]> andersk Git - openssh.git/commitdiff
andersk / openssh.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8695f9f)
- (djm) OpenBSD CVS Sync
authordjm <djm>
Wed, 26 Jun 2002 09:14:08 +0000 (09:14 +0000)
committerdjm <djm>
Wed, 26 Jun 2002 09:14:08 +0000 (09:14 +0000)
   - markus@cvs.openbsd.org 2002/06/26 08:53:12
     [bufaux.c]
     limit size of BNs to 8KB; ok provos/deraadt

ChangeLog patch | blob | blame | history
bufaux.c patch | blob | blame | history

diff --git a/ChangeLog b/ChangeLog
index 686217dc4769fe8dcf5233296f216cfd053c3e4d..0bcad49acfc1e86bfc38074d5e23013d8c2b62cd 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -35,6 +35,10 @@
  - (stevesk) [README.privsep] more for sshd pseudo-account.
  - (tim) [contrib/caldera/openssh.spec] add support for privsep
  - (djm) setlogin needs pgid==pid on BSD/OS; from itojun@
+ - (djm) OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2002/06/26 08:53:12
+     [bufaux.c]
+     limit size of BNs to 8KB; ok provos/deraadt
 
 20020625
  - (stevesk) [INSTALL acconfig.h configure.ac defines.h] remove --with-rsh
diff --git a/bufaux.c b/bufaux.c
index 80abe890b64bba656ae407332d178132aebbb66e..d3dc674ce4043d1c62abedfb6b1a2903a03afa22 100644 (file)
--- a/bufaux.c
+++ b/bufaux.c
@@ -37,7 +37,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: bufaux.c,v 1.26 2002/06/23 09:46:51 deraadt Exp $");
+RCSID("$OpenBSD: bufaux.c,v 1.27 2002/06/26 08:53:12 markus Exp $");
 
 #include <openssl/bn.h>
 #include "bufaux.h"
@@ -88,6 +88,8 @@ buffer_get_bignum(Buffer *buffer, BIGNUM *value)
        bits = GET_16BIT(buf);
        /* Compute the number of binary bytes that follow. */
        bytes = (bits + 7) / 8;
+       if (bytes > 8 * 1024)
+               fatal("buffer_get_bignum: cannot handle BN of size %d", bytes);
        if (buffer_len(buffer) < bytes)
                fatal("buffer_get_bignum: input buffer too small");
        bin = buffer_ptr(buffer);
@@ -129,13 +131,15 @@ buffer_put_bignum2(Buffer *buffer, BIGNUM *value)
        xfree(buf);
 }
 
+/* XXX does not handle negative BNs */
 void
 buffer_get_bignum2(Buffer *buffer, BIGNUM *value)
 {
-       /**XXX should be two's-complement */
-       int len;
-       u_char *bin = buffer_get_string(buffer, (u_int *)&len);
+       u_int len;
+       u_char *bin = buffer_get_string(buffer, &len);
 
+       if (len > 8 * 1024)
+               fatal("buffer_get_bignum2: cannot handle BN of size %d", len);
        BN_bin2bn(bin, len, value);
        xfree(bin);
 }
git-cvsimport mirror of OpenSSH
This page took 0.043572 seconds and 5 git commands to generate.