diff options
| author | Dag-Erling Smørgrav <des@FreeBSD.org> | 2002-06-29 11:48:59 +0000 |
|---|---|---|
| committer | Dag-Erling Smørgrav <des@FreeBSD.org> | 2002-06-29 11:48:59 +0000 |
| commit | a82e551f0fd24a72fde2fc9145eef2c270cda9c0 (patch) | |
| tree | 038040484c6082020b918a9c208a38e77fd09e7d /crypto/openssh/bufaux.c | |
| parent | d2a34caedbbbc4693ecb276afb41ffe6c4e05c76 (diff) | |
| download | src-test2-a82e551f0fd24a72fde2fc9145eef2c270cda9c0.tar.gz src-test2-a82e551f0fd24a72fde2fc9145eef2c270cda9c0.zip | |
Notes
Diffstat (limited to 'crypto/openssh/bufaux.c')
| -rw-r--r-- | crypto/openssh/bufaux.c | 26 |
1 files changed, 21 insertions, 5 deletions
diff --git a/crypto/openssh/bufaux.c b/crypto/openssh/bufaux.c index 79f8bbd49667..94836feb5807 100644 --- a/crypto/openssh/bufaux.c +++ b/crypto/openssh/bufaux.c @@ -37,7 +37,8 @@ */ #include "includes.h" -RCSID("$OpenBSD: bufaux.c,v 1.25 2002/04/20 09:14:58 markus Exp $"); +RCSID("$OpenBSD: bufaux.c,v 1.27 2002/06/26 08:53:12 markus Exp $"); +RCSID("$FreeBSD$"); #include <openssl/bn.h> #include "bufaux.h" @@ -88,6 +89,8 @@ buffer_get_bignum(Buffer *buffer, BIGNUM *value) bits = GET_16BIT(buf); /* Compute the number of binary bytes that follow. */ bytes = (bits + 7) / 8; + if (bytes > 8 * 1024) + fatal("buffer_get_bignum: cannot handle BN of size %d", bytes); if (buffer_len(buffer) < bytes) fatal("buffer_get_bignum: input buffer too small"); bin = buffer_ptr(buffer); @@ -105,6 +108,7 @@ buffer_put_bignum2(Buffer *buffer, BIGNUM *value) u_char *buf = xmalloc(bytes); int oi; int hasnohigh = 0; + buf[0] = '\0'; /* Get the value of in binary */ oi = BN_bn2bin(value, buf+1); @@ -128,12 +132,15 @@ buffer_put_bignum2(Buffer *buffer, BIGNUM *value) xfree(buf); } +/* XXX does not handle negative BNs */ void buffer_get_bignum2(Buffer *buffer, BIGNUM *value) { - /**XXX should be two's-complement */ - int len; - u_char *bin = buffer_get_string(buffer, (u_int *)&len); + u_int len; + u_char *bin = buffer_get_string(buffer, &len); + + if (len > 8 * 1024) + fatal("buffer_get_bignum2: cannot handle BN of size %d", len); BN_bin2bn(bin, len, value); xfree(bin); } @@ -145,6 +152,7 @@ u_short buffer_get_short(Buffer *buffer) { u_char buf[2]; + buffer_get(buffer, (char *) buf, 2); return GET_16BIT(buf); } @@ -153,6 +161,7 @@ u_int buffer_get_int(Buffer *buffer) { u_char buf[4]; + buffer_get(buffer, (char *) buf, 4); return GET_32BIT(buf); } @@ -162,6 +171,7 @@ u_int64_t buffer_get_int64(Buffer *buffer) { u_char buf[8]; + buffer_get(buffer, (char *) buf, 8); return GET_64BIT(buf); } @@ -174,6 +184,7 @@ void buffer_put_short(Buffer *buffer, u_short value) { char buf[2]; + PUT_16BIT(buf, value); buffer_append(buffer, buf, 2); } @@ -182,6 +193,7 @@ void buffer_put_int(Buffer *buffer, u_int value) { char buf[4]; + PUT_32BIT(buf, value); buffer_append(buffer, buf, 4); } @@ -191,6 +203,7 @@ void buffer_put_int64(Buffer *buffer, u_int64_t value) { char buf[8]; + PUT_64BIT(buf, value); buffer_append(buffer, buf, 8); } @@ -207,8 +220,9 @@ buffer_put_int64(Buffer *buffer, u_int64_t value) void * buffer_get_string(Buffer *buffer, u_int *length_ptr) { - u_int len; u_char *value; + u_int len; + /* Get the length. */ len = buffer_get_int(buffer); if (len > 256 * 1024) @@ -249,6 +263,7 @@ int buffer_get_char(Buffer *buffer) { char ch; + buffer_get(buffer, &ch, 1); return (u_char) ch; } @@ -260,5 +275,6 @@ void buffer_put_char(Buffer *buffer, int value) { char ch = value; + buffer_append(buffer, &ch, 1); } |