diff options
Diffstat (limited to 'krl.c')
| -rw-r--r-- | krl.c | 23 |
1 files changed, 9 insertions, 14 deletions
| @@ -14,7 +14,7 @@ | |||
| 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
| 15 | */ | 15 | */ |
| 16 | 16 | ||
| 17 | /* $OpenBSD: krl.c,v 1.33 2015/07/03 03:43:18 djm Exp $ */ | 17 | /* $OpenBSD: krl.c,v 1.37 2015/12/31 00:33:52 djm Exp $ */ |
| 18 | 18 | ||
| 19 | #include "includes.h" | 19 | #include "includes.h" |
| 20 | 20 | ||
| @@ -723,7 +723,7 @@ ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf, | |||
| 723 | if ((r = sshbuf_put(buf, KRL_MAGIC, sizeof(KRL_MAGIC) - 1)) != 0 || | 723 | if ((r = sshbuf_put(buf, KRL_MAGIC, sizeof(KRL_MAGIC) - 1)) != 0 || |
| 724 | (r = sshbuf_put_u32(buf, KRL_FORMAT_VERSION)) != 0 || | 724 | (r = sshbuf_put_u32(buf, KRL_FORMAT_VERSION)) != 0 || |
| 725 | (r = sshbuf_put_u64(buf, krl->krl_version)) != 0 || | 725 | (r = sshbuf_put_u64(buf, krl->krl_version)) != 0 || |
| 726 | (r = sshbuf_put_u64(buf, krl->generated_date) != 0) || | 726 | (r = sshbuf_put_u64(buf, krl->generated_date)) != 0 || |
| 727 | (r = sshbuf_put_u64(buf, krl->flags)) != 0 || | 727 | (r = sshbuf_put_u64(buf, krl->flags)) != 0 || |
| 728 | (r = sshbuf_put_string(buf, NULL, 0)) != 0 || | 728 | (r = sshbuf_put_string(buf, NULL, 0)) != 0 || |
| 729 | (r = sshbuf_put_cstring(buf, krl->comment)) != 0) | 729 | (r = sshbuf_put_cstring(buf, krl->comment)) != 0) |
| @@ -772,7 +772,7 @@ ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf, | |||
| 772 | goto out; | 772 | goto out; |
| 773 | 773 | ||
| 774 | if ((r = sshkey_sign(sign_keys[i], &sblob, &slen, | 774 | if ((r = sshkey_sign(sign_keys[i], &sblob, &slen, |
| 775 | sshbuf_ptr(buf), sshbuf_len(buf), 0)) != 0) | 775 | sshbuf_ptr(buf), sshbuf_len(buf), NULL, 0)) != 0) |
| 776 | goto out; | 776 | goto out; |
| 777 | KRL_DBG(("%s: signature sig len %zu", __func__, slen)); | 777 | KRL_DBG(("%s: signature sig len %zu", __func__, slen)); |
| 778 | if ((r = sshbuf_put_string(buf, sblob, slen)) != 0) | 778 | if ((r = sshbuf_put_string(buf, sblob, slen)) != 0) |
| @@ -826,10 +826,8 @@ parse_revoked_certs(struct sshbuf *buf, struct ssh_krl *krl) | |||
| 826 | goto out; | 826 | goto out; |
| 827 | 827 | ||
| 828 | while (sshbuf_len(buf) > 0) { | 828 | while (sshbuf_len(buf) > 0) { |
| 829 | if (subsect != NULL) { | 829 | sshbuf_free(subsect); |
| 830 | sshbuf_free(subsect); | 830 | subsect = NULL; |
| 831 | subsect = NULL; | ||
| 832 | } | ||
| 833 | if ((r = sshbuf_get_u8(buf, &type)) != 0 || | 831 | if ((r = sshbuf_get_u8(buf, &type)) != 0 || |
| 834 | (r = sshbuf_froms(buf, &subsect)) != 0) | 832 | (r = sshbuf_froms(buf, &subsect)) != 0) |
| 835 | goto out; | 833 | goto out; |
| @@ -1017,7 +1015,7 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp, | |||
| 1017 | } | 1015 | } |
| 1018 | /* Check signature over entire KRL up to this point */ | 1016 | /* Check signature over entire KRL up to this point */ |
| 1019 | if ((r = sshkey_verify(key, blob, blen, | 1017 | if ((r = sshkey_verify(key, blob, blen, |
| 1020 | sshbuf_ptr(buf), sshbuf_len(buf) - sig_off, 0)) != 0) | 1018 | sshbuf_ptr(buf), sig_off, 0)) != 0) |
| 1021 | goto out; | 1019 | goto out; |
| 1022 | /* Check if this key has already signed this KRL */ | 1020 | /* Check if this key has already signed this KRL */ |
| 1023 | for (i = 0; i < nca_used; i++) { | 1021 | for (i = 0; i < nca_used; i++) { |
| @@ -1038,7 +1036,6 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp, | |||
| 1038 | ca_used = tmp_ca_used; | 1036 | ca_used = tmp_ca_used; |
| 1039 | ca_used[nca_used++] = key; | 1037 | ca_used[nca_used++] = key; |
| 1040 | key = NULL; | 1038 | key = NULL; |
| 1041 | break; | ||
| 1042 | } | 1039 | } |
| 1043 | 1040 | ||
| 1044 | if (sshbuf_len(copy) != 0) { | 1041 | if (sshbuf_len(copy) != 0) { |
| @@ -1059,10 +1056,8 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp, | |||
| 1059 | if ((r = sshbuf_consume(copy, sects_off)) != 0) | 1056 | if ((r = sshbuf_consume(copy, sects_off)) != 0) |
| 1060 | goto out; | 1057 | goto out; |
| 1061 | while (sshbuf_len(copy) > 0) { | 1058 | while (sshbuf_len(copy) > 0) { |
| 1062 | if (sect != NULL) { | 1059 | sshbuf_free(sect); |
| 1063 | sshbuf_free(sect); | 1060 | sect = NULL; |
| 1064 | sect = NULL; | ||
| 1065 | } | ||
| 1066 | if ((r = sshbuf_get_u8(copy, &type)) != 0 || | 1061 | if ((r = sshbuf_get_u8(copy, &type)) != 0 || |
| 1067 | (r = sshbuf_froms(copy, §)) != 0) | 1062 | (r = sshbuf_froms(copy, §)) != 0) |
| 1068 | goto out; | 1063 | goto out; |
| @@ -1105,7 +1100,7 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp, | |||
| 1105 | r = SSH_ERR_INVALID_FORMAT; | 1100 | r = SSH_ERR_INVALID_FORMAT; |
| 1106 | goto out; | 1101 | goto out; |
| 1107 | } | 1102 | } |
| 1108 | if (sshbuf_len(sect) > 0) { | 1103 | if (sect != NULL && sshbuf_len(sect) > 0) { |
| 1109 | error("KRL section contains unparsed data"); | 1104 | error("KRL section contains unparsed data"); |
| 1110 | r = SSH_ERR_INVALID_FORMAT; | 1105 | r = SSH_ERR_INVALID_FORMAT; |
| 1111 | goto out; | 1106 | goto out; |