summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>1999-11-08 16:15:55 +1100
committerDamien Miller <djm@mindrot.org>1999-11-08 16:15:55 +1100
commitfd7c911f090749774cf1869420523c4811beeeb0 (patch)
treecd57567ddb3371c0c805a8bd8ace0c66df02fa53
parent5ac5f1ca6b5270e1a755d75120f8217f5850c9b2 (diff)
Merged OpenBSD CVS changes that go awayV_1_2_PRE8
-rw-r--r--ChangeLog2
-rw-r--r--auth-rsa.c6
-rw-r--r--bufaux.c6
-rw-r--r--channels.c18
-rw-r--r--cipher.c10
-rw-r--r--deattack.c9
-rw-r--r--hostfile.c14
-rw-r--r--packet.c12
-rw-r--r--ssh-add.c20
-rw-r--r--ssh-agent.c9
-rw-r--r--ssh.h4
-rw-r--r--sshconnect.c27
-rw-r--r--sshd.c2
13 files changed, 96 insertions, 43 deletions
diff --git a/ChangeLog b/ChangeLog
index 57f9a00e..088ee048 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -19,9 +19,9 @@
- Added support for PAM_TEXT_INFO messages
- Disable internal /etc/nologin support if PAM enabled
- Merged latest OpenBSD CVS changes:
+ - [all] replace assert() with error, fatal or packet_disconnect
- [sshd.c] don't send fail-msg but disconnect if too many authentication
failures
- - [sshd.c] replace assert() with error, fatal or packet_disconnect
- [sshd.c] remove unused argument. ok dugsong
- [sshd.c] typo
- [rsa.c] clear buffers used for encryption. ok: niels
diff --git a/auth-rsa.c b/auth-rsa.c
index 3be37ffc..dc1ad81a 100644
--- a/auth-rsa.c
+++ b/auth-rsa.c
@@ -17,7 +17,7 @@ validity of the host key.
#include "config.h"
#include "includes.h"
-RCSID("$Id: auth-rsa.c,v 1.3 1999/10/28 05:23:30 damien Exp $");
+RCSID("$Id: auth-rsa.c,v 1.4 1999/11/08 05:15:55 damien Exp $");
#include "rsa.h"
#include "packet.h"
@@ -98,7 +98,9 @@ auth_rsa_challenge_dialog(unsigned int bits, BIGNUM *e, BIGNUM *n)
/* The response is MD5 of decrypted challenge plus session id. */
len = BN_num_bytes(challenge);
- assert(len <= 32 && len);
+ if (len <= 0 || len > 32)
+ fatal("auth_rsa_challenge_dialog: bad challenge length %d", len);
+
memset(buf, 0, 32);
BN_bn2bin(challenge, buf + 32 - len);
MD5_Init(&md);
diff --git a/bufaux.c b/bufaux.c
index 9d5776f5..31e1ae9e 100644
--- a/bufaux.c
+++ b/bufaux.c
@@ -16,7 +16,7 @@ Buffers.
#include "config.h"
#include "includes.h"
-RCSID("$Id: bufaux.c,v 1.2 1999/10/28 03:25:17 damien Exp $");
+RCSID("$Id: bufaux.c,v 1.3 1999/11/08 05:15:55 damien Exp $");
#include "ssh.h"
@@ -45,7 +45,9 @@ buffer_put_bignum(Buffer *buffer, BIGNUM *value)
/* Get the value of in binary */
oi = BN_bn2bin(value, buf);
- assert(oi == bin_size);
+ if (oi != bin_size)
+ fatal("buffer_put_bignum: BN_bn2bin() failed: oi %d != bin_size %d",
+ oi, bin_size);
/* Store the number of bits in the buffer in two bytes, msb first. */
PUT_16BIT(msg, bits);
diff --git a/channels.c b/channels.c
index 79a02c88..032e8f2a 100644
--- a/channels.c
+++ b/channels.c
@@ -16,7 +16,7 @@ arbitrary tcp/ip connections, and the authentication agent connection.
*/
#include "includes.h"
-RCSID("$Id: channels.c,v 1.3 1999/10/30 01:39:56 damien Exp $");
+RCSID("$Id: channels.c,v 1.4 1999/11/08 05:15:55 damien Exp $");
#include "ssh.h"
#include "packet.h"
@@ -166,8 +166,10 @@ int channel_allocate(int type, int sock, char *remote_name)
void channel_free(int channel)
{
- assert(channel >= 0 && channel < channels_alloc &&
- channels[channel].type != SSH_CHANNEL_FREE);
+ if (channel < 0 || channel >= channels_alloc ||
+ channels[channel].type == SSH_CHANNEL_FREE)
+ packet_disconnect("channel free: bad local channel %d", channel);
+
if(compat13)
shutdown(channels[channel].sock, SHUT_RDWR);
close(channels[channel].sock);
@@ -307,9 +309,17 @@ void channel_prepare_select(fd_set *readset, fd_set *writeset)
goto reject;
}
+ /* Check fake data length */
+ if (x11_fake_data_len != x11_saved_data_len)
+ {
+ error("X11 fake_data_len %d != saved_data_len %d",
+ x11_fake_data_len, x11_saved_data_len);
+ ch->type = SSH_CHANNEL_OPEN;
+ goto reject;
+ }
+
/* Received authentication protocol and data match our fake data.
Substitute the fake data with real data. */
- assert(x11_fake_data_len == x11_saved_data_len);
memcpy(ucp + 12 + ((proto_len + 3) & ~3),
x11_saved_data, x11_saved_data_len);
diff --git a/cipher.c b/cipher.c
index e611d6c7..07491351 100644
--- a/cipher.c
+++ b/cipher.c
@@ -13,7 +13,7 @@ Created: Wed Apr 19 17:41:39 1995 ylo
#include "config.h"
#include "includes.h"
-RCSID("$Id: cipher.c,v 1.3 1999/10/28 05:23:30 damien Exp $");
+RCSID("$Id: cipher.c,v 1.4 1999/11/08 05:15:55 damien Exp $");
#include "ssh.h"
#include "cipher.h"
@@ -93,8 +93,6 @@ swap_bytes(const unsigned char *src, unsigned char *dst_, int n)
char c[4];
} t;
- /* assert((n & 7) == 0); */
-
/* Process 8 bytes every lap. */
for (n = n / 8; n > 0; n--)
{
@@ -248,7 +246,8 @@ void cipher_set_key(CipherContext *context, int cipher,
void cipher_encrypt(CipherContext *context, unsigned char *dest,
const unsigned char *src, unsigned int len)
{
- assert((len & 7) == 0);
+ if ((len & 7) != 0)
+ fatal("cipher_encrypt: bad plaintext length %d", len);
switch (context->type)
{
@@ -280,7 +279,8 @@ void cipher_encrypt(CipherContext *context, unsigned char *dest,
void cipher_decrypt(CipherContext *context, unsigned char *dest,
const unsigned char *src, unsigned int len)
{
- assert((len & 7) == 0);
+ if ((len & 7) != 0)
+ fatal("cipher_decrypt: bad ciphertext length %d", len);
switch (context->type)
{
diff --git a/deattack.c b/deattack.c
index d5f8608c..afd96e4e 100644
--- a/deattack.c
+++ b/deattack.c
@@ -1,5 +1,5 @@
/*
- * $Id: deattack.c,v 1.1 1999/10/27 03:42:44 damien Exp $
+ * $Id: deattack.c,v 1.2 1999/11/08 05:15:55 damien Exp $
* Cryptographic attack detector for ssh - source code
*
* Copyright (c) 1998 CORE SDI S.A., Buenos Aires, Argentina.
@@ -100,9 +100,10 @@ detect_attack(unsigned char *buf, u_int32_t len, unsigned char *IV)
register unsigned char *c;
unsigned char *d;
-
- assert(len <= (SSH_MAXBLOCKS * SSH_BLOCKSIZE));
- assert(len % SSH_BLOCKSIZE == 0);
+ if (len > (SSH_MAXBLOCKS * SSH_BLOCKSIZE) ||
+ len % SSH_BLOCKSIZE != 0) {
+ fatal("detect_attack: bad length %d", len);
+ }
for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2);
diff --git a/hostfile.c b/hostfile.c
index ca0fe88a..0e65bfe5 100644
--- a/hostfile.c
+++ b/hostfile.c
@@ -14,7 +14,7 @@ Functions for manipulating the known hosts files.
*/
#include "includes.h"
-RCSID("$Id: hostfile.c,v 1.1 1999/10/27 03:42:44 damien Exp $");
+RCSID("$Id: hostfile.c,v 1.2 1999/11/08 05:15:55 damien Exp $");
#include "packet.h"
#include "ssh.h"
@@ -265,11 +265,19 @@ add_host_to_hostfile(const char *filename, const char *host,
/* Print the host name and key to the file. */
fprintf(f, "%s %u ", host, bits);
buf = BN_bn2dec(e);
- assert(buf != NULL);
+ if (buf == NULL) {
+ error("add_host_to_hostfile: BN_bn2dec #1 failed");
+ fclose(f);
+ return 0;
+ }
fprintf(f, "%s ", buf);
free (buf);
buf = BN_bn2dec(n);
- assert(buf != NULL);
+ if (buf == NULL) {
+ error("add_host_to_hostfile: BN_bn2dec #2 failed");
+ fclose(f);
+ return 0;
+ }
fprintf(f, "%s\n", buf);
free (buf);
diff --git a/packet.c b/packet.c
index 7e74c73b..6dfd492a 100644
--- a/packet.c
+++ b/packet.c
@@ -15,7 +15,7 @@ with the other side. This same code is used both on client and server side.
*/
#include "includes.h"
-RCSID("$Id: packet.c,v 1.1 1999/10/27 03:42:44 damien Exp $");
+RCSID("$Id: packet.c,v 1.2 1999/11/08 05:15:55 damien Exp $");
#include "xmalloc.h"
#include "buffer.h"
@@ -194,7 +194,6 @@ void
packet_encrypt(CipherContext *cc, void *dest, void *src,
unsigned int bytes)
{
- assert((bytes % 8) == 0);
cipher_encrypt(cc, dest, src, bytes);
}
@@ -207,7 +206,8 @@ packet_decrypt(CipherContext *cc, void *dest, void *src,
{
int i;
- assert((bytes % 8) == 0);
+ if ((bytes % 8) != 0)
+ fatal("packet_decrypt: bad ciphertext length %d", bytes);
/*
Cryptographic attack detector for ssh - Modifications for packet.c
@@ -500,7 +500,11 @@ packet_read_poll(int *payload_len_ptr)
buffer_consume(&incoming_packet, 8 - len % 8);
/* Test check bytes. */
- assert(len == buffer_len(&incoming_packet));
+
+ if (len != buffer_len(&incoming_packet))
+ packet_disconnect("packet_read_poll: len %d != buffer_len %d.",
+ len, buffer_len(&incoming_packet));
+
ucp = (unsigned char *)buffer_ptr(&incoming_packet) + len - 4;
stored_checksum = GET_32BIT(ucp);
if (checksum != stored_checksum)
diff --git a/ssh-add.c b/ssh-add.c
index 8effcdb0..07c33d87 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -14,7 +14,7 @@ Adds an identity to the authentication server, or removes an identity.
*/
#include "includes.h"
-RCSID("$Id: ssh-add.c,v 1.3 1999/11/08 04:30:59 damien Exp $");
+RCSID("$Id: ssh-add.c,v 1.4 1999/11/08 05:15:55 damien Exp $");
#include "rsa.h"
#include "ssh.h"
@@ -201,13 +201,19 @@ list_identities(AuthenticationConnection *ac)
had_identities = 1;
printf("%d ", bits);
buf = BN_bn2dec(e);
- assert(buf != NULL);
- printf("%s ", buf);
- free (buf);
+ if (buf != NULL) {
+ printf("%s ", buf);
+ free (buf);
+ } else {
+ error("list_identities: BN_bn2dec #1 failed.");
+ }
buf = BN_bn2dec(n);
- assert(buf != NULL);
- printf("%s %s\n", buf, comment);
- free (buf);
+ if (buf != NULL) {
+ printf("%s %s\n", buf, comment);
+ free (buf);
+ } else {
+ error("list_identities: BN_bn2dec #2 failed.");
+ }
xfree(comment);
}
BN_clear_free(e);
diff --git a/ssh-agent.c b/ssh-agent.c
index 4f7f57f0..96bd021e 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -16,7 +16,7 @@ The authentication agent program.
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-agent.c,v 1.16 1999/10/28 20:41:23 markus Exp $");
+RCSID("$OpenBSD: ssh-agent.c,v 1.17 1999/11/02 19:42:36 markus Exp $");
#include "ssh.h"
#include "rsa.h"
@@ -136,7 +136,12 @@ process_authentication_challenge(SocketEntry *e)
case 1: /* As of protocol 1.1 */
/* The response is MD5 of decrypted challenge plus session id. */
len = BN_num_bytes(challenge);
- assert(len <= 32 && len);
+
+ if (len <= 0 || len > 32) {
+ fatal("process_authentication_challenge: "
+ "bad challenge length %d", len);
+ }
+
memset(buf, 0, 32);
BN_bn2bin(challenge, buf + 32 - len);
MD5_Init(&md);
diff --git a/ssh.h b/ssh.h
index 841633c7..1fd17c1a 100644
--- a/ssh.h
+++ b/ssh.h
@@ -13,7 +13,7 @@ Generic header file for ssh.
*/
-/* RCSID("$Id: ssh.h,v 1.6 1999/11/08 04:30:59 damien Exp $"); */
+/* RCSID("$Id: ssh.h,v 1.7 1999/11/08 05:15:55 damien Exp $"); */
#ifndef SSH_H
#define SSH_H
@@ -597,7 +597,7 @@ int ssh_tf_init(uid_t uid);
/* Accept passed Kerberos v4 ticket-granting ticket and AFS tokens. */
int auth_kerberos_tgt(struct passwd *pw, const char *string);
-int auth_afs_token(char *server_user, uid_t uid, const char *string);
+int auth_afs_token(struct passwd *pw, const char *token_string);
int creds_to_radix(CREDENTIALS *creds, unsigned char *buf);
int radix_to_creds(const char *buf, CREDENTIALS *creds);
diff --git a/sshconnect.c b/sshconnect.c
index 4222646d..a6f3788f 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -16,7 +16,7 @@ login (authentication) dialog.
#include "config.h"
#include "includes.h"
-RCSID("$Id: sshconnect.c,v 1.3 1999/10/28 05:23:30 damien Exp $");
+RCSID("$Id: sshconnect.c,v 1.4 1999/11/08 05:15:55 damien Exp $");
#ifdef HAVE_OPENSSL
#include <openssl/bn.h>
@@ -457,7 +457,10 @@ respond_to_rsa_challenge(BIGNUM *challenge, RSA *prv)
/* Compute the response. */
/* The response is MD5 of decrypted challenge plus session id. */
len = BN_num_bytes(challenge);
- assert(len <= sizeof(buf) && len);
+ if (len <= 0 || len > sizeof(buf))
+ packet_disconnect("respond_to_rsa_challenge: bad challenge length %d",
+ len);
+
memset(buf, 0, sizeof(buf));
BN_bn2bin(challenge, buf + sizeof(buf) - len);
MD5_Init(&md);
@@ -1298,8 +1301,14 @@ void ssh_login(int host_key_valid,
if (BN_cmp(public_key->n, host_key->n) < 0)
{
/* Public key has smaller modulus. */
- assert(BN_num_bits(host_key->n) >=
- BN_num_bits(public_key->n) + SSH_KEY_BITS_RESERVED);
+ if (BN_num_bits(host_key->n) <
+ BN_num_bits(public_key->n) + SSH_KEY_BITS_RESERVED) {
+ fatal("respond_to_rsa_challenge: host_key %d < public_key %d + "
+ "SSH_KEY_BITS_RESERVED %d",
+ BN_num_bits(host_key->n),
+ BN_num_bits(public_key->n),
+ SSH_KEY_BITS_RESERVED);
+ }
rsa_public_encrypt(key, key, public_key);
rsa_public_encrypt(key, key, host_key);
@@ -1307,8 +1316,14 @@ void ssh_login(int host_key_valid,
else
{
/* Host key has smaller modulus (or they are equal). */
- assert(BN_num_bits(public_key->n) >=
- BN_num_bits(host_key->n) + SSH_KEY_BITS_RESERVED);
+ if (BN_num_bits(public_key->n) <
+ BN_num_bits(host_key->n) + SSH_KEY_BITS_RESERVED) {
+ fatal("respond_to_rsa_challenge: public_key %d < host_key %d + "
+ "SSH_KEY_BITS_RESERVED %d",
+ BN_num_bits(public_key->n),
+ BN_num_bits(host_key->n),
+ SSH_KEY_BITS_RESERVED);
+ }
rsa_public_encrypt(key, key, host_key);
rsa_public_encrypt(key, key, public_key);
diff --git a/sshd.c b/sshd.c
index 6cdcf75e..a1f9449e 100644
--- a/sshd.c
+++ b/sshd.c
@@ -18,7 +18,7 @@ agent connections.
*/
#include "includes.h"
-RCSID("$Id: sshd.c,v 1.11 1999/11/08 04:30:59 damien Exp $");
+RCSID("$Id: sshd.c,v 1.12 1999/11/08 05:15:55 damien Exp $");
#include "xmalloc.h"
#include "rsa.h"