- miod@cvs.openbsd.org 2003/09/18 13:02:21
[authfd.c bufaux.c dh.c mac.c ssh-keygen.c]
A few signedness fixes for harmless situations; markus@ ok
This commit is contained in:
Darren Tucker
parent
fb16b2411e
commit
c0815c927e
|
|
@ -43,6 +43,9 @@
|
||||||
[deattack.c misc.c session.c ssh-agent.c]
|
[deattack.c misc.c session.c ssh-agent.c]
|
||||||
more buffer allocation fixes; from Solar Designer; CAN-2003-0682;
|
more buffer allocation fixes; from Solar Designer; CAN-2003-0682;
|
||||||
ok millert@
|
ok millert@
|
||||||
|
- miod@cvs.openbsd.org 2003/09/18 13:02:21
|
||||||
|
[authfd.c bufaux.c dh.c mac.c ssh-keygen.c]
|
||||||
|
A few signedness fixes for harmless situations; markus@ ok
|
||||||
|
|
||||||
20030919
|
20030919
|
||||||
- (djm) Bug #683: Remove reference to --with-ipv4-default from INSTALL;
|
- (djm) Bug #683: Remove reference to --with-ipv4-default from INSTALL;
|
||||||
|
|
@ -1179,4 +1182,4 @@
|
||||||
- Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
|
- Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
|
||||||
Report from murple@murple.net, diagnosis from dtucker@zip.com.au
|
Report from murple@murple.net, diagnosis from dtucker@zip.com.au
|
||||||
|
|
||||||
$Id: ChangeLog,v 1.3027 2003/09/22 11:04:23 dtucker Exp $
|
$Id: ChangeLog,v 1.3028 2003/09/22 11:05:50 dtucker Exp $
|
||||||
|
|
|
||||||
9
authfd.c
9
authfd.c
|
|
@ -35,7 +35,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: authfd.c,v 1.61 2003/06/28 16:23:06 deraadt Exp $");
|
RCSID("$OpenBSD: authfd.c,v 1.62 2003/09/18 13:02:21 miod Exp $");
|
||||||
|
|
||||||
#include <openssl/evp.h>
|
#include <openssl/evp.h>
|
||||||
|
|
||||||
|
|
@ -114,7 +114,8 @@ ssh_get_authentication_socket(void)
|
||||||
static int
|
static int
|
||||||
ssh_request_reply(AuthenticationConnection *auth, Buffer *request, Buffer *reply)
|
ssh_request_reply(AuthenticationConnection *auth, Buffer *request, Buffer *reply)
|
||||||
{
|
{
|
||||||
int l, len;
|
int l;
|
||||||
|
u_int len;
|
||||||
char buf[1024];
|
char buf[1024];
|
||||||
|
|
||||||
/* Get the length of the message, and format it in the buffer. */
|
/* Get the length of the message, and format it in the buffer. */
|
||||||
|
|
@ -147,7 +148,7 @@ ssh_request_reply(AuthenticationConnection *auth, Buffer *request, Buffer *reply
|
||||||
/* Extract the length, and check it for sanity. */
|
/* Extract the length, and check it for sanity. */
|
||||||
len = GET_32BIT(buf);
|
len = GET_32BIT(buf);
|
||||||
if (len > 256 * 1024)
|
if (len > 256 * 1024)
|
||||||
fatal("Authentication response too long: %d", len);
|
fatal("Authentication response too long: %u", len);
|
||||||
|
|
||||||
/* Read the rest of the response in to the buffer. */
|
/* Read the rest of the response in to the buffer. */
|
||||||
buffer_clear(reply);
|
buffer_clear(reply);
|
||||||
|
|
@ -292,7 +293,7 @@ ssh_get_num_identities(AuthenticationConnection *auth, int version)
|
||||||
|
|
||||||
/* Get the number of entries in the response and check it for sanity. */
|
/* Get the number of entries in the response and check it for sanity. */
|
||||||
auth->howmany = buffer_get_int(&auth->identities);
|
auth->howmany = buffer_get_int(&auth->identities);
|
||||||
if (auth->howmany > 1024)
|
if ((u_int)auth->howmany > 1024)
|
||||||
fatal("Too many identities in authentication reply: %d",
|
fatal("Too many identities in authentication reply: %d",
|
||||||
auth->howmany);
|
auth->howmany);
|
||||||
|
|
||||||
|
|
|
||||||
8
bufaux.c
8
bufaux.c
|
|
@ -37,7 +37,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: bufaux.c,v 1.29 2003/04/08 20:21:28 itojun Exp $");
|
RCSID("$OpenBSD: bufaux.c,v 1.30 2003/09/18 13:02:21 miod Exp $");
|
||||||
|
|
||||||
#include <openssl/bn.h>
|
#include <openssl/bn.h>
|
||||||
#include "bufaux.h"
|
#include "bufaux.h"
|
||||||
|
|
@ -80,7 +80,7 @@ buffer_put_bignum(Buffer *buffer, BIGNUM *value)
|
||||||
void
|
void
|
||||||
buffer_get_bignum(Buffer *buffer, BIGNUM *value)
|
buffer_get_bignum(Buffer *buffer, BIGNUM *value)
|
||||||
{
|
{
|
||||||
int bits, bytes;
|
u_int bits, bytes;
|
||||||
u_char buf[2], *bin;
|
u_char buf[2], *bin;
|
||||||
|
|
||||||
/* Get the number for bits. */
|
/* Get the number for bits. */
|
||||||
|
|
@ -103,10 +103,10 @@ buffer_get_bignum(Buffer *buffer, BIGNUM *value)
|
||||||
void
|
void
|
||||||
buffer_put_bignum2(Buffer *buffer, BIGNUM *value)
|
buffer_put_bignum2(Buffer *buffer, BIGNUM *value)
|
||||||
{
|
{
|
||||||
int bytes = BN_num_bytes(value) + 1;
|
u_int bytes = BN_num_bytes(value) + 1;
|
||||||
u_char *buf = xmalloc(bytes);
|
u_char *buf = xmalloc(bytes);
|
||||||
int oi;
|
int oi;
|
||||||
int hasnohigh = 0;
|
u_int hasnohigh = 0;
|
||||||
|
|
||||||
buf[0] = '\0';
|
buf[0] = '\0';
|
||||||
/* Get the value of in binary */
|
/* Get the value of in binary */
|
||||||
|
|
|
||||||
4
dh.c
4
dh.c
|
|
@ -23,7 +23,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: dh.c,v 1.24 2003/04/08 20:21:28 itojun Exp $");
|
RCSID("$OpenBSD: dh.c,v 1.25 2003/09/18 13:02:21 miod Exp $");
|
||||||
|
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
|
|
||||||
|
|
@ -198,7 +198,7 @@ dh_gen_key(DH *dh, int need)
|
||||||
|
|
||||||
if (dh->p == NULL)
|
if (dh->p == NULL)
|
||||||
fatal("dh_gen_key: dh->p == NULL");
|
fatal("dh_gen_key: dh->p == NULL");
|
||||||
if (2*need >= BN_num_bits(dh->p))
|
if (need > INT_MAX / 2 || 2 * need >= BN_num_bits(dh->p))
|
||||||
fatal("dh_gen_key: group too small: %d (2*need %d)",
|
fatal("dh_gen_key: group too small: %d (2*need %d)",
|
||||||
BN_num_bits(dh->p), 2*need);
|
BN_num_bits(dh->p), 2*need);
|
||||||
do {
|
do {
|
||||||
|
|
|
||||||
4
mac.c
4
mac.c
|
|
@ -23,7 +23,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: mac.c,v 1.5 2002/05/16 22:02:50 markus Exp $");
|
RCSID("$OpenBSD: mac.c,v 1.6 2003/09/18 13:02:21 miod Exp $");
|
||||||
|
|
||||||
#include <openssl/hmac.h>
|
#include <openssl/hmac.h>
|
||||||
|
|
||||||
|
|
@ -77,7 +77,7 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen)
|
||||||
|
|
||||||
if (mac->key == NULL)
|
if (mac->key == NULL)
|
||||||
fatal("mac_compute: no key");
|
fatal("mac_compute: no key");
|
||||||
if (mac->mac_len > sizeof(m))
|
if ((u_int)mac->mac_len > sizeof(m))
|
||||||
fatal("mac_compute: mac too long");
|
fatal("mac_compute: mac too long");
|
||||||
HMAC_Init(&c, mac->key, mac->key_len, mac->md);
|
HMAC_Init(&c, mac->key, mac->key_len, mac->md);
|
||||||
PUT_32BIT(b, seqno);
|
PUT_32BIT(b, seqno);
|
||||||
|
|
|
||||||
|
|
@ -12,7 +12,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: ssh-keygen.c,v 1.108 2003/08/14 16:08:58 markus Exp $");
|
RCSID("$OpenBSD: ssh-keygen.c,v 1.109 2003/09/18 13:02:21 miod Exp $");
|
||||||
|
|
||||||
#include <openssl/evp.h>
|
#include <openssl/evp.h>
|
||||||
#include <openssl/pem.h>
|
#include <openssl/pem.h>
|
||||||
|
|
@ -191,8 +191,8 @@ do_convert_to_ssh2(struct passwd *pw)
|
||||||
static void
|
static void
|
||||||
buffer_get_bignum_bits(Buffer *b, BIGNUM *value)
|
buffer_get_bignum_bits(Buffer *b, BIGNUM *value)
|
||||||
{
|
{
|
||||||
int bits = buffer_get_int(b);
|
u_int bits = buffer_get_int(b);
|
||||||
int bytes = (bits + 7) / 8;
|
u_int bytes = (bits + 7) / 8;
|
||||||
|
|
||||||
if (buffer_len(b) < bytes)
|
if (buffer_len(b) < bytes)
|
||||||
fatal("buffer_get_bignum_bits: input buffer too small: "
|
fatal("buffer_get_bignum_bits: input buffer too small: "
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue