lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-11-27 13:21:11 +03:00
Code Activity

packet: Check hmac return codes in ssh_packet_hmac_verify()

Browse Source 
CID #1490530

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
This commit is contained in:
Andreas Schneider
2022-07-13 16:17:47 +02:00
parent e27ee9d0a4
commit b42e9a19a3
1 changed files with 19 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/packet_crypt.c
View File

@@ -266,6 +266,7 @@ int ssh_packet_hmac_verify(ssh_session session,
size_t hmaclen = DIGEST_MAX_LEN; size_t hmaclen = DIGEST_MAX_LEN;
uint32_t seq; uint32_t seq;
int cmp; int cmp;
int rc;
/* AEAD types have no mac checking */ /* AEAD types have no mac checking */
if (type == SSH_HMAC_AEAD_POLY1305 || if (type == SSH_HMAC_AEAD_POLY1305 ||
@@ -288,15 +289,24 @@ int ssh_packet_hmac_verify(ssh_session session,
seq = htonl(session->recv_seq); seq = htonl(session->recv_seq);
hmac_update(ctx, rc = hmac_update(ctx,
(unsigned char *) &seq, (unsigned char *) &seq,
sizeof(uint32_t)); sizeof(uint32_t));
hmac_update(ctx, if (rc != 1) {
return SSH_ERROR;
}
rc = hmac_update(ctx,
data, data,
len); len);
hmac_final(ctx, if (rc != 1) {
return SSH_ERROR;
}
rc = hmac_final(ctx,
hmacbuf, hmacbuf,
&hmaclen); &hmaclen);
if (rc != 1) {
return SSH_ERROR;
}
#ifdef DEBUG_CRYPTO #ifdef DEBUG_CRYPTO
ssh_log_hexdump("received mac", ssh_log_hexdump("received mac",