diff options
| author |   dtucker <dtucker@openbsd.org> | 2018-07-16 22:25:01 +0000 |
|---|---|---|
| committer | dtucker <dtucker@openbsd.org> | 2018-07-16 22:25:01 +0000 |
| commit | c6ff4b20364b050ae82779e09be2c0adf4aa4c49 (patch) | |
| tree | fec228383a1bde5f0c4ec90a6a5980abc349338c /usr.bin/ssh/ssh.c | |
| parent | Document behavior change of EC_POINTs_mul() again. (diff) | |
| download | wireguard-openbsd-c6ff4b20364b050ae82779e09be2c0adf4aa4c49.tar.xz wireguard-openbsd-c6ff4b20364b050ae82779e09be2c0adf4aa4c49.zip | |
Slot 0 in the hostbased key array was previously RSA1, but that is
now gone and the slot is unused so remove it. Remove two now-unused
macros, and add an array bounds check to the two remaining ones
(array is statically sized, so mostly a safety check on future changes).
ok markus@
Diffstat (limited to 'usr.bin/ssh/ssh.c')
| -rw-r--r-- | usr.bin/ssh/ssh.c | 44 |
1 files changed, 22 insertions, 22 deletions
diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index 1aa3907c414..aeaae37936a 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.485 2018/07/16 11:05:41 dtucker Exp $ */ +/* $OpenBSD: ssh.c,v 1.486 2018/07/16 22:25:01 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -1384,34 +1384,34 @@ main(int ac, char **av) sensitive_data.nkeys = 0; sensitive_data.keys = NULL; if (options.hostbased_authentication) { - sensitive_data.nkeys = 11; + sensitive_data.nkeys = 10; sensitive_data.keys = xcalloc(sensitive_data.nkeys, sizeof(struct sshkey)); /* XXX check errors? */ -#define L_KEY(t,p,o) \ - check_load(sshkey_load_private_type(t, p, "", \ - &(sensitive_data.keys[o]), NULL, NULL), p, "key") -#define L_KEYCERT(t,p,o) \ - check_load(sshkey_load_private_cert(t, p, "", \ - &(sensitive_data.keys[o]), NULL), p, "cert and key") -#define L_PUBKEY(p,o) \ +#define L_PUBKEY(p,o) do { \ + if ((o) >= sensitive_data.nkeys) \ + fatal("%s pubkey out of array bounds", __func__); \ check_load(sshkey_load_public(p, &(sensitive_data.keys[o]), NULL), \ - p, "pubkey") -#define L_CERT(p,o) \ - check_load(sshkey_load_cert(p, &(sensitive_data.keys[o])), p, "cert") + p, "pubkey"); \ +} while (0) +#define L_CERT(p,o) do { \ + if ((o) >= sensitive_data.nkeys) \ + fatal("%s cert out of array bounds", __func__); \ + check_load(sshkey_load_cert(p, &(sensitive_data.keys[o])), p, "cert"); \ +} while (0) if (options.hostbased_authentication == 1) { - L_CERT(_PATH_HOST_ECDSA_KEY_FILE, 1); - L_CERT(_PATH_HOST_ED25519_KEY_FILE, 2); - L_CERT(_PATH_HOST_RSA_KEY_FILE, 3); - L_CERT(_PATH_HOST_DSA_KEY_FILE, 4); - L_PUBKEY(_PATH_HOST_ECDSA_KEY_FILE, 5); - L_PUBKEY(_PATH_HOST_ED25519_KEY_FILE, 6); - L_PUBKEY(_PATH_HOST_RSA_KEY_FILE, 7); - L_PUBKEY(_PATH_HOST_DSA_KEY_FILE, 8); - L_CERT(_PATH_HOST_XMSS_KEY_FILE, 9); - L_PUBKEY(_PATH_HOST_XMSS_KEY_FILE, 10); + L_CERT(_PATH_HOST_ECDSA_KEY_FILE, 0); + L_CERT(_PATH_HOST_ED25519_KEY_FILE, 1); + L_CERT(_PATH_HOST_RSA_KEY_FILE, 2); + L_CERT(_PATH_HOST_DSA_KEY_FILE, 3); + L_PUBKEY(_PATH_HOST_ECDSA_KEY_FILE, 4); + L_PUBKEY(_PATH_HOST_ED25519_KEY_FILE, 5); + L_PUBKEY(_PATH_HOST_RSA_KEY_FILE, 6); + L_PUBKEY(_PATH_HOST_DSA_KEY_FILE, 7); + L_CERT(_PATH_HOST_XMSS_KEY_FILE, 8); + L_PUBKEY(_PATH_HOST_XMSS_KEY_FILE, 9); } } /* |