diff options
Diffstat (limited to 'crypto/openssh/sshbuf-getput-basic.c')
-rw-r--r-- | crypto/openssh/sshbuf-getput-basic.c | 57 |
1 files changed, 49 insertions, 8 deletions
diff --git a/crypto/openssh/sshbuf-getput-basic.c b/crypto/openssh/sshbuf-getput-basic.c index b7d0758..8ff8a0a 100644 --- a/crypto/openssh/sshbuf-getput-basic.c +++ b/crypto/openssh/sshbuf-getput-basic.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshbuf-getput-basic.c,v 1.1 2014/04/30 05:29:56 djm Exp $ */ +/* $OpenBSD: sshbuf-getput-basic.c,v 1.4 2015/01/14 15:02:39 djm Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -34,7 +34,7 @@ sshbuf_get(struct sshbuf *buf, void *v, size_t len) if ((r = sshbuf_consume(buf, len)) < 0) return r; - if (v != NULL) + if (v != NULL && len != 0) memcpy(v, p, len); return 0; } @@ -109,7 +109,8 @@ sshbuf_get_string(struct sshbuf *buf, u_char **valp, size_t *lenp) SSHBUF_DBG(("SSH_ERR_ALLOC_FAIL")); return SSH_ERR_ALLOC_FAIL; } - memcpy(*valp, val, len); + if (len != 0) + memcpy(*valp, val, len); (*valp)[len] = '\0'; } if (lenp != NULL) @@ -200,7 +201,8 @@ sshbuf_get_cstring(struct sshbuf *buf, char **valp, size_t *lenp) SSHBUF_DBG(("SSH_ERR_ALLOC_FAIL")); return SSH_ERR_ALLOC_FAIL; } - memcpy(*valp, p, len); + if (len != 0) + memcpy(*valp, p, len); (*valp)[len] = '\0'; } if (lenp != NULL) @@ -236,7 +238,8 @@ sshbuf_put(struct sshbuf *buf, const void *v, size_t len) if ((r = sshbuf_reserve(buf, len, &p)) < 0) return r; - memcpy(p, v, len); + if (len != 0) + memcpy(p, v, len); return 0; } @@ -352,14 +355,15 @@ sshbuf_put_string(struct sshbuf *buf, const void *v, size_t len) if ((r = sshbuf_reserve(buf, len + 4, &d)) < 0) return r; POKE_U32(d, len); - memcpy(d + 4, v, len); + if (len != 0) + memcpy(d + 4, v, len); return 0; } int sshbuf_put_cstring(struct sshbuf *buf, const char *v) { - return sshbuf_put_string(buf, (u_char *)v, strlen(v)); + return sshbuf_put_string(buf, (u_char *)v, v == NULL ? 0 : strlen(v)); } int @@ -416,6 +420,43 @@ sshbuf_put_bignum2_bytes(struct sshbuf *buf, const void *v, size_t len) POKE_U32(d, len + prepend); if (prepend) d[4] = 0; - memcpy(d + 4 + prepend, s, len); + if (len != 0) + memcpy(d + 4 + prepend, s, len); + return 0; +} + +int +sshbuf_get_bignum2_bytes_direct(struct sshbuf *buf, + const u_char **valp, size_t *lenp) +{ + const u_char *d; + size_t len, olen; + int r; + + if ((r = sshbuf_peek_string_direct(buf, &d, &olen)) < 0) + return r; + len = olen; + /* Refuse negative (MSB set) bignums */ + if ((len != 0 && (*d & 0x80) != 0)) + return SSH_ERR_BIGNUM_IS_NEGATIVE; + /* Refuse overlong bignums, allow prepended \0 to avoid MSB set */ + if (len > SSHBUF_MAX_BIGNUM + 1 || + (len == SSHBUF_MAX_BIGNUM + 1 && *d != 0)) + return SSH_ERR_BIGNUM_TOO_LARGE; + /* Trim leading zeros */ + while (len > 0 && *d == 0x00) { + d++; + len--; + } + if (valp != 0) + *valp = d; + if (lenp != NULL) + *lenp = len; + if (sshbuf_consume(buf, olen + 4) != 0) { + /* Shouldn't happen */ + SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR")); + SSHBUF_ABORT(); + return SSH_ERR_INTERNAL_ERROR; + } return 0; } |