Import of OpenSSH 3.4p1

[gssapi-openssh.git] / openssh / bufaux.c

diff --git a/openssh/bufaux.c b/openssh/bufaux.c
index 79f8bbd49667f528e6f56d39459c51573a4a2e57..d3dc674ce4043d1c62abedfb6b1a2903a03afa22 100644 (file)
--- a/openssh/bufaux.c
+++ b/openssh/bufaux.c
@@ -37,7 +37,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: bufaux.c,v 1.25 2002/04/20 09:14:58 markus Exp $");
+RCSID("$OpenBSD: bufaux.c,v 1.27 2002/06/26 08:53:12 markus Exp $");
 
 #include <openssl/bn.h>
 #include "bufaux.h"
@@ -88,6 +88,8 @@ buffer_get_bignum(Buffer *buffer, BIGNUM *value)
        bits = GET_16BIT(buf);
        /* Compute the number of binary bytes that follow. */
        bytes = (bits + 7) / 8;
+       if (bytes > 8 * 1024)
+               fatal("buffer_get_bignum: cannot handle BN of size %d", bytes);
        if (buffer_len(buffer) < bytes)
                fatal("buffer_get_bignum: input buffer too small");
        bin = buffer_ptr(buffer);
@@ -105,6 +107,7 @@ buffer_put_bignum2(Buffer *buffer, BIGNUM *value)
        u_char *buf = xmalloc(bytes);
        int oi;
        int hasnohigh = 0;
+
        buf[0] = '\0';
        /* Get the value of in binary */
        oi = BN_bn2bin(value, buf+1);
@@ -128,12 +131,15 @@ buffer_put_bignum2(Buffer *buffer, BIGNUM *value)
        xfree(buf);
 }
 
+/* XXX does not handle negative BNs */
 void
 buffer_get_bignum2(Buffer *buffer, BIGNUM *value)
 {
-       /**XXX should be two's-complement */
-       int len;
-       u_char *bin = buffer_get_string(buffer, (u_int *)&len);
+       u_int len;
+       u_char *bin = buffer_get_string(buffer, &len);
+
+       if (len > 8 * 1024)
+               fatal("buffer_get_bignum2: cannot handle BN of size %d", len);
        BN_bin2bn(bin, len, value);
        xfree(bin);
 }
@@ -145,6 +151,7 @@ u_short
 buffer_get_short(Buffer *buffer)
 {
        u_char buf[2];
+
        buffer_get(buffer, (char *) buf, 2);
        return GET_16BIT(buf);
 }
@@ -153,6 +160,7 @@ u_int
 buffer_get_int(Buffer *buffer)
 {
        u_char buf[4];
+
        buffer_get(buffer, (char *) buf, 4);
        return GET_32BIT(buf);
 }
@@ -162,6 +170,7 @@ u_int64_t
 buffer_get_int64(Buffer *buffer)
 {
        u_char buf[8];
+
        buffer_get(buffer, (char *) buf, 8);
        return GET_64BIT(buf);
 }
@@ -174,6 +183,7 @@ void
 buffer_put_short(Buffer *buffer, u_short value)
 {
        char buf[2];
+
        PUT_16BIT(buf, value);
        buffer_append(buffer, buf, 2);
 }
@@ -182,6 +192,7 @@ void
 buffer_put_int(Buffer *buffer, u_int value)
 {
        char buf[4];
+
        PUT_32BIT(buf, value);
        buffer_append(buffer, buf, 4);
 }
@@ -191,6 +202,7 @@ void
 buffer_put_int64(Buffer *buffer, u_int64_t value)
 {
        char buf[8];
+
        PUT_64BIT(buf, value);
        buffer_append(buffer, buf, 8);
 }
@@ -207,8 +219,9 @@ buffer_put_int64(Buffer *buffer, u_int64_t value)
 void *
 buffer_get_string(Buffer *buffer, u_int *length_ptr)
 {
-       u_int len;
        u_char *value;
+       u_int len;
+
        /* Get the length. */
        len = buffer_get_int(buffer);
        if (len > 256 * 1024)
@@ -249,6 +262,7 @@ int
 buffer_get_char(Buffer *buffer)
 {
        char ch;
+
        buffer_get(buffer, &ch, 1);
        return (u_char) ch;
 }
@@ -260,5 +274,6 @@ void
 buffer_put_char(Buffer *buffer, int value)
 {
        char ch = value;
+
        buffer_append(buffer, &ch, 1);
 }