diff options
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | authfd.c | 9 | ||||
-rw-r--r-- | bufaux.c | 8 | ||||
-rw-r--r-- | dh.c | 4 | ||||
-rw-r--r-- | mac.c | 4 | ||||
-rw-r--r-- | ssh-keygen.c | 6 |
6 files changed, 20 insertions, 16 deletions
@@ -43,6 +43,9 @@ | |||
43 | [deattack.c misc.c session.c ssh-agent.c] | 43 | [deattack.c misc.c session.c ssh-agent.c] |
44 | more buffer allocation fixes; from Solar Designer; CAN-2003-0682; | 44 | more buffer allocation fixes; from Solar Designer; CAN-2003-0682; |
45 | ok millert@ | 45 | ok millert@ |
46 | - miod@cvs.openbsd.org 2003/09/18 13:02:21 | ||
47 | [authfd.c bufaux.c dh.c mac.c ssh-keygen.c] | ||
48 | A few signedness fixes for harmless situations; markus@ ok | ||
46 | 49 | ||
47 | 20030919 | 50 | 20030919 |
48 | - (djm) Bug #683: Remove reference to --with-ipv4-default from INSTALL; | 51 | - (djm) Bug #683: Remove reference to --with-ipv4-default from INSTALL; |
@@ -1179,4 +1182,4 @@ | |||
1179 | - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. | 1182 | - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. |
1180 | Report from murple@murple.net, diagnosis from dtucker@zip.com.au | 1183 | Report from murple@murple.net, diagnosis from dtucker@zip.com.au |
1181 | 1184 | ||
1182 | $Id: ChangeLog,v 1.3027 2003/09/22 11:04:23 dtucker Exp $ | 1185 | $Id: ChangeLog,v 1.3028 2003/09/22 11:05:50 dtucker Exp $ |
@@ -35,7 +35,7 @@ | |||
35 | */ | 35 | */ |
36 | 36 | ||
37 | #include "includes.h" | 37 | #include "includes.h" |
38 | RCSID("$OpenBSD: authfd.c,v 1.61 2003/06/28 16:23:06 deraadt Exp $"); | 38 | RCSID("$OpenBSD: authfd.c,v 1.62 2003/09/18 13:02:21 miod Exp $"); |
39 | 39 | ||
40 | #include <openssl/evp.h> | 40 | #include <openssl/evp.h> |
41 | 41 | ||
@@ -114,7 +114,8 @@ ssh_get_authentication_socket(void) | |||
114 | static int | 114 | static int |
115 | ssh_request_reply(AuthenticationConnection *auth, Buffer *request, Buffer *reply) | 115 | ssh_request_reply(AuthenticationConnection *auth, Buffer *request, Buffer *reply) |
116 | { | 116 | { |
117 | int l, len; | 117 | int l; |
118 | u_int len; | ||
118 | char buf[1024]; | 119 | char buf[1024]; |
119 | 120 | ||
120 | /* Get the length of the message, and format it in the buffer. */ | 121 | /* Get the length of the message, and format it in the buffer. */ |
@@ -147,7 +148,7 @@ ssh_request_reply(AuthenticationConnection *auth, Buffer *request, Buffer *reply | |||
147 | /* Extract the length, and check it for sanity. */ | 148 | /* Extract the length, and check it for sanity. */ |
148 | len = GET_32BIT(buf); | 149 | len = GET_32BIT(buf); |
149 | if (len > 256 * 1024) | 150 | if (len > 256 * 1024) |
150 | fatal("Authentication response too long: %d", len); | 151 | fatal("Authentication response too long: %u", len); |
151 | 152 | ||
152 | /* Read the rest of the response in to the buffer. */ | 153 | /* Read the rest of the response in to the buffer. */ |
153 | buffer_clear(reply); | 154 | buffer_clear(reply); |
@@ -292,7 +293,7 @@ ssh_get_num_identities(AuthenticationConnection *auth, int version) | |||
292 | 293 | ||
293 | /* Get the number of entries in the response and check it for sanity. */ | 294 | /* Get the number of entries in the response and check it for sanity. */ |
294 | auth->howmany = buffer_get_int(&auth->identities); | 295 | auth->howmany = buffer_get_int(&auth->identities); |
295 | if (auth->howmany > 1024) | 296 | if ((u_int)auth->howmany > 1024) |
296 | fatal("Too many identities in authentication reply: %d", | 297 | fatal("Too many identities in authentication reply: %d", |
297 | auth->howmany); | 298 | auth->howmany); |
298 | 299 | ||
@@ -37,7 +37,7 @@ | |||
37 | */ | 37 | */ |
38 | 38 | ||
39 | #include "includes.h" | 39 | #include "includes.h" |
40 | RCSID("$OpenBSD: bufaux.c,v 1.29 2003/04/08 20:21:28 itojun Exp $"); | 40 | RCSID("$OpenBSD: bufaux.c,v 1.30 2003/09/18 13:02:21 miod Exp $"); |
41 | 41 | ||
42 | #include <openssl/bn.h> | 42 | #include <openssl/bn.h> |
43 | #include "bufaux.h" | 43 | #include "bufaux.h" |
@@ -80,7 +80,7 @@ buffer_put_bignum(Buffer *buffer, BIGNUM *value) | |||
80 | void | 80 | void |
81 | buffer_get_bignum(Buffer *buffer, BIGNUM *value) | 81 | buffer_get_bignum(Buffer *buffer, BIGNUM *value) |
82 | { | 82 | { |
83 | int bits, bytes; | 83 | u_int bits, bytes; |
84 | u_char buf[2], *bin; | 84 | u_char buf[2], *bin; |
85 | 85 | ||
86 | /* Get the number for bits. */ | 86 | /* Get the number for bits. */ |
@@ -103,10 +103,10 @@ buffer_get_bignum(Buffer *buffer, BIGNUM *value) | |||
103 | void | 103 | void |
104 | buffer_put_bignum2(Buffer *buffer, BIGNUM *value) | 104 | buffer_put_bignum2(Buffer *buffer, BIGNUM *value) |
105 | { | 105 | { |
106 | int bytes = BN_num_bytes(value) + 1; | 106 | u_int bytes = BN_num_bytes(value) + 1; |
107 | u_char *buf = xmalloc(bytes); | 107 | u_char *buf = xmalloc(bytes); |
108 | int oi; | 108 | int oi; |
109 | int hasnohigh = 0; | 109 | u_int hasnohigh = 0; |
110 | 110 | ||
111 | buf[0] = '\0'; | 111 | buf[0] = '\0'; |
112 | /* Get the value of in binary */ | 112 | /* Get the value of in binary */ |
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: dh.c,v 1.24 2003/04/08 20:21:28 itojun Exp $"); | 26 | RCSID("$OpenBSD: dh.c,v 1.25 2003/09/18 13:02:21 miod Exp $"); |
27 | 27 | ||
28 | #include "xmalloc.h" | 28 | #include "xmalloc.h" |
29 | 29 | ||
@@ -198,7 +198,7 @@ dh_gen_key(DH *dh, int need) | |||
198 | 198 | ||
199 | if (dh->p == NULL) | 199 | if (dh->p == NULL) |
200 | fatal("dh_gen_key: dh->p == NULL"); | 200 | fatal("dh_gen_key: dh->p == NULL"); |
201 | if (2*need >= BN_num_bits(dh->p)) | 201 | if (need > INT_MAX / 2 || 2 * need >= BN_num_bits(dh->p)) |
202 | fatal("dh_gen_key: group too small: %d (2*need %d)", | 202 | fatal("dh_gen_key: group too small: %d (2*need %d)", |
203 | BN_num_bits(dh->p), 2*need); | 203 | BN_num_bits(dh->p), 2*need); |
204 | do { | 204 | do { |
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: mac.c,v 1.5 2002/05/16 22:02:50 markus Exp $"); | 26 | RCSID("$OpenBSD: mac.c,v 1.6 2003/09/18 13:02:21 miod Exp $"); |
27 | 27 | ||
28 | #include <openssl/hmac.h> | 28 | #include <openssl/hmac.h> |
29 | 29 | ||
@@ -77,7 +77,7 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen) | |||
77 | 77 | ||
78 | if (mac->key == NULL) | 78 | if (mac->key == NULL) |
79 | fatal("mac_compute: no key"); | 79 | fatal("mac_compute: no key"); |
80 | if (mac->mac_len > sizeof(m)) | 80 | if ((u_int)mac->mac_len > sizeof(m)) |
81 | fatal("mac_compute: mac too long"); | 81 | fatal("mac_compute: mac too long"); |
82 | HMAC_Init(&c, mac->key, mac->key_len, mac->md); | 82 | HMAC_Init(&c, mac->key, mac->key_len, mac->md); |
83 | PUT_32BIT(b, seqno); | 83 | PUT_32BIT(b, seqno); |
diff --git a/ssh-keygen.c b/ssh-keygen.c index e74d3cd37..5b7bc400a 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
@@ -12,7 +12,7 @@ | |||
12 | */ | 12 | */ |
13 | 13 | ||
14 | #include "includes.h" | 14 | #include "includes.h" |
15 | RCSID("$OpenBSD: ssh-keygen.c,v 1.108 2003/08/14 16:08:58 markus Exp $"); | 15 | RCSID("$OpenBSD: ssh-keygen.c,v 1.109 2003/09/18 13:02:21 miod Exp $"); |
16 | 16 | ||
17 | #include <openssl/evp.h> | 17 | #include <openssl/evp.h> |
18 | #include <openssl/pem.h> | 18 | #include <openssl/pem.h> |
@@ -191,8 +191,8 @@ do_convert_to_ssh2(struct passwd *pw) | |||
191 | static void | 191 | static void |
192 | buffer_get_bignum_bits(Buffer *b, BIGNUM *value) | 192 | buffer_get_bignum_bits(Buffer *b, BIGNUM *value) |
193 | { | 193 | { |
194 | int bits = buffer_get_int(b); | 194 | u_int bits = buffer_get_int(b); |
195 | int bytes = (bits + 7) / 8; | 195 | u_int bytes = (bits + 7) / 8; |
196 | 196 | ||
197 | if (buffer_len(b) < bytes) | 197 | if (buffer_len(b) < bytes) |
198 | fatal("buffer_get_bignum_bits: input buffer too small: " | 198 | fatal("buffer_get_bignum_bits: input buffer too small: " |