lib/libssh2
1
0
Fork 0
mirror of https://github.com/libssh2/libssh2.git synced 2025-10-31 23:30:25 +03:00
Code Activity

kex: acknowledge error code from libssh2_dh_key_pair()

Browse Source 
Fixes a segfault using ssh-agent on Windows

This commit fixes a segfault seen dereferencing a null pointer on
Windows when using ssh-agent. The problem ended up being that errors
weren't being communicated all the way through, causing null pointers to
be used when functions should have bailed out sooner.

The `_libssh2_dh_key_pair` function for WinCNG was modified to propagate
errors, and then the two callsites in kex.c of
`diffie_hellman_sha{1,256}` were updated to recognize this error and
bail out.

Fixes #162
Closes #163
This commit is contained in:
Alex Crichton
2016-12-20 12:42:47 -08:00
committed by Daniel Stenberg
parent f7daf3185a
commit b3f9557f52
2 changed files with 12 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/kex.c
View File

@@ -133,8 +133,10 @@ static int diffie_hellman_sha1(LIBSSH2_SESSION *session,
memset(&exchange_state->req_state, 0, sizeof(packet_require_state_t)); memset(&exchange_state->req_state, 0, sizeof(packet_require_state_t));
/* Generate x and e */ /* Generate x and e */
libssh2_dh_key_pair(&exchange_state->x, exchange_state->e, g, p, rc = libssh2_dh_key_pair(&exchange_state->x, exchange_state->e, g, p,
group_order, exchange_state->ctx); group_order, exchange_state->ctx);
if (rc)
goto clean_exit;
/* Send KEX init */ /* Send KEX init */
/* packet_type(1) + String Length(4) + leading 0(1) */ /* packet_type(1) + String Length(4) + leading 0(1) */
@@ -757,8 +759,10 @@ static int diffie_hellman_sha256(LIBSSH2_SESSION *session,
memset(&exchange_state->req_state, 0, sizeof(packet_require_state_t)); memset(&exchange_state->req_state, 0, sizeof(packet_require_state_t));
/* Generate x and e */ /* Generate x and e */
libssh2_dh_key_pair(&exchange_state->x, exchange_state->e, g, p, rc = libssh2_dh_key_pair(&exchange_state->x, exchange_state->e, g, p,
group_order, exchange_state->ctx); group_order, exchange_state->ctx);
if (rc)
goto clean_exit;
/* Send KEX init */ /* Send KEX init */
/* packet_type(1) + String Length(4) + leading 0(1) */ /* packet_type(1) + String Length(4) + leading 0(1) */

6
src/wincng.c
View File

@@ -2075,8 +2075,10 @@ _libssh2_dh_key_pair(_libssh2_dh_ctx *dhctx, _libssh2_bn *public,
_libssh2_bn *g, _libssh2_bn *p, int group_order) _libssh2_bn *g, _libssh2_bn *p, int group_order)
{ {
/* Generate x and e */ /* Generate x and e */
_libssh2_wincng_bignum_rand(*dhctx, group_order * 8 - 1, 0, -1); if (_libssh2_wincng_bignum_rand(*dhctx, group_order * 8 - 1, 0, -1))
_libssh2_wincng_bignum_mod_exp(public, g, *dhctx, p); return -1;
if (_libssh2_wincng_bignum_mod_exp(public, g, *dhctx, p))
return -1;
return 0; return 0;
} }