Merged OpenBSD CVS changes that go away
diff --git a/ChangeLog b/ChangeLog
index 57f9a00..088ee04 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -19,9 +19,9 @@
- Added support for PAM_TEXT_INFO messages
- Disable internal /etc/nologin support if PAM enabled
- Merged latest OpenBSD CVS changes:
+ - [all] replace assert() with error, fatal or packet_disconnect
- [sshd.c] don't send fail-msg but disconnect if too many authentication
failures
- - [sshd.c] replace assert() with error, fatal or packet_disconnect
- [sshd.c] remove unused argument. ok dugsong
- [sshd.c] typo
- [rsa.c] clear buffers used for encryption. ok: niels
diff --git a/auth-rsa.c b/auth-rsa.c
index 3be37ff..dc1ad81 100644
--- a/auth-rsa.c
+++ b/auth-rsa.c
@@ -17,7 +17,7 @@
#include "config.h"
#include "includes.h"
-RCSID("$Id: auth-rsa.c,v 1.3 1999/10/28 05:23:30 damien Exp $");
+RCSID("$Id: auth-rsa.c,v 1.4 1999/11/08 05:15:55 damien Exp $");
#include "rsa.h"
#include "packet.h"
@@ -98,7 +98,9 @@
/* The response is MD5 of decrypted challenge plus session id. */
len = BN_num_bytes(challenge);
- assert(len <= 32 && len);
+ if (len <= 0 || len > 32)
+ fatal("auth_rsa_challenge_dialog: bad challenge length %d", len);
+
memset(buf, 0, 32);
BN_bn2bin(challenge, buf + 32 - len);
MD5_Init(&md);
diff --git a/bufaux.c b/bufaux.c
index 9d5776f..31e1ae9 100644
--- a/bufaux.c
+++ b/bufaux.c
@@ -16,7 +16,7 @@
#include "config.h"
#include "includes.h"
-RCSID("$Id: bufaux.c,v 1.2 1999/10/28 03:25:17 damien Exp $");
+RCSID("$Id: bufaux.c,v 1.3 1999/11/08 05:15:55 damien Exp $");
#include "ssh.h"
@@ -45,7 +45,9 @@
/* Get the value of in binary */
oi = BN_bn2bin(value, buf);
- assert(oi == bin_size);
+ if (oi != bin_size)
+ fatal("buffer_put_bignum: BN_bn2bin() failed: oi %d != bin_size %d",
+ oi, bin_size);
/* Store the number of bits in the buffer in two bytes, msb first. */
PUT_16BIT(msg, bits);
diff --git a/channels.c b/channels.c
index 79a02c8..032e8f2 100644
--- a/channels.c
+++ b/channels.c
@@ -16,7 +16,7 @@
*/
#include "includes.h"
-RCSID("$Id: channels.c,v 1.3 1999/10/30 01:39:56 damien Exp $");
+RCSID("$Id: channels.c,v 1.4 1999/11/08 05:15:55 damien Exp $");
#include "ssh.h"
#include "packet.h"
@@ -166,8 +166,10 @@
void channel_free(int channel)
{
- assert(channel >= 0 && channel < channels_alloc &&
- channels[channel].type != SSH_CHANNEL_FREE);
+ if (channel < 0 || channel >= channels_alloc ||
+ channels[channel].type == SSH_CHANNEL_FREE)
+ packet_disconnect("channel free: bad local channel %d", channel);
+
if(compat13)
shutdown(channels[channel].sock, SHUT_RDWR);
close(channels[channel].sock);
@@ -307,9 +309,17 @@
goto reject;
}
+ /* Check fake data length */
+ if (x11_fake_data_len != x11_saved_data_len)
+ {
+ error("X11 fake_data_len %d != saved_data_len %d",
+ x11_fake_data_len, x11_saved_data_len);
+ ch->type = SSH_CHANNEL_OPEN;
+ goto reject;
+ }
+
/* Received authentication protocol and data match our fake data.
Substitute the fake data with real data. */
- assert(x11_fake_data_len == x11_saved_data_len);
memcpy(ucp + 12 + ((proto_len + 3) & ~3),
x11_saved_data, x11_saved_data_len);
diff --git a/cipher.c b/cipher.c
index e611d6c..0749135 100644
--- a/cipher.c
+++ b/cipher.c
@@ -13,7 +13,7 @@
#include "config.h"
#include "includes.h"
-RCSID("$Id: cipher.c,v 1.3 1999/10/28 05:23:30 damien Exp $");
+RCSID("$Id: cipher.c,v 1.4 1999/11/08 05:15:55 damien Exp $");
#include "ssh.h"
#include "cipher.h"
@@ -93,8 +93,6 @@
char c[4];
} t;
- /* assert((n & 7) == 0); */
-
/* Process 8 bytes every lap. */
for (n = n / 8; n > 0; n--)
{
@@ -248,7 +246,8 @@
void cipher_encrypt(CipherContext *context, unsigned char *dest,
const unsigned char *src, unsigned int len)
{
- assert((len & 7) == 0);
+ if ((len & 7) != 0)
+ fatal("cipher_encrypt: bad plaintext length %d", len);
switch (context->type)
{
@@ -280,7 +279,8 @@
void cipher_decrypt(CipherContext *context, unsigned char *dest,
const unsigned char *src, unsigned int len)
{
- assert((len & 7) == 0);
+ if ((len & 7) != 0)
+ fatal("cipher_decrypt: bad ciphertext length %d", len);
switch (context->type)
{
diff --git a/deattack.c b/deattack.c
index d5f8608..afd96e4 100644
--- a/deattack.c
+++ b/deattack.c
@@ -1,5 +1,5 @@
/*
- * $Id: deattack.c,v 1.1 1999/10/27 03:42:44 damien Exp $
+ * $Id: deattack.c,v 1.2 1999/11/08 05:15:55 damien Exp $
* Cryptographic attack detector for ssh - source code
*
* Copyright (c) 1998 CORE SDI S.A., Buenos Aires, Argentina.
@@ -100,9 +100,10 @@
register unsigned char *c;
unsigned char *d;
-
- assert(len <= (SSH_MAXBLOCKS * SSH_BLOCKSIZE));
- assert(len % SSH_BLOCKSIZE == 0);
+ if (len > (SSH_MAXBLOCKS * SSH_BLOCKSIZE) ||
+ len % SSH_BLOCKSIZE != 0) {
+ fatal("detect_attack: bad length %d", len);
+ }
for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2);
diff --git a/hostfile.c b/hostfile.c
index ca0fe88..0e65bfe 100644
--- a/hostfile.c
+++ b/hostfile.c
@@ -14,7 +14,7 @@
*/
#include "includes.h"
-RCSID("$Id: hostfile.c,v 1.1 1999/10/27 03:42:44 damien Exp $");
+RCSID("$Id: hostfile.c,v 1.2 1999/11/08 05:15:55 damien Exp $");
#include "packet.h"
#include "ssh.h"
@@ -265,11 +265,19 @@
/* Print the host name and key to the file. */
fprintf(f, "%s %u ", host, bits);
buf = BN_bn2dec(e);
- assert(buf != NULL);
+ if (buf == NULL) {
+ error("add_host_to_hostfile: BN_bn2dec #1 failed");
+ fclose(f);
+ return 0;
+ }
fprintf(f, "%s ", buf);
free (buf);
buf = BN_bn2dec(n);
- assert(buf != NULL);
+ if (buf == NULL) {
+ error("add_host_to_hostfile: BN_bn2dec #2 failed");
+ fclose(f);
+ return 0;
+ }
fprintf(f, "%s\n", buf);
free (buf);
diff --git a/packet.c b/packet.c
index 7e74c73..6dfd492 100644
--- a/packet.c
+++ b/packet.c
@@ -15,7 +15,7 @@
*/
#include "includes.h"
-RCSID("$Id: packet.c,v 1.1 1999/10/27 03:42:44 damien Exp $");
+RCSID("$Id: packet.c,v 1.2 1999/11/08 05:15:55 damien Exp $");
#include "xmalloc.h"
#include "buffer.h"
@@ -194,7 +194,6 @@
packet_encrypt(CipherContext *cc, void *dest, void *src,
unsigned int bytes)
{
- assert((bytes % 8) == 0);
cipher_encrypt(cc, dest, src, bytes);
}
@@ -207,7 +206,8 @@
{
int i;
- assert((bytes % 8) == 0);
+ if ((bytes % 8) != 0)
+ fatal("packet_decrypt: bad ciphertext length %d", bytes);
/*
Cryptographic attack detector for ssh - Modifications for packet.c
@@ -500,7 +500,11 @@
buffer_consume(&incoming_packet, 8 - len % 8);
/* Test check bytes. */
- assert(len == buffer_len(&incoming_packet));
+
+ if (len != buffer_len(&incoming_packet))
+ packet_disconnect("packet_read_poll: len %d != buffer_len %d.",
+ len, buffer_len(&incoming_packet));
+
ucp = (unsigned char *)buffer_ptr(&incoming_packet) + len - 4;
stored_checksum = GET_32BIT(ucp);
if (checksum != stored_checksum)
diff --git a/ssh-add.c b/ssh-add.c
index 8effcdb..07c33d8 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -14,7 +14,7 @@
*/
#include "includes.h"
-RCSID("$Id: ssh-add.c,v 1.3 1999/11/08 04:30:59 damien Exp $");
+RCSID("$Id: ssh-add.c,v 1.4 1999/11/08 05:15:55 damien Exp $");
#include "rsa.h"
#include "ssh.h"
@@ -201,13 +201,19 @@
had_identities = 1;
printf("%d ", bits);
buf = BN_bn2dec(e);
- assert(buf != NULL);
- printf("%s ", buf);
- free (buf);
+ if (buf != NULL) {
+ printf("%s ", buf);
+ free (buf);
+ } else {
+ error("list_identities: BN_bn2dec #1 failed.");
+ }
buf = BN_bn2dec(n);
- assert(buf != NULL);
- printf("%s %s\n", buf, comment);
- free (buf);
+ if (buf != NULL) {
+ printf("%s %s\n", buf, comment);
+ free (buf);
+ } else {
+ error("list_identities: BN_bn2dec #2 failed.");
+ }
xfree(comment);
}
BN_clear_free(e);
diff --git a/ssh-agent.c b/ssh-agent.c
index 4f7f57f..96bd021 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -16,7 +16,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-agent.c,v 1.16 1999/10/28 20:41:23 markus Exp $");
+RCSID("$OpenBSD: ssh-agent.c,v 1.17 1999/11/02 19:42:36 markus Exp $");
#include "ssh.h"
#include "rsa.h"
@@ -136,7 +136,12 @@
case 1: /* As of protocol 1.1 */
/* The response is MD5 of decrypted challenge plus session id. */
len = BN_num_bytes(challenge);
- assert(len <= 32 && len);
+
+ if (len <= 0 || len > 32) {
+ fatal("process_authentication_challenge: "
+ "bad challenge length %d", len);
+ }
+
memset(buf, 0, 32);
BN_bn2bin(challenge, buf + 32 - len);
MD5_Init(&md);
diff --git a/ssh.h b/ssh.h
index 841633c..1fd17c1 100644
--- a/ssh.h
+++ b/ssh.h
@@ -13,7 +13,7 @@
*/
-/* RCSID("$Id: ssh.h,v 1.6 1999/11/08 04:30:59 damien Exp $"); */
+/* RCSID("$Id: ssh.h,v 1.7 1999/11/08 05:15:55 damien Exp $"); */
#ifndef SSH_H
#define SSH_H
@@ -597,7 +597,7 @@
/* Accept passed Kerberos v4 ticket-granting ticket and AFS tokens. */
int auth_kerberos_tgt(struct passwd *pw, const char *string);
-int auth_afs_token(char *server_user, uid_t uid, const char *string);
+int auth_afs_token(struct passwd *pw, const char *token_string);
int creds_to_radix(CREDENTIALS *creds, unsigned char *buf);
int radix_to_creds(const char *buf, CREDENTIALS *creds);
diff --git a/sshconnect.c b/sshconnect.c
index 4222646..a6f3788 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -16,7 +16,7 @@
#include "config.h"
#include "includes.h"
-RCSID("$Id: sshconnect.c,v 1.3 1999/10/28 05:23:30 damien Exp $");
+RCSID("$Id: sshconnect.c,v 1.4 1999/11/08 05:15:55 damien Exp $");
#ifdef HAVE_OPENSSL
#include <openssl/bn.h>
@@ -457,7 +457,10 @@
/* Compute the response. */
/* The response is MD5 of decrypted challenge plus session id. */
len = BN_num_bytes(challenge);
- assert(len <= sizeof(buf) && len);
+ if (len <= 0 || len > sizeof(buf))
+ packet_disconnect("respond_to_rsa_challenge: bad challenge length %d",
+ len);
+
memset(buf, 0, sizeof(buf));
BN_bn2bin(challenge, buf + sizeof(buf) - len);
MD5_Init(&md);
@@ -1298,8 +1301,14 @@
if (BN_cmp(public_key->n, host_key->n) < 0)
{
/* Public key has smaller modulus. */
- assert(BN_num_bits(host_key->n) >=
- BN_num_bits(public_key->n) + SSH_KEY_BITS_RESERVED);
+ if (BN_num_bits(host_key->n) <
+ BN_num_bits(public_key->n) + SSH_KEY_BITS_RESERVED) {
+ fatal("respond_to_rsa_challenge: host_key %d < public_key %d + "
+ "SSH_KEY_BITS_RESERVED %d",
+ BN_num_bits(host_key->n),
+ BN_num_bits(public_key->n),
+ SSH_KEY_BITS_RESERVED);
+ }
rsa_public_encrypt(key, key, public_key);
rsa_public_encrypt(key, key, host_key);
@@ -1307,8 +1316,14 @@
else
{
/* Host key has smaller modulus (or they are equal). */
- assert(BN_num_bits(public_key->n) >=
- BN_num_bits(host_key->n) + SSH_KEY_BITS_RESERVED);
+ if (BN_num_bits(public_key->n) <
+ BN_num_bits(host_key->n) + SSH_KEY_BITS_RESERVED) {
+ fatal("respond_to_rsa_challenge: public_key %d < host_key %d + "
+ "SSH_KEY_BITS_RESERVED %d",
+ BN_num_bits(public_key->n),
+ BN_num_bits(host_key->n),
+ SSH_KEY_BITS_RESERVED);
+ }
rsa_public_encrypt(key, key, host_key);
rsa_public_encrypt(key, key, public_key);
diff --git a/sshd.c b/sshd.c
index 6cdcf75..a1f9449 100644
--- a/sshd.c
+++ b/sshd.c
@@ -18,7 +18,7 @@
*/
#include "includes.h"
-RCSID("$Id: sshd.c,v 1.11 1999/11/08 04:30:59 damien Exp $");
+RCSID("$Id: sshd.c,v 1.12 1999/11/08 05:15:55 damien Exp $");
#include "xmalloc.h"
#include "rsa.h"