Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / bb956eaa94757ad058ff43631c3a7d6c94d38c2f^! / . / kexgexc.c
commitbb956eaa94757ad058ff43631c3a7d6c94d38c2f[log] [tgz]
authordjm@openbsd.org <djm@openbsd.org>Wed Jan 23 00:30:41 2019 +0000
committerDamien Miller <djm@mindrot.org>Wed Jan 23 13:02:02 2019 +1100
treee3151971c163f933af9d7ec7adaa4ea876f13c22
parentd691588b8e29622c66abf8932362b522cf7f4051 [diff] [blame]
upstream: pass most arguments to the KEX hash functions as sshbuf

rather than pointer+length; ok markus@

OpenBSD-Commit-ID: ef0c89c52ccc89817a13a5205725148a28492bf7

diff --git a/kexgexc.c b/kexgexc.c
index ac42127..1c65b8a 100644
--- a/kexgexc.c
+++ b/kexgexc.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: kexgexc.c,v 1.33 2019/01/21 10:07:22 djm Exp $ */
+/* $OpenBSD: kexgexc.c,v 1.34 2019/01/23 00:30:41 djm Exp $ */
 /*
  * Copyright (c) 2000 Niels Provos.  All rights reserved.
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
@@ -146,20 +146,24 @@
 	BIGNUM *dh_server_pub = NULL;
 	const BIGNUM *pub_key, *dh_p, *dh_g;
 	struct sshbuf *shared_secret = NULL;
+	struct sshbuf *tmp = NULL, *server_host_key_blob = NULL;
 	struct sshkey *server_host_key = NULL;
-	u_char *signature = NULL, *server_host_key_blob = NULL;
+	u_char *signature = NULL;
 	u_char hash[SSH_DIGEST_MAX_LENGTH];
-	size_t slen, sbloblen, hashlen;
+	size_t slen, hashlen;
 	int r;
 
 	debug("got SSH2_MSG_KEX_DH_GEX_REPLY");
 	/* key, cert */
-	if ((r = sshpkt_get_string(ssh, &server_host_key_blob,
-	    &sbloblen)) != 0 ||
-	    (r = sshkey_from_blob(server_host_key_blob, sbloblen,
-	    &server_host_key)) != 0)
+	if ((r = sshpkt_getb_froms(ssh, &server_host_key_blob)) != 0)
 		goto out;
-	if ((r = kex_verify_host_key(ssh, server_host_key)) != 0)
+	/* sshkey_fromb() consumes its buffer, so make a copy */
+	if ((tmp = sshbuf_fromb(server_host_key_blob)) == NULL) {
+		r = SSH_ERR_ALLOC_FAIL;
+		goto out;
+	}
+	if ((r = sshkey_fromb(tmp, &server_host_key)) != 0 ||
+	    (r = kex_verify_host_key(ssh, server_host_key)) != 0)
 		goto out;
 	/* DH parameter f, server public DH key, signed H */
 	if ((r = sshpkt_get_bignum2(ssh, &dh_server_pub)) != 0 ||
@@ -183,9 +187,9 @@
 	    kex->hash_alg,
 	    kex->client_version,
 	    kex->server_version,
-	    sshbuf_ptr(kex->my), sshbuf_len(kex->my),
-	    sshbuf_ptr(kex->peer), sshbuf_len(kex->peer),
-	    server_host_key_blob, sbloblen,
+	    kex->my,
+	    kex->peer,
+	    server_host_key_blob,
 	    kex->min, kex->nbits, kex->max,
 	    dh_p, dh_g,
 	    pub_key,
@@ -207,7 +211,8 @@
 	BN_clear_free(dh_server_pub);
 	sshbuf_free(shared_secret);
 	sshkey_free(server_host_key);
-	free(server_host_key_blob);
+	sshbuf_free(tmp);
+	sshbuf_free(server_host_key_blob);
 	free(signature);
 	return r;
 }