diff options
Diffstat (limited to 'auth1.c')
-rw-r--r-- | auth1.c | 17 |
1 files changed, 8 insertions, 9 deletions
@@ -10,7 +10,7 @@ | |||
10 | */ | 10 | */ |
11 | 11 | ||
12 | #include "includes.h" | 12 | #include "includes.h" |
13 | RCSID("$OpenBSD: auth1.c,v 1.30 2001/12/27 19:54:53 markus Exp $"); | 13 | RCSID("$OpenBSD: auth1.c,v 1.31 2001/12/27 20:39:58 markus Exp $"); |
14 | 14 | ||
15 | #include "xmalloc.h" | 15 | #include "xmalloc.h" |
16 | #include "rsa.h" | 16 | #include "rsa.h" |
@@ -120,8 +120,7 @@ do_authloop(Authctxt *authctxt) | |||
120 | verbose("Kerberos authentication disabled."); | 120 | verbose("Kerberos authentication disabled."); |
121 | } else { | 121 | } else { |
122 | char *kdata = packet_get_string(&dlen); | 122 | char *kdata = packet_get_string(&dlen); |
123 | 123 | packet_done(); | |
124 | packet_integrity_check(plen, 4 + dlen, type); | ||
125 | 124 | ||
126 | if (kdata[0] == 4) { /* KRB_PROT_VERSION */ | 125 | if (kdata[0] == 4) { /* KRB_PROT_VERSION */ |
127 | #ifdef KRB4 | 126 | #ifdef KRB4 |
@@ -181,7 +180,7 @@ do_authloop(Authctxt *authctxt) | |||
181 | * IP-spoofing on a local network.) | 180 | * IP-spoofing on a local network.) |
182 | */ | 181 | */ |
183 | client_user = packet_get_string(&ulen); | 182 | client_user = packet_get_string(&ulen); |
184 | packet_integrity_check(plen, 4 + ulen, type); | 183 | packet_done(); |
185 | 184 | ||
186 | /* Try to authenticate using /etc/hosts.equiv and .rhosts. */ | 185 | /* Try to authenticate using /etc/hosts.equiv and .rhosts. */ |
187 | authenticated = auth_rhosts(pw, client_user); | 186 | authenticated = auth_rhosts(pw, client_user); |
@@ -211,7 +210,7 @@ do_authloop(Authctxt *authctxt) | |||
211 | verbose("Warning: keysize mismatch for client_host_key: " | 210 | verbose("Warning: keysize mismatch for client_host_key: " |
212 | "actual %d, announced %d", | 211 | "actual %d, announced %d", |
213 | BN_num_bits(client_host_key->rsa->n), bits); | 212 | BN_num_bits(client_host_key->rsa->n), bits); |
214 | packet_integrity_check(plen, (4 + ulen) + 4 + elen + nlen, type); | 213 | packet_done(); |
215 | 214 | ||
216 | authenticated = auth_rhosts_rsa(pw, client_user, | 215 | authenticated = auth_rhosts_rsa(pw, client_user, |
217 | client_host_key); | 216 | client_host_key); |
@@ -229,7 +228,7 @@ do_authloop(Authctxt *authctxt) | |||
229 | if ((n = BN_new()) == NULL) | 228 | if ((n = BN_new()) == NULL) |
230 | fatal("do_authloop: BN_new failed"); | 229 | fatal("do_authloop: BN_new failed"); |
231 | packet_get_bignum(n, &nlen); | 230 | packet_get_bignum(n, &nlen); |
232 | packet_integrity_check(plen, nlen, type); | 231 | packet_done(); |
233 | authenticated = auth_rsa(pw, n); | 232 | authenticated = auth_rsa(pw, n); |
234 | BN_clear_free(n); | 233 | BN_clear_free(n); |
235 | break; | 234 | break; |
@@ -245,7 +244,7 @@ do_authloop(Authctxt *authctxt) | |||
245 | * not visible to an outside observer. | 244 | * not visible to an outside observer. |
246 | */ | 245 | */ |
247 | password = packet_get_string(&dlen); | 246 | password = packet_get_string(&dlen); |
248 | packet_integrity_check(plen, 4 + dlen, type); | 247 | packet_done(); |
249 | 248 | ||
250 | #ifdef USE_PAM | 249 | #ifdef USE_PAM |
251 | /* Do PAM auth with password */ | 250 | /* Do PAM auth with password */ |
@@ -283,7 +282,7 @@ do_authloop(Authctxt *authctxt) | |||
283 | if (options.challenge_response_authentication == 1) { | 282 | if (options.challenge_response_authentication == 1) { |
284 | char *response = packet_get_string(&dlen); | 283 | char *response = packet_get_string(&dlen); |
285 | debug("got response '%s'", response); | 284 | debug("got response '%s'", response); |
286 | packet_integrity_check(plen, 4 + dlen, type); | 285 | packet_done(); |
287 | authenticated = verify_response(authctxt, response); | 286 | authenticated = verify_response(authctxt, response); |
288 | memset(response, 'r', dlen); | 287 | memset(response, 'r', dlen); |
289 | xfree(response); | 288 | xfree(response); |
@@ -370,7 +369,7 @@ do_authentication(void) | |||
370 | 369 | ||
371 | /* Get the user name. */ | 370 | /* Get the user name. */ |
372 | user = packet_get_string(&ulen); | 371 | user = packet_get_string(&ulen); |
373 | packet_integrity_check(plen, (4 + ulen), SSH_CMSG_USER); | 372 | packet_done(); |
374 | 373 | ||
375 | if ((style = strchr(user, ':')) != NULL) | 374 | if ((style = strchr(user, ':')) != NULL) |
376 | *style++ = '\0'; | 375 | *style++ = '\0'; |