- OpenBSD CVS Sync

   - provos@cvs.openbsd.org 2001/03/28 22:04:57
     [dh.c]
     more sanity checking on primes file

diff --git a/ChangeLog b/ChangeLog
index 761aee6e38796331ce163e774f28858c77d89871..67f424795e79dae8c85b7d80bda926571ed77a23 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,9 @@
    - provos@cvs.openbsd.org 2001/03/28 21:59:41
      [kex.c kex.h sshconnect2.c sshd.c]
      forgot to include min and max params in hash, okay markus@
+   - provos@cvs.openbsd.org 2001/03/28 22:04:57
+     [dh.c]
+     more sanity checking on primes file
 
 20010329
  - OpenBSD CVS Sync

diff --git a/dh.c b/dh.c
index 5f441ee1c817b72d5f60e9d3d5ccd357155bcd05..636758fa8bb5ace7d5ed60d400e089704bded467 100644 (file)
--- a/dh.c
+++ b/dh.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: dh.c,v 1.9 2001/03/27 17:46:49 provos Exp $");
+RCSID("$OpenBSD: dh.c,v 1.10 2001/03/28 22:04:57 provos Exp $");
 
 #include "xmalloc.h"
 
@@ -79,18 +79,21 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg)
                goto fail;
 
        dhg->g = BN_new();
-       if (BN_hex2bn(&dhg->g, gen) < 0) {
-               BN_free(dhg->g);
-               goto fail;
-       }
        dhg->p = BN_new();
-       if (BN_hex2bn(&dhg->p, prime) < 0) {
-               BN_free(dhg->g);
-               BN_free(dhg->p);
-               goto fail;
-       }
+       if (BN_hex2bn(&dhg->g, gen) < 0)
+               goto failclean;
+
+       if (BN_hex2bn(&dhg->p, prime) < 0)
+               goto failclean;
+
+       if (BN_num_bits(dhg->p) != dhg->size)
+               goto failclean;
 
        return (1);
+
+ failclean:
+       BN_free(dhg->g);
+       BN_free(dhg->p);
  fail:
        error("Bad prime description in line %d", linenum);
        return (0);