From 101d164723ffbc38f8036b6f3ea3bfef771ba250 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sun, 14 Jul 2019 23:32:27 +0000 Subject: upstream: add some functions to perform random-access read/write operations inside buffers with bounds checking. Intended to replace manual pointer arithmetic wherever possible. feedback and ok markus@ OpenBSD-Commit-ID: 91771fde7732738f1ffed078aa5d3bee6d198409 --- sshbuf-getput-basic.c | 163 +++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 162 insertions(+), 1 deletion(-) (limited to 'sshbuf-getput-basic.c') diff --git a/sshbuf-getput-basic.c b/sshbuf-getput-basic.c index 50648258f..27058d5bb 100644 --- a/sshbuf-getput-basic.c +++ b/sshbuf-getput-basic.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshbuf-getput-basic.c,v 1.7 2017/06/01 04:51:58 djm Exp $ */ +/* $OpenBSD: sshbuf-getput-basic.c,v 1.8 2019/07/14 23:32:27 djm Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -93,6 +93,93 @@ sshbuf_get_u8(struct sshbuf *buf, u_char *valp) return 0; } +static int +check_offset(const struct sshbuf *buf, int wr, size_t offset, size_t len) +{ + if (sshbuf_ptr(buf) == NULL) /* calls sshbuf_check_sanity() */ + return SSH_ERR_INTERNAL_ERROR; + if (offset >= SIZE_MAX - len) + return SSH_ERR_INVALID_ARGUMENT; + if (offset + len > sshbuf_len(buf)) { + return wr ? + SSH_ERR_NO_BUFFER_SPACE : SSH_ERR_MESSAGE_INCOMPLETE; + } + return 0; +} + +static int +check_roffset(const struct sshbuf *buf, size_t offset, size_t len, + const u_char **p) +{ + int r; + + *p = NULL; + if ((r = check_offset(buf, 0, offset, len)) != 0) + return r; + *p = sshbuf_ptr(buf) + offset; + return 0; +} + +int +sshbuf_peek_u64(const struct sshbuf *buf, size_t offset, u_int64_t *valp) +{ + const u_char *p = NULL; + int r; + + if (valp != NULL) + *valp = 0; + if ((r = check_roffset(buf, offset, 8, &p)) != 0) + return r; + if (valp != NULL) + *valp = PEEK_U64(p); + return 0; +} + +int +sshbuf_peek_u32(const struct sshbuf *buf, size_t offset, u_int32_t *valp) +{ + const u_char *p = NULL; + int r; + + if (valp != NULL) + *valp = 0; + if ((r = check_roffset(buf, offset, 4, &p)) != 0) + return r; + if (valp != NULL) + *valp = PEEK_U32(p); + return 0; +} + +int +sshbuf_peek_u16(const struct sshbuf *buf, size_t offset, u_int16_t *valp) +{ + const u_char *p = NULL; + int r; + + if (valp != NULL) + *valp = 0; + if ((r = check_roffset(buf, offset, 2, &p)) != 0) + return r; + if (valp != NULL) + *valp = PEEK_U16(p); + return 0; +} + +int +sshbuf_peek_u8(const struct sshbuf *buf, size_t offset, u_char *valp) +{ + const u_char *p = NULL; + int r; + + if (valp != NULL) + *valp = 0; + if ((r = check_roffset(buf, offset, 1, &p)) != 0) + return r; + if (valp != NULL) + *valp = *p; + return 0; +} + int sshbuf_get_string(struct sshbuf *buf, u_char **valp, size_t *lenp) { @@ -344,6 +431,80 @@ sshbuf_put_u8(struct sshbuf *buf, u_char val) return 0; } +static int +check_woffset(struct sshbuf *buf, size_t offset, size_t len, u_char **p) +{ + int r; + + *p = NULL; + if ((r = check_offset(buf, 1, offset, len)) != 0) + return r; + if (sshbuf_mutable_ptr(buf) == NULL) + return SSH_ERR_BUFFER_READ_ONLY; + *p = sshbuf_mutable_ptr(buf) + offset; + return 0; +} + +int +sshbuf_poke_u64(struct sshbuf *buf, size_t offset, u_int64_t val) +{ + u_char *p = NULL; + int r; + + if ((r = check_woffset(buf, offset, 8, &p)) != 0) + return r; + POKE_U64(p, val); + return 0; +} + +int +sshbuf_poke_u32(struct sshbuf *buf, size_t offset, u_int32_t val) +{ + u_char *p = NULL; + int r; + + if ((r = check_woffset(buf, offset, 4, &p)) != 0) + return r; + POKE_U32(p, val); + return 0; +} + +int +sshbuf_poke_u16(struct sshbuf *buf, size_t offset, u_int16_t val) +{ + u_char *p = NULL; + int r; + + if ((r = check_woffset(buf, offset, 2, &p)) != 0) + return r; + POKE_U16(p, val); + return 0; +} + +int +sshbuf_poke_u8(struct sshbuf *buf, size_t offset, u_char val) +{ + u_char *p = NULL; + int r; + + if ((r = check_woffset(buf, offset, 1, &p)) != 0) + return r; + *p = val; + return 0; +} + +int +sshbuf_poke(struct sshbuf *buf, size_t offset, void *v, size_t len) +{ + u_char *p = NULL; + int r; + + if ((r = check_woffset(buf, offset, len, &p)) != 0) + return r; + memcpy(p, v, len); + return 0; +} + int sshbuf_put_string(struct sshbuf *buf, const void *v, size_t len) { -- cgit v1.2.3 From be02d7cbde3d211ec2ed2320a1f7d86b2339d758 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 6 Sep 2019 04:53:27 +0000 Subject: upstream: lots of things were relying on libcrypto headers to transitively include various system headers (mostly stdlib.h); include them explicitly OpenBSD-Commit-ID: 5b522f4f2d844f78bf1cc4f3f4cc392e177b2080 --- auth-options.c | 3 ++- auth.c | 3 ++- auth2-chall.c | 3 ++- auth2-hostbased.c | 3 ++- auth2-kbdint.c | 5 ++++- auth2-passwd.c | 3 ++- auth2-pubkey.c | 3 ++- auth2.c | 3 ++- hmac.c | 3 ++- krl.c | 3 ++- log.h | 4 +++- loginrec.c | 1 + mac.c | 3 ++- ssh-keygen.c | 3 ++- ssh-keysign.c | 3 ++- ssh-pkcs11-helper.c | 3 ++- ssh_api.c | 7 ++++++- sshbuf-getput-basic.c | 3 ++- 18 files changed, 42 insertions(+), 17 deletions(-) (limited to 'sshbuf-getput-basic.c') diff --git a/auth-options.c b/auth-options.c index ac362e271..6fb59dc7e 100644 --- a/auth-options.c +++ b/auth-options.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-options.c,v 1.87 2019/09/03 08:32:11 djm Exp $ */ +/* $OpenBSD: auth-options.c,v 1.88 2019/09/06 04:53:27 djm Exp $ */ /* * Copyright (c) 2018 Damien Miller * @@ -19,6 +19,7 @@ #include +#include #include #include #include diff --git a/auth.c b/auth.c index b41d39cdc..61fb1feb3 100644 --- a/auth.c +++ b/auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.c,v 1.139 2019/06/28 13:35:04 deraadt Exp $ */ +/* $OpenBSD: auth.c,v 1.140 2019/09/06 04:53:27 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -32,6 +32,7 @@ #include +#include #include #include #ifdef HAVE_PATHS_H diff --git a/auth2-chall.c b/auth2-chall.c index 2d5cff448..671f2f05f 100644 --- a/auth2-chall.c +++ b/auth2-chall.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-chall.c,v 1.50 2018/07/11 18:55:11 markus Exp $ */ +/* $OpenBSD: auth2-chall.c,v 1.51 2019/09/06 04:53:27 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2001 Per Allansson. All rights reserved. @@ -28,6 +28,7 @@ #include +#include #include #include #include diff --git a/auth2-hostbased.c b/auth2-hostbased.c index 0c40fad4e..d46047084 100644 --- a/auth2-hostbased.c +++ b/auth2-hostbased.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-hostbased.c,v 1.40 2019/01/19 21:43:56 djm Exp $ */ +/* $OpenBSD: auth2-hostbased.c,v 1.41 2019/09/06 04:53:27 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -27,6 +27,7 @@ #include +#include #include #include #include diff --git a/auth2-kbdint.c b/auth2-kbdint.c index a813b8f56..f88ef2c39 100644 --- a/auth2-kbdint.c +++ b/auth2-kbdint.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-kbdint.c,v 1.9 2018/07/09 21:35:50 markus Exp $ */ +/* $OpenBSD: auth2-kbdint.c,v 1.10 2019/09/06 04:53:27 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -29,6 +29,9 @@ #include +#include +#include + #include "xmalloc.h" #include "packet.h" #include "hostfile.h" diff --git a/auth2-passwd.c b/auth2-passwd.c index f696abc21..6601e8664 100644 --- a/auth2-passwd.c +++ b/auth2-passwd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-passwd.c,v 1.16 2018/07/09 21:35:50 markus Exp $ */ +/* $OpenBSD: auth2-passwd.c,v 1.17 2019/09/06 04:53:27 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -27,6 +27,7 @@ #include +#include #include #include #include diff --git a/auth2-pubkey.c b/auth2-pubkey.c index d567f527c..df12c2c60 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-pubkey.c,v 1.93 2019/09/03 08:30:47 djm Exp $ */ +/* $OpenBSD: auth2-pubkey.c,v 1.94 2019/09/06 04:53:27 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -28,6 +28,7 @@ #include #include +#include #include #include #ifdef HAVE_PATHS_H diff --git a/auth2.c b/auth2.c index 9b08757ae..2143ff5de 100644 --- a/auth2.c +++ b/auth2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2.c,v 1.156 2019/06/28 05:44:09 deraadt Exp $ */ +/* $OpenBSD: auth2.c,v 1.157 2019/09/06 04:53:27 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -37,6 +37,7 @@ #include #include +#include "stdlib.h" #include "atomicio.h" #include "xmalloc.h" #include "ssh2.h" diff --git a/hmac.c b/hmac.c index e90b294fb..a79e8569c 100644 --- a/hmac.c +++ b/hmac.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hmac.c,v 1.12 2015/03/24 20:03:44 markus Exp $ */ +/* $OpenBSD: hmac.c,v 1.13 2019/09/06 04:53:27 djm Exp $ */ /* * Copyright (c) 2014 Markus Friedl. All rights reserved. * @@ -21,6 +21,7 @@ #include #include +#include #include "sshbuf.h" #include "digest.h" diff --git a/krl.c b/krl.c index f36ba68ac..10a8bcc87 100644 --- a/krl.c +++ b/krl.c @@ -14,7 +14,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $OpenBSD: krl.c,v 1.43 2019/06/21 04:21:04 djm Exp $ */ +/* $OpenBSD: krl.c,v 1.44 2019/09/06 04:53:27 djm Exp $ */ #include "includes.h" @@ -29,6 +29,7 @@ #include #include #include +#include #include "sshbuf.h" #include "ssherr.h" diff --git a/log.h b/log.h index ef7bea7e1..78cda287d 100644 --- a/log.h +++ b/log.h @@ -1,4 +1,4 @@ -/* $OpenBSD: log.h,v 1.23 2018/07/27 12:03:17 markus Exp $ */ +/* $OpenBSD: log.h,v 1.24 2019/09/06 04:53:27 djm Exp $ */ /* * Author: Tatu Ylonen @@ -15,6 +15,8 @@ #ifndef SSH_LOG_H #define SSH_LOG_H +#include /* va_list */ + /* Supported syslog facilities and levels. */ typedef enum { SYSLOG_FACILITY_DAEMON, diff --git a/loginrec.c b/loginrec.c index 93e48d517..e5289deb8 100644 --- a/loginrec.c +++ b/loginrec.c @@ -156,6 +156,7 @@ #include +#include #include #include #ifdef HAVE_PATHS_H diff --git a/mac.c b/mac.c index eab453a41..de346ed20 100644 --- a/mac.c +++ b/mac.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mac.c,v 1.34 2017/05/08 22:57:38 djm Exp $ */ +/* $OpenBSD: mac.c,v 1.35 2019/09/06 04:53:27 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -30,6 +30,7 @@ #include #include #include +#include #include "digest.h" #include "hmac.h" diff --git a/ssh-keygen.c b/ssh-keygen.c index 7d4f33e46..cb00a1cf8 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.346 2019/09/03 20:51:49 naddy Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.347 2019/09/06 04:53:27 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -24,6 +24,7 @@ #include "openbsd-compat/openssl-compat.h" #endif +#include #include #include #include diff --git a/ssh-keysign.c b/ssh-keysign.c index a4a1b8c21..218caecdf 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keysign.c,v 1.58 2019/06/14 03:28:19 djm Exp $ */ +/* $OpenBSD: ssh-keysign.c,v 1.59 2019/09/06 04:53:27 djm Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. * @@ -33,6 +33,7 @@ #include #include #include +#include #include #include #include diff --git a/ssh-pkcs11-helper.c b/ssh-pkcs11-helper.c index cd79db2ae..67094111f 100644 --- a/ssh-pkcs11-helper.c +++ b/ssh-pkcs11-helper.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11-helper.c,v 1.19 2019/06/06 05:13:13 otto Exp $ */ +/* $OpenBSD: ssh-pkcs11-helper.c,v 1.20 2019/09/06 04:53:27 djm Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * @@ -24,6 +24,7 @@ #include "openbsd-compat/sys-queue.h" +#include #include #include #include diff --git a/ssh_api.c b/ssh_api.c index 57509973b..255adc6cf 100644 --- a/ssh_api.c +++ b/ssh_api.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh_api.c,v 1.15 2019/01/21 10:38:54 djm Exp $ */ +/* $OpenBSD: ssh_api.c,v 1.16 2019/09/06 04:53:27 djm Exp $ */ /* * Copyright (c) 2012 Markus Friedl. All rights reserved. * @@ -17,6 +17,11 @@ #include "includes.h" +#include + +#include +#include + #include "ssh_api.h" #include "compat.h" #include "log.h" diff --git a/sshbuf-getput-basic.c b/sshbuf-getput-basic.c index 27058d5bb..ffa20a02c 100644 --- a/sshbuf-getput-basic.c +++ b/sshbuf-getput-basic.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshbuf-getput-basic.c,v 1.8 2019/07/14 23:32:27 djm Exp $ */ +/* $OpenBSD: sshbuf-getput-basic.c,v 1.9 2019/09/06 04:53:27 djm Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -24,6 +24,7 @@ #include #include #include +#include #include "ssherr.h" #include "sshbuf.h" -- cgit v1.2.3 From cfc1897a2002ec6c4dc879b24e8b3153c87ea2cf Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 9 Oct 2019 09:06:35 +1100 Subject: wrap stdint.h include in HAVE_STDINT_H make the indenting a little more consistent too.. Fixes Solaris 2.6; reported by Tom G. Christensen --- channels.c | 2 +- monitor.c | 2 +- scp.c | 2 +- ssh-keygen.c | 4 +++- sshbuf-getput-basic.c | 4 +++- sshbuf-misc.c | 2 +- xmalloc.c | 2 +- xmss_commons.c | 2 +- xmss_fast.c | 2 +- xmss_hash.c | 2 +- xmss_hash_address.c | 2 +- xmss_wots.c | 2 +- 12 files changed, 16 insertions(+), 12 deletions(-) (limited to 'sshbuf-getput-basic.c') diff --git a/channels.c b/channels.c index 47521d3e7..0f45aee4e 100644 --- a/channels.c +++ b/channels.c @@ -59,7 +59,7 @@ #include #include #ifdef HAVE_STDINT_H - #include +# include #endif #include #include diff --git a/monitor.c b/monitor.c index 96d10913c..5076a74ff 100644 --- a/monitor.c +++ b/monitor.c @@ -40,7 +40,7 @@ #include #include #ifdef HAVE_STDINT_H -#include +# include #endif #include #include diff --git a/scp.c b/scp.c index 84a76d0b8..0348d0673 100644 --- a/scp.c +++ b/scp.c @@ -101,7 +101,7 @@ #include #include #ifdef HAVE_STDINT_H -#include +# include #endif #include #include diff --git a/ssh-keygen.c b/ssh-keygen.c index 85fb4424f..8c829cad6 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -24,7 +24,9 @@ #include "openbsd-compat/openssl-compat.h" #endif -#include +#ifdef HAVE_STDINT_H +# include +#endif #include #include #include diff --git a/sshbuf-getput-basic.c b/sshbuf-getput-basic.c index ffa20a02c..d401a7265 100644 --- a/sshbuf-getput-basic.c +++ b/sshbuf-getput-basic.c @@ -24,7 +24,9 @@ #include #include #include -#include +#ifdef HAVE_STDINT_H +# include +#endif #include "ssherr.h" #include "sshbuf.h" diff --git a/sshbuf-misc.c b/sshbuf-misc.c index 65987e251..a73f008b0 100644 --- a/sshbuf-misc.c +++ b/sshbuf-misc.c @@ -23,7 +23,7 @@ #include #include #ifdef HAVE_STDINT_H -#include +# include #endif #include #include diff --git a/xmalloc.c b/xmalloc.c index dc22757b0..9cd0127dd 100644 --- a/xmalloc.c +++ b/xmalloc.c @@ -17,7 +17,7 @@ #include #ifdef HAVE_STDINT_H -#include +# include #endif #include #include diff --git a/xmss_commons.c b/xmss_commons.c index 59486aead..8d6b80b6e 100644 --- a/xmss_commons.c +++ b/xmss_commons.c @@ -13,7 +13,7 @@ Public domain. #include #include #ifdef HAVE_STDINT_H -#include +# include #endif void to_byte(unsigned char *out, unsigned long long in, uint32_t bytes) diff --git a/xmss_fast.c b/xmss_fast.c index e37447f60..421b39a37 100644 --- a/xmss_fast.c +++ b/xmss_fast.c @@ -12,7 +12,7 @@ Public domain. #include #include #ifdef HAVE_STDINT_H -#include +# include #endif #include "xmss_fast.h" diff --git a/xmss_hash.c b/xmss_hash.c index b9eee7cff..50a577943 100644 --- a/xmss_hash.c +++ b/xmss_hash.c @@ -15,7 +15,7 @@ Public domain. #include #ifdef HAVE_STDINT_H -#include +# include #endif #include #include diff --git a/xmss_hash_address.c b/xmss_hash_address.c index c6c1347e9..2702c4562 100644 --- a/xmss_hash_address.c +++ b/xmss_hash_address.c @@ -9,7 +9,7 @@ Public domain. #ifdef WITH_XMSS #ifdef HAVE_STDINT_H -#include +# include #endif #include "xmss_hash_address.h" /* prototypes */ diff --git a/xmss_wots.c b/xmss_wots.c index ed904cd75..993e661f6 100644 --- a/xmss_wots.c +++ b/xmss_wots.c @@ -11,7 +11,7 @@ Public domain. #include #ifdef HAVE_STDINT_H -#include +# include #endif #include #include "xmss_commons.h" -- cgit v1.2.3