diff options
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | bufaux.c | 12 |
2 files changed, 13 insertions, 5 deletions
| @@ -35,6 +35,10 @@ | |||
| 35 | - (stevesk) [README.privsep] more for sshd pseudo-account. | 35 | - (stevesk) [README.privsep] more for sshd pseudo-account. |
| 36 | - (tim) [contrib/caldera/openssh.spec] add support for privsep | 36 | - (tim) [contrib/caldera/openssh.spec] add support for privsep |
| 37 | - (djm) setlogin needs pgid==pid on BSD/OS; from itojun@ | 37 | - (djm) setlogin needs pgid==pid on BSD/OS; from itojun@ |
| 38 | - (djm) OpenBSD CVS Sync | ||
| 39 | - markus@cvs.openbsd.org 2002/06/26 08:53:12 | ||
| 40 | [bufaux.c] | ||
| 41 | limit size of BNs to 8KB; ok provos/deraadt | ||
| 38 | 42 | ||
| 39 | 20020625 | 43 | 20020625 |
| 40 | - (stevesk) [INSTALL acconfig.h configure.ac defines.h] remove --with-rsh | 44 | - (stevesk) [INSTALL acconfig.h configure.ac defines.h] remove --with-rsh |
| @@ -1134,4 +1138,4 @@ | |||
| 1134 | - (stevesk) entropy.c: typo in debug message | 1138 | - (stevesk) entropy.c: typo in debug message |
| 1135 | - (djm) ssh-keygen -i needs seeded RNG; report from markus@ | 1139 | - (djm) ssh-keygen -i needs seeded RNG; report from markus@ |
| 1136 | 1140 | ||
| 1137 | $Id: ChangeLog,v 1.2289 2002/06/26 09:12:59 djm Exp $ | 1141 | $Id: ChangeLog,v 1.2290 2002/06/26 09:14:08 djm Exp $ |
| @@ -37,7 +37,7 @@ | |||
| 37 | */ | 37 | */ |
| 38 | 38 | ||
| 39 | #include "includes.h" | 39 | #include "includes.h" |
| 40 | RCSID("$OpenBSD: bufaux.c,v 1.26 2002/06/23 09:46:51 deraadt Exp $"); | 40 | RCSID("$OpenBSD: bufaux.c,v 1.27 2002/06/26 08:53:12 markus Exp $"); |
| 41 | 41 | ||
| 42 | #include <openssl/bn.h> | 42 | #include <openssl/bn.h> |
| 43 | #include "bufaux.h" | 43 | #include "bufaux.h" |
| @@ -88,6 +88,8 @@ buffer_get_bignum(Buffer *buffer, BIGNUM *value) | |||
| 88 | bits = GET_16BIT(buf); | 88 | bits = GET_16BIT(buf); |
| 89 | /* Compute the number of binary bytes that follow. */ | 89 | /* Compute the number of binary bytes that follow. */ |
| 90 | bytes = (bits + 7) / 8; | 90 | bytes = (bits + 7) / 8; |
| 91 | if (bytes > 8 * 1024) | ||
| 92 | fatal("buffer_get_bignum: cannot handle BN of size %d", bytes); | ||
| 91 | if (buffer_len(buffer) < bytes) | 93 | if (buffer_len(buffer) < bytes) |
| 92 | fatal("buffer_get_bignum: input buffer too small"); | 94 | fatal("buffer_get_bignum: input buffer too small"); |
| 93 | bin = buffer_ptr(buffer); | 95 | bin = buffer_ptr(buffer); |
| @@ -129,13 +131,15 @@ buffer_put_bignum2(Buffer *buffer, BIGNUM *value) | |||
| 129 | xfree(buf); | 131 | xfree(buf); |
| 130 | } | 132 | } |
| 131 | 133 | ||
| 134 | /* XXX does not handle negative BNs */ | ||
| 132 | void | 135 | void |
| 133 | buffer_get_bignum2(Buffer *buffer, BIGNUM *value) | 136 | buffer_get_bignum2(Buffer *buffer, BIGNUM *value) |
| 134 | { | 137 | { |
| 135 | /**XXX should be two's-complement */ | 138 | u_int len; |
| 136 | int len; | 139 | u_char *bin = buffer_get_string(buffer, &len); |
| 137 | u_char *bin = buffer_get_string(buffer, (u_int *)&len); | ||
| 138 | 140 | ||
| 141 | if (len > 8 * 1024) | ||
| 142 | fatal("buffer_get_bignum2: cannot handle BN of size %d", len); | ||
| 139 | BN_bin2bn(bin, len, value); | 143 | BN_bin2bn(bin, len, value); |
| 140 | xfree(bin); | 144 | xfree(bin); |
| 141 | } | 145 | } |