- (stevesk) [README.privsep] more for sshd pseudo-account.
- (tim) [contrib/caldera/openssh.spec] add support for privsep
- (djm) setlogin needs pgid==pid on BSD/OS; from itojun@
+ - (djm) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2002/06/26 08:53:12
+ [bufaux.c]
+ limit size of BNs to 8KB; ok provos/deraadt
20020625
- (stevesk) [INSTALL acconfig.h configure.ac defines.h] remove --with-rsh
*/
#include "includes.h"
-RCSID("$OpenBSD: bufaux.c,v 1.26 2002/06/23 09:46:51 deraadt Exp $");
+RCSID("$OpenBSD: bufaux.c,v 1.27 2002/06/26 08:53:12 markus Exp $");
#include <openssl/bn.h>
#include "bufaux.h"
bits = GET_16BIT(buf);
/* Compute the number of binary bytes that follow. */
bytes = (bits + 7) / 8;
+ if (bytes > 8 * 1024)
+ fatal("buffer_get_bignum: cannot handle BN of size %d", bytes);
if (buffer_len(buffer) < bytes)
fatal("buffer_get_bignum: input buffer too small");
bin = buffer_ptr(buffer);
xfree(buf);
}
+/* XXX does not handle negative BNs */
void
buffer_get_bignum2(Buffer *buffer, BIGNUM *value)
{
- /**XXX should be two's-complement */
- int len;
- u_char *bin = buffer_get_string(buffer, (u_int *)&len);
+ u_int len;
+ u_char *bin = buffer_get_string(buffer, &len);
+ if (len > 8 * 1024)
+ fatal("buffer_get_bignum2: cannot handle BN of size %d", len);
BN_bin2bn(bin, len, value);
xfree(bin);
}