two more bounds-checking sshbuf counterparts to common string

operations: sshbuf_cmp() (bcmp-like) and sshbuf_find() (memmem like)

feedback and ok markus@

1 files changed, 28 insertions, 1 deletions

diff --git a/usr.bin/ssh/sshbuf.h b/usr.bin/ssh/sshbuf.h
index 48a301e2c26..608a9845ec2 100644
--- a/usr.bin/ssh/sshbuf.h
+++ b/usr.bin/ssh/sshbuf.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: sshbuf.h,v 1.14 2019/07/14 23:32:27 djm Exp $	*/
+/*	$OpenBSD: sshbuf.h,v 1.15 2019/07/15 13:11:38 djm Exp $	*/
 /*
  * Copyright (c) 2011 Damien Miller
  *
@@ -249,6 +249,33 @@ char	*sshbuf_dtob64(struct sshbuf *buf);
 int	sshbuf_b64tod(struct sshbuf *buf, const char *b64);
 
 /*
+ * Tests whether the buffer contains the specified byte sequence at the
+ * specified offset. Returns 0 on successful match, or a ssherr.h code
+ * otherwise. SSH_ERR_INVALID_FORMAT indicates sufficient bytes were
+ * present but the buffer contents did not match those supplied. Zero-
+ * length comparisons are not allowed.
+ *
+ * If sufficient data is present to make a comparison, then it is
+ * performed with timing independent of the value of the data. If
+ * insufficient data is present then the comparison is not attempted at
+ * all.
+ */
+int	sshbuf_cmp(const struct sshbuf *b, size_t offset,
+    const u_char *s, size_t len);
+
+/*
+ * Searches the buffer for the specified string. Returns 0 on success
+ * and updates *offsetp with the offset of the first match, relative to
+ * the start of the buffer. Otherwise sshbuf_find will return a ssherr.h
+ * error code. SSH_ERR_INVALID_FORMAT indicates sufficient bytes were
+ * present in the buffer for a match to be possible but none was found.
+ * Searches for zero-length data are not allowed.
+ */
+int
+sshbuf_find(const struct sshbuf *b, size_t start_offset,
+    const u_char *s, size_t len, size_t *offsetp);
+
+/*
  * Duplicate the contents of a buffer to a string (caller to free).
  * Returns NULL on buffer error, or if the buffer contains a premature
  * nul character.