1 files changed, 19 insertions, 5 deletions
diff --git a/kexgexs.c b/kexgexs.c
index c48b27af9..a037f57f2 100644
--- a/kexgexs.c
+++ b/kexgexs.c
@@ -1,3 +1,4 @@
+/* $OpenBSD: kexgexs.c,v 1.10 2006/11/06 21:25:28 markus Exp $ */
 /*
 * Copyright (c) 2000 Niels Provos.  All rights reserved.
 * Copyright (c) 2001 Markus Friedl.  All rights reserved.
@@ -24,16 +25,27 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: kexgexs.c,v 1.2 2005/11/04 05:15:59 djm Exp $");
+#include <sys/param.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <string.h>
+#include <signal.h>
 #include "xmalloc.h"
+#include "buffer.h"
 #include "key.h"
+#include "cipher.h"
 #include "kex.h"
 #include "log.h"
 #include "packet.h"
 #include "dh.h"
 #include "ssh2.h"
 #include "compat.h"
+#ifdef GSSAPI
+#include "ssh-gss.h"
+#endif
 #include "monitor_wrap.h"
 void
@@ -43,8 +55,8 @@ kexgex_server(Kex *kex)
        Key *server_host_key;
        DH *dh;
        u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
-        u_int sbloblen, klen, kout, slen, hashlen;
+        u_int sbloblen, klen, slen, hashlen;
-        int min = -1, max = -1, nbits = -1, type;
+        int min = -1, max = -1, nbits = -1, type, kout;
        if (kex->load_host_key == NULL)
                fatal("Cannot load hostkey");
@@ -122,13 +134,15 @@ kexgex_server(Kex *kex)
        klen = DH_size(dh);
        kbuf = xmalloc(klen);
-        kout = DH_compute_key(kbuf, dh_client_pub, dh);
+        if ((kout = DH_compute_key(kbuf, dh_client_pub, dh)) < 0)
+                fatal("DH_compute_key: failed");
 #ifdef DEBUG_KEXDH
        dump_digest("shared secret", kbuf, kout);
 #endif
        if ((shared_secret = BN_new()) == NULL)
                fatal("kexgex_server: BN_new failed");
-        BN_bin2bn(kbuf, kout, shared_secret);
+        if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
+                fatal("kexgex_server: BN_bin2bn failed");
        memset(kbuf, 0, klen);
        xfree(kbuf);

diff --git a/kexgexs.c b/kexgexs.c index c48b27af9..a037f57f2 100644 --- a/kexgexs.c +++ b/kexgexs.c
@@ -1,3 +1,4 @@
		1	/* $OpenBSD: kexgexs.c,v 1.10 2006/11/06 21:25:28 markus Exp $ */
1	/*	2	/*
2	* Copyright (c) 2000 Niels Provos. All rights reserved.	3	* Copyright (c) 2000 Niels Provos. All rights reserved.
3	* Copyright (c) 2001 Markus Friedl. All rights reserved.	4	* Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -24,16 +25,27 @@
24	*/	25	*/
25		26
26	#include "includes.h"	27	#include "includes.h"
27	RCSID("$OpenBSD: kexgexs.c,v 1.2 2005/11/04 05:15:59 djm Exp $");	28
		29	#include <sys/param.h>
		30
		31	#include <stdarg.h>
		32	#include <stdio.h>
		33	#include <string.h>
		34	#include <signal.h>
28		35
29	#include "xmalloc.h"	36	#include "xmalloc.h"
		37	#include "buffer.h"
30	#include "key.h"	38	#include "key.h"
		39	#include "cipher.h"
31	#include "kex.h"	40	#include "kex.h"
32	#include "log.h"	41	#include "log.h"
33	#include "packet.h"	42	#include "packet.h"
34	#include "dh.h"	43	#include "dh.h"
35	#include "ssh2.h"	44	#include "ssh2.h"
36	#include "compat.h"	45	#include "compat.h"
		46	#ifdef GSSAPI
		47	#include "ssh-gss.h"
		48	#endif
37	#include "monitor_wrap.h"	49	#include "monitor_wrap.h"
38		50
39	void	51	void
@@ -43,8 +55,8 @@ kexgex_server(Kex *kex)
43	Key *server_host_key;	55	Key *server_host_key;
44	DH *dh;	56	DH *dh;
45	u_char kbuf, hash, signature = NULL, server_host_key_blob = NULL;	57	u_char kbuf, hash, signature = NULL, server_host_key_blob = NULL;
46	u_int sbloblen, klen, kout, slen, hashlen;	58	u_int sbloblen, klen, slen, hashlen;
47	int min = -1, max = -1, nbits = -1, type;	59	int min = -1, max = -1, nbits = -1, type, kout;
48		60
49	if (kex->load_host_key == NULL)	61	if (kex->load_host_key == NULL)
50	fatal("Cannot load hostkey");	62	fatal("Cannot load hostkey");
@@ -122,13 +134,15 @@ kexgex_server(Kex *kex)
122		134
123	klen = DH_size(dh);	135	klen = DH_size(dh);
124	kbuf = xmalloc(klen);	136	kbuf = xmalloc(klen);
125	kout = DH_compute_key(kbuf, dh_client_pub, dh);	137	if ((kout = DH_compute_key(kbuf, dh_client_pub, dh)) < 0)
		138	fatal("DH_compute_key: failed");
126	#ifdef DEBUG_KEXDH	139	#ifdef DEBUG_KEXDH
127	dump_digest("shared secret", kbuf, kout);	140	dump_digest("shared secret", kbuf, kout);
128	#endif	141	#endif
129	if ((shared_secret = BN_new()) == NULL)	142	if ((shared_secret = BN_new()) == NULL)
130	fatal("kexgex_server: BN_new failed");	143	fatal("kexgex_server: BN_new failed");
131	BN_bin2bn(kbuf, kout, shared_secret);	144	if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
		145	fatal("kexgex_server: BN_bin2bn failed");
132	memset(kbuf, 0, klen);	146	memset(kbuf, 0, klen);
133	xfree(kbuf);	147	xfree(kbuf);
134		148