- djm@cvs.openbsd.org 2005/06/17 02:44:33

     [auth-rsa.c auth.c auth1.c auth2-chall.c auth2-gss.c authfd.c authfile.c]
     [bufaux.c canohost.c channels.c cipher.c clientloop.c dns.c gss-serv.c]
     [kex.c kex.h key.c mac.c match.c misc.c packet.c packet.h scp.c]
     [servconf.c session.c session.h sftp-client.c sftp-server.c sftp.c]
     [ssh-keyscan.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
     make this -Wsign-compare clean; ok avsm@ markus@
     NB. auth1.c changes not committed yet (conflicts with uncommitted sync)
     NB2. more work may be needed to make portable Wsign-compare clean

diff --git a/ChangeLog b/ChangeLog
index 353b030babe0def4950466be1e05fd21eb0dc343..b8c167363d5c2ecf96466847ec966f600ff832a1 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -8,6 +8,15 @@
      [canohost.c channels.c sshd.c]
      don't exit if getpeername fails for forwarded ports; bugzilla #1054;
      ok djm
+   - djm@cvs.openbsd.org 2005/06/17 02:44:33
+     [auth-rsa.c auth.c auth1.c auth2-chall.c auth2-gss.c authfd.c authfile.c]
+     [bufaux.c canohost.c channels.c cipher.c clientloop.c dns.c gss-serv.c]
+     [kex.c kex.h key.c mac.c match.c misc.c packet.c packet.h scp.c]
+     [servconf.c session.c session.h sftp-client.c sftp-server.c sftp.c]
+     [ssh-keyscan.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
+     make this -Wsign-compare clean; ok avsm@ markus@
+     NB. auth1.c changes not committed yet (conflicts with uncommitted sync)
+     NB2. more work may be needed to make portable Wsign-compare clean
 
 20050616
  - (djm) OpenBSD CVS Sync

diff --git a/auth-rsa.c b/auth-rsa.c
index 4378008d36166a0b031438fcfe0cce12f89dcc3a..d9c9652dc7182b7e46c857f65749823d2816c34f 100644 (file)
--- a/auth-rsa.c
+++ b/auth-rsa.c
@@ -14,7 +14,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth-rsa.c,v 1.62 2004/12/11 01:48:56 dtucker Exp $");
+RCSID("$OpenBSD: auth-rsa.c,v 1.63 2005/06/17 02:44:32 djm Exp $");
 
 #include <openssl/rsa.h>
 #include <openssl/md5.h>
@@ -205,6 +205,7 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
        while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
                char *cp;
                char *key_options;
+               int keybits;
 
                /* Skip leading whitespace, empty and comment lines. */
                for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
@@ -243,7 +244,8 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
                        continue;
 
                /* check the real bits  */
-               if (bits != BN_num_bits(key->rsa->n))
+               keybits = BN_num_bits(key->rsa->n);
+               if (keybits < 0 || bits != (u_int)keybits)
                        logit("Warning: %s, line %lu: keysize mismatch: "
                            "actual %d vs. announced %d.",
                            file, linenum, BN_num_bits(key->rsa->n), bits);

diff --git a/auth.c b/auth.c
index 68c2824fb868b09f4a6672031e66865ecbc2f79d..82fe8f06b7c53c1088f49154688c3d727021e23b 100644 (file)
--- a/auth.c
+++ b/auth.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth.c,v 1.59 2005/06/06 11:20:36 djm Exp $");
+RCSID("$OpenBSD: auth.c,v 1.60 2005/06/17 02:44:32 djm Exp $");
 
 #ifdef HAVE_LOGIN_H
 #include <login.h>
@@ -76,7 +76,7 @@ allowed_user(struct passwd * pw)
        struct stat st;
        const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL;
        char *shell;
-       int i;
+       u_int i;
 #ifdef USE_SHADOW
        struct spwd *spw = NULL;
 #endif

diff --git a/auth2-chall.c b/auth2-chall.c
index 384a543ee4e4e8450e64645c5935b62e061d2cd5..1cea153785145366d1418101dd2cbf6c8a547dbe 100644 (file)
--- a/auth2-chall.c
+++ b/auth2-chall.c
@@ -23,7 +23,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-RCSID("$OpenBSD: auth2-chall.c,v 1.22 2005/01/19 13:11:47 dtucker Exp $");
+RCSID("$OpenBSD: auth2-chall.c,v 1.23 2005/06/17 02:44:32 djm Exp $");
 
 #include "ssh2.h"
 #include "auth.h"
@@ -239,8 +239,7 @@ send_userauth_info_request(Authctxt *authctxt)
 {
        KbdintAuthctxt *kbdintctxt;
        char *name, *instr, **prompts;
-       int i;
-       u_int *echo_on;
+       u_int i, *echo_on;
 
        kbdintctxt = authctxt->kbdintctxt;
        if (kbdintctxt->device->query(kbdintctxt->ctxt,
@@ -273,8 +272,8 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
 {
        Authctxt *authctxt = ctxt;
        KbdintAuthctxt *kbdintctxt;
-       int i, authenticated = 0, res, len;
-       u_int nresp;
+       int authenticated = 0, res, len;
+       u_int i, nresp;
        char **response = NULL, *method;
 
        if (authctxt == NULL)

diff --git a/auth2-gss.c b/auth2-gss.c
index 3289ba18eed168c978a4952cf0fda227e29fe91c..855b61b4e195399a3b442489950729b7ad47d64e 100644 (file)
--- a/auth2-gss.c
+++ b/auth2-gss.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: auth2-gss.c,v 1.8 2004/06/21 17:36:31 avsm Exp $      */
+/*     $OpenBSD: auth2-gss.c,v 1.9 2005/06/17 02:44:32 djm Exp $       */
 
 /*
  * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -61,7 +61,7 @@ userauth_gssapi(Authctxt *authctxt)
        int present;
        OM_uint32 ms;
        u_int len;
-       char *doid = NULL;
+       u_char *doid = NULL;
 
        if (!authctxt->valid || authctxt->user == NULL)
                return (0);

diff --git a/authfd.c b/authfd.c
index 9ce5b5ea8a933fda0020470368c8746a371addae..8976616b4ff67ed37a4d4da098ceaa4f10fc319f 100644 (file)
--- a/authfd.c
+++ b/authfd.c
@@ -35,7 +35,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: authfd.c,v 1.65 2005/05/24 17:32:43 avsm Exp $");
+RCSID("$OpenBSD: authfd.c,v 1.66 2005/06/17 02:44:32 djm Exp $");
 
 #include <openssl/evp.h>
 
@@ -114,8 +114,7 @@ ssh_get_authentication_socket(void)
 static int
 ssh_request_reply(AuthenticationConnection *auth, Buffer *request, Buffer *reply)
 {
-       int l;
-       u_int len;
+       u_int l, len;
        char buf[1024];
 
        /* Get the length of the message, and format it in the buffer. */
@@ -302,6 +301,7 @@ ssh_get_first_identity(AuthenticationConnection *auth, char **comment, int versi
 Key *
 ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int version)
 {
+       int keybits;
        u_int bits;
        u_char *blob;
        u_int blen;
@@ -322,7 +322,8 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio
                buffer_get_bignum(&auth->identities, key->rsa->e);
                buffer_get_bignum(&auth->identities, key->rsa->n);
                *comment = buffer_get_string(&auth->identities, NULL);
-               if (bits != BN_num_bits(key->rsa->n))
+               keybits = BN_num_bits(key->rsa->n);
+               if (keybits < 0 || bits != (u_int)keybits)
                        logit("Warning: identity keysize mismatch: actual %d, announced %u",
                            BN_num_bits(key->rsa->n), bits);
                break;

diff --git a/authfile.c b/authfile.c
index 6a04cd7a95a290caa9b806b221a374fd3d478ed0..420813f37f86be30ed6016e589b692fcef11e627 100644 (file)
--- a/authfile.c
+++ b/authfile.c
@@ -36,7 +36,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: authfile.c,v 1.60 2004/12/11 01:48:56 dtucker Exp $");
+RCSID("$OpenBSD: authfile.c,v 1.61 2005/06/17 02:44:32 djm Exp $");
 
 #include <openssl/err.h>
 #include <openssl/evp.h>
@@ -52,6 +52,7 @@ RCSID("$OpenBSD: authfile.c,v 1.60 2004/12/11 01:48:56 dtucker Exp $");
 #include "authfile.h"
 #include "rsa.h"
 #include "misc.h"
+#include "atomicio.h"
 
 /* Version identification string for SSH v1 identity files. */
 static const char authfile_id_string[] =
@@ -147,8 +148,8 @@ key_save_private_rsa1(Key *key, const char *filename, const char *passphrase,
                buffer_free(&encrypted);
                return 0;
        }
-       if (write(fd, buffer_ptr(&encrypted), buffer_len(&encrypted)) !=
-           buffer_len(&encrypted)) {
+       if (atomicio(vwrite, fd, buffer_ptr(&encrypted),
+           buffer_len(&encrypted)) != buffer_len(&encrypted)) {
                error("write to key file %s failed: %s", filename,
                    strerror(errno));
                buffer_free(&encrypted);
@@ -236,7 +237,7 @@ key_load_public_rsa1(int fd, const char *filename, char **commentp)
        Key *pub;
        struct stat st;
        char *cp;
-       int i;
+       u_int i;
        size_t len;
 
        if (fstat(fd, &st) < 0) {
@@ -253,7 +254,7 @@ key_load_public_rsa1(int fd, const char *filename, char **commentp)
        buffer_init(&buffer);
        cp = buffer_append_space(&buffer, len);
 
-       if (read(fd, cp, (size_t) len) != (size_t) len) {
+       if (atomicio(read, fd, cp, len) != len) {
                debug("Read from key file %.200s failed: %.100s", filename,
                    strerror(errno));
                buffer_free(&buffer);
@@ -322,7 +323,8 @@ static Key *
 key_load_private_rsa1(int fd, const char *filename, const char *passphrase,
     char **commentp)
 {
-       int i, check1, check2, cipher_type;
+       u_int i;
+       int check1, check2, cipher_type;
        size_t len;
        Buffer buffer, decrypted;
        u_char *cp;
@@ -347,7 +349,7 @@ key_load_private_rsa1(int fd, const char *filename, const char *passphrase,
        buffer_init(&buffer);
        cp = buffer_append_space(&buffer, len);
 
-       if (read(fd, cp, (size_t) len) != (size_t) len) {
+       if (atomicio(read, fd, cp, len) != len) {
                debug("Read from key file %.200s failed: %.100s", filename,
                    strerror(errno));
                buffer_free(&buffer);

diff --git a/bufaux.c b/bufaux.c
index 5dbf2b770a80f9a7d0245751f39bcaef66b2e2a3..8d096a056381dc5c99b4adb4623c44315a6515ee 100644 (file)
--- a/bufaux.c
+++ b/bufaux.c
@@ -37,7 +37,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: bufaux.c,v 1.35 2005/03/10 22:01:05 deraadt Exp $");
+RCSID("$OpenBSD: bufaux.c,v 1.36 2005/06/17 02:44:32 djm Exp $");
 
 #include <openssl/bn.h>
 #include "bufaux.h"
@@ -154,7 +154,7 @@ buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value)
        buf[0] = 0x00;
        /* Get the value of in binary */
        oi = BN_bn2bin(value, buf+1);
-       if (oi != bytes-1) {
+       if (oi < 0 || (u_int)oi != bytes - 1) {
                error("buffer_put_bignum2_ret: BN_bn2bin() failed: "
                    "oi %d != bin_size %d", oi, bytes);
                xfree(buf);

diff --git a/canohost.c b/canohost.c
index c3ab455561ecf6f66bb7ae0c7852cf99340f8b4c..04dc3d18280e453422d66b85363580bab0027b49 100644 (file)
--- a/canohost.c
+++ b/canohost.c
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: canohost.c,v 1.43 2005/06/16 08:00:00 markus Exp $");
+RCSID("$OpenBSD: canohost.c,v 1.44 2005/06/17 02:44:32 djm Exp $");
 
 #include "packet.h"
 #include "xmalloc.h"
@@ -143,7 +143,8 @@ check_ip_options(int sock, char *ipaddr)
        u_char options[200];
        char text[sizeof(options) * 3 + 1];
        socklen_t option_size;
-       int i, ipproto;
+       u_int i;
+       int ipproto;
        struct protoent *ip;
 
        if ((ip = getprotobyname("ip")) != NULL)

diff --git a/channels.c b/channels.c
index 66b15f5b5c595a12f32df2281979f54e1847a583..7ca1c53ba3cc713cd685e55e6737015900ba5fa3 100644 (file)
--- a/channels.c
+++ b/channels.c
@@ -39,7 +39,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: channels.c,v 1.216 2005/06/16 08:00:00 markus Exp $");
+RCSID("$OpenBSD: channels.c,v 1.217 2005/06/17 02:44:32 djm Exp $");
 
 #include "ssh.h"
 #include "ssh1.h"
@@ -894,7 +894,7 @@ static int
 channel_decode_socks4(Channel *c, fd_set * readset, fd_set * writeset)
 {
        char *p, *host;
-       int len, have, i, found;
+       u_int len, have, i, found;
        char username[256];
        struct {
                u_int8_t version;
@@ -979,7 +979,7 @@ channel_decode_socks5(Channel *c, fd_set * readset, fd_set * writeset)
        } s5_req, s5_rsp;
        u_int16_t dest_port;
        u_char *p, dest_addr[255+1];
-       int i, have, found, nmethods, addrlen, af;
+       u_int have, i, found, nmethods, addrlen, af;
 
        debug2("channel %d: decode socks5", c->self);
        p = buffer_ptr(&c->input);
@@ -1075,7 +1075,8 @@ static void
 channel_pre_dynamic(Channel *c, fd_set * readset, fd_set * writeset)
 {
        u_char *p;
-       int have, ret;
+       u_int have;
+       int ret;
 
        have = buffer_len(&c->input);
        c->delayed = 0;

diff --git a/cipher.c b/cipher.c
index 8096a5174ea4df510a3a01d40532da3f790d1c62..20d0a80c43d7229c5fabd72467202ceba44ee0cd 100644 (file)
--- a/cipher.c
+++ b/cipher.c
@@ -35,7 +35,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: cipher.c,v 1.75 2005/06/09 13:43:49 dtucker Exp $");
+RCSID("$OpenBSD: cipher.c,v 1.76 2005/06/17 02:44:32 djm Exp $");
 
 #include "xmalloc.h"
 #include "log.h"
@@ -235,7 +235,7 @@ cipher_init(CipherContext *cc, Cipher *cipher,
                fatal("cipher_init: EVP_CipherInit failed for %s",
                    cipher->name);
        klen = EVP_CIPHER_CTX_key_length(&cc->evp);
-       if (klen > 0 && keylen != klen) {
+       if (klen > 0 && keylen != (u_int)klen) {
                debug2("cipher_init: set keylen (%d -> %d)", klen, keylen);
                if (EVP_CIPHER_CTX_set_key_length(&cc->evp, keylen) == 0)
                        fatal("cipher_init: set keylen failed (%d -> %d)",
@@ -326,9 +326,9 @@ cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len)
        case SSH_CIPHER_DES:
        case SSH_CIPHER_BLOWFISH:
                evplen = EVP_CIPHER_CTX_iv_length(&cc->evp);
-               if (evplen == 0)
+               if (evplen <= 0)
                        return;
-               if (evplen != len)
+               if ((u_int)evplen != len)
                        fatal("%s: wrong iv length %d != %d", __func__,
                            evplen, len);
 #if OPENSSL_VERSION_NUMBER < 0x00907000L

diff --git a/clientloop.c b/clientloop.c
index ee36cc9e52c666cfad039cd4545f8c839913f11f..a030cf6e4a7da6ba33a9e50adbf326ea0b91a8ae 100644 (file)
--- a/clientloop.c
+++ b/clientloop.c
@@ -59,7 +59,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: clientloop.c,v 1.138 2005/06/16 03:38:36 djm Exp $");
+RCSID("$OpenBSD: clientloop.c,v 1.139 2005/06/17 02:44:32 djm Exp $");
 
 #include "ssh.h"
 #include "ssh1.h"
@@ -659,12 +659,12 @@ client_process_control(fd_set * readset)
 {
        Buffer m;
        Channel *c;
-       int client_fd, new_fd[3], ver, i, allowed;
+       int client_fd, new_fd[3], ver, allowed;
        socklen_t addrlen;
        struct sockaddr_storage addr;
        struct confirm_ctx *cctx;
        char *cmd;
-       u_int len, env_len, command, flags;
+       u_int i, len, env_len, command, flags;
        uid_t euid;
        gid_t egid;
 
@@ -971,7 +971,10 @@ process_escapes(Buffer *bin, Buffer *bout, Buffer *berr, char *buf, int len)
        u_char ch;
        char *s;
 
-       for (i = 0; i < len; i++) {
+       if (len <= 0)
+               return (0);
+
+       for (i = 0; i < (u_int)len; i++) {
                /* Get one character at a time. */
                ch = buf[i];
 

diff --git a/dns.c b/dns.c
index 5a964bc7fac29b91b4e67583ef9b5d0e5c0fc30a..4487c1abaf23e69ba5f033595872abe0825ea37f 100644 (file)
--- a/dns.c
+++ b/dns.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: dns.c,v 1.11 2005/04/20 10:05:45 jakob Exp $  */
+/*     $OpenBSD: dns.c,v 1.12 2005/06/17 02:44:32 djm Exp $    */
 
 /*
  * Copyright (c) 2003 Wesley Griffin. All rights reserved.
@@ -43,7 +43,7 @@
 #include "uuencode.h"
 
 extern char *__progname;
-RCSID("$OpenBSD: dns.c,v 1.11 2005/04/20 10:05:45 jakob Exp $");
+RCSID("$OpenBSD: dns.c,v 1.12 2005/06/17 02:44:32 djm Exp $");
 
 #ifndef LWRES
 static const char *errset_text[] = {
@@ -171,7 +171,7 @@ int
 verify_host_key_dns(const char *hostname, struct sockaddr *address,
     const Key *hostkey, int *flags)
 {
-       int counter;
+       u_int counter;
        int result;
        struct rrsetinfo *fingerprints = NULL;
 
@@ -274,7 +274,7 @@ export_dns_rr(const char *hostname, const Key *key, FILE *f, int generic)
        u_char *rdata_digest;
        u_int rdata_digest_len;
 
-       int i;
+       u_int i;
        int success = 0;
 
        if (dns_read_key(&rdata_pubkey_algorithm, &rdata_digest_type,

diff --git a/gss-serv.c b/gss-serv.c
index de32a3f2ea03c5fb9bd3ddb889058669c8803a3b..e1b843f01cd8af8ef652f02689d9bcd8aafa3f7c 100644 (file)
--- a/gss-serv.c
+++ b/gss-serv.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: gss-serv.c,v 1.5 2003/11/17 11:06:07 markus Exp $     */
+/*     $OpenBSD: gss-serv.c,v 1.6 2005/06/17 02:44:32 djm Exp $        */
 
 /*
  * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -134,7 +134,7 @@ ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *recv_tok,
 static OM_uint32
 ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name)
 {
-       char *tok;
+       u_char *tok;
        OM_uint32 offset;
        OM_uint32 oidl;
 

diff --git a/kex.c b/kex.c
index a668346c393411efac7a27978ff029e4a194bb83..8736aa28653c752d57745a64cae0ec53f34a4148 100644 (file)
--- a/kex.c
+++ b/kex.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: kex.c,v 1.60 2004/06/21 17:36:31 avsm Exp $");
+RCSID("$OpenBSD: kex.c,v 1.61 2005/06/17 02:44:32 djm Exp $");
 
 #include <openssl/crypto.h>
 
@@ -52,7 +52,7 @@ static void kex_choose_conf(Kex *);
 static void
 kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX])
 {
-       int i;
+       u_int i;
 
        buffer_clear(b);
        /*
@@ -101,7 +101,7 @@ kex_buf2prop(Buffer *raw, int *first_kex_follows)
 static void
 kex_prop_free(char **proposal)
 {
-       int i;
+       u_int i;
 
        for (i = 0; i < PROPOSAL_MAX; i++)
                xfree(proposal[i]);
@@ -150,7 +150,7 @@ kex_send_kexinit(Kex *kex)
 {
        u_int32_t rnd = 0;
        u_char *cookie;
-       int i;
+       u_int i;
 
        if (kex == NULL) {
                error("kex_send_kexinit: no kex, cannot rekey");
@@ -183,8 +183,7 @@ void
 kex_input_kexinit(int type, u_int32_t seq, void *ctxt)
 {
        char *ptr;
-       int dlen;
-       int i;
+       u_int i, dlen;
        Kex *kex = (Kex *)ctxt;
 
        debug("SSH2_MSG_KEXINIT received");
@@ -343,9 +342,7 @@ kex_choose_conf(Kex *kex)
        char **my, **peer;
        char **cprop, **sprop;
        int nenc, nmac, ncomp;
-       int mode;
-       int ctos;                               /* direction: if true client-to-server */
-       int need;
+       u_int mode, ctos, need;
        int first_kex_follows, type;
 
        my   = kex_buf2prop(&kex->my, NULL);
@@ -405,15 +402,19 @@ kex_choose_conf(Kex *kex)
 }
 
 static u_char *
-derive_key(Kex *kex, int id, int need, u_char *hash, BIGNUM *shared_secret)
+derive_key(Kex *kex, int id, u_int need, u_char *hash, BIGNUM *shared_secret)
 {
        Buffer b;
        const EVP_MD *evp_md = EVP_sha1();
        EVP_MD_CTX md;
        char c = id;
-       int have;
+       u_int have;
        int mdsz = EVP_MD_size(evp_md);
-       u_char *digest = xmalloc(roundup(need, mdsz));
+       u_char *digest;
+       
+       if (mdsz < 0)
+               fatal("derive_key: mdsz < 0");
+       digest = xmalloc(roundup(need, mdsz));
 
        buffer_init(&b);
        buffer_put_bignum2(&b, shared_secret);
@@ -455,7 +456,7 @@ void
 kex_derive_keys(Kex *kex, u_char *hash, BIGNUM *shared_secret)
 {
        u_char *keys[NKEYS];
-       int i, mode, ctos;
+       u_int i, mode, ctos;
 
        for (i = 0; i < NKEYS; i++)
                keys[i] = derive_key(kex, 'A'+i, kex->we_need, hash, shared_secret);
@@ -493,13 +494,13 @@ derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus,
        EVP_DigestInit(&md, evp_md);
 
        len = BN_num_bytes(host_modulus);
-       if (len < (512 / 8) || len > sizeof(nbuf))
+       if (len < (512 / 8) || (u_int)len > sizeof(nbuf))
                fatal("%s: bad host modulus (len %d)", __func__, len);
        BN_bn2bin(host_modulus, nbuf);
        EVP_DigestUpdate(&md, nbuf, len);
 
        len = BN_num_bytes(server_modulus);
-       if (len < (512 / 8) || len > sizeof(nbuf))
+       if (len < (512 / 8) || (u_int)len > sizeof(nbuf))
                fatal("%s: bad server modulus (len %d)", __func__, len);
        BN_bn2bin(server_modulus, nbuf);
        EVP_DigestUpdate(&md, nbuf, len);
@@ -518,7 +519,7 @@ derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus,
 void
 dump_digest(char *msg, u_char *digest, int len)
 {
-       int i;
+       u_int i;
 
        fprintf(stderr, "%s\n", msg);
        for (i = 0; i< len; i++) {

diff --git a/kex.h b/kex.h
index d9e9d6522f536cdd202a5a607e05298e098c6cd5..059d83cd5495ab3078560a8515fc7e46fbc0fb61 100644 (file)
--- a/kex.h
+++ b/kex.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: kex.h,v 1.35 2004/06/13 12:53:24 djm Exp $    */
+/*     $OpenBSD: kex.h,v 1.36 2005/06/17 02:44:32 djm Exp $    */
 
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
@@ -83,9 +83,9 @@ struct Mac {
        char    *name;
        int     enabled;
        const EVP_MD    *md;
-       int     mac_len;
+       u_int   mac_len;
        u_char  *key;
-       int     key_len;
+       u_int   key_len;
 };
 struct Comp {
        int     type;
@@ -101,7 +101,7 @@ struct Kex {
        u_char  *session_id;
        u_int   session_id_len;
        Newkeys *newkeys[MODE_MAX];
-       int     we_need;
+       u_int   we_need;
        int     server;
        char    *name;
        int     hostkey_type;

diff --git a/key.c b/key.c
index e419304641b10cc47cdb8082d0de4979cd9f555c..08c158b59c124b2305bbb2863823f5faa902c2d5 100644 (file)
--- a/key.c
+++ b/key.c
@@ -32,7 +32,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-RCSID("$OpenBSD: key.c,v 1.57 2004/10/29 23:57:05 djm Exp $");
+RCSID("$OpenBSD: key.c,v 1.58 2005/06/17 02:44:32 djm Exp $");
 
 #include <openssl/evp.h>
 
@@ -231,7 +231,7 @@ static char *
 key_fingerprint_hex(u_char *dgst_raw, u_int dgst_raw_len)
 {
        char *retval;
-       int i;
+       u_int i;
 
        retval = xmalloc(dgst_raw_len * 3 + 1);
        retval[0] = '\0';

diff --git a/mac.c b/mac.c
index 097f0b93bf87f08b7d5767a2153ea787a0515d3d..2bda5a1b994928ebd6bbde55dcc3c6693190d495 100644 (file)
--- a/mac.c
+++ b/mac.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: mac.c,v 1.6 2003/09/18 13:02:21 miod Exp $");
+RCSID("$OpenBSD: mac.c,v 1.7 2005/06/17 02:44:32 djm Exp $");
 
 #include <openssl/hmac.h>
 
@@ -51,12 +51,15 @@ struct {
 int
 mac_init(Mac *mac, char *name)
 {
-       int i;
+       int i, evp_len;
+
        for (i = 0; macs[i].name; i++) {
                if (strcmp(name, macs[i].name) == 0) {
                        if (mac != NULL) {
                                mac->md = (*macs[i].mdfunc)();
-                               mac->key_len = mac->mac_len = EVP_MD_size(mac->md);
+                               if ((evp_len = EVP_MD_size(mac->md)) <= 0)
+                                       fatal("mac %s len %d", name, evp_len);
+                               mac->key_len = mac->mac_len = (u_int)evp_len;
                                if (macs[i].truncatebits != 0)
                                        mac->mac_len = macs[i].truncatebits/8;
                        }
@@ -77,7 +80,7 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen)
 
        if (mac->key == NULL)
                fatal("mac_compute: no key");
-       if ((u_int)mac->mac_len > sizeof(m))
+       if (mac->mac_len > sizeof(m))
                fatal("mac_compute: mac too long");
        HMAC_Init(&c, mac->key, mac->key_len, mac->md);
        PUT_32BIT(b, seqno);

diff --git a/match.c b/match.c
index 3ddb627302717236f0666a8ba9e6cbd216494896..29fb7dab94e252bf0d4e61e7254b46bde41d84dd 100644 (file)
--- a/match.c
+++ b/match.c
@@ -35,7 +35,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: match.c,v 1.19 2002/03/01 13:12:10 markus Exp $");
+RCSID("$OpenBSD: match.c,v 1.20 2005/06/17 02:44:32 djm Exp $");
 
 #include "match.h"
 #include "xmalloc.h"
@@ -254,7 +254,7 @@ match_list(const char *client, const char *server, u_int *next)
                                ret = xstrdup(p);
                                if (next != NULL)
                                        *next = (cp == NULL) ?
-                                           strlen(c) : cp - c;
+                                           strlen(c) : (u_int)(cp - c);
                                xfree(c);
                                xfree(s);
                                return ret;

diff --git a/misc.c b/misc.c
index fc094f87414bc730e8ff893f692f98ff4d2f1912..c5ca0ce38db7be54235394b0a26e1f14182511a2 100644 (file)
--- a/misc.c
+++ b/misc.c
@@ -24,7 +24,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: misc.c,v 1.31 2005/06/06 11:20:36 djm Exp $");
+RCSID("$OpenBSD: misc.c,v 1.32 2005/06/17 02:44:32 djm Exp $");
 
 #include "misc.h"
 #include "log.h"
@@ -386,7 +386,7 @@ tilde_expand_filename(const char *filename, uid_t uid)
        const char *path;
        char user[128], ret[MAXPATHLEN];
        struct passwd *pw;
-       int len;
+       u_int len, slash;
 
        if (*filename != '~')
                return (xstrdup(filename));
@@ -394,10 +394,11 @@ tilde_expand_filename(const char *filename, uid_t uid)
 
        path = strchr(filename, '/');
        if (path != NULL && path > filename) {          /* ~user/path */
-               if (path - filename > sizeof(user) - 1)
+               slash = path - filename;
+               if (slash > sizeof(user) - 1)
                        fatal("tilde_expand_filename: ~username too long");
-               memcpy(user, filename, path - filename);
-               user[path - filename] = '\0';
+               memcpy(user, filename, slash);
+               user[slash] = '\0';
                if ((pw = getpwnam(user)) == NULL)
                        fatal("tilde_expand_filename: No such user %s", user);
        } else if ((pw = getpwuid(uid)) == NULL)        /* ~/path */
@@ -435,7 +436,7 @@ percent_expand(const char *string, ...)
                const char *key;
                const char *repl;
        } keys[EXPAND_MAX_KEYS];
-       int num_keys, i, j;
+       u_int num_keys, i, j;
        char buf[4096];
        va_list ap;
 

diff --git a/packet.c b/packet.c
index 7c150fde73a834345e6e904e8a2bb07bf111ce4e..d5b50f2f4ff7cb076be18b13b12e02ecd538d6f9 100644 (file)
--- a/packet.c
+++ b/packet.c
@@ -37,7 +37,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: packet.c,v 1.116 2004/10/20 11:48:53 markus Exp $");
+RCSID("$OpenBSD: packet.c,v 1.117 2005/06/17 02:44:32 djm Exp $");
 
 #include "openbsd-compat/sys-queue.h"
 
@@ -992,7 +992,7 @@ packet_read_poll2(u_int32_t *seqnr_p)
        static u_int packet_length = 0;
        u_int padlen, need;
        u_char *macbuf, *cp, type;
-       int maclen, block_size;
+       u_int maclen, block_size;
        Enc *enc   = NULL;
        Mac *mac   = NULL;
        Comp *comp = NULL;
@@ -1229,9 +1229,9 @@ packet_get_bignum2(BIGNUM * value)
 }
 
 void *
-packet_get_raw(int *length_ptr)
+packet_get_raw(u_int *length_ptr)
 {
-       int bytes = buffer_len(&incoming_packet);
+       u_int bytes = buffer_len(&incoming_packet);
 
        if (length_ptr != NULL)
                *length_ptr = bytes;

diff --git a/packet.h b/packet.h
index 37f82f2f603593bfd4bb508bf374922e46868793..1ab6d8572a5afe74224b8d0837957cb823d90db3 100644 (file)
--- a/packet.h
+++ b/packet.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: packet.h,v 1.41 2004/05/11 19:01:43 deraadt Exp $     */
+/*     $OpenBSD: packet.h,v 1.42 2005/06/17 02:44:33 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -52,7 +52,7 @@ u_int  packet_get_char(void);
 u_int   packet_get_int(void);
 void     packet_get_bignum(BIGNUM * value);
 void     packet_get_bignum2(BIGNUM * value);
-void   *packet_get_raw(int *length_ptr);
+void   *packet_get_raw(u_int *length_ptr);
 void   *packet_get_string(u_int *length_ptr);
 void     packet_disconnect(const char *fmt,...) __attribute__((format(printf, 1, 2)));
 void     packet_send_debug(const char *fmt,...) __attribute__((format(printf, 1, 2)));

diff --git a/scp.c b/scp.c
index 9dc060e26de7434a9e460317b39c93fcc4d5f39a..10c4b507cf61945c647a496088fabcec028de479 100644 (file)
--- a/scp.c
+++ b/scp.c
@@ -71,7 +71,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: scp.c,v 1.123 2005/05/26 02:08:05 avsm Exp $");
+RCSID("$OpenBSD: scp.c,v 1.124 2005/06/17 02:44:33 djm Exp $");
 
 #include "xmalloc.h"
 #include "atomicio.h"
@@ -186,7 +186,7 @@ do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout, int argc)
 }
 
 typedef struct {
-       int cnt;
+       size_t cnt;
        char *buf;
 } BUF;
 
@@ -724,8 +724,8 @@ sink(int argc, char **argv)
        } wrerr;
        BUF *bp;
        off_t i;
-       size_t j;
-       int amt, count, exists, first, mask, mode, ofd, omode;
+       size_t j, count;
+       int amt, exists, first, mask, mode, ofd, omode;
        off_t size, statbytes;
        int setimes, targisdir, wrerrno = 0;
        char ch, *cp, *np, *targ, *why, *vect[1], buf[2048];
@@ -833,7 +833,7 @@ sink(int argc, char **argv)
                }
                if (targisdir) {
                        static char *namebuf;
-                       static int cursize;
+                       static size_t cursize;
                        size_t need;
 
                        need = strlen(targ) + strlen(cp) + 250;

diff --git a/servconf.c b/servconf.c
index ddb34f9b92fb3855d8e0c47115316499444216e8..deec167becb91080eeab8dcac70f685bfcaba2aa 100644 (file)
--- a/servconf.c
+++ b/servconf.c
@@ -10,7 +10,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: servconf.c,v 1.141 2005/05/16 15:30:51 markus Exp $");
+RCSID("$OpenBSD: servconf.c,v 1.142 2005/06/17 02:44:33 djm Exp $");
 
 #include "ssh.h"
 #include "log.h"
@@ -398,7 +398,7 @@ parse_token(const char *cp, const char *filename,
 static void
 add_listen_addr(ServerOptions *options, char *addr, u_short port)
 {
-       int i;
+       u_int i;
 
        if (options->num_ports == 0)
                options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
@@ -438,9 +438,10 @@ process_server_config_line(ServerOptions *options, char *line,
     const char *filename, int linenum)
 {
        char *cp, **charptr, *arg, *p;
-       int *intptr, value, i, n;
+       int *intptr, value, n;
        ServerOpCodes opcode;
        u_short port;
+       u_int i;
 
        cp = line;
        arg = strdelim(&cp);

diff --git a/session.c b/session.c
index d931532dbdeb8420f851bc46b917ba34b442d9c5..a1dc6835a2a609fb61a099feb7dd52c297f973ae 100644 (file)
--- a/session.c
+++ b/session.c
@@ -33,7 +33,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.181 2004/12/23 17:35:48 markus Exp $");
+RCSID("$OpenBSD: session.c,v 1.182 2005/06/17 02:44:33 djm Exp $");
 
 #include "ssh.h"
 #include "ssh1.h"
@@ -1801,7 +1801,7 @@ session_subsystem_req(Session *s)
        u_int len;
        int success = 0;
        char *cmd, *subsys = packet_get_string(&len);
-       int i;
+       u_int i;
 
        packet_check_eom();
        logit("subsystem request for %.100s", subsys);
@@ -2107,7 +2107,7 @@ session_exit_message(Session *s, int status)
 void
 session_close(Session *s)
 {
-       int i;
+       u_int i;
 
        debug("session_close: session %d pid %ld", s->self, (long)s->pid);
        if (s->ttyfd != -1)

diff --git a/session.h b/session.h
index 48be5070c85c692b1df7ffb3588c267c8f944311..92bd16573398428aac1ca48c2faca82de6844562 100644 (file)
--- a/session.h
+++ b/session.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: session.h,v 1.23 2004/07/17 05:31:41 dtucker Exp $    */
+/*     $OpenBSD: session.h,v 1.24 2005/06/17 02:44:33 djm Exp $        */
 
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
@@ -50,7 +50,7 @@ struct Session {
        /* proto 2 */
        int     chanid;
        int     is_subsystem;
-       int     num_env;
+       u_int   num_env;
        struct {
                char    *name;
                char    *val;

diff --git a/sftp-client.c b/sftp-client.c
index 47297898a52d3101966562a8b1079d803f907035..ce15fc0a36e933c34add59237de9be3bc43b2d16 100644 (file)
--- a/sftp-client.c
+++ b/sftp-client.c
@@ -20,7 +20,7 @@
 /* XXX: copy between two remote sites */
 
 #include "includes.h"
-RCSID("$OpenBSD: sftp-client.c,v 1.54 2005/05/24 17:32:44 avsm Exp $");
+RCSID("$OpenBSD: sftp-client.c,v 1.55 2005/06/17 02:44:33 djm Exp $");
 
 #include "openbsd-compat/sys-queue.h"
 
@@ -311,7 +311,7 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag,
     SFTP_DIRENT ***dir)
 {
        Buffer msg;
-       u_int type, id, handle_len, i, expected_id, ents = 0;
+       u_int count, type, id, handle_len, i, expected_id, ents = 0;
        char *handle;
 
        id = conn->msg_id++;
@@ -335,8 +335,6 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag,
        }
 
        for (; !interrupted;) {
-               int count;
-
                id = expected_id = conn->msg_id++;
 
                debug3("Sending SSH2_FXP_READDIR I:%u", id);
@@ -744,10 +742,10 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
        Attrib junk, *a;
        Buffer msg;
        char *handle;
-       int local_fd, status, num_req, max_req, write_error;
+       int local_fd, status, write_error;
        int read_error, write_errno;
        u_int64_t offset, size;
-       u_int handle_len, mode, type, id, buflen;
+       u_int handle_len, mode, type, id, buflen, num_req, max_req;
        off_t progress_counter;
        struct request {
                u_int id;

diff --git a/sftp-server.c b/sftp-server.c
index e82280057534a57a4eeb6dcba955b5d5e620bf31..6870e7732039ec94661aea29fd3f703da0a31f9c 100644 (file)
--- a/sftp-server.c
+++ b/sftp-server.c
@@ -14,7 +14,7 @@
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 #include "includes.h"
-RCSID("$OpenBSD: sftp-server.c,v 1.47 2004/06/25 05:38:48 dtucker Exp $");
+RCSID("$OpenBSD: sftp-server.c,v 1.48 2005/06/17 02:44:33 djm Exp $");
 
 #include "buffer.h"
 #include "bufaux.h"
@@ -130,7 +130,7 @@ Handle      handles[100];
 static void
 handle_init(void)
 {
-       int i;
+       u_int i;
 
        for (i = 0; i < sizeof(handles)/sizeof(Handle); i++)
                handles[i].use = HANDLE_UNUSED;
@@ -139,7 +139,7 @@ handle_init(void)
 static int
 handle_new(int use, const char *name, int fd, DIR *dirp)
 {
-       int i;
+       u_int i;
 
        for (i = 0; i < sizeof(handles)/sizeof(Handle); i++) {
                if (handles[i].use == HANDLE_UNUSED) {
@@ -156,7 +156,7 @@ handle_new(int use, const char *name, int fd, DIR *dirp)
 static int
 handle_is_ok(int i, int type)
 {
-       return i >= 0 && i < sizeof(handles)/sizeof(Handle) &&
+       return i >= 0 && (u_int)i < sizeof(handles)/sizeof(Handle) &&
            handles[i].use == type;
 }
 
@@ -477,10 +477,10 @@ process_write(void)
                } else {
 /* XXX ATOMICIO ? */
                        ret = write(fd, data, len);
-                       if (ret == -1) {
+                       if (ret < 0) {
                                error("process_write: write failed");
                                status = errno_to_portable(errno);
-                       } else if (ret == len) {
+                       } else if ((size_t)ret == len) {
                                status = SSH2_FX_OK;
                        } else {
                                logit("nothing at all written");

diff --git a/sftp.c b/sftp.c
index 16a6cf0c62f345204898f0d2aac786989dee051e..a77be84c6701f81e6b8360a70164769e8a6f54c1 100644 (file)
--- a/sftp.c
+++ b/sftp.c
@@ -16,7 +16,7 @@
 
 #include "includes.h"
 
-RCSID("$OpenBSD: sftp.c,v 1.63 2005/03/10 22:01:05 deraadt Exp $");
+RCSID("$OpenBSD: sftp.c,v 1.64 2005/06/17 02:44:33 djm Exp $");
 
 #ifdef USE_LIBEDIT
 #include <histedit.h>
@@ -404,7 +404,7 @@ get_pathname(const char **cpp, char **path)
 {
        const char *cp = *cpp, *end;
        char quot;
-       int i, j;
+       u_int i, j;
 
        cp += strspn(cp, WHITESPACE);
        if (!*cp) {
@@ -664,14 +664,15 @@ sdirent_comp(const void *aa, const void *bb)
 static int
 do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag)
 {
-       int n, c = 1, colspace = 0, columns = 1;
+       int n;
+       u_int c = 1, colspace = 0, columns = 1;
        SFTP_DIRENT **d;
 
        if ((n = do_readdir(conn, path, &d)) != 0)
                return (n);
 
        if (!(lflag & LS_SHORT_VIEW)) {
-               int m = 0, width = 80;
+               u_int m = 0, width = 80;
                struct winsize ws;
                char *tmp;
 
@@ -747,7 +748,7 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path,
     int lflag)
 {
        glob_t g;
-       int i, c = 1, colspace = 0, columns = 1;
+       u_int i, c = 1, colspace = 0, columns = 1;
        Attrib *a = NULL;
 
        memset(&g, 0, sizeof(g));
@@ -783,7 +784,7 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path,
        }
 
        if (!(lflag & LS_SHORT_VIEW)) {
-               int m = 0, width = 80;
+               u_int m = 0, width = 80;
                struct winsize ws;
 
                /* Count entries for sort and find longest filename */

diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index 7dffb8517da8cc22ccc19bdc8e0adf6d084e2401..46f063687b16fad1e3feb97f8df95c3b5a1f548a 100644 (file)
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -7,7 +7,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keyscan.c,v 1.54 2005/05/24 17:32:44 avsm Exp $");
+RCSID("$OpenBSD: ssh-keyscan.c,v 1.55 2005/06/17 02:44:33 djm Exp $");
 
 #include "openbsd-compat/sys-queue.h"
 
@@ -166,7 +166,7 @@ Linebuf_lineno(Linebuf * lb)
 static char *
 Linebuf_getline(Linebuf * lb)
 {
-       int n = 0;
+       size_t n = 0;
        void *p;
 
        lb->lineno++;
@@ -493,10 +493,10 @@ conrecycle(int s)
 static void
 congreet(int s)
 {
-       int remote_major = 0, remote_minor = 0;
+       int n = 0, remote_major = 0, remote_minor = 0;
        char buf[256], *cp;
        char remote_version[sizeof buf];
-       size_t bufsiz, n = 0;
+       size_t bufsiz;
        con *c = &fdcon[s];
 
        bufsiz = sizeof(buf);
@@ -546,12 +546,12 @@ congreet(int s)
        n = snprintf(buf, sizeof buf, "SSH-%d.%d-OpenSSH-keyscan\r\n",
            c->c_keytype == KT_RSA1? PROTOCOL_MAJOR_1 : PROTOCOL_MAJOR_2,
            c->c_keytype == KT_RSA1? PROTOCOL_MINOR_1 : PROTOCOL_MINOR_2);
-       if (n == -1 || n >= sizeof buf) {
+       if (n < 0 || (size_t)n >= sizeof(buf)) {
                error("snprintf: buffer too small");
                confree(s);
                return;
        }
-       if (atomicio(vwrite, s, buf, n) != n) {
+       if (atomicio(vwrite, s, buf, n) != (size_t)n) {
                error("write (%s): %s", c->c_name, strerror(errno));
                confree(s);
                return;

diff --git a/ssh-rsa.c b/ssh-rsa.c
index 6e3be0a7ec8029bf8a490cc00e51aa8ebc0c3cf7..eb422d07e9c70d701b08de043610991625688dac 100644 (file)
--- a/ssh-rsa.c
+++ b/ssh-rsa.c
@@ -14,7 +14,7 @@
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 #include "includes.h"
-RCSID("$OpenBSD: ssh-rsa.c,v 1.31 2003/11/10 16:23:41 jakob Exp $");
+RCSID("$OpenBSD: ssh-rsa.c,v 1.32 2005/06/17 02:44:33 djm Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/err.h>
@@ -238,7 +238,7 @@ openssh_RSA_verify(int type, u_char *hash, u_int hashlen,
                    ERR_error_string(ERR_get_error(), NULL));
                goto done;
        }
-       if (len != hlen + oidlen) {
+       if (len < 0 || (u_int)len != hlen + oidlen) {
                error("bad decrypted len: %d != %d + %d", len, hlen, oidlen);
                goto done;
        }

diff --git a/sshconnect.c b/sshconnect.c
index 0bd351f6b26aecf7b46813f3706e9fa901df5a75..cbbe54821cf2ced1ff81c2c5694a2444ee0b1abd 100644 (file)
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -13,7 +13,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.164 2005/06/06 11:20:36 djm Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.165 2005/06/17 02:44:33 djm Exp $");
 
 #include <openssl/bn.h>
 
@@ -402,10 +402,11 @@ static void
 ssh_exchange_identification(void)
 {
        char buf[256], remote_version[256];     /* must be same size! */
-       int remote_major, remote_minor, i, mismatch;
+       int remote_major, remote_minor, mismatch;
        int connection_in = packet_get_connection_in();
        int connection_out = packet_get_connection_out();
        int minor1 = PROTOCOL_MINOR_1;
+       u_int i;
 
        /* Read other side's version identification. */
        for (;;) {

diff --git a/sshconnect1.c b/sshconnect1.c
index 6e2e31c0285bf1c712fc93585b1df9316346bf66..bd05723c7462bd5da401d36cf9a02eeaaa741948 100644 (file)
--- a/sshconnect1.c
+++ b/sshconnect1.c
@@ -13,7 +13,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect1.c,v 1.60 2004/07/28 09:40:29 markus Exp $");
+RCSID("$OpenBSD: sshconnect1.c,v 1.61 2005/06/17 02:44:33 djm Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/md5.h>
@@ -162,7 +162,7 @@ respond_to_rsa_challenge(BIGNUM * challenge, RSA * prv)
        /* Compute the response. */
        /* The response is MD5 of decrypted challenge plus session id. */
        len = BN_num_bytes(challenge);
-       if (len <= 0 || len > sizeof(buf))
+       if (len <= 0 || (u_int)len > sizeof(buf))
                packet_disconnect(
                    "respond_to_rsa_challenge: bad challenge length %d", len);
 

diff --git a/sshconnect2.c b/sshconnect2.c
index 68d56d02075f6a61af66748f367078425a03ca96..60afd6d3db56cae985b1aaea449eb4d6ab591b8e 100644 (file)
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.138 2004/06/13 12:53:24 djm Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.139 2005/06/17 02:44:33 djm Exp $");
 
 #include "openbsd-compat/sys-queue.h"
 
@@ -482,7 +482,7 @@ userauth_gssapi(Authctxt *authctxt)
 {
        Gssctxt *gssctxt = NULL;
        static gss_OID_set gss_supported = NULL;
-       static int mech = 0;
+       static u_int mech = 0;
        OM_uint32 min;
        int ok = 0;
 
@@ -509,7 +509,8 @@ userauth_gssapi(Authctxt *authctxt)
                }
        }
 
-       if (!ok) return 0;
+       if (!ok)
+               return 0;
 
        authctxt->methoddata=(void *)gssctxt;
 

diff --git a/sshd.c b/sshd.c
index ed4158801d386ad818e12da392048f5c92db3756..b0d65575faa9a6ceb0014cd8f6fe86fec046d957 100644 (file)
--- a/sshd.c
+++ b/sshd.c
@@ -42,7 +42,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.310 2005/06/16 08:00:00 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.311 2005/06/17 02:44:33 djm Exp $");
 
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -358,7 +358,8 @@ key_regeneration_alarm(int sig)
 static void
 sshd_exchange_identification(int sock_in, int sock_out)
 {
-       int i, mismatch;
+       u_int i;
+       int mismatch;
        int remote_major, remote_minor;
        int major, minor;
        char *s;
@@ -1900,7 +1901,7 @@ do_ssh1_kex(void)
        if (!rsafail) {
                BN_mask_bits(session_key_int, sizeof(session_key) * 8);
                len = BN_num_bytes(session_key_int);
-               if (len < 0 || len > sizeof(session_key)) {
+               if (len < 0 || (u_int)len > sizeof(session_key)) {
                        error("do_connection: bad session key len from %s: "
                            "session_key_int %d > sizeof(session_key) %lu",
                            get_remote_ipaddr(), len, (u_long)sizeof(session_key));