- OpenBSD CVS Updates:
- markus@cvs.openbsd.org 2000/06/18 18:50:11
[auth2.c compat.c compat.h sshconnect2.c]
make userauth+pubkey interop with ssh.com-2.2.0
- markus@cvs.openbsd.org 2000/06/18 20:56:17
[dsa.c]
mem leak + be more paranoid in dsa_verify.
- markus@cvs.openbsd.org 2000/06/18 21:29:50
[key.c]
cleanup fingerprinting, less hardcoded sizes
- markus@cvs.openbsd.org 2000/06/19 19:39:45
[atomicio.c auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
[auth-rsa.c auth-skey.c authfd.c authfd.h authfile.c bufaux.c bufaux.h]
[buffer.c buffer.h canohost.c channels.c channels.h cipher.c cipher.h]
[clientloop.c compat.c compat.h compress.c compress.h crc32.c crc32.h]
[deattack.c dispatch.c dsa.c fingerprint.c fingerprint.h getput.h hmac.c]
[kex.c log-client.c log-server.c login.c match.c mpaux.c mpaux.h nchan.c]
[nchan.h packet.c packet.h pty.c pty.h readconf.c readconf.h readpass.c]
[rsa.c rsa.h scp.c servconf.c servconf.h ssh-add.c ssh-keygen.c ssh.c]
[ssh.h tildexpand.c ttymodes.c ttymodes.h uidswap.c xmalloc.c xmalloc.h]
OpenBSD tag
- markus@cvs.openbsd.org 2000/06/21 10:46:10
sshconnect2.c missing free; nuke old comment
diff --git a/dsa.c b/dsa.c
index 51d7ff2..c1c37bc 100644
--- a/dsa.c
+++ b/dsa.c
@@ -28,7 +28,7 @@
*/
#include "includes.h"
-RCSID("$Id: dsa.c,v 1.7 2000/05/08 17:42:24 markus Exp $");
+RCSID("$OpenBSD: dsa.c,v 1.9 2000/06/20 01:39:41 markus Exp $");
#include "ssh.h"
#include "xmalloc.h"
@@ -72,7 +72,7 @@
buffer_append(&b, blob, blen);
ktype = buffer_get_string(&b, NULL);
if (strcmp(KEX_DSS, ktype) != 0) {
- error("dsa_key_from_blob: cannot handle type %s", ktype);
+ error("dsa_key_from_blob: cannot handle type %s", ktype);
key_free(key);
return NULL;
}
@@ -197,7 +197,6 @@
DSA_SIG *sig;
EVP_MD *evp_md = EVP_sha1();
EVP_MD_CTX md;
- char *ktype;
unsigned char *sigblob;
char *txt;
unsigned int len;
@@ -227,14 +226,24 @@
len = signaturelen;
} else {
/* ietf-drafts */
+ char *ktype;
buffer_init(&b);
buffer_append(&b, (char *) signature, signaturelen);
ktype = buffer_get_string(&b, NULL);
+ if (strcmp(KEX_DSS, ktype) != 0) {
+ error("dsa_verify: cannot handle type %s", ktype);
+ buffer_free(&b);
+ return -1;
+ }
sigblob = (unsigned char *)buffer_get_string(&b, &len);
rlen = buffer_len(&b);
- if(rlen != 0)
+ if(rlen != 0) {
error("remaining bytes in signature %d", rlen);
+ buffer_free(&b);
+ return -1;
+ }
buffer_free(&b);
+ xfree(ktype);
}
if (len != SIGBLOB_LEN) {