Bugzilla – Attachment 3308 Details for
Bug 3050
"Bits has bad value 99999 (too large)" and "key bits exceeds maximum 16384"
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Defer bit size tests to key-specific check
ssh-keygen-bitsize.patch (text/plain), 1.68 KB, created by
Darren Tucker
on 2019-08-04 10:56:09 AEST
(
hide
)
Description:
Defer bit size tests to key-specific check
Filename:
MIME Type:
Creator:
Darren Tucker
Created:
2019-08-04 10:56:09 AEST
Size:
1.68 KB
patch
obsolete
>Index: ssh-keygen.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/ssh-keygen.c,v >retrieving revision 1.338 >diff -u -p -r1.338 ssh-keygen.c >--- ssh-keygen.c 19 Jul 2019 03:38:01 -0000 1.338 >+++ ssh-keygen.c 4 Aug 2019 00:47:40 -0000 >@@ -166,14 +166,12 @@ int prime_test(FILE *, FILE *, u_int32_t > static void > type_bits_valid(int type, const char *name, u_int32_t *bitsp) > { >-#ifdef WITH_OPENSSL >- u_int maxbits, nid; >-#endif >- > if (type == KEY_UNSPEC) > fatal("unknown key type %s", key_type_name); > if (*bitsp == 0) { > #ifdef WITH_OPENSSL >+ u_int nid; >+ > if (type == KEY_DSA) > *bitsp = DEFAULT_BITS_DSA; > else if (type == KEY_ECDSA) { >@@ -187,16 +185,15 @@ type_bits_valid(int type, const char *na > *bitsp = DEFAULT_BITS; > } > #ifdef WITH_OPENSSL >- maxbits = (type == KEY_DSA) ? >- OPENSSL_DSA_MAX_MODULUS_BITS : OPENSSL_RSA_MAX_MODULUS_BITS; >- if (*bitsp > maxbits) >- fatal("key bits exceeds maximum %d", maxbits); > switch (type) { > case KEY_DSA: > if (*bitsp != 1024) > fatal("Invalid DSA key length: must be 1024 bits"); > break; > case KEY_RSA: >+ if (*bitsp > OPENSSL_RSA_MAX_MODULUS_BITS) >+ fatal("Invalid RSA key length: maximum is %d bits", >+ OPENSSL_RSA_MAX_MODULUS_BITS); > if (*bitsp < SSH_RSA_MINIMUM_MODULUS_SIZE) > fatal("Invalid RSA key length: minimum is %d bits", > SSH_RSA_MINIMUM_MODULUS_SIZE); >@@ -2469,7 +2466,8 @@ main(int argc, char **argv) > gen_all_hostkeys = 1; > break; > case 'b': >- bits = (u_int32_t)strtonum(optarg, 10, 32768, &errstr); >+ bits = (u_int32_t)strtonum(optarg, 0, UINT_MAX, >+ &errstr); > if (errstr) > fatal("Bits has bad value %s (%s)", > optarg, errstr);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=3308">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 3050
: 3308