diff options
| author |   djm <djm@openbsd.org> | 2018-07-10 09:13:30 +0000 |
|---|---|---|
| committer | djm <djm@openbsd.org> | 2018-07-10 09:13:30 +0000 |
| commit | f54171dfbd274becde4b36d18e184c898c2c2b6e (patch) | |
| tree | 7208949486f9aa4ce99baf37ac133896ba765d2f | |
| parent | Switch also the aspath in rde_update_dispatch() to one on the stack. (diff) | |
| download | wireguard-openbsd-f54171dfbd274becde4b36d18e184c898c2c2b6e.tar.xz wireguard-openbsd-f54171dfbd274becde4b36d18e184c898c2c2b6e.zip | |
kerberos/gssapi fixes for buffer removal
| -rw-r--r-- | usr.bin/ssh/auth2-gss.c | 17 | ||||
| -rw-r--r-- | usr.bin/ssh/gss-genr.c | 17 | ||||
| -rw-r--r-- | usr.bin/ssh/monitor.c | 15 | ||||
| -rw-r--r-- | usr.bin/ssh/monitor_wrap.c | 4 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh-gss.h | 5 |
5 files changed, 43 insertions, 15 deletions
diff --git a/usr.bin/ssh/auth2-gss.c b/usr.bin/ssh/auth2-gss.c index 789206ef2f2..649c830916a 100644 --- a/usr.bin/ssh/auth2-gss.c +++ b/usr.bin/ssh/auth2-gss.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-gss.c,v 1.27 2018/07/09 21:37:55 markus Exp $ */ +/* $OpenBSD: auth2-gss.c,v 1.28 2018/07/10 09:13:30 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -199,15 +199,18 @@ input_gssapi_errtok(int type, u_int32_t plen, struct ssh *ssh) gss_buffer_desc recv_tok; OM_uint32 maj_status; int r; + u_char *p; + size_t len; if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep)) fatal("No authentication or GSSAPI context"); gssctxt = authctxt->methoddata; - if ((r = sshpkt_get_string(ssh, - &recv_tok.value, &recv_tok.length)) != 0 || + if ((r = sshpkt_get_string(ssh, &p, &len)) != 0 || (r = sshpkt_get_end(ssh)) != 0) fatal("%s: %s", __func__, ssh_err(r)); + recv_tok.value = p; + recv_tok.length = len; /* Push the error token into GSSAPI to see what it says */ maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok, @@ -235,7 +238,7 @@ static int input_gssapi_exchange_complete(int type, u_int32_t plen, struct ssh *ssh) { Authctxt *authctxt = ssh->authctxt; - int authenticated; + int r, authenticated; const char *displayname; if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep)) @@ -273,16 +276,20 @@ input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh) struct sshbuf *b; gss_buffer_desc mic, gssbuf; const char *displayname; + u_char *p; + size_t len; if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep)) fatal("No authentication or GSSAPI context"); gssctxt = authctxt->methoddata; - if ((r = sshpkt_get_string(ssh, &mic.value, &mic.length)) != 0) + if ((r = sshpkt_get_string(ssh, &p, &len)) != 0) fatal("%s: %s", __func__, ssh_err(r)); if ((b = sshbuf_new()) == NULL) fatal("%s: sshbuf_new failed", __func__); + mic.value = p; + mic.length = len; ssh_gssapi_buildmic(b, authctxt->user, authctxt->service, "gssapi-with-mic"); diff --git a/usr.bin/ssh/gss-genr.c b/usr.bin/ssh/gss-genr.c index 14e8a8d3c67..0b79ec8419e 100644 --- a/usr.bin/ssh/gss-genr.c +++ b/usr.bin/ssh/gss-genr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-genr.c,v 1.25 2018/07/09 21:37:55 markus Exp $ */ +/* $OpenBSD: gss-genr.c,v 1.26 2018/07/10 09:13:30 djm Exp $ */ /* * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved. @@ -42,6 +42,21 @@ extern u_char *session_id2; extern u_int session_id2_len; +/* sshbuf_get for gss_buffer_desc */ +int +ssh_gssapi_get_buffer_desc(struct sshbuf *b, gss_buffer_desc *g) +{ + int r; + u_char *p; + size_t len; + + if ((r = sshbuf_get_string(b, &p, &len)) != 0) + return r; + g->value = p; + g->length = len; + return 0; +} + /* Check that the OID in a data stream matches that in the context */ int ssh_gssapi_check_oid(Gssctxt *ctx, void *data, size_t len) diff --git a/usr.bin/ssh/monitor.c b/usr.bin/ssh/monitor.c index 9f026c3c9fe..a2eb0499331 100644 --- a/usr.bin/ssh/monitor.c +++ b/usr.bin/ssh/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.183 2018/07/09 21:53:45 markus Exp $ */ +/* $OpenBSD: monitor.c,v 1.184 2018/07/10 09:13:30 djm Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Markus Friedl <markus@openbsd.org> @@ -1454,13 +1454,15 @@ mm_answer_gss_setup_ctx(int sock, struct sshbuf *m) gss_OID_desc goid; OM_uint32 major; size_t len; + u_char *p; int r; if (!options.gss_authentication) fatal("%s: GSSAPI authentication not enabled", __func__); - if ((r = sshbuf_get_string(m, &goid.elements, &len)) != 0) + if ((r = sshbuf_get_string(m, &p, &len)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); + goid.elements = p; goid.length = len; major = ssh_gssapi_server_ctx(&gsscontext, &goid); @@ -1491,7 +1493,7 @@ mm_answer_gss_accept_ctx(int sock, struct sshbuf *m) if (!options.gss_authentication) fatal("%s: GSSAPI authentication not enabled", __func__); - if ((r = sshbuf_get_string(m, &in.value, &in.length)) != 0) + if ((r = ssh_gssapi_get_buffer_desc(m, &in)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags); free(in.value); @@ -1518,12 +1520,13 @@ mm_answer_gss_checkmic(int sock, struct sshbuf *m) { gss_buffer_desc gssbuf, mic; OM_uint32 ret; + int r; if (!options.gss_authentication) fatal("%s: GSSAPI authentication not enabled", __func__); - if ((r = sshbuf_get_string(m, &gssbuf.value, &gssbuf.length)) != 0 || - (r = sshbuf_get_string(m, &mic.value, &mic.length)) != 0) + if ((r = ssh_gssapi_get_buffer_desc(m, &gssbuf)) != 0 || + (r = ssh_gssapi_get_buffer_desc(m, &mic)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); ret = ssh_gssapi_checkmic(gsscontext, &gssbuf, &mic); @@ -1546,7 +1549,7 @@ mm_answer_gss_checkmic(int sock, struct sshbuf *m) int mm_answer_gss_userok(int sock, struct sshbuf *m) { - int authenticated; + int r, authenticated; const char *displayname; if (!options.gss_authentication) diff --git a/usr.bin/ssh/monitor_wrap.c b/usr.bin/ssh/monitor_wrap.c index c2e76817310..70edc0b74b8 100644 --- a/usr.bin/ssh/monitor_wrap.c +++ b/usr.bin/ssh/monitor_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.103 2018/07/09 21:53:45 markus Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.104 2018/07/10 09:13:30 djm Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Markus Friedl <markus@openbsd.org> @@ -746,7 +746,7 @@ mm_ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *in, mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSTEP, m); if ((r = sshbuf_get_u32(m, &major)) != 0 || - (r = sshbuf_get_string(m, &out->value, &out->length)) != 0) + (r = ssh_gssapi_get_buffer_desc(m, out)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); if (flagsp != NULL) { if ((r = sshbuf_get_u32(m, &flags)) != 0) diff --git a/usr.bin/ssh/ssh-gss.h b/usr.bin/ssh/ssh-gss.h index d7265cda047..8480608955d 100644 --- a/usr.bin/ssh/ssh-gss.h +++ b/usr.bin/ssh/ssh-gss.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-gss.h,v 1.13 2018/07/10 06:43:52 djm Exp $ */ +/* $OpenBSD: ssh-gss.h,v 1.14 2018/07/10 09:13:30 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. * @@ -86,6 +86,9 @@ ssh_gssapi_mech *ssh_gssapi_get_ctype(Gssctxt *); void ssh_gssapi_prepare_supported_oids(void); OM_uint32 ssh_gssapi_test_oid_supported(OM_uint32 *, gss_OID, int *); +struct sshbuf; +int ssh_gssapi_get_buffer_desc(struct sshbuf *, gss_buffer_desc *); + OM_uint32 ssh_gssapi_import_name(Gssctxt *, const char *); OM_uint32 ssh_gssapi_init_ctx(Gssctxt *, int, gss_buffer_desc *, gss_buffer_desc *, OM_uint32 *); |