kex.c : additional bounds checks in diffie_hellman_sha1/256 (#361)

Files : kex.c, misc.c, misc.h Notes : Fixed possible out of bounds memory access when reading malformed data in diffie_hellman_sha1() and diffie_hellman_sha256(). Added _libssh2_copy_string() to misc.c to return an allocated and filled char buffer from a string_buf offset. Removed no longer needed s var in kmdhgGPshakex_state_t.
2025-11-20 02:42:09 +03:00 · 2019-05-01 16:45:13 -07:00
parent dd74f2465b
commit 16f2d2bf86
4 changed files with 76 additions and 51 deletions
--- a/src/libssh2_priv.h
+++ b/src/libssh2_priv.h
@@ -261,7 +261,6 @@ typedef struct kmdhgGPshakex_state_t
    _libssh2_bn *e;
    _libssh2_bn *f;
    _libssh2_bn *k;
-    unsigned char *s;
    unsigned char *f_value;
    unsigned char *k_value;
    unsigned char *h_sig;