*/
#include "includes.h"
-RCSID("$OpenBSD: authfile.c,v 1.55 2003/09/18 07:56:05 markus Exp $");
+RCSID("$OpenBSD: authfile.c,v 1.57 2004/06/21 17:36:31 avsm Exp $");
#include <openssl/err.h>
#include <openssl/evp.h>
int fd, i, cipher_num;
CipherContext ciphercontext;
Cipher *cipher;
- u_int32_t rand;
+ u_int32_t rnd;
/*
* If the passphrase is empty, use SSH_CIPHER_NONE to ease converting
buffer_init(&buffer);
/* Put checkbytes for checking passphrase validity. */
- rand = arc4random();
- buf[0] = rand & 0xff;
- buf[1] = (rand >> 8) & 0xff;
+ rnd = arc4random();
+ buf[0] = rnd & 0xff;
+ buf[1] = (rnd >> 8) & 0xff;
buf[2] = buf[0];
buf[3] = buf[1];
buffer_append(&buffer, buf, 4);
struct stat st;
char *cp;
int i;
- off_t len;
+ size_t len;
if (fstat(fd, &st) < 0) {
error("fstat for key file %.200s failed: %.100s",
filename, strerror(errno));
return NULL;
}
- len = st.st_size;
+ if (st.st_size > 1*1024*1024)
+ close(fd);
+ len = (size_t)st.st_size; /* truncated */
buffer_init(&buffer);
cp = buffer_append_space(&buffer, len);
char **commentp)
{
int i, check1, check2, cipher_type;
- off_t len;
+ size_t len;
Buffer buffer, decrypted;
u_char *cp;
CipherContext ciphercontext;
close(fd);
return NULL;
}
- len = st.st_size;
+ if (st.st_size > 1*1024*1024) {
+ close(fd);
+ return (NULL);
+ }
+ len = (size_t)st.st_size; /* truncated */
buffer_init(&buffer);
cp = buffer_append_space(&buffer, len);