summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog6
-rw-r--r--auth-rsa.c4
-rw-r--r--auth1.c17
-rw-r--r--channels.c28
-rw-r--r--clientloop.c8
-rw-r--r--packet.c4
-rw-r--r--packet.h12
-rw-r--r--serverloop.c8
-rw-r--r--session.c8
-rw-r--r--ssh.c4
-rw-r--r--sshconnect1.c22
-rw-r--r--sshd.c5
12 files changed, 51 insertions, 75 deletions
diff --git a/ChangeLog b/ChangeLog
index 0c3b37f11..c4b579acf 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -51,6 +51,10 @@
51 - markus@cvs.openbsd.org 2001/12/27 19:54:53 51 - markus@cvs.openbsd.org 2001/12/27 19:54:53
52 [auth1.c auth.h auth-rh-rsa.c] 52 [auth1.c auth.h auth-rh-rsa.c]
53 auth_rhosts_rsa now accept generic keys. 53 auth_rhosts_rsa now accept generic keys.
54 - markus@cvs.openbsd.org 2001/12/27 20:39:58
55 [auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h]
56 [serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c]
57 get rid of packet_integrity_check, use packet_done() instead.
54 58
5520020121 5920020121
56 - (djm) Rework ssh-rand-helper: 60 - (djm) Rework ssh-rand-helper:
@@ -7198,4 +7202,4 @@
7198 - Wrote replacements for strlcpy and mkdtemp 7202 - Wrote replacements for strlcpy and mkdtemp
7199 - Released 1.0pre1 7203 - Released 1.0pre1
7200 7204
7201$Id: ChangeLog,v 1.1737 2002/01/22 12:11:00 djm Exp $ 7205$Id: ChangeLog,v 1.1738 2002/01/22 12:11:38 djm Exp $
diff --git a/auth-rsa.c b/auth-rsa.c
index de50b8ef8..1d74a79cd 100644
--- a/auth-rsa.c
+++ b/auth-rsa.c
@@ -14,7 +14,7 @@
14 */ 14 */
15 15
16#include "includes.h" 16#include "includes.h"
17RCSID("$OpenBSD: auth-rsa.c,v 1.47 2001/12/27 18:22:16 markus Exp $"); 17RCSID("$OpenBSD: auth-rsa.c,v 1.48 2001/12/27 20:39:58 markus Exp $");
18 18
19#include <openssl/rsa.h> 19#include <openssl/rsa.h>
20#include <openssl/md5.h> 20#include <openssl/md5.h>
@@ -92,9 +92,9 @@ auth_rsa_challenge_dialog(RSA *pk)
92 92
93 /* Wait for a response. */ 93 /* Wait for a response. */
94 packet_read_expect(&plen, SSH_CMSG_AUTH_RSA_RESPONSE); 94 packet_read_expect(&plen, SSH_CMSG_AUTH_RSA_RESPONSE);
95 packet_integrity_check(plen, 16, SSH_CMSG_AUTH_RSA_RESPONSE);
96 for (i = 0; i < 16; i++) 95 for (i = 0; i < 16; i++)
97 response[i] = packet_get_char(); 96 response[i] = packet_get_char();
97 packet_done();
98 98
99 /* The response is MD5 of decrypted challenge plus session id. */ 99 /* The response is MD5 of decrypted challenge plus session id. */
100 len = BN_num_bytes(challenge); 100 len = BN_num_bytes(challenge);
diff --git a/auth1.c b/auth1.c
index 766053c97..2ea638b9a 100644
--- a/auth1.c
+++ b/auth1.c
@@ -10,7 +10,7 @@
10 */ 10 */
11 11
12#include "includes.h" 12#include "includes.h"
13RCSID("$OpenBSD: auth1.c,v 1.30 2001/12/27 19:54:53 markus Exp $"); 13RCSID("$OpenBSD: auth1.c,v 1.31 2001/12/27 20:39:58 markus Exp $");
14 14
15#include "xmalloc.h" 15#include "xmalloc.h"
16#include "rsa.h" 16#include "rsa.h"
@@ -120,8 +120,7 @@ do_authloop(Authctxt *authctxt)
120 verbose("Kerberos authentication disabled."); 120 verbose("Kerberos authentication disabled.");
121 } else { 121 } else {
122 char *kdata = packet_get_string(&dlen); 122 char *kdata = packet_get_string(&dlen);
123 123 packet_done();
124 packet_integrity_check(plen, 4 + dlen, type);
125 124
126 if (kdata[0] == 4) { /* KRB_PROT_VERSION */ 125 if (kdata[0] == 4) { /* KRB_PROT_VERSION */
127#ifdef KRB4 126#ifdef KRB4
@@ -181,7 +180,7 @@ do_authloop(Authctxt *authctxt)
181 * IP-spoofing on a local network.) 180 * IP-spoofing on a local network.)
182 */ 181 */
183 client_user = packet_get_string(&ulen); 182 client_user = packet_get_string(&ulen);
184 packet_integrity_check(plen, 4 + ulen, type); 183 packet_done();
185 184
186 /* Try to authenticate using /etc/hosts.equiv and .rhosts. */ 185 /* Try to authenticate using /etc/hosts.equiv and .rhosts. */
187 authenticated = auth_rhosts(pw, client_user); 186 authenticated = auth_rhosts(pw, client_user);
@@ -211,7 +210,7 @@ do_authloop(Authctxt *authctxt)
211 verbose("Warning: keysize mismatch for client_host_key: " 210 verbose("Warning: keysize mismatch for client_host_key: "
212 "actual %d, announced %d", 211 "actual %d, announced %d",
213 BN_num_bits(client_host_key->rsa->n), bits); 212 BN_num_bits(client_host_key->rsa->n), bits);
214 packet_integrity_check(plen, (4 + ulen) + 4 + elen + nlen, type); 213 packet_done();
215 214
216 authenticated = auth_rhosts_rsa(pw, client_user, 215 authenticated = auth_rhosts_rsa(pw, client_user,
217 client_host_key); 216 client_host_key);
@@ -229,7 +228,7 @@ do_authloop(Authctxt *authctxt)
229 if ((n = BN_new()) == NULL) 228 if ((n = BN_new()) == NULL)
230 fatal("do_authloop: BN_new failed"); 229 fatal("do_authloop: BN_new failed");
231 packet_get_bignum(n, &nlen); 230 packet_get_bignum(n, &nlen);
232 packet_integrity_check(plen, nlen, type); 231 packet_done();
233 authenticated = auth_rsa(pw, n); 232 authenticated = auth_rsa(pw, n);
234 BN_clear_free(n); 233 BN_clear_free(n);
235 break; 234 break;
@@ -245,7 +244,7 @@ do_authloop(Authctxt *authctxt)
245 * not visible to an outside observer. 244 * not visible to an outside observer.
246 */ 245 */
247 password = packet_get_string(&dlen); 246 password = packet_get_string(&dlen);
248 packet_integrity_check(plen, 4 + dlen, type); 247 packet_done();
249 248
250#ifdef USE_PAM 249#ifdef USE_PAM
251 /* Do PAM auth with password */ 250 /* Do PAM auth with password */
@@ -283,7 +282,7 @@ do_authloop(Authctxt *authctxt)
283 if (options.challenge_response_authentication == 1) { 282 if (options.challenge_response_authentication == 1) {
284 char *response = packet_get_string(&dlen); 283 char *response = packet_get_string(&dlen);
285 debug("got response '%s'", response); 284 debug("got response '%s'", response);
286 packet_integrity_check(plen, 4 + dlen, type); 285 packet_done();
287 authenticated = verify_response(authctxt, response); 286 authenticated = verify_response(authctxt, response);
288 memset(response, 'r', dlen); 287 memset(response, 'r', dlen);
289 xfree(response); 288 xfree(response);
@@ -370,7 +369,7 @@ do_authentication(void)
370 369
371 /* Get the user name. */ 370 /* Get the user name. */
372 user = packet_get_string(&ulen); 371 user = packet_get_string(&ulen);
373 packet_integrity_check(plen, (4 + ulen), SSH_CMSG_USER); 372 packet_done();
374 373
375 if ((style = strchr(user, ':')) != NULL) 374 if ((style = strchr(user, ':')) != NULL)
376 *style++ = '\0'; 375 *style++ = '\0';
diff --git a/channels.c b/channels.c
index cc2613a88..9f042d44e 100644
--- a/channels.c
+++ b/channels.c
@@ -39,7 +39,7 @@
39 */ 39 */
40 40
41#include "includes.h" 41#include "includes.h"
42RCSID("$OpenBSD: channels.c,v 1.150 2001/12/20 22:50:24 djm Exp $"); 42RCSID("$OpenBSD: channels.c,v 1.151 2001/12/27 20:39:58 markus Exp $");
43 43
44#include "ssh.h" 44#include "ssh.h"
45#include "ssh1.h" 45#include "ssh1.h"
@@ -1734,7 +1734,6 @@ channel_input_data(int type, int plen, u_int32_t seq, void *ctxt)
1734 1734
1735 /* Get the data. */ 1735 /* Get the data. */
1736 data = packet_get_string(&data_len); 1736 data = packet_get_string(&data_len);
1737 packet_done();
1738 1737
1739 if (compat20) { 1738 if (compat20) {
1740 if (data_len > c->local_maxpacket) { 1739 if (data_len > c->local_maxpacket) {
@@ -1748,9 +1747,8 @@ channel_input_data(int type, int plen, u_int32_t seq, void *ctxt)
1748 return; 1747 return;
1749 } 1748 }
1750 c->local_window -= data_len; 1749 c->local_window -= data_len;
1751 }else{
1752 packet_integrity_check(plen, 4 + 4 + data_len, type);
1753 } 1750 }
1751 packet_done();
1754 buffer_append(&c->output, data, data_len); 1752 buffer_append(&c->output, data, data_len);
1755 xfree(data); 1753 xfree(data);
1756} 1754}
@@ -1801,9 +1799,8 @@ channel_input_ieof(int type, int plen, u_int32_t seq, void *ctxt)
1801 int id; 1799 int id;
1802 Channel *c; 1800 Channel *c;
1803 1801
1804 packet_integrity_check(plen, 4, type);
1805
1806 id = packet_get_int(); 1802 id = packet_get_int();
1803 packet_done();
1807 c = channel_lookup(id); 1804 c = channel_lookup(id);
1808 if (c == NULL) 1805 if (c == NULL)
1809 packet_disconnect("Received ieof for nonexistent channel %d.", id); 1806 packet_disconnect("Received ieof for nonexistent channel %d.", id);
@@ -1823,9 +1820,8 @@ channel_input_close(int type, int plen, u_int32_t seq, void *ctxt)
1823 int id; 1820 int id;
1824 Channel *c; 1821 Channel *c;
1825 1822
1826 packet_integrity_check(plen, 4, type);
1827
1828 id = packet_get_int(); 1823 id = packet_get_int();
1824 packet_done();
1829 c = channel_lookup(id); 1825 c = channel_lookup(id);
1830 if (c == NULL) 1826 if (c == NULL)
1831 packet_disconnect("Received close for nonexistent channel %d.", id); 1827 packet_disconnect("Received close for nonexistent channel %d.", id);
@@ -1861,7 +1857,8 @@ channel_input_oclose(int type, int plen, u_int32_t seq, void *ctxt)
1861{ 1857{
1862 int id = packet_get_int(); 1858 int id = packet_get_int();
1863 Channel *c = channel_lookup(id); 1859 Channel *c = channel_lookup(id);
1864 packet_integrity_check(plen, 4, type); 1860
1861 packet_done();
1865 if (c == NULL) 1862 if (c == NULL)
1866 packet_disconnect("Received oclose for nonexistent channel %d.", id); 1863 packet_disconnect("Received oclose for nonexistent channel %d.", id);
1867 chan_rcvd_oclose(c); 1864 chan_rcvd_oclose(c);
@@ -1889,9 +1886,6 @@ channel_input_open_confirmation(int type, int plen, u_int32_t seq, void *ctxt)
1889 int id, remote_id; 1886 int id, remote_id;
1890 Channel *c; 1887 Channel *c;
1891 1888
1892 if (!compat20)
1893 packet_integrity_check(plen, 4 + 4, type);
1894
1895 id = packet_get_int(); 1889 id = packet_get_int();
1896 c = channel_lookup(id); 1890 c = channel_lookup(id);
1897 1891
@@ -1906,7 +1900,6 @@ channel_input_open_confirmation(int type, int plen, u_int32_t seq, void *ctxt)
1906 if (compat20) { 1900 if (compat20) {
1907 c->remote_window = packet_get_int(); 1901 c->remote_window = packet_get_int();
1908 c->remote_maxpacket = packet_get_int(); 1902 c->remote_maxpacket = packet_get_int();
1909 packet_done();
1910 if (c->cb_fn != NULL && c->cb_event == type) { 1903 if (c->cb_fn != NULL && c->cb_event == type) {
1911 debug2("callback start"); 1904 debug2("callback start");
1912 c->cb_fn(c->self, c->cb_arg); 1905 c->cb_fn(c->self, c->cb_arg);
@@ -1915,6 +1908,7 @@ channel_input_open_confirmation(int type, int plen, u_int32_t seq, void *ctxt)
1915 debug("channel %d: open confirm rwindow %d rmax %d", c->self, 1908 debug("channel %d: open confirm rwindow %d rmax %d", c->self,
1916 c->remote_window, c->remote_maxpacket); 1909 c->remote_window, c->remote_maxpacket);
1917 } 1910 }
1911 packet_done();
1918} 1912}
1919 1913
1920static char * 1914static char *
@@ -1940,9 +1934,6 @@ channel_input_open_failure(int type, int plen, u_int32_t seq, void *ctxt)
1940 char *msg = NULL, *lang = NULL; 1934 char *msg = NULL, *lang = NULL;
1941 Channel *c; 1935 Channel *c;
1942 1936
1943 if (!compat20)
1944 packet_integrity_check(plen, 4, type);
1945
1946 id = packet_get_int(); 1937 id = packet_get_int();
1947 c = channel_lookup(id); 1938 c = channel_lookup(id);
1948 1939
@@ -1955,7 +1946,6 @@ channel_input_open_failure(int type, int plen, u_int32_t seq, void *ctxt)
1955 msg = packet_get_string(NULL); 1946 msg = packet_get_string(NULL);
1956 lang = packet_get_string(NULL); 1947 lang = packet_get_string(NULL);
1957 } 1948 }
1958 packet_done();
1959 log("channel %d: open failed: %s%s%s", id, 1949 log("channel %d: open failed: %s%s%s", id,
1960 reason2txt(reason), msg ? ": ": "", msg ? msg : ""); 1950 reason2txt(reason), msg ? ": ": "", msg ? msg : "");
1961 if (msg != NULL) 1951 if (msg != NULL)
@@ -1963,6 +1953,7 @@ channel_input_open_failure(int type, int plen, u_int32_t seq, void *ctxt)
1963 if (lang != NULL) 1953 if (lang != NULL)
1964 xfree(lang); 1954 xfree(lang);
1965 } 1955 }
1956 packet_done();
1966 /* Free the channel. This will also close the socket. */ 1957 /* Free the channel. This will also close the socket. */
1967 channel_free(c); 1958 channel_free(c);
1968} 1959}
@@ -2888,10 +2879,9 @@ auth_input_open_request(int type, int plen, u_int32_t seq, void *ctxt)
2888 int remote_id, sock; 2879 int remote_id, sock;
2889 char *name; 2880 char *name;
2890 2881
2891 packet_integrity_check(plen, 4, type);
2892
2893 /* Read the remote channel number from the message. */ 2882 /* Read the remote channel number from the message. */
2894 remote_id = packet_get_int(); 2883 remote_id = packet_get_int();
2884 packet_done();
2895 2885
2896 /* 2886 /*
2897 * Get a connection to the local authentication agent (this may again 2887 * Get a connection to the local authentication agent (this may again
diff --git a/clientloop.c b/clientloop.c
index 9e4f247c6..f71717554 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -59,7 +59,7 @@
59 */ 59 */
60 60
61#include "includes.h" 61#include "includes.h"
62RCSID("$OpenBSD: clientloop.c,v 1.91 2001/12/20 22:50:24 djm Exp $"); 62RCSID("$OpenBSD: clientloop.c,v 1.92 2001/12/27 20:39:58 markus Exp $");
63 63
64#include "ssh.h" 64#include "ssh.h"
65#include "ssh1.h" 65#include "ssh1.h"
@@ -1012,7 +1012,7 @@ client_input_stdout_data(int type, int plen, u_int32_t seq, void *ctxt)
1012{ 1012{
1013 u_int data_len; 1013 u_int data_len;
1014 char *data = packet_get_string(&data_len); 1014 char *data = packet_get_string(&data_len);
1015 packet_integrity_check(plen, 4 + data_len, type); 1015 packet_done();
1016 buffer_append(&stdout_buffer, data, data_len); 1016 buffer_append(&stdout_buffer, data, data_len);
1017 memset(data, 0, data_len); 1017 memset(data, 0, data_len);
1018 xfree(data); 1018 xfree(data);
@@ -1022,7 +1022,7 @@ client_input_stderr_data(int type, int plen, u_int32_t seq, void *ctxt)
1022{ 1022{
1023 u_int data_len; 1023 u_int data_len;
1024 char *data = packet_get_string(&data_len); 1024 char *data = packet_get_string(&data_len);
1025 packet_integrity_check(plen, 4 + data_len, type); 1025 packet_done();
1026 buffer_append(&stderr_buffer, data, data_len); 1026 buffer_append(&stderr_buffer, data, data_len);
1027 memset(data, 0, data_len); 1027 memset(data, 0, data_len);
1028 xfree(data); 1028 xfree(data);
@@ -1030,8 +1030,8 @@ client_input_stderr_data(int type, int plen, u_int32_t seq, void *ctxt)
1030static void 1030static void
1031client_input_exit_status(int type, int plen, u_int32_t seq, void *ctxt) 1031client_input_exit_status(int type, int plen, u_int32_t seq, void *ctxt)
1032{ 1032{
1033 packet_integrity_check(plen, 4, type);
1034 exit_status = packet_get_int(); 1033 exit_status = packet_get_int();
1034 packet_done();
1035 /* Acknowledge the exit. */ 1035 /* Acknowledge the exit. */
1036 packet_start(SSH_CMSG_EXIT_CONFIRMATION); 1036 packet_start(SSH_CMSG_EXIT_CONFIRMATION);
1037 packet_send(); 1037 packet_send();
diff --git a/packet.c b/packet.c
index 17165b696..ee64060eb 100644
--- a/packet.c
+++ b/packet.c
@@ -37,7 +37,7 @@
37 */ 37 */
38 38
39#include "includes.h" 39#include "includes.h"
40RCSID("$OpenBSD: packet.c,v 1.77 2001/12/20 22:50:24 djm Exp $"); 40RCSID("$OpenBSD: packet.c,v 1.78 2001/12/27 20:39:58 markus Exp $");
41 41
42#include "xmalloc.h" 42#include "xmalloc.h"
43#include "buffer.h" 43#include "buffer.h"
@@ -632,7 +632,7 @@ packet_read_seqnr(int *payload_len_ptr, u_int32_t *seqnr_p)
632 || type == SSH_SMSG_FAILURE 632 || type == SSH_SMSG_FAILURE
633 || type == SSH_CMSG_EOF 633 || type == SSH_CMSG_EOF
634 || type == SSH_CMSG_EXIT_CONFIRMATION)) 634 || type == SSH_CMSG_EXIT_CONFIRMATION))
635 packet_integrity_check(*payload_len_ptr, 0, type); 635 packet_done();
636 /* If we got a packet, return it. */ 636 /* If we got a packet, return it. */
637 if (type != SSH_MSG_NONE) { 637 if (type != SSH_MSG_NONE) {
638 xfree(setp); 638 xfree(setp);
diff --git a/packet.h b/packet.h
index 1cc79d47c..11e8be8c0 100644
--- a/packet.h
+++ b/packet.h
@@ -11,7 +11,7 @@
11 * called by a name other than "ssh" or "Secure Shell". 11 * called by a name other than "ssh" or "Secure Shell".
12 */ 12 */
13 13
14/* RCSID("$OpenBSD: packet.h,v 1.28 2001/12/20 22:50:24 djm Exp $"); */ 14/* RCSID("$OpenBSD: packet.h,v 1.29 2001/12/27 20:39:58 markus Exp $"); */
15 15
16#ifndef PACKET_H 16#ifndef PACKET_H
17#define PACKET_H 17#define PACKET_H
@@ -74,16 +74,6 @@ extern int max_packet_size;
74int packet_set_maxsize(int); 74int packet_set_maxsize(int);
75#define packet_get_maxsize() max_packet_size 75#define packet_get_maxsize() max_packet_size
76 76
77#define packet_integrity_check(payload_len, expected_len, type) \
78do { \
79 int _p = (payload_len), _e = (expected_len); \
80 if (_p != _e) { \
81 log("Packet integrity error (%d != %d) at %s:%d", \
82 _p, _e, __FILE__, __LINE__); \
83 packet_disconnect("Packet integrity error. (%d)", (type)); \
84 } \
85} while (0)
86
87#define packet_done() \ 77#define packet_done() \
88do { \ 78do { \
89 int _len = packet_remaining(); \ 79 int _len = packet_remaining(); \
diff --git a/serverloop.c b/serverloop.c
index d28b8611e..39aa1560e 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -35,7 +35,7 @@
35 */ 35 */
36 36
37#include "includes.h" 37#include "includes.h"
38RCSID("$OpenBSD: serverloop.c,v 1.89 2001/12/21 12:17:33 markus Exp $"); 38RCSID("$OpenBSD: serverloop.c,v 1.90 2001/12/27 20:39:58 markus Exp $");
39 39
40#include "xmalloc.h" 40#include "xmalloc.h"
41#include "packet.h" 41#include "packet.h"
@@ -806,7 +806,7 @@ server_input_stdin_data(int type, int plen, u_int32_t seq, void *ctxt)
806 if (fdin == -1) 806 if (fdin == -1)
807 return; 807 return;
808 data = packet_get_string(&data_len); 808 data = packet_get_string(&data_len);
809 packet_integrity_check(plen, (4 + data_len), type); 809 packet_done();
810 buffer_append(&stdin_buffer, data, data_len); 810 buffer_append(&stdin_buffer, data, data_len);
811 memset(data, 0, data_len); 811 memset(data, 0, data_len);
812 xfree(data); 812 xfree(data);
@@ -821,7 +821,7 @@ server_input_eof(int type, int plen, u_int32_t seq, void *ctxt)
821 * drained. 821 * drained.
822 */ 822 */
823 debug("EOF received for stdin."); 823 debug("EOF received for stdin.");
824 packet_integrity_check(plen, 0, type); 824 packet_done();
825 stdin_eof = 1; 825 stdin_eof = 1;
826} 826}
827 827
@@ -834,7 +834,7 @@ server_input_window_size(int type, int plen, u_int32_t seq, void *ctxt)
834 int ypixel = packet_get_int(); 834 int ypixel = packet_get_int();
835 835
836 debug("Window change received."); 836 debug("Window change received.");
837 packet_integrity_check(plen, 4 * 4, type); 837 packet_done();
838 if (fdin != -1) 838 if (fdin != -1)
839 pty_change_window_size(fdin, row, col, xpixel, ypixel); 839 pty_change_window_size(fdin, row, col, xpixel, ypixel);
840} 840}
diff --git a/session.c b/session.c
index 8fe2cbf8f..612841049 100644
--- a/session.c
+++ b/session.c
@@ -33,7 +33,7 @@
33 */ 33 */
34 34
35#include "includes.h" 35#include "includes.h"
36RCSID("$OpenBSD: session.c,v 1.114 2001/12/20 16:37:29 markus Exp $"); 36RCSID("$OpenBSD: session.c,v 1.115 2001/12/27 20:39:58 markus Exp $");
37 37
38#include "ssh.h" 38#include "ssh.h"
39#include "ssh1.h" 39#include "ssh1.h"
@@ -254,8 +254,8 @@ do_authenticated1(Authctxt *authctxt)
254 /* Process the packet. */ 254 /* Process the packet. */
255 switch (type) { 255 switch (type) {
256 case SSH_CMSG_REQUEST_COMPRESSION: 256 case SSH_CMSG_REQUEST_COMPRESSION:
257 packet_integrity_check(plen, 4, type);
258 compression_level = packet_get_int(); 257 compression_level = packet_get_int();
258 packet_done();
259 if (compression_level < 1 || compression_level > 9) { 259 if (compression_level < 1 || compression_level > 9) {
260 packet_send_debug("Received illegal compression level %d.", 260 packet_send_debug("Received illegal compression level %d.",
261 compression_level); 261 compression_level);
@@ -330,7 +330,7 @@ do_authenticated1(Authctxt *authctxt)
330 verbose("Kerberos TGT passing disabled."); 330 verbose("Kerberos TGT passing disabled.");
331 } else { 331 } else {
332 char *kdata = packet_get_string(&dlen); 332 char *kdata = packet_get_string(&dlen);
333 packet_integrity_check(plen, 4 + dlen, type); 333 packet_done();
334 334
335 /* XXX - 0x41, see creds_to_radix version */ 335 /* XXX - 0x41, see creds_to_radix version */
336 if (kdata[0] != 0x41) { 336 if (kdata[0] != 0x41) {
@@ -364,7 +364,7 @@ do_authenticated1(Authctxt *authctxt)
364 } else { 364 } else {
365 /* Accept AFS token. */ 365 /* Accept AFS token. */
366 char *token = packet_get_string(&dlen); 366 char *token = packet_get_string(&dlen);
367 packet_integrity_check(plen, 4 + dlen, type); 367 packet_done();
368 368
369 if (auth_afs_token(s->authctxt, token)) 369 if (auth_afs_token(s->authctxt, token))
370 success = 1; 370 success = 1;
diff --git a/ssh.c b/ssh.c
index a768f8ff1..b6728f4dc 100644
--- a/ssh.c
+++ b/ssh.c
@@ -39,7 +39,7 @@
39 */ 39 */
40 40
41#include "includes.h" 41#include "includes.h"
42RCSID("$OpenBSD: ssh.c,v 1.153 2001/12/20 22:50:24 djm Exp $"); 42RCSID("$OpenBSD: ssh.c,v 1.154 2001/12/27 20:39:58 markus Exp $");
43 43
44#include <openssl/evp.h> 44#include <openssl/evp.h>
45#include <openssl/err.h> 45#include <openssl/err.h>
@@ -976,7 +976,7 @@ ssh_session(void)
976 976
977 /* Read response from the server. */ 977 /* Read response from the server. */
978 type = packet_read(&plen); 978 type = packet_read(&plen);
979 packet_integrity_check(plen, 0, type); 979 packet_done();
980 if (type != SSH_SMSG_SUCCESS) 980 if (type != SSH_SMSG_SUCCESS)
981 log("Warning: Remote host denied authentication agent forwarding."); 981 log("Warning: Remote host denied authentication agent forwarding.");
982 } 982 }
diff --git a/sshconnect1.c b/sshconnect1.c
index 166e392e7..240bdffe2 100644
--- a/sshconnect1.c
+++ b/sshconnect1.c
@@ -13,7 +13,7 @@
13 */ 13 */
14 14
15#include "includes.h" 15#include "includes.h"
16RCSID("$OpenBSD: sshconnect1.c,v 1.43 2001/12/27 18:22:16 markus Exp $"); 16RCSID("$OpenBSD: sshconnect1.c,v 1.44 2001/12/27 20:39:58 markus Exp $");
17 17
18#include <openssl/bn.h> 18#include <openssl/bn.h>
19#include <openssl/evp.h> 19#include <openssl/evp.h>
@@ -109,8 +109,7 @@ try_agent_authentication(void)
109 type); 109 type);
110 110
111 packet_get_bignum(challenge, &clen); 111 packet_get_bignum(challenge, &clen);
112 112 packet_done();
113 packet_integrity_check(plen, clen, type);
114 113
115 debug("Received RSA challenge from server."); 114 debug("Received RSA challenge from server.");
116 115
@@ -244,8 +243,7 @@ try_rsa_authentication(int idx)
244 if ((challenge = BN_new()) == NULL) 243 if ((challenge = BN_new()) == NULL)
245 fatal("try_rsa_authentication: BN_new failed"); 244 fatal("try_rsa_authentication: BN_new failed");
246 packet_get_bignum(challenge, &clen); 245 packet_get_bignum(challenge, &clen);
247 246 packet_done();
248 packet_integrity_check(plen, clen, type);
249 247
250 debug("Received RSA challenge from server."); 248 debug("Received RSA challenge from server.");
251 249
@@ -359,8 +357,7 @@ try_rhosts_rsa_authentication(const char *local_user, Key * host_key)
359 if ((challenge = BN_new()) == NULL) 357 if ((challenge = BN_new()) == NULL)
360 fatal("try_rhosts_rsa_authentication: BN_new failed"); 358 fatal("try_rhosts_rsa_authentication: BN_new failed");
361 packet_get_bignum(challenge, &clen); 359 packet_get_bignum(challenge, &clen);
362 360 packet_done();
363 packet_integrity_check(plen, clen, type);
364 361
365 debug("Received RSA challenge for host key from server."); 362 debug("Received RSA challenge for host key from server.");
366 363
@@ -467,7 +464,7 @@ try_krb4_authentication(void)
467 memcpy(auth.dat, reply, auth.length); 464 memcpy(auth.dat, reply, auth.length);
468 xfree(reply); 465 xfree(reply);
469 466
470 packet_integrity_check(plen, 4 + auth.length, type); 467 packet_done();
471 468
472 /* 469 /*
473 * If his response isn't properly encrypted with the session 470 * If his response isn't properly encrypted with the session
@@ -576,8 +573,7 @@ try_krb5_authentication(krb5_context *context, krb5_auth_context *auth_context)
576 573
577 /* Get server's response. */ 574 /* Get server's response. */
578 ap.data = packet_get_string((unsigned int *) &ap.length); 575 ap.data = packet_get_string((unsigned int *) &ap.length);
579 576 packet_done();
580 packet_integrity_check(payload_len, 4 + ap.length, type);
581 /* XXX je to dobre? */ 577 /* XXX je to dobre? */
582 578
583 problem = krb5_rd_rep(*context, *auth_context, &ap, &reply); 579 problem = krb5_rd_rep(*context, *auth_context, &ap, &reply);
@@ -842,7 +838,7 @@ try_challenge_response_authentication(void)
842 return 0; 838 return 0;
843 } 839 }
844 challenge = packet_get_string(&clen); 840 challenge = packet_get_string(&clen);
845 packet_integrity_check(payload_len, (4 + clen), type); 841 packet_done();
846 snprintf(prompt, sizeof prompt, "%s%s", challenge, 842 snprintf(prompt, sizeof prompt, "%s%s", challenge,
847 strchr(challenge, '\n') ? "" : "\nResponse: "); 843 strchr(challenge, '\n') ? "" : "\nResponse: ");
848 xfree(challenge); 844 xfree(challenge);
@@ -968,13 +964,11 @@ ssh_kex(char *host, struct sockaddr *hostaddr)
968 964
969 supported_ciphers = packet_get_int(); 965 supported_ciphers = packet_get_int();
970 supported_authentications = packet_get_int(); 966 supported_authentications = packet_get_int();
967 packet_done();
971 968
972 debug("Received server public key (%d bits) and host key (%d bits).", 969 debug("Received server public key (%d bits) and host key (%d bits).",
973 BN_num_bits(server_key->rsa->n), BN_num_bits(host_key->rsa->n)); 970 BN_num_bits(server_key->rsa->n), BN_num_bits(host_key->rsa->n));
974 971
975 packet_integrity_check(payload_len,
976 8 + 4 + sum_len + 0 + 4 + 0 + 0 + 4 + 4 + 4,
977 SSH_SMSG_PUBLIC_KEY);
978 if (verify_host_key(host, hostaddr, host_key) == -1) 972 if (verify_host_key(host, hostaddr, host_key) == -1)
979 fatal("Host key verification failed."); 973 fatal("Host key verification failed.");
980 974
diff --git a/sshd.c b/sshd.c
index 69372765a..530754203 100644
--- a/sshd.c
+++ b/sshd.c
@@ -40,7 +40,7 @@
40 */ 40 */
41 41
42#include "includes.h" 42#include "includes.h"
43RCSID("$OpenBSD: sshd.c,v 1.218 2001/12/27 18:22:16 markus Exp $"); 43RCSID("$OpenBSD: sshd.c,v 1.219 2001/12/27 20:39:58 markus Exp $");
44 44
45#include <openssl/dh.h> 45#include <openssl/dh.h>
46#include <openssl/bn.h> 46#include <openssl/bn.h>
@@ -1358,8 +1358,7 @@ do_ssh1_kex(void)
1358 1358
1359 protocol_flags = packet_get_int(); 1359 protocol_flags = packet_get_int();
1360 packet_set_protocol_flags(protocol_flags); 1360 packet_set_protocol_flags(protocol_flags);
1361 1361 packet_done();
1362 packet_integrity_check(plen, 1 + 8 + slen + 4, SSH_CMSG_SESSION_KEY);
1363 1362
1364 /* 1363 /*
1365 * Decrypt it using our private server key and private host key (key 1364 * Decrypt it using our private server key and private host key (key