lib/libssh2
1
0
Fork 0
mirror of https://github.com/libssh2/libssh2.git synced 2025-11-20 02:42:09 +03:00
Code Activity

openssl: fix cppcheck found NULL dereferences (#1304)

Browse Source 
* Fix NULL dereference in gen_publickey_from_rsa_evp and
  gen_publickey_from_dsa_evp.
* Add checks for en_publickey_from_ec_evp and en_publickey_from_ed_evp
This commit is contained in:
Ryan Kelley
2024-01-18 14:37:52 -05:00
committed by GitHub
parent 34aff5ffef
commit f2945905fb
1 changed files with 53 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
src/openssl.c
View File

@@ -1314,9 +1314,13 @@ gen_publickey_from_rsa_evp(LIBSSH2_SESSION *session,
memcpy(method_buf, "ssh-rsa", 7); memcpy(method_buf, "ssh-rsa", 7);
*method = method_buf; *method = method_buf;
if(method_len) {
*method_len = 7; *method_len = 7;
}
*pubkeydata = key; *pubkeydata = key;
if(pubkeydata_len) {
*pubkeydata_len = key_len; *pubkeydata_len = key_len;
}
return 0; return 0;
__alloc_error: __alloc_error:
@@ -1755,9 +1759,13 @@ gen_publickey_from_dsa_evp(LIBSSH2_SESSION *session,
memcpy(method_buf, "ssh-dss", 7); memcpy(method_buf, "ssh-dss", 7);
*method = method_buf; *method = method_buf;
if(method_len) {
*method_len = 7; *method_len = 7;
}
*pubkeydata = key; *pubkeydata = key;
if(pubkeydata_len) {
*pubkeydata_len = key_len; *pubkeydata_len = key_len;
}
return 0; return 0;
__alloc_error: __alloc_error:
@@ -2143,9 +2151,13 @@ gen_publickey_from_ed_evp(LIBSSH2_SESSION *session,
} }
*method = methodBuf; *method = methodBuf;
if(method_len) {
*method_len = sizeof(methodName) - 1; *method_len = sizeof(methodName) - 1;
}
*pubkeydata = keyBuf; *pubkeydata = keyBuf;
if(pubkeydata_len) {
*pubkeydata_len = bufLen; *pubkeydata_len = bufLen;
}
return 0; return 0;
fail: fail:
@@ -3219,6 +3231,7 @@ gen_publickey_from_ec_evp(LIBSSH2_SESSION *session,
unsigned char *p; unsigned char *p;
unsigned char *method_buf = NULL; unsigned char *method_buf = NULL;
unsigned char *key; unsigned char *key;
size_t method_buf_len = 0;
size_t key_len = 0; size_t key_len = 0;
unsigned char *octal_value = NULL; unsigned char *octal_value = NULL;
size_t octal_len; size_t octal_len;
@@ -3256,24 +3269,29 @@ gen_publickey_from_ec_evp(LIBSSH2_SESSION *session,
#endif #endif
if(is_sk) if(is_sk)
*method_len = 34; method_buf_len = 34;
else else
*method_len = 19; method_buf_len = 19;
method_buf = LIBSSH2_ALLOC(session, *method_len); method_buf = LIBSSH2_ALLOC(session, method_buf_len);
if(!method_buf) { if(!method_buf) {
return _libssh2_error(session, LIBSSH2_ERROR_ALLOC, return _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
"out of memory"); "out of memory");
} }
if(is_sk) if(is_sk) {
memcpy(method_buf, "sk-ecdsa-sha2-nistp256@openssh.com", *method_len); memcpy(method_buf, "sk-ecdsa-sha2-nistp256@openssh.com",
else if(type == LIBSSH2_EC_CURVE_NISTP256) method_buf_len);
memcpy(method_buf, "ecdsa-sha2-nistp256", *method_len); }
else if(type == LIBSSH2_EC_CURVE_NISTP384) else if(type == LIBSSH2_EC_CURVE_NISTP256) {
memcpy(method_buf, "ecdsa-sha2-nistp384", *method_len); memcpy(method_buf, "ecdsa-sha2-nistp256", method_buf_len);
else if(type == LIBSSH2_EC_CURVE_NISTP521) }
memcpy(method_buf, "ecdsa-sha2-nistp521", *method_len); else if(type == LIBSSH2_EC_CURVE_NISTP384) {
memcpy(method_buf, "ecdsa-sha2-nistp384", method_buf_len);
}
else if(type == LIBSSH2_EC_CURVE_NISTP521) {
memcpy(method_buf, "ecdsa-sha2-nistp521", method_buf_len);
}
else { else {
_libssh2_debug((session, _libssh2_debug((session,
LIBSSH2_TRACE_ERROR, LIBSSH2_TRACE_ERROR,
@@ -3311,9 +3329,9 @@ gen_publickey_from_ec_evp(LIBSSH2_SESSION *session,
} }
#endif #endif
/* Key form is: type_len(4) + type(method_len) + domain_len(4) + domain(8) /* Key form is: type_len(4) + type(method_buf_len) + domain_len(4)
+ pub_key_len(4) + pub_key(~65). */ + domain(8) + pub_key_len(4) + pub_key(~65). */
key_len = 4 + *method_len + 4 + 8 + 4 + octal_len; key_len = 4 + method_buf_len + 4 + 8 + 4 + octal_len;
key = LIBSSH2_ALLOC(session, key_len); key = LIBSSH2_ALLOC(session, key_len);
if(!key) { if(!key) {
rc = -1; rc = -1;
@@ -3324,7 +3342,7 @@ gen_publickey_from_ec_evp(LIBSSH2_SESSION *session,
p = key; p = key;
/* Key type */ /* Key type */
_libssh2_store_str(&p, (const char *)method_buf, *method_len); _libssh2_store_str(&p, (const char *)method_buf, method_buf_len);
/* Name domain */ /* Name domain */
if(is_sk) { if(is_sk) {
@@ -3338,8 +3356,13 @@ gen_publickey_from_ec_evp(LIBSSH2_SESSION *session,
_libssh2_store_str(&p, (const char *)octal_value, octal_len); _libssh2_store_str(&p, (const char *)octal_value, octal_len);
*method = method_buf; *method = method_buf;
if(method_len) {
*method_len = method_buf_len;
}
*pubkeydata = key; *pubkeydata = key;
if(pubkeydata_len) {
*pubkeydata_len = key_len; *pubkeydata_len = key_len;
}
clean_exit: clean_exit: