1 files changed, 8 insertions, 9 deletions
diff --git a/auth1.c b/auth1.c
index 766053c97..2ea638b9a 100644
--- a/auth1.c
+++ b/auth1.c
@@ -10,7 +10,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: auth1.c,v 1.30 2001/12/27 19:54:53 markus Exp $");
+RCSID("$OpenBSD: auth1.c,v 1.31 2001/12/27 20:39:58 markus Exp $");
 #include "xmalloc.h"
 #include "rsa.h"
@@ -120,8 +120,7 @@ do_authloop(Authctxt *authctxt)
                                verbose("Kerberos authentication disabled.");
                        } else {
                                char *kdata = packet_get_string(&dlen);
+                                packet_done();
-                                packet_integrity_check(plen, 4 + dlen, type);
                                if (kdata[0] == 4) { /* KRB_PROT_VERSION */
 #ifdef KRB4
@@ -181,7 +180,7 @@ do_authloop(Authctxt *authctxt)
                         * IP-spoofing on a local network.)
                         */
                        client_user = packet_get_string(&ulen);
-                        packet_integrity_check(plen, 4 + ulen, type);
+                        packet_done();
                        /* Try to authenticate using /etc/hosts.equiv and .rhosts. */
                        authenticated = auth_rhosts(pw, client_user);
@@ -211,7 +210,7 @@ do_authloop(Authctxt *authctxt)
                                verbose("Warning: keysize mismatch for client_host_key: "
                                    "actual %d, announced %d",
                                     BN_num_bits(client_host_key->rsa->n), bits);
-                        packet_integrity_check(plen, (4 + ulen) + 4 + elen + nlen, type);
+                        packet_done();
                        authenticated = auth_rhosts_rsa(pw, client_user,
                            client_host_key);
@@ -229,7 +228,7 @@ do_authloop(Authctxt *authctxt)
                        if ((n = BN_new()) == NULL)
                                fatal("do_authloop: BN_new failed");
                        packet_get_bignum(n, &nlen);
-                        packet_integrity_check(plen, nlen, type);
+                        packet_done();
                        authenticated = auth_rsa(pw, n);
                        BN_clear_free(n);
                        break;
@@ -245,7 +244,7 @@ do_authloop(Authctxt *authctxt)
                         * not visible to an outside observer.
                         */
                        password = packet_get_string(&dlen);
-                        packet_integrity_check(plen, 4 + dlen, type);
+                        packet_done();
 #ifdef USE_PAM
                        /* Do PAM auth with password */
@@ -283,7 +282,7 @@ do_authloop(Authctxt *authctxt)
                        if (options.challenge_response_authentication == 1) {
                                char *response = packet_get_string(&dlen);
                                debug("got response '%s'", response);
-                                packet_integrity_check(plen, 4 + dlen, type);
+                                packet_done();
                                authenticated = verify_response(authctxt, response);
                                memset(response, 'r', dlen);
                                xfree(response);
@@ -370,7 +369,7 @@ do_authentication(void)
        /* Get the user name. */
        user = packet_get_string(&ulen);
-        packet_integrity_check(plen, (4 + ulen), SSH_CMSG_USER);
+        packet_done();
        if ((style = strchr(user, ':')) != NULL)
                *style++ = '\0';

diff --git a/auth1.c b/auth1.c index 766053c97..2ea638b9a 100644 --- a/auth1.c +++ b/auth1.c
@@ -10,7 +10,7 @@
10	*/	10	*/
11		11
12	#include "includes.h"	12	#include "includes.h"
13	RCSID("$OpenBSD: auth1.c,v 1.30 2001/12/27 19:54:53 markus Exp $");	13	RCSID("$OpenBSD: auth1.c,v 1.31 2001/12/27 20:39:58 markus Exp $");
14		14
15	#include "xmalloc.h"	15	#include "xmalloc.h"
16	#include "rsa.h"	16	#include "rsa.h"
@@ -120,8 +120,7 @@ do_authloop(Authctxt *authctxt)
120	verbose("Kerberos authentication disabled.");	120	verbose("Kerberos authentication disabled.");
121	} else {	121	} else {
122	char *kdata = packet_get_string(&dlen);	122	char *kdata = packet_get_string(&dlen);
123		123	packet_done();
124	packet_integrity_check(plen, 4 + dlen, type);
125		124
126	if (kdata[0] == 4) { /* KRB_PROT_VERSION */	125	if (kdata[0] == 4) { /* KRB_PROT_VERSION */
127	#ifdef KRB4	126	#ifdef KRB4
@@ -181,7 +180,7 @@ do_authloop(Authctxt *authctxt)
181	* IP-spoofing on a local network.)	180	* IP-spoofing on a local network.)
182	*/	181	*/
183	client_user = packet_get_string(&ulen);	182	client_user = packet_get_string(&ulen);
184	packet_integrity_check(plen, 4 + ulen, type);	183	packet_done();
185		184
186	/* Try to authenticate using /etc/hosts.equiv and .rhosts. */	185	/* Try to authenticate using /etc/hosts.equiv and .rhosts. */
187	authenticated = auth_rhosts(pw, client_user);	186	authenticated = auth_rhosts(pw, client_user);
@@ -211,7 +210,7 @@ do_authloop(Authctxt *authctxt)
211	verbose("Warning: keysize mismatch for client_host_key: "	210	verbose("Warning: keysize mismatch for client_host_key: "
212	"actual %d, announced %d",	211	"actual %d, announced %d",
213	BN_num_bits(client_host_key->rsa->n), bits);	212	BN_num_bits(client_host_key->rsa->n), bits);
214	packet_integrity_check(plen, (4 + ulen) + 4 + elen + nlen, type);	213	packet_done();
215		214
216	authenticated = auth_rhosts_rsa(pw, client_user,	215	authenticated = auth_rhosts_rsa(pw, client_user,
217	client_host_key);	216	client_host_key);
@@ -229,7 +228,7 @@ do_authloop(Authctxt *authctxt)
229	if ((n = BN_new()) == NULL)	228	if ((n = BN_new()) == NULL)
230	fatal("do_authloop: BN_new failed");	229	fatal("do_authloop: BN_new failed");
231	packet_get_bignum(n, &nlen);	230	packet_get_bignum(n, &nlen);
232	packet_integrity_check(plen, nlen, type);	231	packet_done();
233	authenticated = auth_rsa(pw, n);	232	authenticated = auth_rsa(pw, n);
234	BN_clear_free(n);	233	BN_clear_free(n);
235	break;	234	break;
@@ -245,7 +244,7 @@ do_authloop(Authctxt *authctxt)
245	* not visible to an outside observer.	244	* not visible to an outside observer.
246	*/	245	*/
247	password = packet_get_string(&dlen);	246	password = packet_get_string(&dlen);
248	packet_integrity_check(plen, 4 + dlen, type);	247	packet_done();
249		248
250	#ifdef USE_PAM	249	#ifdef USE_PAM
251	/* Do PAM auth with password */	250	/* Do PAM auth with password */
@@ -283,7 +282,7 @@ do_authloop(Authctxt *authctxt)
283	if (options.challenge_response_authentication == 1) {	282	if (options.challenge_response_authentication == 1) {
284	char *response = packet_get_string(&dlen);	283	char *response = packet_get_string(&dlen);
285	debug("got response '%s'", response);	284	debug("got response '%s'", response);
286	packet_integrity_check(plen, 4 + dlen, type);	285	packet_done();
287	authenticated = verify_response(authctxt, response);	286	authenticated = verify_response(authctxt, response);
288	memset(response, 'r', dlen);	287	memset(response, 'r', dlen);
289	xfree(response);	288	xfree(response);
@@ -370,7 +369,7 @@ do_authentication(void)
370		369
371	/* Get the user name. */	370	/* Get the user name. */
372	user = packet_get_string(&ulen);	371	user = packet_get_string(&ulen);
373	packet_integrity_check(plen, (4 + ulen), SSH_CMSG_USER);	372	packet_done();
374		373
375	if ((style = strchr(user, ':')) != NULL)	374	if ((style = strchr(user, ':')) != NULL)
376	*style++ = '\0';	375	*style++ = '\0';