From fd7c911f090749774cf1869420523c4811beeeb0 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 8 Nov 1999 16:15:55 +1100 Subject: [PATCH] Merged OpenBSD CVS changes that go away --- ChangeLog | 2 +- auth-rsa.c | 6 ++++-- bufaux.c | 6 ++++-- channels.c | 18 ++++++++++++++---- cipher.c | 10 +++++----- deattack.c | 9 +++++---- hostfile.c | 14 +++++++++++--- packet.c | 12 ++++++++---- ssh-add.c | 20 +++++++++++++------- ssh-agent.c | 9 +++++++-- ssh.h | 4 ++-- sshconnect.c | 27 +++++++++++++++++++++------ sshd.c | 2 +- 13 files changed, 96 insertions(+), 43 deletions(-) diff --git a/ChangeLog b/ChangeLog index 57f9a00ee..088ee0489 100644 --- a/ChangeLog +++ b/ChangeLog @@ -19,9 +19,9 @@ - Added support for PAM_TEXT_INFO messages - Disable internal /etc/nologin support if PAM enabled - Merged latest OpenBSD CVS changes: + - [all] replace assert() with error, fatal or packet_disconnect - [sshd.c] don't send fail-msg but disconnect if too many authentication failures - - [sshd.c] replace assert() with error, fatal or packet_disconnect - [sshd.c] remove unused argument. ok dugsong - [sshd.c] typo - [rsa.c] clear buffers used for encryption. ok: niels diff --git a/auth-rsa.c b/auth-rsa.c index 3be37ffcb..dc1ad81a2 100644 --- a/auth-rsa.c +++ b/auth-rsa.c @@ -17,7 +17,7 @@ validity of the host key. #include "config.h" #include "includes.h" -RCSID("$Id: auth-rsa.c,v 1.3 1999/10/28 05:23:30 damien Exp $"); +RCSID("$Id: auth-rsa.c,v 1.4 1999/11/08 05:15:55 damien Exp $"); #include "rsa.h" #include "packet.h" @@ -98,7 +98,9 @@ auth_rsa_challenge_dialog(unsigned int bits, BIGNUM *e, BIGNUM *n) /* The response is MD5 of decrypted challenge plus session id. */ len = BN_num_bytes(challenge); - assert(len <= 32 && len); + if (len <= 0 || len > 32) + fatal("auth_rsa_challenge_dialog: bad challenge length %d", len); + memset(buf, 0, 32); BN_bn2bin(challenge, buf + 32 - len); MD5_Init(&md); diff --git a/bufaux.c b/bufaux.c index 9d5776f56..31e1ae9ee 100644 --- a/bufaux.c +++ b/bufaux.c @@ -16,7 +16,7 @@ Buffers. #include "config.h" #include "includes.h" -RCSID("$Id: bufaux.c,v 1.2 1999/10/28 03:25:17 damien Exp $"); +RCSID("$Id: bufaux.c,v 1.3 1999/11/08 05:15:55 damien Exp $"); #include "ssh.h" @@ -45,7 +45,9 @@ buffer_put_bignum(Buffer *buffer, BIGNUM *value) /* Get the value of in binary */ oi = BN_bn2bin(value, buf); - assert(oi == bin_size); + if (oi != bin_size) + fatal("buffer_put_bignum: BN_bn2bin() failed: oi %d != bin_size %d", + oi, bin_size); /* Store the number of bits in the buffer in two bytes, msb first. */ PUT_16BIT(msg, bits); diff --git a/channels.c b/channels.c index 79a02c88b..032e8f2af 100644 --- a/channels.c +++ b/channels.c @@ -16,7 +16,7 @@ arbitrary tcp/ip connections, and the authentication agent connection. */ #include "includes.h" -RCSID("$Id: channels.c,v 1.3 1999/10/30 01:39:56 damien Exp $"); +RCSID("$Id: channels.c,v 1.4 1999/11/08 05:15:55 damien Exp $"); #include "ssh.h" #include "packet.h" @@ -166,8 +166,10 @@ int channel_allocate(int type, int sock, char *remote_name) void channel_free(int channel) { - assert(channel >= 0 && channel < channels_alloc && - channels[channel].type != SSH_CHANNEL_FREE); + if (channel < 0 || channel >= channels_alloc || + channels[channel].type == SSH_CHANNEL_FREE) + packet_disconnect("channel free: bad local channel %d", channel); + if(compat13) shutdown(channels[channel].sock, SHUT_RDWR); close(channels[channel].sock); @@ -307,9 +309,17 @@ void channel_prepare_select(fd_set *readset, fd_set *writeset) goto reject; } + /* Check fake data length */ + if (x11_fake_data_len != x11_saved_data_len) + { + error("X11 fake_data_len %d != saved_data_len %d", + x11_fake_data_len, x11_saved_data_len); + ch->type = SSH_CHANNEL_OPEN; + goto reject; + } + /* Received authentication protocol and data match our fake data. Substitute the fake data with real data. */ - assert(x11_fake_data_len == x11_saved_data_len); memcpy(ucp + 12 + ((proto_len + 3) & ~3), x11_saved_data, x11_saved_data_len); diff --git a/cipher.c b/cipher.c index e611d6c71..074913512 100644 --- a/cipher.c +++ b/cipher.c @@ -13,7 +13,7 @@ Created: Wed Apr 19 17:41:39 1995 ylo #include "config.h" #include "includes.h" -RCSID("$Id: cipher.c,v 1.3 1999/10/28 05:23:30 damien Exp $"); +RCSID("$Id: cipher.c,v 1.4 1999/11/08 05:15:55 damien Exp $"); #include "ssh.h" #include "cipher.h" @@ -93,8 +93,6 @@ swap_bytes(const unsigned char *src, unsigned char *dst_, int n) char c[4]; } t; - /* assert((n & 7) == 0); */ - /* Process 8 bytes every lap. */ for (n = n / 8; n > 0; n--) { @@ -248,7 +246,8 @@ void cipher_set_key(CipherContext *context, int cipher, void cipher_encrypt(CipherContext *context, unsigned char *dest, const unsigned char *src, unsigned int len) { - assert((len & 7) == 0); + if ((len & 7) != 0) + fatal("cipher_encrypt: bad plaintext length %d", len); switch (context->type) { @@ -280,7 +279,8 @@ void cipher_encrypt(CipherContext *context, unsigned char *dest, void cipher_decrypt(CipherContext *context, unsigned char *dest, const unsigned char *src, unsigned int len) { - assert((len & 7) == 0); + if ((len & 7) != 0) + fatal("cipher_decrypt: bad ciphertext length %d", len); switch (context->type) { diff --git a/deattack.c b/deattack.c index d5f8608ca..afd96e4e4 100644 --- a/deattack.c +++ b/deattack.c @@ -1,5 +1,5 @@ /* - * $Id: deattack.c,v 1.1 1999/10/27 03:42:44 damien Exp $ + * $Id: deattack.c,v 1.2 1999/11/08 05:15:55 damien Exp $ * Cryptographic attack detector for ssh - source code * * Copyright (c) 1998 CORE SDI S.A., Buenos Aires, Argentina. @@ -100,9 +100,10 @@ detect_attack(unsigned char *buf, u_int32_t len, unsigned char *IV) register unsigned char *c; unsigned char *d; - - assert(len <= (SSH_MAXBLOCKS * SSH_BLOCKSIZE)); - assert(len % SSH_BLOCKSIZE == 0); + if (len > (SSH_MAXBLOCKS * SSH_BLOCKSIZE) || + len % SSH_BLOCKSIZE != 0) { + fatal("detect_attack: bad length %d", len); + } for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2); diff --git a/hostfile.c b/hostfile.c index ca0fe88a2..0e65bfe5f 100644 --- a/hostfile.c +++ b/hostfile.c @@ -14,7 +14,7 @@ Functions for manipulating the known hosts files. */ #include "includes.h" -RCSID("$Id: hostfile.c,v 1.1 1999/10/27 03:42:44 damien Exp $"); +RCSID("$Id: hostfile.c,v 1.2 1999/11/08 05:15:55 damien Exp $"); #include "packet.h" #include "ssh.h" @@ -265,11 +265,19 @@ add_host_to_hostfile(const char *filename, const char *host, /* Print the host name and key to the file. */ fprintf(f, "%s %u ", host, bits); buf = BN_bn2dec(e); - assert(buf != NULL); + if (buf == NULL) { + error("add_host_to_hostfile: BN_bn2dec #1 failed"); + fclose(f); + return 0; + } fprintf(f, "%s ", buf); free (buf); buf = BN_bn2dec(n); - assert(buf != NULL); + if (buf == NULL) { + error("add_host_to_hostfile: BN_bn2dec #2 failed"); + fclose(f); + return 0; + } fprintf(f, "%s\n", buf); free (buf); diff --git a/packet.c b/packet.c index 7e74c73b3..6dfd492a1 100644 --- a/packet.c +++ b/packet.c @@ -15,7 +15,7 @@ with the other side. This same code is used both on client and server side. */ #include "includes.h" -RCSID("$Id: packet.c,v 1.1 1999/10/27 03:42:44 damien Exp $"); +RCSID("$Id: packet.c,v 1.2 1999/11/08 05:15:55 damien Exp $"); #include "xmalloc.h" #include "buffer.h" @@ -194,7 +194,6 @@ void packet_encrypt(CipherContext *cc, void *dest, void *src, unsigned int bytes) { - assert((bytes % 8) == 0); cipher_encrypt(cc, dest, src, bytes); } @@ -207,7 +206,8 @@ packet_decrypt(CipherContext *cc, void *dest, void *src, { int i; - assert((bytes % 8) == 0); + if ((bytes % 8) != 0) + fatal("packet_decrypt: bad ciphertext length %d", bytes); /* Cryptographic attack detector for ssh - Modifications for packet.c @@ -500,7 +500,11 @@ packet_read_poll(int *payload_len_ptr) buffer_consume(&incoming_packet, 8 - len % 8); /* Test check bytes. */ - assert(len == buffer_len(&incoming_packet)); + + if (len != buffer_len(&incoming_packet)) + packet_disconnect("packet_read_poll: len %d != buffer_len %d.", + len, buffer_len(&incoming_packet)); + ucp = (unsigned char *)buffer_ptr(&incoming_packet) + len - 4; stored_checksum = GET_32BIT(ucp); if (checksum != stored_checksum) diff --git a/ssh-add.c b/ssh-add.c index 8effcdb07..07c33d87b 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -14,7 +14,7 @@ Adds an identity to the authentication server, or removes an identity. */ #include "includes.h" -RCSID("$Id: ssh-add.c,v 1.3 1999/11/08 04:30:59 damien Exp $"); +RCSID("$Id: ssh-add.c,v 1.4 1999/11/08 05:15:55 damien Exp $"); #include "rsa.h" #include "ssh.h" @@ -201,13 +201,19 @@ list_identities(AuthenticationConnection *ac) had_identities = 1; printf("%d ", bits); buf = BN_bn2dec(e); - assert(buf != NULL); - printf("%s ", buf); - free (buf); + if (buf != NULL) { + printf("%s ", buf); + free (buf); + } else { + error("list_identities: BN_bn2dec #1 failed."); + } buf = BN_bn2dec(n); - assert(buf != NULL); - printf("%s %s\n", buf, comment); - free (buf); + if (buf != NULL) { + printf("%s %s\n", buf, comment); + free (buf); + } else { + error("list_identities: BN_bn2dec #2 failed."); + } xfree(comment); } BN_clear_free(e); diff --git a/ssh-agent.c b/ssh-agent.c index 4f7f57f03..96bd021eb 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -16,7 +16,7 @@ The authentication agent program. */ #include "includes.h" -RCSID("$OpenBSD: ssh-agent.c,v 1.16 1999/10/28 20:41:23 markus Exp $"); +RCSID("$OpenBSD: ssh-agent.c,v 1.17 1999/11/02 19:42:36 markus Exp $"); #include "ssh.h" #include "rsa.h" @@ -136,7 +136,12 @@ process_authentication_challenge(SocketEntry *e) case 1: /* As of protocol 1.1 */ /* The response is MD5 of decrypted challenge plus session id. */ len = BN_num_bytes(challenge); - assert(len <= 32 && len); + + if (len <= 0 || len > 32) { + fatal("process_authentication_challenge: " + "bad challenge length %d", len); + } + memset(buf, 0, 32); BN_bn2bin(challenge, buf + 32 - len); MD5_Init(&md); diff --git a/ssh.h b/ssh.h index 841633c76..1fd17c1aa 100644 --- a/ssh.h +++ b/ssh.h @@ -13,7 +13,7 @@ Generic header file for ssh. */ -/* RCSID("$Id: ssh.h,v 1.6 1999/11/08 04:30:59 damien Exp $"); */ +/* RCSID("$Id: ssh.h,v 1.7 1999/11/08 05:15:55 damien Exp $"); */ #ifndef SSH_H #define SSH_H @@ -597,7 +597,7 @@ int ssh_tf_init(uid_t uid); /* Accept passed Kerberos v4 ticket-granting ticket and AFS tokens. */ int auth_kerberos_tgt(struct passwd *pw, const char *string); -int auth_afs_token(char *server_user, uid_t uid, const char *string); +int auth_afs_token(struct passwd *pw, const char *token_string); int creds_to_radix(CREDENTIALS *creds, unsigned char *buf); int radix_to_creds(const char *buf, CREDENTIALS *creds); diff --git a/sshconnect.c b/sshconnect.c index 4222646d9..a6f3788f5 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -16,7 +16,7 @@ login (authentication) dialog. #include "config.h" #include "includes.h" -RCSID("$Id: sshconnect.c,v 1.3 1999/10/28 05:23:30 damien Exp $"); +RCSID("$Id: sshconnect.c,v 1.4 1999/11/08 05:15:55 damien Exp $"); #ifdef HAVE_OPENSSL #include @@ -457,7 +457,10 @@ respond_to_rsa_challenge(BIGNUM *challenge, RSA *prv) /* Compute the response. */ /* The response is MD5 of decrypted challenge plus session id. */ len = BN_num_bytes(challenge); - assert(len <= sizeof(buf) && len); + if (len <= 0 || len > sizeof(buf)) + packet_disconnect("respond_to_rsa_challenge: bad challenge length %d", + len); + memset(buf, 0, sizeof(buf)); BN_bn2bin(challenge, buf + sizeof(buf) - len); MD5_Init(&md); @@ -1298,8 +1301,14 @@ void ssh_login(int host_key_valid, if (BN_cmp(public_key->n, host_key->n) < 0) { /* Public key has smaller modulus. */ - assert(BN_num_bits(host_key->n) >= - BN_num_bits(public_key->n) + SSH_KEY_BITS_RESERVED); + if (BN_num_bits(host_key->n) < + BN_num_bits(public_key->n) + SSH_KEY_BITS_RESERVED) { + fatal("respond_to_rsa_challenge: host_key %d < public_key %d + " + "SSH_KEY_BITS_RESERVED %d", + BN_num_bits(host_key->n), + BN_num_bits(public_key->n), + SSH_KEY_BITS_RESERVED); + } rsa_public_encrypt(key, key, public_key); rsa_public_encrypt(key, key, host_key); @@ -1307,8 +1316,14 @@ void ssh_login(int host_key_valid, else { /* Host key has smaller modulus (or they are equal). */ - assert(BN_num_bits(public_key->n) >= - BN_num_bits(host_key->n) + SSH_KEY_BITS_RESERVED); + if (BN_num_bits(public_key->n) < + BN_num_bits(host_key->n) + SSH_KEY_BITS_RESERVED) { + fatal("respond_to_rsa_challenge: public_key %d < host_key %d + " + "SSH_KEY_BITS_RESERVED %d", + BN_num_bits(public_key->n), + BN_num_bits(host_key->n), + SSH_KEY_BITS_RESERVED); + } rsa_public_encrypt(key, key, host_key); rsa_public_encrypt(key, key, public_key); diff --git a/sshd.c b/sshd.c index 6cdcf75ed..a1f9449e2 100644 --- a/sshd.c +++ b/sshd.c @@ -18,7 +18,7 @@ agent connections. */ #include "includes.h" -RCSID("$Id: sshd.c,v 1.11 1999/11/08 04:30:59 damien Exp $"); +RCSID("$Id: sshd.c,v 1.12 1999/11/08 05:15:55 damien Exp $"); #include "xmalloc.h" #include "rsa.h"