diff options
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | auth-options.c | 16 | ||||
-rw-r--r-- | key.c | 7 |
3 files changed, 6 insertions, 21 deletions
@@ -12,6 +12,10 @@ | |||
12 | - stsp@cvs.openbsd.org 2011/10/16 15:51:39 | 12 | - stsp@cvs.openbsd.org 2011/10/16 15:51:39 |
13 | [moduli.c] | 13 | [moduli.c] |
14 | add missing includes to unbreak tree; fix from rpointel | 14 | add missing includes to unbreak tree; fix from rpointel |
15 | - djm@cvs.openbsd.org 2011/10/18 04:58:26 | ||
16 | [auth-options.c key.c] | ||
17 | remove explict search for \0 in packet strings, this job is now done | ||
18 | implicitly by buffer_get_cstring; ok markus | ||
15 | 19 | ||
16 | 20111001 | 20 | 20111001 |
17 | - (dtucker) [openbsd-compat/mktemp.c] Fix compiler warning. ok djm | 21 | - (dtucker) [openbsd-compat/mktemp.c] Fix compiler warning. ok djm |
diff --git a/auth-options.c b/auth-options.c index b3c19c1c0..0e67bd8c0 100644 --- a/auth-options.c +++ b/auth-options.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth-options.c,v 1.55 2011/09/23 00:22:04 dtucker Exp $ */ | 1 | /* $OpenBSD: auth-options.c,v 1.56 2011/10/18 04:58:26 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -452,10 +452,6 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw, | |||
452 | buffer_append(&data, data_blob, dlen); | 452 | buffer_append(&data, data_blob, dlen); |
453 | debug3("found certificate option \"%.100s\" len %u", | 453 | debug3("found certificate option \"%.100s\" len %u", |
454 | name, dlen); | 454 | name, dlen); |
455 | if (strlen(name) != nlen) { | ||
456 | error("Certificate constraint name contains \\0"); | ||
457 | goto out; | ||
458 | } | ||
459 | found = 0; | 455 | found = 0; |
460 | if ((which & OPTIONS_EXTENSIONS) != 0) { | 456 | if ((which & OPTIONS_EXTENSIONS) != 0) { |
461 | if (strcmp(name, "permit-X11-forwarding") == 0) { | 457 | if (strcmp(name, "permit-X11-forwarding") == 0) { |
@@ -485,11 +481,6 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw, | |||
485 | "corrupt", name); | 481 | "corrupt", name); |
486 | goto out; | 482 | goto out; |
487 | } | 483 | } |
488 | if (strlen(command) != clen) { | ||
489 | error("force-command constraint " | ||
490 | "contains \\0"); | ||
491 | goto out; | ||
492 | } | ||
493 | if (*cert_forced_command != NULL) { | 484 | if (*cert_forced_command != NULL) { |
494 | error("Certificate has multiple " | 485 | error("Certificate has multiple " |
495 | "force-command options"); | 486 | "force-command options"); |
@@ -506,11 +497,6 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw, | |||
506 | "\"%s\" corrupt", name); | 497 | "\"%s\" corrupt", name); |
507 | goto out; | 498 | goto out; |
508 | } | 499 | } |
509 | if (strlen(allowed) != clen) { | ||
510 | error("source-address constraint " | ||
511 | "contains \\0"); | ||
512 | goto out; | ||
513 | } | ||
514 | if ((*cert_source_address_done)++) { | 500 | if ((*cert_source_address_done)++) { |
515 | error("Certificate has multiple " | 501 | error("Certificate has multiple " |
516 | "source-address options"); | 502 | "source-address options"); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: key.c,v 1.97 2011/05/17 07:13:31 djm Exp $ */ | 1 | /* $OpenBSD: key.c,v 1.98 2011/10/18 04:58:26 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * read_bignum(): | 3 | * read_bignum(): |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -1356,11 +1356,6 @@ cert_parse(Buffer *b, Key *key, const u_char *blob, u_int blen) | |||
1356 | goto out; | 1356 | goto out; |
1357 | } | 1357 | } |
1358 | 1358 | ||
1359 | if (kidlen != strlen(key->cert->key_id)) { | ||
1360 | error("%s: key ID contains \\0 character", __func__); | ||
1361 | goto out; | ||
1362 | } | ||
1363 | |||
1364 | /* Signature is left in the buffer so we can calculate this length */ | 1359 | /* Signature is left in the buffer so we can calculate this length */ |
1365 | signed_len = buffer_len(&key->cert->certblob) - buffer_len(b); | 1360 | signed_len = buffer_len(&key->cert->certblob) - buffer_len(b); |
1366 | 1361 | ||