summaryrefslogtreecommitdiff
path: root/ssh.c
diff options
context:
space:
mode:
authordtucker@openbsd.org <dtucker@openbsd.org>2018-07-16 22:25:01 +0000
committerDamien Miller <djm@mindrot.org>2018-07-19 20:17:33 +1000
commitac590760b251506b0a152551abbf8e8d6dc2f527 (patch)
tree97a1d20b346c9d65233273ecfca5eca26ff9637a /ssh.c
parent26efc2f5df0e3bcf6a6bbdd0506fd682d60c2145 (diff)
upstream: Slot 0 in the hostbased key array was previously RSA1,
but that is now gone and the slot is unused so remove it. Remove two now-unused macros, and add an array bounds check to the two remaining ones (array is statically sized, so mostly a safety check on future changes). ok markus@ OpenBSD-Commit-ID: 2e4c0ca6cc1d8daeccead2aa56192a3f9d5e1e7a
Diffstat (limited to 'ssh.c')
-rw-r--r--ssh.c44
1 files changed, 22 insertions, 22 deletions
diff --git a/ssh.c b/ssh.c
index 33d7ea2b..609c209d 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.485 2018/07/16 11:05:41 dtucker Exp $ */
+/* $OpenBSD: ssh.c,v 1.486 2018/07/16 22:25:01 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1418,34 +1418,34 @@ main(int ac, char **av)
sensitive_data.nkeys = 0;
sensitive_data.keys = NULL;
if (options.hostbased_authentication) {
- sensitive_data.nkeys = 11;
+ sensitive_data.nkeys = 10;
sensitive_data.keys = xcalloc(sensitive_data.nkeys,
sizeof(struct sshkey));
/* XXX check errors? */
-#define L_KEY(t,p,o) \
- check_load(sshkey_load_private_type(t, p, "", \
- &(sensitive_data.keys[o]), NULL, NULL), p, "key")
-#define L_KEYCERT(t,p,o) \
- check_load(sshkey_load_private_cert(t, p, "", \
- &(sensitive_data.keys[o]), NULL), p, "cert and key")
-#define L_PUBKEY(p,o) \
+#define L_PUBKEY(p,o) do { \
+ if ((o) >= sensitive_data.nkeys) \
+ fatal("%s pubkey out of array bounds", __func__); \
check_load(sshkey_load_public(p, &(sensitive_data.keys[o]), NULL), \
- p, "pubkey")
-#define L_CERT(p,o) \
- check_load(sshkey_load_cert(p, &(sensitive_data.keys[o])), p, "cert")
+ p, "pubkey"); \
+} while (0)
+#define L_CERT(p,o) do { \
+ if ((o) >= sensitive_data.nkeys) \
+ fatal("%s cert out of array bounds", __func__); \
+ check_load(sshkey_load_cert(p, &(sensitive_data.keys[o])), p, "cert"); \
+} while (0)
if (options.hostbased_authentication == 1) {
- L_CERT(_PATH_HOST_ECDSA_KEY_FILE, 1);
- L_CERT(_PATH_HOST_ED25519_KEY_FILE, 2);
- L_CERT(_PATH_HOST_RSA_KEY_FILE, 3);
- L_CERT(_PATH_HOST_DSA_KEY_FILE, 4);
- L_PUBKEY(_PATH_HOST_ECDSA_KEY_FILE, 5);
- L_PUBKEY(_PATH_HOST_ED25519_KEY_FILE, 6);
- L_PUBKEY(_PATH_HOST_RSA_KEY_FILE, 7);
- L_PUBKEY(_PATH_HOST_DSA_KEY_FILE, 8);
- L_CERT(_PATH_HOST_XMSS_KEY_FILE, 9);
- L_PUBKEY(_PATH_HOST_XMSS_KEY_FILE, 10);
+ L_CERT(_PATH_HOST_ECDSA_KEY_FILE, 0);
+ L_CERT(_PATH_HOST_ED25519_KEY_FILE, 1);
+ L_CERT(_PATH_HOST_RSA_KEY_FILE, 2);
+ L_CERT(_PATH_HOST_DSA_KEY_FILE, 3);
+ L_PUBKEY(_PATH_HOST_ECDSA_KEY_FILE, 4);
+ L_PUBKEY(_PATH_HOST_ED25519_KEY_FILE, 5);
+ L_PUBKEY(_PATH_HOST_RSA_KEY_FILE, 6);
+ L_PUBKEY(_PATH_HOST_DSA_KEY_FILE, 7);
+ L_CERT(_PATH_HOST_XMSS_KEY_FILE, 8);
+ L_PUBKEY(_PATH_HOST_XMSS_KEY_FILE, 9);
}
}
/*