From e18a27eedccb024acb3cd9820b650a5dff323f01 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 15 Jul 2019 13:11:38 +0000 Subject: upstream: two more bounds-checking sshbuf counterparts to common string operations: sshbuf_cmp() (bcmp-like) and sshbuf_find() (memmem like) feedback and ok markus@ OpenBSD-Commit-ID: fd071ec2485c7198074a168ff363a0d6052a706a --- sshbuf-misc.c | 39 ++++++++++++++++++++++++++++++++++++++- sshbuf.h | 29 ++++++++++++++++++++++++++++- 2 files changed, 66 insertions(+), 2 deletions(-) diff --git a/sshbuf-misc.c b/sshbuf-misc.c index a077a01ef..83b598103 100644 --- a/sshbuf-misc.c +++ b/sshbuf-misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshbuf-misc.c,v 1.7 2019/07/07 01:05:00 dtucker Exp $ */ +/* $OpenBSD: sshbuf-misc.c,v 1.8 2019/07/15 13:11:38 djm Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -158,3 +158,40 @@ sshbuf_dup_string(struct sshbuf *buf) return r; } +int +sshbuf_cmp(const struct sshbuf *b, size_t offset, + const u_char *s, size_t len) +{ + if (sshbuf_ptr(b) == NULL) + return SSH_ERR_INTERNAL_ERROR; + if (offset > SSHBUF_SIZE_MAX || len > SSHBUF_SIZE_MAX || len == 0) + return SSH_ERR_INVALID_ARGUMENT; + if (offset + len > sshbuf_len(b)) + return SSH_ERR_MESSAGE_INCOMPLETE; + if (timingsafe_bcmp(sshbuf_ptr(b) + offset, s, len) != 0) + return SSH_ERR_INVALID_FORMAT; + return 0; +} + +int +sshbuf_find(const struct sshbuf *b, size_t start_offset, + const u_char *s, size_t len, size_t *offsetp) +{ + void *p; + + if (offsetp != NULL) + *offsetp = 0; + + if (sshbuf_ptr(b) == NULL) + return SSH_ERR_INTERNAL_ERROR; + if (start_offset > SSHBUF_SIZE_MAX || len > SSHBUF_SIZE_MAX || len == 0) + return SSH_ERR_INVALID_ARGUMENT; + if (start_offset > sshbuf_len(b) || start_offset + len > sshbuf_len(b)) + return SSH_ERR_MESSAGE_INCOMPLETE; + if ((p = memmem(sshbuf_ptr(b) + start_offset, + sshbuf_len(b) - start_offset, s, len)) == NULL) + return SSH_ERR_INVALID_FORMAT; + if (offsetp != NULL) + *offsetp = (const u_char *)p - sshbuf_ptr(b); + return 0; +} diff --git a/sshbuf.h b/sshbuf.h index 1d9d5bb23..79700b54d 100644 --- a/sshbuf.h +++ b/sshbuf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshbuf.h,v 1.14 2019/07/14 23:32:27 djm Exp $ */ +/* $OpenBSD: sshbuf.h,v 1.15 2019/07/15 13:11:38 djm Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -256,6 +256,33 @@ char *sshbuf_dtob64(struct sshbuf *buf); /* Decode base64 data and append it to the buffer */ int sshbuf_b64tod(struct sshbuf *buf, const char *b64); +/* + * Tests whether the buffer contains the specified byte sequence at the + * specified offset. Returns 0 on successful match, or a ssherr.h code + * otherwise. SSH_ERR_INVALID_FORMAT indicates sufficient bytes were + * present but the buffer contents did not match those supplied. Zero- + * length comparisons are not allowed. + * + * If sufficient data is present to make a comparison, then it is + * performed with timing independent of the value of the data. If + * insufficient data is present then the comparison is not attempted at + * all. + */ +int sshbuf_cmp(const struct sshbuf *b, size_t offset, + const u_char *s, size_t len); + +/* + * Searches the buffer for the specified string. Returns 0 on success + * and updates *offsetp with the offset of the first match, relative to + * the start of the buffer. Otherwise sshbuf_find will return a ssherr.h + * error code. SSH_ERR_INVALID_FORMAT indicates sufficient bytes were + * present in the buffer for a match to be possible but none was found. + * Searches for zero-length data are not allowed. + */ +int +sshbuf_find(const struct sshbuf *b, size_t start_offset, + const u_char *s, size_t len, size_t *offsetp); + /* * Duplicate the contents of a buffer to a string (caller to free). * Returns NULL on buffer error, or if the buffer contains a premature -- cgit v1.2.3