X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/b0a892b29564622381232f4a1722880cd6fc3383..d03186af8de9b660564ccc1804d2a9c2e93b2e58:/bufbn.c

diff --git a/bufbn.c b/bufbn.c
index 56f4f6d5..251cd095 100644
--- a/bufbn.c
+++ b/bufbn.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bufbn.c,v 1.1 2006/04/18 10:44:28 dtucker Exp $*/
+/* $OpenBSD: bufbn.c,v 1.6 2007/06/02 09:04:58 djm Exp $*/
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -39,9 +39,15 @@
 
 #include "includes.h"
 
+#include <sys/types.h>
+
 #include <openssl/bn.h>
-#include "bufaux.h"
+
+#include <string.h>
+#include <stdarg.h>
+
 #include "xmalloc.h"
+#include "buffer.h"
 #include "log.h"
 #include "misc.h"
 
@@ -87,7 +93,7 @@ buffer_put_bignum(Buffer *buffer, const BIGNUM *value)
 }
 
 /*
- * Retrieves an BIGNUM from the buffer.
+ * Retrieves a BIGNUM from the buffer.
  */
 int
 buffer_get_bignum_ret(Buffer *buffer, BIGNUM *value)
@@ -95,7 +101,7 @@ buffer_get_bignum_ret(Buffer *buffer, BIGNUM *value)
 	u_int bits, bytes;
 	u_char buf[2], *bin;
 
-	/* Get the number for bits. */
+	/* Get the number of bits. */
 	if (buffer_get_ret(buffer, (char *) buf, 2) == -1) {
 		error("buffer_get_bignum_ret: invalid length");
 		return (-1);
@@ -112,7 +118,10 @@ buffer_get_bignum_ret(Buffer *buffer, BIGNUM *value)
 		return (-1);
 	}
 	bin = buffer_ptr(buffer);
-	BN_bin2bn(bin, bytes, value);
+	if (BN_bin2bn(bin, bytes, value) == NULL) {
+		error("buffer_get_bignum_ret: BN_bin2bn failed");
+		return (-1);
+	}
 	if (buffer_consume_ret(buffer, bytes) == -1) {
 		error("buffer_get_bignum_ret: buffer_consume failed");
 		return (-1);
@@ -128,7 +137,7 @@ buffer_get_bignum(Buffer *buffer, BIGNUM *value)
 }
 
 /*
- * Stores an BIGNUM in the buffer in SSH2 format.
+ * Stores a BIGNUM in the buffer in SSH2 format.
  */
 int
 buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value)
@@ -192,11 +201,16 @@ buffer_get_bignum2_ret(Buffer *buffer, BIGNUM *value)
 		return (-1);
 	}
 	if (len > 8 * 1024) {
-		error("buffer_get_bignum2_ret: cannot handle BN of size %d", len);
+		error("buffer_get_bignum2_ret: cannot handle BN of size %d",
+		    len);
+		xfree(bin);
+		return (-1);
+	}
+	if (BN_bin2bn(bin, len, value) == NULL) {
+		error("buffer_get_bignum2_ret: BN_bin2bn failed");
 		xfree(bin);
 		return (-1);
 	}
-	BN_bin2bn(bin, len, value);
 	xfree(bin);
 	return (0);
 }