diff options
Diffstat (limited to 'monitor.c')
-rw-r--r-- | monitor.c | 39 |
1 files changed, 18 insertions, 21 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: monitor.c,v 1.150 2015/06/22 23:42:16 djm Exp $ */ | 1 | /* $OpenBSD: monitor.c,v 1.157 2016/02/15 23:32:37 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> | 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> |
4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> | 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> |
@@ -100,7 +100,6 @@ | |||
100 | #include "monitor_fdpass.h" | 100 | #include "monitor_fdpass.h" |
101 | #include "compat.h" | 101 | #include "compat.h" |
102 | #include "ssh2.h" | 102 | #include "ssh2.h" |
103 | #include "roaming.h" | ||
104 | #include "authfd.h" | 103 | #include "authfd.h" |
105 | #include "match.h" | 104 | #include "match.h" |
106 | #include "ssherr.h" | 105 | #include "ssherr.h" |
@@ -487,15 +486,10 @@ monitor_sync(struct monitor *pmonitor) | |||
487 | static void * | 486 | static void * |
488 | mm_zalloc(struct mm_master *mm, u_int ncount, u_int size) | 487 | mm_zalloc(struct mm_master *mm, u_int ncount, u_int size) |
489 | { | 488 | { |
490 | size_t len = (size_t) size * ncount; | 489 | if (size == 0 || ncount == 0 || ncount > SIZE_MAX / size) |
491 | void *address; | ||
492 | |||
493 | if (len == 0 || ncount > SIZE_MAX / size) | ||
494 | fatal("%s: mm_zalloc(%u, %u)", __func__, ncount, size); | 490 | fatal("%s: mm_zalloc(%u, %u)", __func__, ncount, size); |
495 | 491 | ||
496 | address = mm_malloc(mm, len); | 492 | return mm_malloc(mm, size * ncount); |
497 | |||
498 | return (address); | ||
499 | } | 493 | } |
500 | 494 | ||
501 | static void | 495 | static void |
@@ -690,17 +684,18 @@ mm_answer_sign(int sock, Buffer *m) | |||
690 | struct ssh *ssh = active_state; /* XXX */ | 684 | struct ssh *ssh = active_state; /* XXX */ |
691 | extern int auth_sock; /* XXX move to state struct? */ | 685 | extern int auth_sock; /* XXX move to state struct? */ |
692 | struct sshkey *key; | 686 | struct sshkey *key; |
693 | struct sshbuf *sigbuf; | 687 | struct sshbuf *sigbuf = NULL; |
694 | u_char *p; | 688 | u_char *p = NULL, *signature = NULL; |
695 | u_char *signature; | 689 | char *alg = NULL; |
696 | size_t datlen, siglen; | 690 | size_t datlen, siglen, alglen; |
697 | int r, keyid, is_proof = 0; | 691 | int r, keyid, is_proof = 0; |
698 | const char proof_req[] = "hostkeys-prove-00@openssh.com"; | 692 | const char proof_req[] = "hostkeys-prove-00@openssh.com"; |
699 | 693 | ||
700 | debug3("%s", __func__); | 694 | debug3("%s", __func__); |
701 | 695 | ||
702 | if ((r = sshbuf_get_u32(m, &keyid)) != 0 || | 696 | if ((r = sshbuf_get_u32(m, &keyid)) != 0 || |
703 | (r = sshbuf_get_string(m, &p, &datlen)) != 0) | 697 | (r = sshbuf_get_string(m, &p, &datlen)) != 0 || |
698 | (r = sshbuf_get_cstring(m, &alg, &alglen)) != 0) | ||
704 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 699 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
705 | 700 | ||
706 | /* | 701 | /* |
@@ -727,7 +722,7 @@ mm_answer_sign(int sock, Buffer *m) | |||
727 | fatal("%s: sshbuf_new", __func__); | 722 | fatal("%s: sshbuf_new", __func__); |
728 | if ((r = sshbuf_put_cstring(sigbuf, proof_req)) != 0 || | 723 | if ((r = sshbuf_put_cstring(sigbuf, proof_req)) != 0 || |
729 | (r = sshbuf_put_string(sigbuf, session_id2, | 724 | (r = sshbuf_put_string(sigbuf, session_id2, |
730 | session_id2_len) != 0) || | 725 | session_id2_len)) != 0 || |
731 | (r = sshkey_puts(key, sigbuf)) != 0) | 726 | (r = sshkey_puts(key, sigbuf)) != 0) |
732 | fatal("%s: couldn't prepare private key " | 727 | fatal("%s: couldn't prepare private key " |
733 | "proof buffer: %s", __func__, ssh_err(r)); | 728 | "proof buffer: %s", __func__, ssh_err(r)); |
@@ -747,14 +742,14 @@ mm_answer_sign(int sock, Buffer *m) | |||
747 | } | 742 | } |
748 | 743 | ||
749 | if ((key = get_hostkey_by_index(keyid)) != NULL) { | 744 | if ((key = get_hostkey_by_index(keyid)) != NULL) { |
750 | if ((r = sshkey_sign(key, &signature, &siglen, p, datlen, | 745 | if ((r = sshkey_sign(key, &signature, &siglen, p, datlen, alg, |
751 | datafellows)) != 0) | 746 | datafellows)) != 0) |
752 | fatal("%s: sshkey_sign failed: %s", | 747 | fatal("%s: sshkey_sign failed: %s", |
753 | __func__, ssh_err(r)); | 748 | __func__, ssh_err(r)); |
754 | } else if ((key = get_hostkey_public_by_index(keyid, ssh)) != NULL && | 749 | } else if ((key = get_hostkey_public_by_index(keyid, ssh)) != NULL && |
755 | auth_sock > 0) { | 750 | auth_sock > 0) { |
756 | if ((r = ssh_agent_sign(auth_sock, key, &signature, &siglen, | 751 | if ((r = ssh_agent_sign(auth_sock, key, &signature, &siglen, |
757 | p, datlen, datafellows)) != 0) { | 752 | p, datlen, alg, datafellows)) != 0) { |
758 | fatal("%s: ssh_agent_sign failed: %s", | 753 | fatal("%s: ssh_agent_sign failed: %s", |
759 | __func__, ssh_err(r)); | 754 | __func__, ssh_err(r)); |
760 | } | 755 | } |
@@ -768,6 +763,7 @@ mm_answer_sign(int sock, Buffer *m) | |||
768 | if ((r = sshbuf_put_string(m, signature, siglen)) != 0) | 763 | if ((r = sshbuf_put_string(m, signature, siglen)) != 0) |
769 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 764 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
770 | 765 | ||
766 | free(alg); | ||
771 | free(p); | 767 | free(p); |
772 | free(signature); | 768 | free(signature); |
773 | 769 | ||
@@ -971,7 +967,7 @@ mm_answer_bsdauthrespond(int sock, Buffer *m) | |||
971 | char *response; | 967 | char *response; |
972 | int authok; | 968 | int authok; |
973 | 969 | ||
974 | if (authctxt->as == 0) | 970 | if (authctxt->as == NULL) |
975 | fatal("%s: no bsd auth session", __func__); | 971 | fatal("%s: no bsd auth session", __func__); |
976 | 972 | ||
977 | response = buffer_get_string(m, NULL); | 973 | response = buffer_get_string(m, NULL); |
@@ -1040,7 +1036,8 @@ mm_answer_skeyrespond(int sock, Buffer *m) | |||
1040 | debug3("%s: sending authenticated: %d", __func__, authok); | 1036 | debug3("%s: sending authenticated: %d", __func__, authok); |
1041 | mm_request_send(sock, MONITOR_ANS_SKEYRESPOND, m); | 1037 | mm_request_send(sock, MONITOR_ANS_SKEYRESPOND, m); |
1042 | 1038 | ||
1043 | auth_method = "skey"; | 1039 | auth_method = "keyboard-interactive"; |
1040 | auth_submethod = "skey"; | ||
1044 | 1041 | ||
1045 | return (authok != 0); | 1042 | return (authok != 0); |
1046 | } | 1043 | } |
@@ -1449,7 +1446,7 @@ mm_answer_keyverify(int sock, Buffer *m) | |||
1449 | __func__, key, (verified == 1) ? "verified" : "unverified"); | 1446 | __func__, key, (verified == 1) ? "verified" : "unverified"); |
1450 | 1447 | ||
1451 | /* If auth was successful then record key to ensure it isn't reused */ | 1448 | /* If auth was successful then record key to ensure it isn't reused */ |
1452 | if (verified == 1) | 1449 | if (verified == 1 && key_blobtype == MM_USERKEY) |
1453 | auth2_record_userkey(authctxt, key); | 1450 | auth2_record_userkey(authctxt, key); |
1454 | else | 1451 | else |
1455 | key_free(key); | 1452 | key_free(key); |
@@ -1852,7 +1849,7 @@ monitor_apply_keystate(struct monitor *pmonitor) | |||
1852 | sshbuf_free(child_state); | 1849 | sshbuf_free(child_state); |
1853 | child_state = NULL; | 1850 | child_state = NULL; |
1854 | 1851 | ||
1855 | if ((kex = ssh->kex) != 0) { | 1852 | if ((kex = ssh->kex) != NULL) { |
1856 | /* XXX set callbacks */ | 1853 | /* XXX set callbacks */ |
1857 | #ifdef WITH_OPENSSL | 1854 | #ifdef WITH_OPENSSL |
1858 | kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; | 1855 | kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; |