summaryrefslogtreecommitdiff
path: root/packet.c
diff options
context:
space:
mode:
Diffstat (limited to 'packet.c')
-rw-r--r--packet.c38
1 files changed, 17 insertions, 21 deletions
diff --git a/packet.c b/packet.c
index 794659b8a..a91467647 100644
--- a/packet.c
+++ b/packet.c
@@ -37,7 +37,7 @@
37 */ 37 */
38 38
39#include "includes.h" 39#include "includes.h"
40RCSID("$OpenBSD: packet.c,v 1.88 2002/02/14 23:41:01 markus Exp $"); 40RCSID("$OpenBSD: packet.c,v 1.89 2002/02/24 16:58:32 markus Exp $");
41 41
42#include "xmalloc.h" 42#include "xmalloc.h"
43#include "buffer.h" 43#include "buffer.h"
@@ -365,7 +365,7 @@ packet_put_bignum2(BIGNUM * value)
365static void 365static void
366packet_send1(void) 366packet_send1(void)
367{ 367{
368 char buf[8], *cp; 368 u_char buf[8], *cp;
369 int i, padding, len; 369 int i, padding, len;
370 u_int checksum; 370 u_int checksum;
371 u_int32_t rand = 0; 371 u_int32_t rand = 0;
@@ -496,9 +496,8 @@ static void
496packet_send2(void) 496packet_send2(void)
497{ 497{
498 static u_int32_t seqnr = 0; 498 static u_int32_t seqnr = 0;
499 u_char type, *ucp, *macbuf = NULL; 499 u_char type, *cp, *macbuf = NULL;
500 u_char padlen, pad; 500 u_char padlen, pad;
501 char *cp;
502 u_int packet_length = 0; 501 u_int packet_length = 0;
503 u_int i, len; 502 u_int i, len;
504 u_int32_t rand = 0; 503 u_int32_t rand = 0;
@@ -514,8 +513,8 @@ packet_send2(void)
514 } 513 }
515 block_size = enc ? enc->block_size : 8; 514 block_size = enc ? enc->block_size : 8;
516 515
517 ucp = buffer_ptr(&outgoing_packet); 516 cp = buffer_ptr(&outgoing_packet);
518 type = ucp[5]; 517 type = cp[5];
519 518
520#ifdef PACKET_DEBUG 519#ifdef PACKET_DEBUG
521 fprintf(stderr, "plain: "); 520 fprintf(stderr, "plain: ");
@@ -570,9 +569,9 @@ packet_send2(void)
570 } 569 }
571 /* packet_length includes payload, padding and padding length field */ 570 /* packet_length includes payload, padding and padding length field */
572 packet_length = buffer_len(&outgoing_packet) - 4; 571 packet_length = buffer_len(&outgoing_packet) - 4;
573 ucp = buffer_ptr(&outgoing_packet); 572 cp = buffer_ptr(&outgoing_packet);
574 PUT_32BIT(ucp, packet_length); 573 PUT_32BIT(cp, packet_length);
575 ucp[4] = padlen; 574 cp[4] = padlen;
576 DBG(debug("send: len %d (includes padlen %d)", packet_length+4, padlen)); 575 DBG(debug("send: len %d (includes padlen %d)", packet_length+4, padlen));
577 576
578 /* compute MAC over seqnr and packet(length fields, payload, padding) */ 577 /* compute MAC over seqnr and packet(length fields, payload, padding) */
@@ -709,16 +708,15 @@ static int
709packet_read_poll1(void) 708packet_read_poll1(void)
710{ 709{
711 u_int len, padded_len; 710 u_int len, padded_len;
712 u_char *ucp, type; 711 u_char *cp, type;
713 char *cp;
714 u_int checksum, stored_checksum; 712 u_int checksum, stored_checksum;
715 713
716 /* Check if input size is less than minimum packet size. */ 714 /* Check if input size is less than minimum packet size. */
717 if (buffer_len(&input) < 4 + 8) 715 if (buffer_len(&input) < 4 + 8)
718 return SSH_MSG_NONE; 716 return SSH_MSG_NONE;
719 /* Get length of incoming packet. */ 717 /* Get length of incoming packet. */
720 ucp = buffer_ptr(&input); 718 cp = buffer_ptr(&input);
721 len = GET_32BIT(ucp); 719 len = GET_32BIT(cp);
722 if (len < 1 + 2 + 2 || len > 256 * 1024) 720 if (len < 1 + 2 + 2 || len > 256 * 1024)
723 packet_disconnect("Bad packet length %d.", len); 721 packet_disconnect("Bad packet length %d.", len);
724 padded_len = (len + 8) & ~7; 722 padded_len = (len + 8) & ~7;
@@ -765,8 +763,8 @@ packet_read_poll1(void)
765 packet_disconnect("packet_read_poll1: len %d != buffer_len %d.", 763 packet_disconnect("packet_read_poll1: len %d != buffer_len %d.",
766 len, buffer_len(&incoming_packet)); 764 len, buffer_len(&incoming_packet));
767 765
768 ucp = (u_char *)buffer_ptr(&incoming_packet) + len - 4; 766 cp = (u_char *)buffer_ptr(&incoming_packet) + len - 4;
769 stored_checksum = GET_32BIT(ucp); 767 stored_checksum = GET_32BIT(cp);
770 if (checksum != stored_checksum) 768 if (checksum != stored_checksum)
771 packet_disconnect("Corrupted check bytes on input."); 769 packet_disconnect("Corrupted check bytes on input.");
772 buffer_consume_end(&incoming_packet, 4); 770 buffer_consume_end(&incoming_packet, 4);
@@ -788,8 +786,7 @@ packet_read_poll2(u_int32_t *seqnr_p)
788 static u_int32_t seqnr = 0; 786 static u_int32_t seqnr = 0;
789 static u_int packet_length = 0; 787 static u_int packet_length = 0;
790 u_int padlen, need; 788 u_int padlen, need;
791 u_char *macbuf, *ucp, type; 789 u_char *macbuf, *cp, type;
792 char *cp;
793 int maclen, block_size; 790 int maclen, block_size;
794 Enc *enc = NULL; 791 Enc *enc = NULL;
795 Mac *mac = NULL; 792 Mac *mac = NULL;
@@ -814,8 +811,8 @@ packet_read_poll2(u_int32_t *seqnr_p)
814 cp = buffer_append_space(&incoming_packet, block_size); 811 cp = buffer_append_space(&incoming_packet, block_size);
815 cipher_crypt(&receive_context, cp, buffer_ptr(&input), 812 cipher_crypt(&receive_context, cp, buffer_ptr(&input),
816 block_size); 813 block_size);
817 ucp = buffer_ptr(&incoming_packet); 814 cp = buffer_ptr(&incoming_packet);
818 packet_length = GET_32BIT(ucp); 815 packet_length = GET_32BIT(cp);
819 if (packet_length < 1 + 4 || packet_length > 256 * 1024) { 816 if (packet_length < 1 + 4 || packet_length > 256 * 1024) {
820 buffer_dump(&incoming_packet); 817 buffer_dump(&incoming_packet);
821 packet_disconnect("Bad packet length %d.", packet_length); 818 packet_disconnect("Bad packet length %d.", packet_length);
@@ -863,8 +860,7 @@ packet_read_poll2(u_int32_t *seqnr_p)
863 860
864 /* get padlen */ 861 /* get padlen */
865 cp = buffer_ptr(&incoming_packet); 862 cp = buffer_ptr(&incoming_packet);
866 cp += 4; 863 padlen = cp[4];
867 padlen = (u_char) *cp;
868 DBG(debug("input: padlen %d", padlen)); 864 DBG(debug("input: padlen %d", padlen));
869 if (padlen < 4) 865 if (padlen < 4)
870 packet_disconnect("Corrupted padlen %d on input.", padlen); 866 packet_disconnect("Corrupted padlen %d on input.", padlen);
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-02 15:18:51 +0000