Merged OpenBSD CVS changes that go away

ChangeLog

@@ -19,9 +19,9 @@
    - Added support for PAM_TEXT_INFO messages
    - Disable internal /etc/nologin support if PAM enabled
  - Merged latest OpenBSD CVS changes:
+   - [all] replace assert() with error, fatal or packet_disconnect
    - [sshd.c] don't send fail-msg but disconnect if too many authentication
      failures
-   - [sshd.c] replace assert() with error, fatal or packet_disconnect
    - [sshd.c] remove unused argument. ok dugsong
    - [sshd.c] typo
    - [rsa.c] clear buffers used for encryption. ok: niels

auth-rsa.c

@@ -17,7 +17,7 @@ validity of the host key.
 
 #include "config.h"
 #include "includes.h"
-RCSID("$Id: auth-rsa.c,v 1.3 1999/10/28 05:23:30 damien Exp $");
+RCSID("$Id: auth-rsa.c,v 1.4 1999/11/08 05:15:55 damien Exp $");
 
 #include "rsa.h"
 #include "packet.h"
@@ -98,7 +98,9 @@ auth_rsa_challenge_dialog(unsigned int bits, BIGNUM *e, BIGNUM *n)
 
   /* The response is MD5 of decrypted challenge plus session id. */
   len = BN_num_bytes(challenge);
-  assert(len <= 32 && len);
+  if (len <= 0 || len > 32)
+    fatal("auth_rsa_challenge_dialog: bad challenge length %d", len);
+
   memset(buf, 0, 32);
   BN_bn2bin(challenge, buf + 32 - len);
   MD5_Init(&md);

bufaux.c

@@ -16,7 +16,7 @@ Buffers.
 
 #include "config.h"
 #include "includes.h"
-RCSID("$Id: bufaux.c,v 1.2 1999/10/28 03:25:17 damien Exp $");
+RCSID("$Id: bufaux.c,v 1.3 1999/11/08 05:15:55 damien Exp $");
 
 #include "ssh.h"
 
@@ -45,7 +45,9 @@ buffer_put_bignum(Buffer *buffer, BIGNUM *value)
   
   /* Get the value of in binary */
   oi = BN_bn2bin(value, buf);
-  assert(oi == bin_size);
+  if (oi != bin_size)
+    fatal("buffer_put_bignum: BN_bn2bin() failed: oi %d != bin_size %d",
+	  oi, bin_size);
 
   /* Store the number of bits in the buffer in two bytes, msb first. */
   PUT_16BIT(msg, bits);

channels.c

@@ -16,7 +16,7 @@ arbitrary tcp/ip connections, and the authentication agent connection.
 */
 
 #include "includes.h"
-RCSID("$Id: channels.c,v 1.3 1999/10/30 01:39:56 damien Exp $");
+RCSID("$Id: channels.c,v 1.4 1999/11/08 05:15:55 damien Exp $");
 
 #include "ssh.h"
 #include "packet.h"
@@ -166,8 +166,10 @@ int channel_allocate(int type, int sock, char *remote_name)
 
 void channel_free(int channel)
 {
-  assert(channel >= 0 && channel < channels_alloc &&
-	 channels[channel].type != SSH_CHANNEL_FREE);
+  if (channel < 0 || channel >= channels_alloc ||
+      channels[channel].type == SSH_CHANNEL_FREE)
+    packet_disconnect("channel free: bad local channel %d", channel);
+
   if(compat13)
     shutdown(channels[channel].sock, SHUT_RDWR);
   close(channels[channel].sock);
@@ -307,9 +309,17 @@ void channel_prepare_select(fd_set *readset, fd_set *writeset)
 	      goto reject;
 	    }
 
+	  /* Check fake data length */
+	  if (x11_fake_data_len != x11_saved_data_len)
+	    {
+	      error("X11 fake_data_len %d != saved_data_len %d",
+		     x11_fake_data_len, x11_saved_data_len);
+	      ch->type = SSH_CHANNEL_OPEN;
+	      goto reject;
+	    }
+
 	  /* Received authentication protocol and data match our fake data.
 	     Substitute the fake data with real data. */
-	  assert(x11_fake_data_len == x11_saved_data_len);
 	  memcpy(ucp + 12 + ((proto_len + 3) & ~3),
 		 x11_saved_data, x11_saved_data_len);
 

cipher.c

@@ -13,7 +13,7 @@ Created: Wed Apr 19 17:41:39 1995 ylo
 
 #include "config.h"
 #include "includes.h"
-RCSID("$Id: cipher.c,v 1.3 1999/10/28 05:23:30 damien Exp $");
+RCSID("$Id: cipher.c,v 1.4 1999/11/08 05:15:55 damien Exp $");
 
 #include "ssh.h"
 #include "cipher.h"
@@ -93,8 +93,6 @@ swap_bytes(const unsigned char *src, unsigned char *dst_, int n)
     char c[4];
   } t;
 
-  /* assert((n & 7) == 0); */
-
   /* Process 8 bytes every lap. */
   for (n = n / 8; n > 0; n--)
     {
@@ -248,7 +246,8 @@ void cipher_set_key(CipherContext *context, int cipher,
 void cipher_encrypt(CipherContext *context, unsigned char *dest,
 		    const unsigned char *src, unsigned int len)
 {
-  assert((len & 7) == 0);
+  if ((len & 7) != 0)
+    fatal("cipher_encrypt: bad plaintext length %d", len);
 
   switch (context->type)
     {
@@ -280,7 +279,8 @@ void cipher_encrypt(CipherContext *context, unsigned char *dest,
 void cipher_decrypt(CipherContext *context, unsigned char *dest,
 		    const unsigned char *src, unsigned int len)
 {
-  assert((len & 7) == 0);
+  if ((len & 7) != 0)
+    fatal("cipher_decrypt: bad ciphertext length %d", len);
 
   switch (context->type)
     {

deattack.c

@@ -1,5 +1,5 @@
 /*
- * $Id: deattack.c,v 1.1 1999/10/27 03:42:44 damien Exp $
+ * $Id: deattack.c,v 1.2 1999/11/08 05:15:55 damien Exp $
  * Cryptographic attack detector for ssh - source code
  *
  * Copyright (c) 1998 CORE SDI S.A., Buenos Aires, Argentina.
@@ -100,9 +100,10 @@ detect_attack(unsigned char *buf, u_int32_t len, unsigned char *IV)
   register unsigned char *c;
   unsigned char  *d;
 
-
-  assert(len <= (SSH_MAXBLOCKS * SSH_BLOCKSIZE));
-  assert(len % SSH_BLOCKSIZE == 0);
+  if (len > (SSH_MAXBLOCKS * SSH_BLOCKSIZE) ||
+      len % SSH_BLOCKSIZE != 0) {
+    fatal("detect_attack: bad length %d", len);
+  }
 
   for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2);
 

hostfile.c

@@ -14,7 +14,7 @@ Functions for manipulating the known hosts files.
 */
 
 #include "includes.h"
-RCSID("$Id: hostfile.c,v 1.1 1999/10/27 03:42:44 damien Exp $");
+RCSID("$Id: hostfile.c,v 1.2 1999/11/08 05:15:55 damien Exp $");
 
 #include "packet.h"
 #include "ssh.h"
@@ -265,11 +265,19 @@ add_host_to_hostfile(const char *filename, const char *host,
   /* Print the host name and key to the file. */
   fprintf(f, "%s %u ", host, bits);
   buf = BN_bn2dec(e);
-  assert(buf != NULL);
+  if (buf == NULL) {
+    error("add_host_to_hostfile: BN_bn2dec #1 failed");
+    fclose(f);
+    return 0;
+  }
   fprintf(f, "%s ", buf);
   free (buf);
   buf = BN_bn2dec(n);
-  assert(buf != NULL);
+  if (buf == NULL) {
+    error("add_host_to_hostfile: BN_bn2dec #2 failed");
+    fclose(f);
+    return 0;
+  }
   fprintf(f, "%s\n", buf);
   free (buf);
 

packet.c

@@ -15,7 +15,7 @@ with the other side.  This same code is used both on client and server side.
 */
 
 #include "includes.h"
-RCSID("$Id: packet.c,v 1.1 1999/10/27 03:42:44 damien Exp $");
+RCSID("$Id: packet.c,v 1.2 1999/11/08 05:15:55 damien Exp $");
 
 #include "xmalloc.h"
 #include "buffer.h"
@@ -194,7 +194,6 @@ void
 packet_encrypt(CipherContext *cc, void *dest, void *src, 
 	       unsigned int bytes)
 {
-  assert((bytes % 8) == 0);
   cipher_encrypt(cc, dest, src, bytes);
 }
 
@@ -207,7 +206,8 @@ packet_decrypt(CipherContext *cc, void *dest, void *src,
 {
   int i;
   
-  assert((bytes % 8) == 0);
+  if ((bytes % 8) != 0)
+    fatal("packet_decrypt: bad ciphertext length %d", bytes);
   
   /*
     Cryptographic attack detector for ssh - Modifications for packet.c 
@@ -500,7 +500,11 @@ packet_read_poll(int *payload_len_ptr)
   buffer_consume(&incoming_packet, 8 - len % 8);
 
   /* Test check bytes. */
-  assert(len == buffer_len(&incoming_packet));
+
+  if (len != buffer_len(&incoming_packet))
+    packet_disconnect("packet_read_poll: len %d != buffer_len %d.",
+		      len, buffer_len(&incoming_packet));
+
   ucp = (unsigned char *)buffer_ptr(&incoming_packet) + len - 4;
   stored_checksum = GET_32BIT(ucp);
   if (checksum != stored_checksum)

ssh-add.c

@@ -14,7 +14,7 @@ Adds an identity to the authentication server, or removes an identity.
 */
 
 #include "includes.h"
-RCSID("$Id: ssh-add.c,v 1.3 1999/11/08 04:30:59 damien Exp $");
+RCSID("$Id: ssh-add.c,v 1.4 1999/11/08 05:15:55 damien Exp $");
 
 #include "rsa.h"
 #include "ssh.h"
@@ -201,13 +201,19 @@ list_identities(AuthenticationConnection *ac)
       had_identities = 1;
       printf("%d ", bits);
       buf = BN_bn2dec(e);
-      assert(buf != NULL);
-      printf("%s ", buf);
-      free (buf);
+      if (buf != NULL) {
+        printf("%s ", buf);
+        free (buf);
+      } else {
+	error("list_identities: BN_bn2dec #1 failed.");
+      }
       buf = BN_bn2dec(n);
-      assert(buf != NULL);
-      printf("%s %s\n", buf, comment);
-      free (buf);
+      if (buf != NULL) {
+        printf("%s %s\n", buf, comment);
+        free (buf);
+      } else {
+	error("list_identities: BN_bn2dec #2 failed.");
+      }
       xfree(comment);
     }
   BN_clear_free(e);

ssh-agent.c

@@ -16,7 +16,7 @@ The authentication agent program.
 */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-agent.c,v 1.16 1999/10/28 20:41:23 markus Exp $");
+RCSID("$OpenBSD: ssh-agent.c,v 1.17 1999/11/02 19:42:36 markus Exp $");
 
 #include "ssh.h"
 #include "rsa.h"
@@ -136,7 +136,12 @@ process_authentication_challenge(SocketEntry *e)
 	  case 1: /* As of protocol 1.1 */
 	    /* The response is MD5 of decrypted challenge plus session id. */
 	    len = BN_num_bytes(challenge);
-	    assert(len <= 32 && len);
+
+	    if (len <= 0 || len > 32) {
+	      fatal("process_authentication_challenge: "
+		    "bad challenge length %d", len);
+	    }
+
 	    memset(buf, 0, 32);
 	    BN_bn2bin(challenge, buf + 32 - len);
 	    MD5_Init(&md);

ssh.h

@@ -13,7 +13,7 @@ Generic header file for ssh.
 
 */
 
-/* RCSID("$Id: ssh.h,v 1.6 1999/11/08 04:30:59 damien Exp $"); */
+/* RCSID("$Id: ssh.h,v 1.7 1999/11/08 05:15:55 damien Exp $"); */
 
 #ifndef SSH_H
 #define SSH_H
@@ -597,7 +597,7 @@ int ssh_tf_init(uid_t uid);
 
 /* Accept passed Kerberos v4 ticket-granting ticket and AFS tokens. */
 int auth_kerberos_tgt(struct passwd *pw, const char *string);
-int auth_afs_token(char *server_user, uid_t uid, const char *string);
+int auth_afs_token(struct passwd *pw, const char *token_string);
 
 int creds_to_radix(CREDENTIALS *creds, unsigned char *buf);
 int radix_to_creds(const char *buf, CREDENTIALS *creds);

sshconnect.c

@@ -16,7 +16,7 @@ login (authentication) dialog.
 
 #include "config.h"
 #include "includes.h"
-RCSID("$Id: sshconnect.c,v 1.3 1999/10/28 05:23:30 damien Exp $");
+RCSID("$Id: sshconnect.c,v 1.4 1999/11/08 05:15:55 damien Exp $");
 
 #ifdef HAVE_OPENSSL
 #include <openssl/bn.h>
@@ -457,7 +457,10 @@ respond_to_rsa_challenge(BIGNUM *challenge, RSA *prv)
   /* Compute the response. */
   /* The response is MD5 of decrypted challenge plus session id. */
   len = BN_num_bytes(challenge);
-  assert(len <= sizeof(buf) && len);
+  if (len <= 0 || len > sizeof(buf))
+    packet_disconnect("respond_to_rsa_challenge: bad challenge length %d",
+		      len);
+
   memset(buf, 0, sizeof(buf));
   BN_bn2bin(challenge, buf + sizeof(buf) - len);
   MD5_Init(&md);
@@ -1298,8 +1301,14 @@ void ssh_login(int host_key_valid,
   if (BN_cmp(public_key->n, host_key->n) < 0)
     {
       /* Public key has smaller modulus. */
-      assert(BN_num_bits(host_key->n) >= 
-	     BN_num_bits(public_key->n) + SSH_KEY_BITS_RESERVED);
+      if (BN_num_bits(host_key->n) < 
+	  BN_num_bits(public_key->n) + SSH_KEY_BITS_RESERVED) {
+        fatal("respond_to_rsa_challenge: host_key %d < public_key %d + "
+	      "SSH_KEY_BITS_RESERVED %d",
+	      BN_num_bits(host_key->n),
+              BN_num_bits(public_key->n),
+	      SSH_KEY_BITS_RESERVED);
+      }
 
       rsa_public_encrypt(key, key, public_key);
       rsa_public_encrypt(key, key, host_key);
@@ -1307,8 +1316,14 @@ void ssh_login(int host_key_valid,
   else
     {
       /* Host key has smaller modulus (or they are equal). */
-      assert(BN_num_bits(public_key->n) >=
-	     BN_num_bits(host_key->n) + SSH_KEY_BITS_RESERVED);
+      if (BN_num_bits(public_key->n) < 
+	  BN_num_bits(host_key->n) + SSH_KEY_BITS_RESERVED) {
+        fatal("respond_to_rsa_challenge: public_key %d < host_key %d + "
+	      "SSH_KEY_BITS_RESERVED %d",
+	      BN_num_bits(public_key->n),
+              BN_num_bits(host_key->n),
+	      SSH_KEY_BITS_RESERVED);
+      }
 
       rsa_public_encrypt(key, key, host_key);
       rsa_public_encrypt(key, key, public_key);

sshd.c

@@ -18,7 +18,7 @@ agent connections.
 */
 
 #include "includes.h"
-RCSID("$Id: sshd.c,v 1.11 1999/11/08 04:30:59 damien Exp $");
+RCSID("$Id: sshd.c,v 1.12 1999/11/08 05:15:55 damien Exp $");
 
 #include "xmalloc.h"
 #include "rsa.h"