- Added support for PAM_TEXT_INFO messages
- Disable internal /etc/nologin support if PAM enabled
- Merged latest OpenBSD CVS changes:
+ - [all] replace assert() with error, fatal or packet_disconnect
- [sshd.c] don't send fail-msg but disconnect if too many authentication
failures
- - [sshd.c] replace assert() with error, fatal or packet_disconnect
- [sshd.c] remove unused argument. ok dugsong
- [sshd.c] typo
- [rsa.c] clear buffers used for encryption. ok: niels
/* The response is MD5 of decrypted challenge plus session id. */
len = BN_num_bytes(challenge);
- assert(len <= 32 && len);
+ if (len <= 0 || len > 32)
+ fatal("auth_rsa_challenge_dialog: bad challenge length %d", len);
+
memset(buf, 0, 32);
BN_bn2bin(challenge, buf + 32 - len);
MD5_Init(&md);
/* Get the value of in binary */
oi = BN_bn2bin(value, buf);
- assert(oi == bin_size);
+ if (oi != bin_size)
+ fatal("buffer_put_bignum: BN_bn2bin() failed: oi %d != bin_size %d",
+ oi, bin_size);
/* Store the number of bits in the buffer in two bytes, msb first. */
PUT_16BIT(msg, bits);
void channel_free(int channel)
{
- assert(channel >= 0 && channel < channels_alloc &&
- channels[channel].type != SSH_CHANNEL_FREE);
+ if (channel < 0 || channel >= channels_alloc ||
+ channels[channel].type == SSH_CHANNEL_FREE)
+ packet_disconnect("channel free: bad local channel %d", channel);
+
if(compat13)
shutdown(channels[channel].sock, SHUT_RDWR);
close(channels[channel].sock);
goto reject;
}
+ /* Check fake data length */
+ if (x11_fake_data_len != x11_saved_data_len)
+ {
+ error("X11 fake_data_len %d != saved_data_len %d",
+ x11_fake_data_len, x11_saved_data_len);
+ ch->type = SSH_CHANNEL_OPEN;
+ goto reject;
+ }
+
/* Received authentication protocol and data match our fake data.
Substitute the fake data with real data. */
- assert(x11_fake_data_len == x11_saved_data_len);
memcpy(ucp + 12 + ((proto_len + 3) & ~3),
x11_saved_data, x11_saved_data_len);
char c[4];
} t;
- /* assert((n & 7) == 0); */
-
/* Process 8 bytes every lap. */
for (n = n / 8; n > 0; n--)
{
void cipher_encrypt(CipherContext *context, unsigned char *dest,
const unsigned char *src, unsigned int len)
{
- assert((len & 7) == 0);
+ if ((len & 7) != 0)
+ fatal("cipher_encrypt: bad plaintext length %d", len);
switch (context->type)
{
void cipher_decrypt(CipherContext *context, unsigned char *dest,
const unsigned char *src, unsigned int len)
{
- assert((len & 7) == 0);
+ if ((len & 7) != 0)
+ fatal("cipher_decrypt: bad ciphertext length %d", len);
switch (context->type)
{
register unsigned char *c;
unsigned char *d;
-
- assert(len <= (SSH_MAXBLOCKS * SSH_BLOCKSIZE));
- assert(len % SSH_BLOCKSIZE == 0);
+ if (len > (SSH_MAXBLOCKS * SSH_BLOCKSIZE) ||
+ len % SSH_BLOCKSIZE != 0) {
+ fatal("detect_attack: bad length %d", len);
+ }
for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2);
/* Print the host name and key to the file. */
fprintf(f, "%s %u ", host, bits);
buf = BN_bn2dec(e);
- assert(buf != NULL);
+ if (buf == NULL) {
+ error("add_host_to_hostfile: BN_bn2dec #1 failed");
+ fclose(f);
+ return 0;
+ }
fprintf(f, "%s ", buf);
free (buf);
buf = BN_bn2dec(n);
- assert(buf != NULL);
+ if (buf == NULL) {
+ error("add_host_to_hostfile: BN_bn2dec #2 failed");
+ fclose(f);
+ return 0;
+ }
fprintf(f, "%s\n", buf);
free (buf);
packet_encrypt(CipherContext *cc, void *dest, void *src,
unsigned int bytes)
{
- assert((bytes % 8) == 0);
cipher_encrypt(cc, dest, src, bytes);
}
{
int i;
- assert((bytes % 8) == 0);
+ if ((bytes % 8) != 0)
+ fatal("packet_decrypt: bad ciphertext length %d", bytes);
/*
Cryptographic attack detector for ssh - Modifications for packet.c
buffer_consume(&incoming_packet, 8 - len % 8);
/* Test check bytes. */
- assert(len == buffer_len(&incoming_packet));
+
+ if (len != buffer_len(&incoming_packet))
+ packet_disconnect("packet_read_poll: len %d != buffer_len %d.",
+ len, buffer_len(&incoming_packet));
+
ucp = (unsigned char *)buffer_ptr(&incoming_packet) + len - 4;
stored_checksum = GET_32BIT(ucp);
if (checksum != stored_checksum)
had_identities = 1;
printf("%d ", bits);
buf = BN_bn2dec(e);
- assert(buf != NULL);
- printf("%s ", buf);
- free (buf);
+ if (buf != NULL) {
+ printf("%s ", buf);
+ free (buf);
+ } else {
+ error("list_identities: BN_bn2dec #1 failed.");
+ }
buf = BN_bn2dec(n);
- assert(buf != NULL);
- printf("%s %s\n", buf, comment);
- free (buf);
+ if (buf != NULL) {
+ printf("%s %s\n", buf, comment);
+ free (buf);
+ } else {
+ error("list_identities: BN_bn2dec #2 failed.");
+ }
xfree(comment);
}
BN_clear_free(e);
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-agent.c,v 1.16 1999/10/28 20:41:23 markus Exp $");
+RCSID("$OpenBSD: ssh-agent.c,v 1.17 1999/11/02 19:42:36 markus Exp $");
#include "ssh.h"
#include "rsa.h"
case 1: /* As of protocol 1.1 */
/* The response is MD5 of decrypted challenge plus session id. */
len = BN_num_bytes(challenge);
- assert(len <= 32 && len);
+
+ if (len <= 0 || len > 32) {
+ fatal("process_authentication_challenge: "
+ "bad challenge length %d", len);
+ }
+
memset(buf, 0, 32);
BN_bn2bin(challenge, buf + 32 - len);
MD5_Init(&md);
/* Accept passed Kerberos v4 ticket-granting ticket and AFS tokens. */
int auth_kerberos_tgt(struct passwd *pw, const char *string);
-int auth_afs_token(char *server_user, uid_t uid, const char *string);
+int auth_afs_token(struct passwd *pw, const char *token_string);
int creds_to_radix(CREDENTIALS *creds, unsigned char *buf);
int radix_to_creds(const char *buf, CREDENTIALS *creds);
/* Compute the response. */
/* The response is MD5 of decrypted challenge plus session id. */
len = BN_num_bytes(challenge);
- assert(len <= sizeof(buf) && len);
+ if (len <= 0 || len > sizeof(buf))
+ packet_disconnect("respond_to_rsa_challenge: bad challenge length %d",
+ len);
+
memset(buf, 0, sizeof(buf));
BN_bn2bin(challenge, buf + sizeof(buf) - len);
MD5_Init(&md);
if (BN_cmp(public_key->n, host_key->n) < 0)
{
/* Public key has smaller modulus. */
- assert(BN_num_bits(host_key->n) >=
- BN_num_bits(public_key->n) + SSH_KEY_BITS_RESERVED);
+ if (BN_num_bits(host_key->n) <
+ BN_num_bits(public_key->n) + SSH_KEY_BITS_RESERVED) {
+ fatal("respond_to_rsa_challenge: host_key %d < public_key %d + "
+ "SSH_KEY_BITS_RESERVED %d",
+ BN_num_bits(host_key->n),
+ BN_num_bits(public_key->n),
+ SSH_KEY_BITS_RESERVED);
+ }
rsa_public_encrypt(key, key, public_key);
rsa_public_encrypt(key, key, host_key);
else
{
/* Host key has smaller modulus (or they are equal). */
- assert(BN_num_bits(public_key->n) >=
- BN_num_bits(host_key->n) + SSH_KEY_BITS_RESERVED);
+ if (BN_num_bits(public_key->n) <
+ BN_num_bits(host_key->n) + SSH_KEY_BITS_RESERVED) {
+ fatal("respond_to_rsa_challenge: public_key %d < host_key %d + "
+ "SSH_KEY_BITS_RESERVED %d",
+ BN_num_bits(public_key->n),
+ BN_num_bits(host_key->n),
+ SSH_KEY_BITS_RESERVED);
+ }
rsa_public_encrypt(key, key, host_key);
rsa_public_encrypt(key, key, public_key);