summaryrefslogtreecommitdiffstats
path: root/crypto/openssh/dns.c
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/openssh/dns.c')
-rw-r--r--crypto/openssh/dns.c35
1 files changed, 13 insertions, 22 deletions
diff --git a/crypto/openssh/dns.c b/crypto/openssh/dns.c
index 4487c1a..a71dd9b 100644
--- a/crypto/openssh/dns.c
+++ b/crypto/openssh/dns.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dns.c,v 1.12 2005/06/17 02:44:32 djm Exp $ */
+/* $OpenBSD: dns.c,v 1.16 2005/10/17 14:13:35 stevesk Exp $ */
/*
* Copyright (c) 2003 Wesley Griffin. All rights reserved.
@@ -25,27 +25,16 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-
#include "includes.h"
+RCSID("$OpenBSD: dns.c,v 1.16 2005/10/17 14:13:35 stevesk Exp $");
-#include <openssl/bn.h>
-#ifdef LWRES
-#include <lwres/netdb.h>
-#include <dns/result.h>
-#else /* LWRES */
#include <netdb.h>
-#endif /* LWRES */
#include "xmalloc.h"
#include "key.h"
#include "dns.h"
#include "log.h"
-#include "uuencode.h"
-
-extern char *__progname;
-RCSID("$OpenBSD: dns.c,v 1.12 2005/06/17 02:44:32 djm Exp $");
-#ifndef LWRES
static const char *errset_text[] = {
"success", /* 0 ERRSET_SUCCESS */
"out of memory", /* 1 ERRSET_NOMEMORY */
@@ -75,8 +64,6 @@ dns_result_totext(unsigned int res)
return "unknown error";
}
}
-#endif /* LWRES */
-
/*
* Read SSHFP parameters from key buffer.
@@ -95,12 +82,14 @@ dns_read_key(u_int8_t *algorithm, u_int8_t *digest_type,
*algorithm = SSHFP_KEY_DSA;
break;
default:
- *algorithm = SSHFP_KEY_RESERVED;
+ *algorithm = SSHFP_KEY_RESERVED; /* 0 */
}
if (*algorithm) {
*digest_type = SSHFP_HASH_SHA1;
*digest = key_fingerprint_raw(key, SSH_FP_SHA1, digest_len);
+ if (*digest == NULL)
+ fatal("dns_read_key: null from key_fingerprint_raw()");
success = 1;
} else {
*digest_type = SSHFP_HASH_RESERVED;
@@ -133,7 +122,7 @@ dns_read_rdata(u_int8_t *algorithm, u_int8_t *digest_type,
*digest = (u_char *) xmalloc(*digest_len);
memcpy(*digest, rdata + 2, *digest_len);
} else {
- *digest = NULL;
+ *digest = xstrdup("");
}
success = 1;
@@ -187,7 +176,7 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address,
*flags = 0;
- debug3("verify_hostkey_dns");
+ debug3("verify_host_key_dns");
if (hostkey == NULL)
fatal("No key to look up!");
@@ -223,7 +212,7 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address,
if (fingerprints->rri_nrdatas)
*flags |= DNS_VERIFY_FOUND;
- for (counter = 0 ; counter < fingerprints->rri_nrdatas ; counter++) {
+ for (counter = 0; counter < fingerprints->rri_nrdatas; counter++) {
/*
* Extract the key from the answer. Ignore any badly
* formatted fingerprints.
@@ -247,8 +236,10 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address,
*flags |= DNS_VERIFY_MATCH;
}
}
+ xfree(dnskey_digest);
}
+ xfree(hostkey_digest); /* from key_fingerprint_raw() */
freerrset(fingerprints);
if (*flags & DNS_VERIFY_FOUND)
@@ -262,7 +253,6 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address,
return 0;
}
-
/*
* Export the fingerprint of a key as a DNS resource record
*/
@@ -278,7 +268,7 @@ export_dns_rr(const char *hostname, const Key *key, FILE *f, int generic)
int success = 0;
if (dns_read_key(&rdata_pubkey_algorithm, &rdata_digest_type,
- &rdata_digest, &rdata_digest_len, key)) {
+ &rdata_digest, &rdata_digest_len, key)) {
if (generic)
fprintf(f, "%s IN TYPE%d \\# %d %02x %02x ", hostname,
@@ -291,9 +281,10 @@ export_dns_rr(const char *hostname, const Key *key, FILE *f, int generic)
for (i = 0; i < rdata_digest_len; i++)
fprintf(f, "%02x", rdata_digest[i]);
fprintf(f, "\n");
+ xfree(rdata_digest); /* from key_fingerprint_raw() */
success = 1;
} else {
- error("dns_export_rr: unsupported algorithm");
+ error("export_dns_rr: unsupported algorithm");
}
return success;
OpenPOWER on IntegriCloud