From f3c38142435622d056582e851579d8647a233c7f Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 5 Apr 2013 11:16:52 +1100 Subject: - dtucker@cvs.openbsd.org 2013/02/19 02:12:47 [krl.c] Remove bogus include. ok djm (id sync only) --- krl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krl.c') diff --git a/krl.c b/krl.c index 5a6bd14aa..0d9bb5411 100644 --- a/krl.c +++ b/krl.c @@ -14,7 +14,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $OpenBSD: krl.c,v 1.9 2013/01/27 10:06:12 djm Exp $ */ +/* $OpenBSD: krl.c,v 1.10 2013/02/19 02:12:47 dtucker Exp $ */ #include "includes.h" -- cgit v1.2.3 From d677ad14ff7efedf21745ee1694058350e758e18 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 23 Apr 2013 15:18:51 +1000 Subject: - djm@cvs.openbsd.org 2013/04/05 00:14:00 [auth2-gss.c krl.c sshconnect2.c] hush some {unused, printf type} warnings --- ChangeLog | 3 +++ auth2-gss.c | 5 +---- krl.c | 17 +++++++++++------ sshconnect2.c | 11 +++++------ 4 files changed, 20 insertions(+), 16 deletions(-) (limited to 'krl.c') diff --git a/ChangeLog b/ChangeLog index 2a7c70a36..eb45674c4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -25,6 +25,9 @@ - djm@cvs.openbsd.org 2013/03/08 06:32:58 [ssh.c] allow "ssh -f none ..." ok markus@ + - djm@cvs.openbsd.org 2013/04/05 00:14:00 + [auth2-gss.c krl.c sshconnect2.c] + hush some {unused, printf type} warnings 20130418 - (djm) [config.guess config.sub] Update to last versions before they switch diff --git a/auth2-gss.c b/auth2-gss.c index 93d576bfb..de1bd0644 100644 --- a/auth2-gss.c +++ b/auth2-gss.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-gss.c,v 1.18 2012/12/02 20:34:09 djm Exp $ */ +/* $OpenBSD: auth2-gss.c,v 1.19 2013/04/05 00:14:00 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -229,14 +229,11 @@ static void input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt) { Authctxt *authctxt = ctxt; - Gssctxt *gssctxt; int authenticated; if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep)) fatal("No authentication or GSSAPI context"); - gssctxt = authctxt->methoddata; - /* * We don't need to check the status, because we're only enabled in * the dispatcher once the exchange is complete diff --git a/krl.c b/krl.c index 0d9bb5411..7ac6261cb 100644 --- a/krl.c +++ b/krl.c @@ -14,7 +14,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $OpenBSD: krl.c,v 1.10 2013/02/19 02:12:47 dtucker Exp $ */ +/* $OpenBSD: krl.c,v 1.11 2013/04/05 00:14:00 djm Exp $ */ #include "includes.h" @@ -502,8 +502,11 @@ choose_next_state(int current_state, u_int64_t contig, int final, } debug3("%s: contig %llu last_gap %llu next_gap %llu final %d, costs:" "list %llu range %llu bitmap %llu new bitmap %llu, " - "selected 0x%02x%s", __func__, contig, last_gap, next_gap, final, - cost_list, cost_range, cost_bitmap, cost_bitmap_restart, new_state, + "selected 0x%02x%s", __func__, (long long unsigned)contig, + (long long unsigned)last_gap, (long long unsigned)next_gap, final, + (long long unsigned)cost_list, (long long unsigned)cost_range, + (long long unsigned)cost_bitmap, + (long long unsigned)cost_bitmap_restart, new_state, *force_new_section ? " restart" : ""); return new_state; } @@ -539,7 +542,8 @@ revoked_certs_generate(struct revoked_certs *rc, Buffer *buf) rs != NULL; rs = RB_NEXT(revoked_serial_tree, &rc->revoked_serials, rs)) { debug3("%s: serial %llu:%llu state 0x%02x", __func__, - rs->lo, rs->hi, state); + (long long unsigned)rs->lo, (long long unsigned)rs->hi, + state); /* Check contiguous length and gap to next section (if any) */ nrs = RB_NEXT(revoked_serial_tree, &rc->revoked_serials, rs); @@ -928,8 +932,9 @@ ssh_krl_from_blob(Buffer *buf, struct ssh_krl **krlp, } format_timestamp(krl->generated_date, timestamp, sizeof(timestamp)); - debug("KRL version %llu generated at %s%s%s", krl->krl_version, - timestamp, *krl->comment ? ": " : "", krl->comment); + debug("KRL version %llu generated at %s%s%s", + (long long unsigned)krl->krl_version, timestamp, + *krl->comment ? ": " : "", krl->comment); /* * 1st pass: verify signatures, if any. This is done to avoid diff --git a/sshconnect2.c b/sshconnect2.c index 1a6a5850d..c811c3652 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.193 2013/03/05 20:16:09 markus Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.194 2013/04/05 00:14:00 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -810,7 +810,7 @@ input_gssapi_errtok(int type, u_int32_t plen, void *ctxt) Gssctxt *gssctxt; gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; gss_buffer_desc recv_tok; - OM_uint32 status, ms; + OM_uint32 ms; u_int len; if (authctxt == NULL) @@ -823,7 +823,7 @@ input_gssapi_errtok(int type, u_int32_t plen, void *ctxt) packet_check_eom(); /* Stick it into GSSAPI and see what it says */ - status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds, + (void)ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds, &recv_tok, &send_tok, NULL); xfree(recv_tok.value); @@ -836,12 +836,11 @@ input_gssapi_errtok(int type, u_int32_t plen, void *ctxt) void input_gssapi_error(int type, u_int32_t plen, void *ctxt) { - OM_uint32 maj, min; char *msg; char *lang; - maj=packet_get_int(); - min=packet_get_int(); + /* maj */(void)packet_get_int(); + /* min */(void)packet_get_int(); msg=packet_get_string(NULL); lang=packet_get_string(NULL); -- cgit v1.2.3 From 3071070b39e6d1722151c754cdc2b26640eaf45e Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 18 Jul 2013 16:09:44 +1000 Subject: - markus@cvs.openbsd.org 2013/06/20 19:15:06 [krl.c] don't leak the rdata blob on errors; ok djm@ --- ChangeLog | 3 +++ krl.c | 19 +++++++++++-------- 2 files changed, 14 insertions(+), 8 deletions(-) (limited to 'krl.c') diff --git a/ChangeLog b/ChangeLog index 111a2f36e..e0781041e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,9 @@ parsing them from remote servers. Improve error checking in parsing of 'T' lines. ok dtucker@ deraadt@ + - markus@cvs.openbsd.org 2013/06/20 19:15:06 + [krl.c] + don't leak the rdata blob on errors; ok djm@ 20130702 - (dtucker) [contrib/cygwin/README contrib/cygwin/ssh-host-config diff --git a/krl.c b/krl.c index 7ac6261cb..bd6d37804 100644 --- a/krl.c +++ b/krl.c @@ -14,7 +14,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $OpenBSD: krl.c,v 1.11 2013/04/05 00:14:00 djm Exp $ */ +/* $OpenBSD: krl.c,v 1.12 2013/06/20 19:15:06 markus Exp $ */ #include "includes.h" @@ -887,9 +887,10 @@ ssh_krl_from_blob(Buffer *buf, struct ssh_krl **krlp, char timestamp[64]; int ret = -1, r, sig_seen; Key *key = NULL, **ca_used = NULL; - u_char type, *blob; - u_int i, j, sig_off, sects_off, blen, format_version, nca_used = 0; + u_char type, *blob, *rdata = NULL; + u_int i, j, sig_off, sects_off, rlen, blen, format_version, nca_used; + nca_used = 0; *krlp = NULL; if (buffer_len(buf) < sizeof(KRL_MAGIC) - 1 || memcmp(buffer_ptr(buf), KRL_MAGIC, sizeof(KRL_MAGIC) - 1) != 0) { @@ -1015,21 +1016,22 @@ ssh_krl_from_blob(Buffer *buf, struct ssh_krl **krlp, case KRL_SECTION_EXPLICIT_KEY: case KRL_SECTION_FINGERPRINT_SHA1: while (buffer_len(§) > 0) { - if ((blob = buffer_get_string_ret(§, - &blen)) == NULL) { + if ((rdata = buffer_get_string_ret(§, + &rlen)) == NULL) { error("%s: buffer error", __func__); goto out; } if (type == KRL_SECTION_FINGERPRINT_SHA1 && - blen != 20) { + rlen != 20) { error("%s: bad SHA1 length", __func__); goto out; } if (revoke_blob( type == KRL_SECTION_EXPLICIT_KEY ? &krl->revoked_keys : &krl->revoked_sha1s, - blob, blen) != 0) - goto out; /* revoke_blob frees blob */ + rdata, rlen) != 0) + goto out; + rdata = NULL; /* revoke_blob frees blob */ } break; case KRL_SECTION_SIGNATURE: @@ -1095,6 +1097,7 @@ ssh_krl_from_blob(Buffer *buf, struct ssh_krl **krlp, key_free(ca_used[i]); } free(ca_used); + free(rdata); if (key != NULL) key_free(key); buffer_free(©); -- cgit v1.2.3 From c8669a8cd24952b3f16a44eac63d2b6ce8a6343a Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 25 Jul 2013 11:52:48 +1000 Subject: - djm@cvs.openbsd.org 2013/07/20 22:20:42 [krl.c] fix verification error in (as-yet usused) KRL signature checking path --- ChangeLog | 6 ++++++ krl.c | 4 ++-- 2 files changed, 8 insertions(+), 2 deletions(-) (limited to 'krl.c') diff --git a/ChangeLog b/ChangeLog index dc2f73bd9..f6dcc0c0d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20130725 + - (djm) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2013/07/20 22:20:42 + [krl.c] + fix verification error in (as-yet usused) KRL signature checking path + 20130720 - (djm) OpenBSD CVS Sync - markus@cvs.openbsd.org 2013/07/19 07:37:48 diff --git a/krl.c b/krl.c index bd6d37804..b2d0354f2 100644 --- a/krl.c +++ b/krl.c @@ -14,7 +14,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $OpenBSD: krl.c,v 1.12 2013/06/20 19:15:06 markus Exp $ */ +/* $OpenBSD: krl.c,v 1.13 2013/07/20 22:20:42 djm Exp $ */ #include "includes.h" @@ -973,7 +973,7 @@ ssh_krl_from_blob(Buffer *buf, struct ssh_krl **krlp, } /* Check signature over entire KRL up to this point */ if (key_verify(key, blob, blen, - buffer_ptr(buf), buffer_len(buf) - sig_off) == -1) { + buffer_ptr(buf), buffer_len(buf) - sig_off) != 1) { error("bad signaure on KRL"); goto out; } -- cgit v1.2.3