diff options
| author | Damien Miller <djm@mindrot.org> | 2002-06-26 11:14:08 +0200 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2002-06-26 11:14:08 +0200 |
| commit | aa15137c15d2fe6ca4d802c02c6f844072648936 (patch) | |
| tree | 9338776a0330d9d7b4830ba5e89a1f47983b1dc3 /bufaux.c | |
| parent | - (djm) setlogin needs pgid==pid on BSD/OS; from itojun@ (diff) | |
| download | openssh-aa15137c15d2fe6ca4d802c02c6f844072648936.tar.xz openssh-aa15137c15d2fe6ca4d802c02c6f844072648936.zip | |
- (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2002/06/26 08:53:12
[bufaux.c]
limit size of BNs to 8KB; ok provos/deraadt
Diffstat (limited to 'bufaux.c')
| -rw-r--r-- | bufaux.c | 12 |
1 files changed, 8 insertions, 4 deletions
@@ -37,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: bufaux.c,v 1.26 2002/06/23 09:46:51 deraadt Exp $"); +RCSID("$OpenBSD: bufaux.c,v 1.27 2002/06/26 08:53:12 markus Exp $"); #include <openssl/bn.h> #include "bufaux.h" @@ -88,6 +88,8 @@ buffer_get_bignum(Buffer *buffer, BIGNUM *value) bits = GET_16BIT(buf); /* Compute the number of binary bytes that follow. */ bytes = (bits + 7) / 8; + if (bytes > 8 * 1024) + fatal("buffer_get_bignum: cannot handle BN of size %d", bytes); if (buffer_len(buffer) < bytes) fatal("buffer_get_bignum: input buffer too small"); bin = buffer_ptr(buffer); @@ -129,13 +131,15 @@ buffer_put_bignum2(Buffer *buffer, BIGNUM *value) xfree(buf); } +/* XXX does not handle negative BNs */ void buffer_get_bignum2(Buffer *buffer, BIGNUM *value) { - /**XXX should be two's-complement */ - int len; - u_char *bin = buffer_get_string(buffer, (u_int *)&len); + u_int len; + u_char *bin = buffer_get_string(buffer, &len); + if (len > 8 * 1024) + fatal("buffer_get_bignum2: cannot handle BN of size %d", len); BN_bin2bn(bin, len, value); xfree(bin); } |