[deattack.c misc.c session.c ssh-agent.c]
more buffer allocation fixes; from Solar Designer; CAN-2003-0682;
ok millert@
+ - miod@cvs.openbsd.org 2003/09/18 13:02:21
+ [authfd.c bufaux.c dh.c mac.c ssh-keygen.c]
+ A few signedness fixes for harmless situations; markus@ ok
20030919
- (djm) Bug #683: Remove reference to --with-ipv4-default from INSTALL;
*/
#include "includes.h"
-RCSID("$OpenBSD: authfd.c,v 1.61 2003/06/28 16:23:06 deraadt Exp $");
+RCSID("$OpenBSD: authfd.c,v 1.62 2003/09/18 13:02:21 miod Exp $");
#include <openssl/evp.h>
static int
ssh_request_reply(AuthenticationConnection *auth, Buffer *request, Buffer *reply)
{
- int l, len;
+ int l;
+ u_int len;
char buf[1024];
/* Get the length of the message, and format it in the buffer. */
/* Extract the length, and check it for sanity. */
len = GET_32BIT(buf);
if (len > 256 * 1024)
- fatal("Authentication response too long: %d", len);
+ fatal("Authentication response too long: %u", len);
/* Read the rest of the response in to the buffer. */
buffer_clear(reply);
/* Get the number of entries in the response and check it for sanity. */
auth->howmany = buffer_get_int(&auth->identities);
- if (auth->howmany > 1024)
+ if ((u_int)auth->howmany > 1024)
fatal("Too many identities in authentication reply: %d",
auth->howmany);
*/
#include "includes.h"
-RCSID("$OpenBSD: bufaux.c,v 1.29 2003/04/08 20:21:28 itojun Exp $");
+RCSID("$OpenBSD: bufaux.c,v 1.30 2003/09/18 13:02:21 miod Exp $");
#include <openssl/bn.h>
#include "bufaux.h"
void
buffer_get_bignum(Buffer *buffer, BIGNUM *value)
{
- int bits, bytes;
+ u_int bits, bytes;
u_char buf[2], *bin;
/* Get the number for bits. */
void
buffer_put_bignum2(Buffer *buffer, BIGNUM *value)
{
- int bytes = BN_num_bytes(value) + 1;
+ u_int bytes = BN_num_bytes(value) + 1;
u_char *buf = xmalloc(bytes);
int oi;
- int hasnohigh = 0;
+ u_int hasnohigh = 0;
buf[0] = '\0';
/* Get the value of in binary */
*/
#include "includes.h"
-RCSID("$OpenBSD: dh.c,v 1.24 2003/04/08 20:21:28 itojun Exp $");
+RCSID("$OpenBSD: dh.c,v 1.25 2003/09/18 13:02:21 miod Exp $");
#include "xmalloc.h"
if (dh->p == NULL)
fatal("dh_gen_key: dh->p == NULL");
- if (2*need >= BN_num_bits(dh->p))
+ if (need > INT_MAX / 2 || 2 * need >= BN_num_bits(dh->p))
fatal("dh_gen_key: group too small: %d (2*need %d)",
BN_num_bits(dh->p), 2*need);
do {
*/
#include "includes.h"
-RCSID("$OpenBSD: mac.c,v 1.5 2002/05/16 22:02:50 markus Exp $");
+RCSID("$OpenBSD: mac.c,v 1.6 2003/09/18 13:02:21 miod Exp $");
#include <openssl/hmac.h>
if (mac->key == NULL)
fatal("mac_compute: no key");
- if (mac->mac_len > sizeof(m))
+ if ((u_int)mac->mac_len > sizeof(m))
fatal("mac_compute: mac too long");
HMAC_Init(&c, mac->key, mac->key_len, mac->md);
PUT_32BIT(b, seqno);
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.108 2003/08/14 16:08:58 markus Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.109 2003/09/18 13:02:21 miod Exp $");
#include <openssl/evp.h>
#include <openssl/pem.h>
static void
buffer_get_bignum_bits(Buffer *b, BIGNUM *value)
{
- int bits = buffer_get_int(b);
- int bytes = (bits + 7) / 8;
+ u_int bits = buffer_get_int(b);
+ u_int bytes = (bits + 7) / 8;
if (buffer_len(b) < bytes)
fatal("buffer_get_bignum_bits: input buffer too small: "