FILE, 1);
+                        L_CERT(_PATH_HOST_ECDSA_KEY_FILE, 0);
-                        L_CERT(_PATH_HOST_ED25519_KEY_FILE, 2);
+                        L_CERT(_PATH_HOST_ED25519_KEY_FILE, 1);
-                        L_CERT(_PATH_HOST_RSA_KEY_FILE, 3);
+                        L_CERT(_PATH_HOST_RSA_KEY_FILE, 2);
-                        L_CERT(_PATH_HOST_DSA_KEY_FILE, 4);
+                        L_CERT(_PATH_HOST_DSA_KEY_FILE, 3);
-                        L_PUBKEY(_PATH_HOST_ECDSA_KEY_FILE, 5);
+                        L_PUBKEY(_PATH_HOST_ECDSA_KEY_FILE, 4);
-                        L_PUBKEY(_PATH_HOST_ED25519_KEY_FILE, 6);
+                        L_PUBKEY(_PATH_HOST_ED25519_KEY_FILE, 5);
-                        L_PUBKEY(_PATH_HOST_RSA_KEY_FILE, 7);
+                        L_PUBKEY(_PATH_HOST_RSA_KEY_FILE, 6);
-                        L_PUBKEY(_PATH_HOST_DSA_KEY_FILE, 8);
+                        L_PUBKEY(_PATH_HOST_DSA_KEY_FILE, 7);
-                        L_CERT(_PATH_HOST_XMSS_KEY_FILE, 9);
+                        L_CERT(_PATH_HOST_XMSS_KEY_FILE, 8);
-                        L_PUBKEY(_PATH_HOST_XMSS_KEY_FILE, 10);
+                        L_PUBKEY(_PATH_HOST_XMSS_KEY_FILE, 9);
                }
        }
        /*

diff --git a/ssh.c b/ssh.c index 33d7ea2ba..609c209d1 100644 --- a/ssh.c +++ b/ssh.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssh.c,v 1.485 2018/07/16 11:05:41 dtucker Exp $ */	1	/* $OpenBSD: ssh.c,v 1.486 2018/07/16 22:25:01 dtucker Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1418,34 +1418,34 @@ main(int ac, char **av)
1418	sensitive_data.nkeys = 0;	1418	sensitive_data.nkeys = 0;
1419	sensitive_data.keys = NULL;	1419	sensitive_data.keys = NULL;
1420	if (options.hostbased_authentication) {	1420	if (options.hostbased_authentication) {
1421	sensitive_data.nkeys = 11;	1421	sensitive_data.nkeys = 10;
1422	sensitive_data.keys = xcalloc(sensitive_data.nkeys,	1422	sensitive_data.keys = xcalloc(sensitive_data.nkeys,
1423	sizeof(struct sshkey));	1423	sizeof(struct sshkey));
1424		1424
1425	/* XXX check errors? */	1425	/* XXX check errors? */
1426	#define L_KEY(t,p,o) \	1426	#define L_PUBKEY(p,o) do { \
1427	check_load(sshkey_load_private_type(t, p, "", \	1427	if ((o) >= sensitive_data.nkeys) \
1428	&(sensitive_data.keys[o]), NULL, NULL), p, "key")	1428	fatal("%s pubkey out of array bounds", __func__); \
1429	#define L_KEYCERT(t,p,o) \
1430	check_load(sshkey_load_private_cert(t, p, "", \
1431	&(sensitive_data.keys[o]), NULL), p, "cert and key")
1432	#define L_PUBKEY(p,o) \
1433	check_load(sshkey_load_public(p, &(sensitive_data.keys[o]), NULL), \	1429	check_load(sshkey_load_public(p, &(sensitive_data.keys[o]), NULL), \
1434	p, "pubkey")	1430	p, "pubkey"); \
1435	#define L_CERT(p,o) \	1431	} while (0)
1436	check_load(sshkey_load_cert(p, &(sensitive_data.keys[o])), p, "cert")	1432	#define L_CERT(p,o) do { \
		1433	if ((o) >= sensitive_data.nkeys) \
		1434	fatal("%s cert out of array bounds", __func__); \
		1435	check_load(sshkey_load_cert(p, &(sensitive_data.keys[o])), p, "cert"); \
		1436	} while (0)
1437		1437
1438	if (options.hostbased_authentication == 1) {	1438	if (options.hostbased_authentication == 1) {
1439	L_CERT(_PATH_HOST_ECDSA_KEY_FILE, 1);	1439	L_CERT(_PATH_HOST_ECDSA_KEY_FILE, 0);
1440	L_CERT(_PATH_HOST_ED25519_KEY_FILE, 2);	1440	L_CERT(_PATH_HOST_ED25519_KEY_FILE, 1);
1441	L_CERT(_PATH_HOST_RSA_KEY_FILE, 3);	1441	L_CERT(_PATH_HOST_RSA_KEY_FILE, 2);
1442	L_CERT(_PATH_HOST_DSA_KEY_FILE, 4);	1442	L_CERT(_PATH_HOST_DSA_KEY_FILE, 3);
1443	L_PUBKEY(_PATH_HOST_ECDSA_KEY_FILE, 5);	1443	L_PUBKEY(_PATH_HOST_ECDSA_KEY_FILE, 4);
1444	L_PUBKEY(_PATH_HOST_ED25519_KEY_FILE, 6);	1444	L_PUBKEY(_PATH_HOST_ED25519_KEY_FILE, 5);
1445	L_PUBKEY(_PATH_HOST_RSA_KEY_FILE, 7);	1445	L_PUBKEY(_PATH_HOST_RSA_KEY_FILE, 6);
1446	L_PUBKEY(_PATH_HOST_DSA_KEY_FILE, 8);	1446	L_PUBKEY(_PATH_HOST_DSA_KEY_FILE, 7);
1447	L_CERT(_PATH_HOST_XMSS_KEY_FILE, 9);	1447	L_CERT(_PATH_HOST_XMSS_KEY_FILE, 8);
1448	L_PUBKEY(_PATH_HOST_XMSS_KEY_FILE, 10);	1448	L_PUBKEY(_PATH_HOST_XMSS_KEY_FILE, 9);
1449	}	1449	}
1450	}	1450	}
1451	/*	1451	/*