shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-09 18:04:25 +09:00
Code Issues Packages Projects Releases Wiki Activity

Add safety checks for all ssh_string_fill calls

Browse Source 
These calls can fail and the return code should always be checked. These
issues were identified when code review called it out on new code. The
updates here are to existing code with no behavior changes to make
review simpler.

Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Dirkjan Bussink
2020-12-10 14:01:32 +00:00
committed by Andreas Schneider
parent f6a2f6190c
commit daeee74edd
8 changed files with 97 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
src/pki_crypto.c
View File

@@ -840,7 +840,11 @@ ssh_string pki_private_key_to_pem(const ssh_key key,
goto err;
}
ssh_string_fill(blob, buf->data, buf->length);
rc = ssh_string_fill(blob, buf->data, buf->length);
if (rc < 0) {
goto err;
}
BIO_free(mem);
return blob;
@@ -1411,6 +1415,7 @@ static ssh_string pki_dsa_signature_to_blob(const ssh_signature sig)
const unsigned char *raw_sig_data = NULL;
size_t raw_sig_len;
int rc;
DSA_SIG *dsa_sig;
@@ -1467,7 +1472,11 @@ static ssh_string pki_dsa_signature_to_blob(const ssh_signature sig)
return NULL;
}
ssh_string_fill(sig_blob, buffer, 40);
rc = ssh_string_fill(sig_blob, buffer, 40);
if (rc < 0) {
SSH_STRING_FREE(sig_blob);
return NULL;
}
return sig_blob;
@@ -1544,7 +1553,10 @@ static ssh_string pki_ecdsa_signature_to_blob(const ssh_signature sig)
goto error;
}
ssh_string_fill(sig_blob, ssh_buffer_get(buf), ssh_buffer_get_len(buf));
rc = ssh_string_fill(sig_blob, ssh_buffer_get(buf), ssh_buffer_get_len(buf));
if (rc < 0) {
goto error;
}
SSH_STRING_FREE(r);
SSH_STRING_FREE(s);
@@ -1554,6 +1566,7 @@ static ssh_string pki_ecdsa_signature_to_blob(const ssh_signature sig)
return sig_blob;
error:
SSH_STRING_FREE(sig_blob);
SSH_STRING_FREE(r);
SSH_STRING_FREE(s);
ECDSA_SIG_free(ecdsa_sig);
@@ -1698,7 +1711,11 @@ static int pki_signature_from_dsa_blob(UNUSED_PARAM(const ssh_key pubkey),
if (r == NULL) {
goto error;
}
ssh_string_fill(r, ssh_string_data(sig_blob), 20);
rc = ssh_string_fill(r, ssh_string_data(sig_blob), 20);
if (rc < 0) {
SSH_STRING_FREE(r);
goto error;
}
pr = ssh_make_string_bn(r);
ssh_string_burn(r);
@@ -1711,7 +1728,11 @@ static int pki_signature_from_dsa_blob(UNUSED_PARAM(const ssh_key pubkey),
if (s == NULL) {
goto error;
}
ssh_string_fill(s, (char *)ssh_string_data(sig_blob) + 20, 20);
rc = ssh_string_fill(s, (char *)ssh_string_data(sig_blob) + 20, 20);
if (rc < 0) {
SSH_STRING_FREE(s);
goto error;
}
ps = ssh_make_string_bn(s);
ssh_string_burn(s);