diff options
Diffstat (limited to 'sshkey-xmss.c')
| -rw-r--r-- | sshkey-xmss.c | 29 |
1 files changed, 15 insertions, 14 deletions
diff --git a/sshkey-xmss.c b/sshkey-xmss.c index aaae70289..9e5f5e475 100644 --- a/sshkey-xmss.c +++ b/sshkey-xmss.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: sshkey-xmss.c,v 1.3 2018/07/09 21:59:10 markus Exp $ */ | 1 | /* $OpenBSD: sshkey-xmss.c,v 1.6 2019/10/09 00:02:57 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2017 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2017 Markus Friedl. All rights reserved. |
| 4 | * | 4 | * |
| @@ -467,18 +467,18 @@ sshkey_xmss_get_state(const struct sshkey *k, sshkey_printfn *pr) | |||
| 467 | } | 467 | } |
| 468 | if ((filename = k->xmss_filename) == NULL) | 468 | if ((filename = k->xmss_filename) == NULL) |
| 469 | goto done; | 469 | goto done; |
| 470 | if (asprintf(&lockfile, "%s.lock", filename) < 0 || | 470 | if (asprintf(&lockfile, "%s.lock", filename) == -1 || |
| 471 | asprintf(&statefile, "%s.state", filename) < 0 || | 471 | asprintf(&statefile, "%s.state", filename) == -1 || |
| 472 | asprintf(&ostatefile, "%s.ostate", filename) < 0) { | 472 | asprintf(&ostatefile, "%s.ostate", filename) == -1) { |
| 473 | ret = SSH_ERR_ALLOC_FAIL; | 473 | ret = SSH_ERR_ALLOC_FAIL; |
| 474 | goto done; | 474 | goto done; |
| 475 | } | 475 | } |
| 476 | if ((lockfd = open(lockfile, O_CREAT|O_RDONLY, 0600)) < 0) { | 476 | if ((lockfd = open(lockfile, O_CREAT|O_RDONLY, 0600)) == -1) { |
| 477 | ret = SSH_ERR_SYSTEM_ERROR; | 477 | ret = SSH_ERR_SYSTEM_ERROR; |
| 478 | PRINT("%s: cannot open/create: %s", __func__, lockfile); | 478 | PRINT("%s: cannot open/create: %s", __func__, lockfile); |
| 479 | goto done; | 479 | goto done; |
| 480 | } | 480 | } |
| 481 | while (flock(lockfd, LOCK_EX|LOCK_NB) < 0) { | 481 | while (flock(lockfd, LOCK_EX|LOCK_NB) == -1) { |
| 482 | if (errno != EWOULDBLOCK) { | 482 | if (errno != EWOULDBLOCK) { |
| 483 | ret = SSH_ERR_SYSTEM_ERROR; | 483 | ret = SSH_ERR_SYSTEM_ERROR; |
| 484 | PRINT("%s: cannot lock: %s", __func__, lockfile); | 484 | PRINT("%s: cannot lock: %s", __func__, lockfile); |
| @@ -594,9 +594,9 @@ sshkey_xmss_update_state(const struct sshkey *k, sshkey_printfn *pr) | |||
| 594 | state->idx = idx; | 594 | state->idx = idx; |
| 595 | if ((filename = k->xmss_filename) == NULL) | 595 | if ((filename = k->xmss_filename) == NULL) |
| 596 | goto done; | 596 | goto done; |
| 597 | if (asprintf(&statefile, "%s.state", filename) < 0 || | 597 | if (asprintf(&statefile, "%s.state", filename) == -1 || |
| 598 | asprintf(&ostatefile, "%s.ostate", filename) < 0 || | 598 | asprintf(&ostatefile, "%s.ostate", filename) == -1 || |
| 599 | asprintf(&nstatefile, "%s.nstate", filename) < 0) { | 599 | asprintf(&nstatefile, "%s.nstate", filename) == -1) { |
| 600 | ret = SSH_ERR_ALLOC_FAIL; | 600 | ret = SSH_ERR_ALLOC_FAIL; |
| 601 | goto done; | 601 | goto done; |
| 602 | } | 602 | } |
| @@ -613,7 +613,7 @@ sshkey_xmss_update_state(const struct sshkey *k, sshkey_printfn *pr) | |||
| 613 | PRINT("%s: ENCRYPT FAILED: %d", __func__, ret); | 613 | PRINT("%s: ENCRYPT FAILED: %d", __func__, ret); |
| 614 | goto done; | 614 | goto done; |
| 615 | } | 615 | } |
| 616 | if ((fd = open(nstatefile, O_CREAT|O_WRONLY|O_EXCL, 0600)) < 0) { | 616 | if ((fd = open(nstatefile, O_CREAT|O_WRONLY|O_EXCL, 0600)) == -1) { |
| 617 | ret = SSH_ERR_SYSTEM_ERROR; | 617 | ret = SSH_ERR_SYSTEM_ERROR; |
| 618 | PRINT("%s: open new state file: %s", __func__, nstatefile); | 618 | PRINT("%s: open new state file: %s", __func__, nstatefile); |
| 619 | goto done; | 619 | goto done; |
| @@ -632,13 +632,13 @@ sshkey_xmss_update_state(const struct sshkey *k, sshkey_printfn *pr) | |||
| 632 | close(fd); | 632 | close(fd); |
| 633 | goto done; | 633 | goto done; |
| 634 | } | 634 | } |
| 635 | if (fsync(fd) < 0) { | 635 | if (fsync(fd) == -1) { |
| 636 | ret = SSH_ERR_SYSTEM_ERROR; | 636 | ret = SSH_ERR_SYSTEM_ERROR; |
| 637 | PRINT("%s: sync new state file: %s", __func__, nstatefile); | 637 | PRINT("%s: sync new state file: %s", __func__, nstatefile); |
| 638 | close(fd); | 638 | close(fd); |
| 639 | goto done; | 639 | goto done; |
| 640 | } | 640 | } |
| 641 | if (close(fd) < 0) { | 641 | if (close(fd) == -1) { |
| 642 | ret = SSH_ERR_SYSTEM_ERROR; | 642 | ret = SSH_ERR_SYSTEM_ERROR; |
| 643 | PRINT("%s: close new state file: %s", __func__, nstatefile); | 643 | PRINT("%s: close new state file: %s", __func__, nstatefile); |
| 644 | goto done; | 644 | goto done; |
| @@ -652,7 +652,7 @@ sshkey_xmss_update_state(const struct sshkey *k, sshkey_printfn *pr) | |||
| 652 | goto done; | 652 | goto done; |
| 653 | } | 653 | } |
| 654 | } | 654 | } |
| 655 | if (rename(nstatefile, statefile) < 0) { | 655 | if (rename(nstatefile, statefile) == -1) { |
| 656 | ret = SSH_ERR_SYSTEM_ERROR; | 656 | ret = SSH_ERR_SYSTEM_ERROR; |
| 657 | PRINT("%s: rename %s to %s", __func__, nstatefile, statefile); | 657 | PRINT("%s: rename %s to %s", __func__, nstatefile, statefile); |
| 658 | goto done; | 658 | goto done; |
| @@ -977,7 +977,8 @@ sshkey_xmss_decrypt_state(const struct sshkey *k, struct sshbuf *encoded, | |||
| 977 | goto out; | 977 | goto out; |
| 978 | } | 978 | } |
| 979 | /* check that an appropriate amount of auth data is present */ | 979 | /* check that an appropriate amount of auth data is present */ |
| 980 | if (sshbuf_len(encoded) < encrypted_len + authlen) { | 980 | if (sshbuf_len(encoded) < authlen || |
| 981 | sshbuf_len(encoded) - authlen < encrypted_len) { | ||
| 981 | r = SSH_ERR_INVALID_FORMAT; | 982 | r = SSH_ERR_INVALID_FORMAT; |
| 982 | goto out; | 983 | goto out; |
| 983 | } | 984 | } |