mirror of
https://github.com/libssh2/libssh2.git
synced 2025-11-03 22:13:11 +03:00
Fixed a potential use of an uninitialized variable, the result of which lead
to an unneeded but harmless realloc. Reduced the scope of some automatic variables.
This commit is contained in:
Dan Fandrich
@@ -590,17 +590,19 @@ libssh2_userauth_hostbased_fromfile_ex(LIBSSH2_SESSION * session,
|
|||||||
const char *local_username,
|
const char *local_username,
|
||||||
unsigned int local_username_len)
|
unsigned int local_username_len)
|
||||||
{
|
{
|
||||||
const LIBSSH2_HOSTKEY_METHOD *privkeyobj;
|
|
||||||
void *abstract;
|
|
||||||
unsigned char buf[5];
|
|
||||||
struct iovec datavec[4];
|
|
||||||
unsigned char *pubkeydata, *sig;
|
|
||||||
static const unsigned char reply_codes[3] =
|
static const unsigned char reply_codes[3] =
|
||||||
{ SSH_MSG_USERAUTH_SUCCESS, SSH_MSG_USERAUTH_FAILURE, 0 };
|
{ SSH_MSG_USERAUTH_SUCCESS, SSH_MSG_USERAUTH_FAILURE, 0 };
|
||||||
unsigned long pubkeydata_len, sig_len, data_len;
|
|
||||||
int rc;
|
int rc;
|
||||||
|
|
||||||
if (session->userauth_host_state == libssh2_NB_state_idle) {
|
if (session->userauth_host_state == libssh2_NB_state_idle) {
|
||||||
|
const LIBSSH2_HOSTKEY_METHOD *privkeyobj;
|
||||||
|
unsigned char *pubkeydata, *sig;
|
||||||
|
unsigned long pubkeydata_len;
|
||||||
|
unsigned long sig_len;
|
||||||
|
void *abstract;
|
||||||
|
unsigned char buf[5];
|
||||||
|
struct iovec datavec[4];
|
||||||
|
|
||||||
/* Zero the whole thing out */
|
/* Zero the whole thing out */
|
||||||
memset(&session->userauth_host_packet_requirev_state, 0,
|
memset(&session->userauth_host_packet_requirev_state, 0,
|
||||||
sizeof(session->userauth_host_packet_requirev_state));
|
sizeof(session->userauth_host_packet_requirev_state));
|
||||||
@@ -777,6 +779,7 @@ libssh2_userauth_hostbased_fromfile_ex(LIBSSH2_SESSION * session,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (session->userauth_host_state == libssh2_NB_state_sent) {
|
if (session->userauth_host_state == libssh2_NB_state_sent) {
|
||||||
|
unsigned long data_len;
|
||||||
rc = libssh2_packet_requirev_ex(session, reply_codes,
|
rc = libssh2_packet_requirev_ex(session, reply_codes,
|
||||||
&session->userauth_host_data,
|
&session->userauth_host_data,
|
||||||
&data_len, 0, NULL, 0,
|
&data_len, 0, NULL, 0,
|
||||||
@@ -824,19 +827,16 @@ libssh2_userauth_publickey_fromfile_ex(LIBSSH2_SESSION * session,
|
|||||||
const char *privatekey,
|
const char *privatekey,
|
||||||
const char *passphrase)
|
const char *passphrase)
|
||||||
{
|
{
|
||||||
const LIBSSH2_HOSTKEY_METHOD *privkeyobj;
|
unsigned long pubkeydata_len = 0;
|
||||||
void *abstract;
|
|
||||||
unsigned char buf[5];
|
|
||||||
struct iovec datavec[4];
|
|
||||||
unsigned char *pubkeydata, *sig;
|
|
||||||
unsigned char reply_codes[4] =
|
unsigned char reply_codes[4] =
|
||||||
{ SSH_MSG_USERAUTH_SUCCESS, SSH_MSG_USERAUTH_FAILURE,
|
{ SSH_MSG_USERAUTH_SUCCESS, SSH_MSG_USERAUTH_FAILURE,
|
||||||
SSH_MSG_USERAUTH_PK_OK, 0
|
SSH_MSG_USERAUTH_PK_OK, 0
|
||||||
};
|
};
|
||||||
unsigned long pubkeydata_len, sig_len;
|
|
||||||
int rc;
|
int rc;
|
||||||
|
|
||||||
if (session->userauth_pblc_state == libssh2_NB_state_idle) {
|
if (session->userauth_pblc_state == libssh2_NB_state_idle) {
|
||||||
|
unsigned char *pubkeydata;
|
||||||
|
|
||||||
/* Zero the whole thing out */
|
/* Zero the whole thing out */
|
||||||
memset(&session->userauth_pblc_packet_requirev_state, 0,
|
memset(&session->userauth_pblc_packet_requirev_state, 0,
|
||||||
sizeof(session->userauth_pblc_packet_requirev_state));
|
sizeof(session->userauth_pblc_packet_requirev_state));
|
||||||
@@ -935,6 +935,13 @@ libssh2_userauth_publickey_fromfile_ex(LIBSSH2_SESSION * session,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (session->userauth_pblc_state == libssh2_NB_state_sent) {
|
if (session->userauth_pblc_state == libssh2_NB_state_sent) {
|
||||||
|
const LIBSSH2_HOSTKEY_METHOD *privkeyobj;
|
||||||
|
void *abstract;
|
||||||
|
unsigned char buf[5];
|
||||||
|
struct iovec datavec[4];
|
||||||
|
unsigned char *sig;
|
||||||
|
unsigned long sig_len;
|
||||||
|
|
||||||
rc = libssh2_packet_requirev_ex(session, reply_codes,
|
rc = libssh2_packet_requirev_ex(session, reply_codes,
|
||||||
&session->userauth_pblc_data,
|
&session->userauth_pblc_data,
|
||||||
&session->userauth_pblc_data_len, 0,
|
&session->userauth_pblc_data_len, 0,
|
||||||
@@ -1025,6 +1032,10 @@ libssh2_userauth_publickey_fromfile_ex(LIBSSH2_SESSION * session,
|
|||||||
privkeyobj->dtor(session, &abstract);
|
privkeyobj->dtor(session, &abstract);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* If this function was restarted, pubkeydata_len might still be 0
|
||||||
|
* which will cause an unnecessary but harmless realloc here.
|
||||||
|
*/
|
||||||
if (sig_len > pubkeydata_len) {
|
if (sig_len > pubkeydata_len) {
|
||||||
unsigned char *newpacket;
|
unsigned char *newpacket;
|
||||||
/* Should *NEVER* happen, but...well.. better safe than sorry */
|
/* Should *NEVER* happen, but...well.. better safe than sorry */
|
||||||
@@ -1046,6 +1057,7 @@ libssh2_userauth_publickey_fromfile_ex(LIBSSH2_SESSION * session,
|
|||||||
|
|
||||||
session->userauth_pblc_s =
|
session->userauth_pblc_s =
|
||||||
session->userauth_pblc_packet + session->userauth_pblc_packet_len;
|
session->userauth_pblc_packet + session->userauth_pblc_packet_len;
|
||||||
|
session->userauth_pblc_b = NULL;
|
||||||
|
|
||||||
libssh2_htonu32(session->userauth_pblc_s,
|
libssh2_htonu32(session->userauth_pblc_s,
|
||||||
4 + session->userauth_pblc_method_len + 4 + sig_len);
|
4 + session->userauth_pblc_method_len + 4 + sig_len);
|
||||||
|
|||||||
Reference in New Issue
Block a user