diff options
| author | kris <kris@FreeBSD.org> | 2000-06-03 09:58:15 +0000 |
|---|---|---|
| committer | kris <kris@FreeBSD.org> | 2000-06-03 09:58:15 +0000 |
| commit | a55fcaa060a8a5296437da631991116b28e265bd (patch) | |
| tree | 2957447454494c2046af5187ecd51e430756eba6 /crypto | |
| parent | 0a76acd42d2d8bc381424757c0a50f026a2c4324 (diff) | |
| download | FreeBSD-src-a55fcaa060a8a5296437da631991116b28e265bd.zip FreeBSD-src-a55fcaa060a8a5296437da631991116b28e265bd.tar.gz | |
Resolve conflicts
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/openssh/auth.c | 11 | ||||
| -rw-r--r-- | crypto/openssh/cipher.c | 6 | ||||
| -rw-r--r-- | crypto/openssh/servconf.c | 6 | ||||
| -rw-r--r-- | crypto/openssh/sshconnect.c | 19 | ||||
| -rw-r--r-- | crypto/openssh/sshd.c | 71 |
5 files changed, 33 insertions, 80 deletions
diff --git a/crypto/openssh/auth.c b/crypto/openssh/auth.c index 2497e15..5e64cf0 100644 --- a/crypto/openssh/auth.c +++ b/crypto/openssh/auth.c @@ -7,7 +7,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth.c,v 1.6 2000/04/26 21:28:31 markus Exp $"); +RCSID("$OpenBSD: auth.c,v 1.7 2000/05/17 21:37:24 deraadt Exp $"); #include "xmalloc.h" #include "rsa.h" @@ -47,14 +47,21 @@ allowed_user(struct passwd * pw) { struct stat st; struct group *grp; + char *shell; int i; /* Shouldn't be called if pw is NULL, but better safe than sorry... */ if (!pw) return 0; + /* + * Get the shell from the password data. An empty shell field is + * legal, and means /bin/sh. + */ + shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell; + /* deny if shell does not exists or is not executable */ - if (stat(pw->pw_shell, &st) != 0) + if (stat(shell, &st) != 0) return 0; if (!((st.st_mode & S_IFREG) && (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)))) return 0; diff --git a/crypto/openssh/cipher.c b/crypto/openssh/cipher.c index fcc3d5b..0f0f0d0 100644 --- a/crypto/openssh/cipher.c +++ b/crypto/openssh/cipher.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$Id: cipher.c,v 1.26 2000/04/14 10:30:30 markus Exp $"); +RCSID("$Id: cipher.c,v 1.27 2000/05/22 18:42:00 markus Exp $"); #include "ssh.h" #include "cipher.h" @@ -179,7 +179,7 @@ ciphers_valid(const char *names) char *p; int i; - if (strcmp(names, "") == 0) + if (names == NULL || strcmp(names, "") == 0) return 0; ciphers = xstrdup(names); for ((p = strtok(ciphers, CIPHER_SEP)); p; (p = strtok(NULL, CIPHER_SEP))) { @@ -202,6 +202,8 @@ int cipher_number(const char *name) { int i; + if (name == NULL) + return -1; for (i = 0; i < sizeof(cipher_names) / sizeof(cipher_names[0]); i++) if (strcmp(cipher_names[i], name) == 0 && (cipher_mask() & (1 << i))) diff --git a/crypto/openssh/servconf.c b/crypto/openssh/servconf.c index 9f35d4a..7bb9221 100644 --- a/crypto/openssh/servconf.c +++ b/crypto/openssh/servconf.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$Id: servconf.c,v 1.40 2000/05/08 17:12:15 markus Exp $"); +RCSID("$Id: servconf.c,v 1.41 2000/05/22 18:42:01 markus Exp $"); #include "ssh.h" #include "servconf.h" @@ -622,6 +622,8 @@ parse_flag: case sCiphers: cp = strtok(NULL, WHITESPACE); + if (!cp) + fatal("%s line %d: Missing argument.", filename, linenum); if (!ciphers_valid(cp)) fatal("%s line %d: Bad SSH2 cipher spec '%s'.", filename, linenum, cp ? cp : "<NONE>"); @@ -632,6 +634,8 @@ parse_flag: case sProtocol: intptr = &options->protocol; cp = strtok(NULL, WHITESPACE); + if (!cp) + fatal("%s line %d: Missing argument.", filename, linenum); value = proto_spec(cp); if (value == SSH_PROTO_UNKNOWN) fatal("%s line %d: Bad protocol spec '%s'.", diff --git a/crypto/openssh/sshconnect.c b/crypto/openssh/sshconnect.c index 1ad91cf..eb8e1ed 100644 --- a/crypto/openssh/sshconnect.c +++ b/crypto/openssh/sshconnect.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.72 2000/05/04 09:50:22 markus Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.74 2000/05/17 16:57:02 markus Exp $"); #include <openssl/bn.h> #include <openssl/dsa.h> @@ -253,7 +253,7 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, temporarily_use_uid(original_real_uid); if (connect(sock, ai->ai_addr, ai->ai_addrlen) >= 0) { /* Successful connection. */ - memcpy(hostaddr, ai->ai_addr, sizeof(*hostaddr)); + memcpy(hostaddr, ai->ai_addr, ai->ai_addrlen); restore_uid(); break; } else { @@ -299,21 +299,6 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, return 1; } -char * -chop(char *s) -{ - char *t = s; - while (*t) { - if(*t == '\n' || *t == '\r') { - *t = '\0'; - return s; - } - t++; - } - return s; - -} - /* * Waits for the server identification string, and sends our own * identification string. diff --git a/crypto/openssh/sshd.c b/crypto/openssh/sshd.c index 532734b..2fcca59 100644 --- a/crypto/openssh/sshd.c +++ b/crypto/openssh/sshd.c @@ -16,7 +16,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.115 2000/05/03 10:21:49 markus Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.118 2000/05/25 20:45:20 markus Exp $"); #include "xmalloc.h" #include "rsa.h" @@ -292,21 +292,6 @@ key_regeneration_alarm(int sig) errno = save_errno; } -char * -chop(char *s) -{ - char *t = s; - while (*t) { - if(*t == '\n' || *t == '\r') { - *t = '\0'; - return s; - } - t++; - } - return s; - -} - void sshd_exchange_identification(int sock_in, int sock_out) { @@ -434,9 +419,12 @@ void destroy_sensitive_data(void) { /* Destroy the private and public keys. They will no longer be needed. */ - RSA_free(public_key); - RSA_free(sensitive_data.private_key); - RSA_free(sensitive_data.host_key); + if (public_key) + RSA_free(public_key); + if (sensitive_data.private_key) + RSA_free(sensitive_data.private_key); + if (sensitive_data.host_key) + RSA_free(sensitive_data.host_key); if (sensitive_data.dsa_host_key != NULL) key_free(sensitive_data.dsa_host_key); } @@ -1239,7 +1227,6 @@ do_ssh2_kex() int payload_len, dlen; int slen; unsigned int klen, kout; - char *ptr; unsigned char *signature = NULL; unsigned char *server_host_key_blob = NULL; unsigned int sbloblen; @@ -1251,7 +1238,6 @@ do_ssh2_kex() unsigned char *hash; Kex *kex; char *cprop[PROPOSAL_MAX]; - char *sprop[PROPOSAL_MAX]; /* KEXINIT */ @@ -1259,46 +1245,15 @@ do_ssh2_kex() myproposal[PROPOSAL_ENC_ALGS_CTOS] = myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers; } - - debug("Sending KEX init."); - - for (i = 0; i < PROPOSAL_MAX; i++) - sprop[i] = xstrdup(myproposal[i]); - server_kexinit = kex_init(sprop); - packet_start(SSH2_MSG_KEXINIT); - packet_put_raw(buffer_ptr(server_kexinit), buffer_len(server_kexinit)); - packet_send(); - packet_write_wait(); - - debug("done"); - - packet_read_expect(&payload_len, SSH2_MSG_KEXINIT); - - /* - * save raw KEXINIT payload in buffer. this is used during - * computation of the session_id and the session keys. - */ + server_kexinit = kex_init(myproposal); client_kexinit = xmalloc(sizeof(*client_kexinit)); buffer_init(client_kexinit); - ptr = packet_get_raw(&payload_len); - buffer_append(client_kexinit, ptr, payload_len); - /* skip cookie */ - for (i = 0; i < 16; i++) - (void) packet_get_char(); - /* save kex init proposal strings */ - for (i = 0; i < PROPOSAL_MAX; i++) { - cprop[i] = packet_get_string(NULL); - debug("got kexinit string: %s", cprop[i]); - } - - i = (int) packet_get_char(); - debug("first kex follow == %d", i); - i = packet_get_int(); - debug("reserved == %d", i); - - debug("done read kexinit"); - kex = kex_choose_conf(cprop, sprop, 1); + /* algorithm negotiation */ + kex_exchange_kexinit(server_kexinit, client_kexinit, cprop); + kex = kex_choose_conf(cprop, myproposal, 1); + for (i = 0; i < PROPOSAL_MAX; i++) + xfree(cprop[i]); /* KEXDH */ |
