diff options
| -rw-r--r-- | include/libssh/priv.h | 4 | ||||
| -rw-r--r-- | libssh/dh.c | 52 | ||||
| -rw-r--r-- | libssh/kex.c | 13 |
3 files changed, 53 insertions, 16 deletions
diff --git a/include/libssh/priv.h b/include/libssh/priv.h index 98f5e6e..9262fb5 100644 --- a/include/libssh/priv.h +++ b/include/libssh/priv.h @@ -532,8 +532,8 @@ void dh_import_pubkey(SSH_SESSION *session,STRING *pubkey_string); void dh_build_k(SSH_SESSION *session); int make_sessionid(SSH_SESSION *session); /* add data for the final cookie */ -void hashbufin_add_cookie(SSH_SESSION *session,unsigned char *cookie); -void hashbufout_add_cookie(SSH_SESSION *session); +int hashbufin_add_cookie(SSH_SESSION *session, unsigned char *cookie); +int hashbufout_add_cookie(SSH_SESSION *session); void generate_session_keys(SSH_SESSION *session); /* returns 1 if server signature ok, 0 otherwise. The NEXT crypto is checked, not the current one */ int signature_verify(SSH_SESSION *session,STRING *signature); diff --git a/libssh/dh.c b/libssh/dh.c index 48a7da8..1d825b2 100644 --- a/libssh/dh.c +++ b/libssh/dh.c @@ -502,20 +502,50 @@ error: return rc; } -void hashbufout_add_cookie(SSH_SESSION *session){ - session->out_hashbuf=buffer_new(); - buffer_add_u8(session->out_hashbuf,20); - if(session->server) - buffer_add_data(session->out_hashbuf,session->server_kex.cookie,16); - else - buffer_add_data(session->out_hashbuf,session->client_kex.cookie,16); +int hashbufout_add_cookie(SSH_SESSION *session) { + session->out_hashbuf = buffer_new(); + if (session->out_hashbuf == NULL) { + return -1; + } + + if (buffer_add_u8(session->out_hashbuf, 20) < 0) { + buffer_free(session->out_hashbuf); + return -1; + } + + if (session->server) { + if (buffer_add_data(session->out_hashbuf, + session->server_kex.cookie, 16) < 0) { + buffer_free(session->out_hashbuf); + return -1; + } + } else { + if (buffer_add_data(session->out_hashbuf, + session->client_kex.cookie, 16) < 0) { + buffer_free(session->out_hashbuf); + return -1; + } + } + + return 0; } +int hashbufin_add_cookie(SSH_SESSION *session, unsigned char *cookie) { + session->in_hashbuf = buffer_new(); + if (session->in_hashbuf == NULL) { + return -1; + } + + if (buffer_add_u8(session->in_hashbuf, 20) < 0) { + buffer_free(session->in_hashbuf); + return -1; + } + if (buffer_add_data(session->in_hashbuf,cookie, 16) < 0) { + buffer_free(session->in_hashbuf); + return -1; + } -void hashbufin_add_cookie(SSH_SESSION *session,unsigned char *cookie){ - session->in_hashbuf=buffer_new(); - buffer_add_u8(session->in_hashbuf,20); - buffer_add_data(session->in_hashbuf,cookie,16); + return 0; } /* TODO FIXME add return value for memory checks */ diff --git a/libssh/kex.c b/libssh/kex.c index 4ad622e..803141e 100644 --- a/libssh/kex.c +++ b/libssh/kex.c @@ -243,7 +243,11 @@ int ssh_get_kex(SSH_SESSION *session,int server_kex ){ leave_function(); return -1; } - hashbufin_add_cookie(session,session->server_kex.cookie); + if (hashbufin_add_cookie(session, session->server_kex.cookie) < 0) { + ssh_set_error(session, SSH_FATAL, "get_kex(): adding cookie failed"); + leave_function(); + return -1; + } memset(strings,0,sizeof(char *)*10); for(i=0;i<10;++i){ str=buffer_get_ssh_string(session->in_buffer); @@ -337,7 +341,8 @@ int set_kex(SSH_SESSION *session){ return 0; } -/* this function only sends the predefined set of kex methods */ +/* this function only sends the predefined set of kex methods */ +/* TODO add return value! */ void ssh_send_kex(SSH_SESSION *session, int server_kex){ STRING *str; int i=0; @@ -345,7 +350,9 @@ void ssh_send_kex(SSH_SESSION *session, int server_kex){ enter_function(); buffer_add_u8(session->out_buffer,SSH2_MSG_KEXINIT); buffer_add_data(session->out_buffer,kex->cookie,16); - hashbufout_add_cookie(session); + if (hashbufout_add_cookie(session) < 0) { + return; + } ssh_list_kex(session, kex); for(i=0;i<10;i++){ str=string_from_char(kex->methods[i]); |