- djm@cvs.openbsd.org 2005/06/17 02:44:33
[auth-rsa.c auth.c auth1.c auth2-chall.c auth2-gss.c authfd.c authfile.c]
[bufaux.c canohost.c channels.c cipher.c clientloop.c dns.c gss-serv.c]
[kex.c kex.h key.c mac.c match.c misc.c packet.c packet.h scp.c]
[servconf.c session.c session.h sftp-client.c sftp-server.c sftp.c]
[ssh-keyscan.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
make this -Wsign-compare clean; ok avsm@ markus@
NB. auth1.c changes not committed yet (conflicts with uncommitted sync)
NB2. more work may be needed to make portable Wsign-compare clean
diff --git a/authfd.c b/authfd.c
index 9ce5b5e..8976616 100644
--- a/authfd.c
+++ b/authfd.c
@@ -35,7 +35,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: authfd.c,v 1.65 2005/05/24 17:32:43 avsm Exp $");
+RCSID("$OpenBSD: authfd.c,v 1.66 2005/06/17 02:44:32 djm Exp $");
#include <openssl/evp.h>
@@ -114,8 +114,7 @@
static int
ssh_request_reply(AuthenticationConnection *auth, Buffer *request, Buffer *reply)
{
- int l;
- u_int len;
+ u_int l, len;
char buf[1024];
/* Get the length of the message, and format it in the buffer. */
@@ -302,6 +301,7 @@
Key *
ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int version)
{
+ int keybits;
u_int bits;
u_char *blob;
u_int blen;
@@ -322,7 +322,8 @@
buffer_get_bignum(&auth->identities, key->rsa->e);
buffer_get_bignum(&auth->identities, key->rsa->n);
*comment = buffer_get_string(&auth->identities, NULL);
- if (bits != BN_num_bits(key->rsa->n))
+ keybits = BN_num_bits(key->rsa->n);
+ if (keybits < 0 || bits != (u_int)keybits)
logit("Warning: identity keysize mismatch: actual %d, announced %u",
BN_num_bits(key->rsa->n), bits);
break;