diff options
Diffstat (limited to 'authfd.c')
| -rw-r--r-- | authfd.c | 28 |
1 files changed, 15 insertions, 13 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: authfd.c,v 1.108 2018/02/23 15:58:37 markus Exp $ */ +/* $OpenBSD: authfd.c,v 1.111 2018/07/09 21:59:10 markus Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -133,7 +133,7 @@ ssh_request_reply(int sock, struct sshbuf *request, struct sshbuf *reply) /* Send the length and then the packet to the agent. */ if (atomicio(vwrite, sock, buf, 4) != 4 || - atomicio(vwrite, sock, (u_char *)sshbuf_ptr(request), + atomicio(vwrite, sock, sshbuf_mutable_ptr(request), sshbuf_len(request)) != sshbuf_len(request)) return SSH_ERR_AGENT_COMMUNICATION; /* @@ -323,7 +323,7 @@ ssh_free_identitylist(struct ssh_identitylist *idl) */ -/* encode signature algoritm in flag bits, so we can keep the msg format */ +/* encode signature algorithm in flag bits, so we can keep the msg format */ static u_int agent_encode_alg(const struct sshkey *key, const char *alg) { @@ -343,8 +343,8 @@ ssh_agent_sign(int sock, const struct sshkey *key, const u_char *data, size_t datalen, const char *alg, u_int compat) { struct sshbuf *msg; - u_char *blob = NULL, type; - size_t blen = 0, len = 0; + u_char *sig = NULL, type = 0; + size_t len = 0; u_int flags = 0; int r = SSH_ERR_INTERNAL_ERROR; @@ -355,11 +355,9 @@ ssh_agent_sign(int sock, const struct sshkey *key, return SSH_ERR_INVALID_ARGUMENT; if ((msg = sshbuf_new()) == NULL) return SSH_ERR_ALLOC_FAIL; - if ((r = sshkey_to_blob(key, &blob, &blen)) != 0) - goto out; flags |= agent_encode_alg(key, alg); if ((r = sshbuf_put_u8(msg, SSH2_AGENTC_SIGN_REQUEST)) != 0 || - (r = sshbuf_put_string(msg, blob, blen)) != 0 || + (r = sshkey_puts(key, msg)) != 0 || (r = sshbuf_put_string(msg, data, datalen)) != 0 || (r = sshbuf_put_u32(msg, flags)) != 0) goto out; @@ -374,15 +372,19 @@ ssh_agent_sign(int sock, const struct sshkey *key, r = SSH_ERR_INVALID_FORMAT; goto out; } - if ((r = sshbuf_get_string(msg, sigp, &len)) != 0) + if ((r = sshbuf_get_string(msg, &sig, &len)) != 0) + goto out; + /* Check what we actually got back from the agent. */ + if ((r = sshkey_check_sigtype(sig, len, alg)) != 0) goto out; + /* success */ + *sigp = sig; *lenp = len; + sig = NULL; + len = 0; r = 0; out: - if (blob != NULL) { - explicit_bzero(blob, blen); - free(blob); - } + freezero(sig, len); sshbuf_free(msg); return r; } |