Attachment #2953 for bug #2687

Lines 834-839 fake_password(const char *wire_password) Link Here

(-)a/auth-pam.c (+2 lines)
834	fatal("%s: password length too long: %zu", __func__, l);	834	fatal("%s: password length too long: %zu", __func__, l);
835		835
836	ret = malloc(l + 1);	836	ret = malloc(l + 1);
		837	if (ret == NULL)
		838	return NULL;
837	for (i = 0; i < l; i++)	839	for (i = 0; i < l; i++)
838	ret[i] = junk[i % (sizeof(junk) - 1)];	840	ret[i] = junk[i % (sizeof(junk) - 1)];
839	ret[i] = '\0';	841	ret[i] = '\0';

Lines 2290-2296 update_known_hosts(struct hostkeys_update_ctx *ctx) Link Here

(-)a/clientloop.c (-1 / +1 lines)
2290	free(response);	2290	free(response);
2291	response = read_passphrase("Accept updated hostkeys? "	2291	response = read_passphrase("Accept updated hostkeys? "
2292	"(yes/no): ", RP_ECHO);	2292	"(yes/no): ", RP_ECHO);
2293	if (strcasecmp(response, "yes") == 0)	2293	if (response != NULL && strcasecmp(response, "yes") == 0)
2294	break;	2294	break;
2295	else if (quit_pending \|\| response == NULL \|\|	2295	else if (quit_pending \|\| response == NULL \|\|
2296	strcasecmp(response, "no") == 0) {	2296	strcasecmp(response, "no") == 0) {

Lines 158-164 ssh_digest_final(struct ssh_digest_ctx ctx, u_char d, size_t dlen) Link Here

(-)a/digest-openssl.c (-1 / +1 lines)
158	const struct ssh_digest *digest = ssh_digest_by_alg(ctx->alg);	158	const struct ssh_digest *digest = ssh_digest_by_alg(ctx->alg);
159	u_int l = dlen;	159	u_int l = dlen;
160		160
161	if (dlen > UINT_MAX)	161	if (digest == NULL \|\| dlen > UINT_MAX)
162	return SSH_ERR_INVALID_ARGUMENT;	162	return SSH_ERR_INVALID_ARGUMENT;
163	if (dlen < digest->digest_len) /* No truncation allowed */	163	if (dlen < digest->digest_len) /* No truncation allowed */
164	return SSH_ERR_INVALID_ARGUMENT;	164	return SSH_ERR_INVALID_ARGUMENT;




char *
kex_names_cat(const char *a, const char *b)
{
	char *ret = NULL, *tmp = NULL, *cp, *p, *m;
	size_t len;

	if (a == NULL || *a == '\0')

	}
	strlcpy(ret, a, len);
	for ((p = strsep(&cp, ",")); p && *p != '\0'; (p = strsep(&cp, ","))) {
		if ((m = match_list(ret, p, NULL)) != NULL) {
			free(m);
			continue; /* Algorithm already present */
		}
		if (strlcat(ret, ",", len) >= len ||
		    strlcat(ret, p, len) >= len) {
			free(tmp);


	if (name == NULL)
		return SSH_ERR_NO_CIPHER_ALG_MATCH;
	if ((enc->cipher = cipher_by_name(name)) == NULL) {
		free(name);
		return SSH_ERR_INTERNAL_ERROR;
	}
	enc->name = name;
	enc->enabled = 0;
	enc->iv = NULL;


	if (name == NULL)
		return SSH_ERR_NO_MAC_ALG_MATCH;
	if (mac_setup(mac, name) < 0) {
		free(name);
		return SSH_ERR_INTERNAL_ERROR;
	}
	/* truncate the key */
	if (ssh->compat & SSH_BUG_HMAC)
		mac->key_len = 16;

	} else if (strcmp(name, "none") == 0) {
		comp->type = COMP_NONE;
	} else {
		free(name);
		return SSH_ERR_INTERNAL_ERROR;
	}
	comp->name = name;

Lines 1500-1505 parse_keytypes: Link Here

(-)a/readconf.c (+1 lines)
1500	if (r == GLOB_NOMATCH) {	1500	if (r == GLOB_NOMATCH) {
1501	debug("%.200s line %d: include %s matched no "	1501	debug("%.200s line %d: include %s matched no "
1502	"files",filename, linenum, arg2);	1502	"files",filename, linenum, arg2);
		1503	free(arg2);
1503	continue;	1504	continue;
1504	} else if (r != 0 \|\| gl.gl_pathc < 0)	1505	} else if (r != 0 \|\| gl.gl_pathc < 0)
1505	fatal("%.200s line %d: glob failed for %s.",	1506	fatal("%.200s line %d: glob failed for %s.",

Lines 2284-2291 dump_cfg_fmtint(ServerOpCodes code, int val) Link Here

(-)a/servconf.c (-2 lines)
2284	static void	2284	static void
2285	dump_cfg_string(ServerOpCodes code, const char *val)	2285	dump_cfg_string(ServerOpCodes code, const char *val)
2286	{	2286	{
2287	if (val == NULL)
2288	return;
2289	printf("%s %s\n", lookup_opcode_name(code),	2287	printf("%s %s\n", lookup_opcode_name(code),
2290	val == NULL ? "none" : val);	2288	val == NULL ? "none" : val);
2291	}	2289	}

Lines 1533-1538 maybe_add_key_to_agent(char authfile, Key private, char *comment, Link Here

(-)a/sshconnect.c (+2 lines)
1533	if (options.add_keys_to_agent == 2 &&	1533	if (options.add_keys_to_agent == 2 &&
1534	!ask_permission("Add key %s (%s) to agent?", authfile, comment)) {	1534	!ask_permission("Add key %s (%s) to agent?", authfile, comment)) {
1535	debug3("user denied adding this key");	1535	debug3("user denied adding this key");
		1536	close(auth_sock);
1536	return;	1537	return;
1537	}	1538	}
1538		1539
Lines 1541-1544 maybe_add_key_to_agent(char authfile, Key private, char *comment, Link Here
1541	debug("identity added to agent: %s", authfile);	1542	debug("identity added to agent: %s", authfile);
1542	else	1543	else
1543	debug("could not add identity to agent: %s (%d)", authfile, r);	1544	debug("could not add identity to agent: %s (%d)", authfile, r);
		1545	close(auth_sock);
1544	}	1546	}

Lines 1061-1066 sign_and_send_pubkey(Authctxt authctxt, Identity id) Link Here

(-)a/sshconnect2.c (+2 lines)
1061		1061
1062	if (key_to_blob(id->key, &blob, &bloblen) == 0) {	1062	if (key_to_blob(id->key, &blob, &bloblen) == 0) {
1063	/* we cannot handle this key */	1063	/* we cannot handle this key */
		1064	free(blob);
1064	debug3("sign_and_send_pubkey: cannot handle key");	1065	debug3("sign_and_send_pubkey: cannot handle key");
1065	return 0;	1066	return 0;
1066	}	1067	}
Lines 1170-1175 send_pubkey_test(Authctxt authctxt, Identity id) Link Here
1170		1171
1171	if (key_to_blob(id->key, &blob, &bloblen) == 0) {	1172	if (key_to_blob(id->key, &blob, &bloblen) == 0) {
1172	/* we cannot handle this key */	1173	/* we cannot handle this key */
		1174	free(blob);
1173	debug3("send_pubkey_test: cannot handle key");	1175	debug3("send_pubkey_test: cannot handle key");
1174	return 0;	1176	return 0;
1175	}	1177	}

Lines 1375-1382 sshkey_read(struct sshkey ret, char *cpp) Link Here

(-)a/sshkey.c (-2 lines)
1375	retval = 0;	1375	retval = 0;
1376	/XXXX/	1376	/XXXX/
1377	sshkey_free(k);	1377	sshkey_free(k);
1378	if (retval != 0)
1379	break;
1380	break;	1378	break;
1381	default:	1379	default:
1382	return SSH_ERR_INVALID_ARGUMENT;	1380	return SSH_ERR_INVALID_ARGUMENT;

Return to bug 2687

Lines 178-184 kex_names_valid(const char *names) Link Here

(-)a/kex.c (-4 / +11 lines)
178	char *	178	char *
179	kex_names_cat(const char a, const char b)	179	kex_names_cat(const char a, const char b)
180	{	180	{
181	char ret = NULL, tmp = NULL, cp, p;	181	char ret = NULL, tmp = NULL, cp, p, *m;
182	size_t len;	182	size_t len;
183		183
184	if (a == NULL \|\| *a == '\0')	184	if (a == NULL \|\| *a == '\0')
Lines 195-202 kex_names_cat(const char a, const char b) Link Here
195	}	195	}
196	strlcpy(ret, a, len);	196	strlcpy(ret, a, len);
197	for ((p = strsep(&cp, ",")); p && *p != '\0'; (p = strsep(&cp, ","))) {	197	for ((p = strsep(&cp, ",")); p && *p != '\0'; (p = strsep(&cp, ","))) {
198	if (match_list(ret, p, NULL) != NULL)	198	if ((m = match_list(ret, p, NULL)) != NULL) {
		199	free(m);
199	continue; /* Algorithm already present */	200	continue; /* Algorithm already present */
		201	}
200	if (strlcat(ret, ",", len) >= len \|\|	202	if (strlcat(ret, ",", len) >= len \|\|
201	strlcat(ret, p, len) >= len) {	203	strlcat(ret, p, len) >= len) {
202	free(tmp);	204	free(tmp);
Lines 651-658 choose_enc(struct sshenc enc, char client, char *server) Link Here
651		653
652	if (name == NULL)	654	if (name == NULL)
653	return SSH_ERR_NO_CIPHER_ALG_MATCH;	655	return SSH_ERR_NO_CIPHER_ALG_MATCH;
654	if ((enc->cipher = cipher_by_name(name)) == NULL)	656	if ((enc->cipher = cipher_by_name(name)) == NULL) {
		657	free(name);
655	return SSH_ERR_INTERNAL_ERROR;	658	return SSH_ERR_INTERNAL_ERROR;
		659	}
656	enc->name = name;	660	enc->name = name;
657	enc->enabled = 0;	661	enc->enabled = 0;
658	enc->iv = NULL;	662	enc->iv = NULL;
Lines 670-677 choose_mac(struct ssh ssh, struct sshmac mac, char client, char server) Link Here
670		674
671	if (name == NULL)	675	if (name == NULL)
672	return SSH_ERR_NO_MAC_ALG_MATCH;	676	return SSH_ERR_NO_MAC_ALG_MATCH;
673	if (mac_setup(mac, name) < 0)	677	if (mac_setup(mac, name) < 0) {
		678	free(name);
674	return SSH_ERR_INTERNAL_ERROR;	679	return SSH_ERR_INTERNAL_ERROR;
		680	}
675	/* truncate the key */	681	/* truncate the key */
676	if (ssh->compat & SSH_BUG_HMAC)	682	if (ssh->compat & SSH_BUG_HMAC)
677	mac->key_len = 16;	683	mac->key_len = 16;
Lines 695-700 choose_comp(struct sshcomp comp, char client, char *server) Link Here
695	} else if (strcmp(name, "none") == 0) {	701	} else if (strcmp(name, "none") == 0) {
696	comp->type = COMP_NONE;	702	comp->type = COMP_NONE;
697	} else {	703	} else {
		704	free(name);
698	return SSH_ERR_INTERNAL_ERROR;	705	return SSH_ERR_INTERNAL_ERROR;
699	}	706	}
700	comp->name = name;	707	comp->name = name;