summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog6
-rw-r--r--bufaux.c12
2 files changed, 13 insertions, 5 deletions
diff --git a/ChangeLog b/ChangeLog
index 55075c806..8fa522ffb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -35,6 +35,10 @@
35 - (stevesk) [README.privsep] more for sshd pseudo-account. 35 - (stevesk) [README.privsep] more for sshd pseudo-account.
36 - (tim) [contrib/caldera/openssh.spec] add support for privsep 36 - (tim) [contrib/caldera/openssh.spec] add support for privsep
37 - (djm) setlogin needs pgid==pid on BSD/OS; from itojun@ 37 - (djm) setlogin needs pgid==pid on BSD/OS; from itojun@
38 - (djm) OpenBSD CVS Sync
39 - markus@cvs.openbsd.org 2002/06/26 08:53:12
40 [bufaux.c]
41 limit size of BNs to 8KB; ok provos/deraadt
38 42
3920020625 4320020625
40 - (stevesk) [INSTALL acconfig.h configure.ac defines.h] remove --with-rsh 44 - (stevesk) [INSTALL acconfig.h configure.ac defines.h] remove --with-rsh
@@ -1134,4 +1138,4 @@
1134 - (stevesk) entropy.c: typo in debug message 1138 - (stevesk) entropy.c: typo in debug message
1135 - (djm) ssh-keygen -i needs seeded RNG; report from markus@ 1139 - (djm) ssh-keygen -i needs seeded RNG; report from markus@
1136 1140
1137$Id: ChangeLog,v 1.2289 2002/06/26 09:12:59 djm Exp $ 1141$Id: ChangeLog,v 1.2290 2002/06/26 09:14:08 djm Exp $
diff --git a/bufaux.c b/bufaux.c
index 80abe890b..d3dc674ce 100644
--- a/bufaux.c
+++ b/bufaux.c
@@ -37,7 +37,7 @@
37 */ 37 */
38 38
39#include "includes.h" 39#include "includes.h"
40RCSID("$OpenBSD: bufaux.c,v 1.26 2002/06/23 09:46:51 deraadt Exp $"); 40RCSID("$OpenBSD: bufaux.c,v 1.27 2002/06/26 08:53:12 markus Exp $");
41 41
42#include <openssl/bn.h> 42#include <openssl/bn.h>
43#include "bufaux.h" 43#include "bufaux.h"
@@ -88,6 +88,8 @@ buffer_get_bignum(Buffer *buffer, BIGNUM *value)
88 bits = GET_16BIT(buf); 88 bits = GET_16BIT(buf);
89 /* Compute the number of binary bytes that follow. */ 89 /* Compute the number of binary bytes that follow. */
90 bytes = (bits + 7) / 8; 90 bytes = (bits + 7) / 8;
91 if (bytes > 8 * 1024)
92 fatal("buffer_get_bignum: cannot handle BN of size %d", bytes);
91 if (buffer_len(buffer) < bytes) 93 if (buffer_len(buffer) < bytes)
92 fatal("buffer_get_bignum: input buffer too small"); 94 fatal("buffer_get_bignum: input buffer too small");
93 bin = buffer_ptr(buffer); 95 bin = buffer_ptr(buffer);
@@ -129,13 +131,15 @@ buffer_put_bignum2(Buffer *buffer, BIGNUM *value)
129 xfree(buf); 131 xfree(buf);
130} 132}
131 133
134/* XXX does not handle negative BNs */
132void 135void
133buffer_get_bignum2(Buffer *buffer, BIGNUM *value) 136buffer_get_bignum2(Buffer *buffer, BIGNUM *value)
134{ 137{
135 /**XXX should be two's-complement */ 138 u_int len;
136 int len; 139 u_char *bin = buffer_get_string(buffer, &len);
137 u_char *bin = buffer_get_string(buffer, (u_int *)&len);
138 140
141 if (len > 8 * 1024)
142 fatal("buffer_get_bignum2: cannot handle BN of size %d", len);
139 BN_bin2bn(bin, len, value); 143 BN_bin2bn(bin, len, value);
140 xfree(bin); 144 xfree(bin);
141} 145}