summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--sshd.c15
1 files changed, 8 insertions, 7 deletions
diff --git a/sshd.c b/sshd.c
index 75ea61ead..c9c606e85 100644
--- a/sshd.c
+++ b/sshd.c
@@ -18,7 +18,7 @@ agent connections.
18*/ 18*/
19 19
20#include "includes.h" 20#include "includes.h"
21RCSID("$Id: sshd.c,v 1.13 1999/11/11 06:57:40 damien Exp $"); 21RCSID("$Id: sshd.c,v 1.14 1999/11/11 09:44:05 damien Exp $");
22 22
23#include "xmalloc.h" 23#include "xmalloc.h"
24#include "rsa.h" 24#include "rsa.h"
@@ -881,7 +881,7 @@ main(int ac, char **av)
881 881
882void do_connection(int privileged_port) 882void do_connection(int privileged_port)
883{ 883{
884 int i; 884 int i, len;
885 BIGNUM *session_key_int; 885 BIGNUM *session_key_int;
886 unsigned char session_key[SSH_SESSION_KEY_LENGTH]; 886 unsigned char session_key[SSH_SESSION_KEY_LENGTH];
887 unsigned char check_bytes[8]; 887 unsigned char check_bytes[8];
@@ -1024,11 +1024,12 @@ void do_connection(int privileged_port)
1024 least significant 256 bits of the integer; the first byte of the 1024 least significant 256 bits of the integer; the first byte of the
1025 key is in the highest bits. */ 1025 key is in the highest bits. */
1026 BN_mask_bits(session_key_int, sizeof(session_key) * 8); 1026 BN_mask_bits(session_key_int, sizeof(session_key) * 8);
1027 if (BN_num_bytes(session_key_int) != sizeof(session_key)){ 1027 len = BN_num_bytes(session_key_int);
1028 fatal("do_connection: session_key_int %d != sizeof(session_key) %d", 1028 if (len <= 0 || len > sizeof(session_key))
1029 BN_num_bytes(session_key_int), sizeof(session_key)); 1029 fatal("do_connection: bad len: session_key_int %d > sizeof(session_key) %d",
1030 } 1030 len, sizeof(session_key));
1031 BN_bn2bin(session_key_int, session_key); 1031 memset(session_key, 0, sizeof(session_key));
1032 BN_bn2bin(session_key_int, session_key + sizeof(session_key) - len);
1032 1033
1033 /* Xor the first 16 bytes of the session key with the session id. */ 1034 /* Xor the first 16 bytes of the session key with the session id. */
1034 for (i = 0; i < 16; i++) 1035 for (i = 0; i < 16; i++)