mirror of
https://github.com/libssh2/libssh2.git
synced 2025-11-20 02:42:09 +03:00
openssl: fix cppcheck found NULL dereferences (#1304)
* Fix NULL dereference in gen_publickey_from_rsa_evp and gen_publickey_from_dsa_evp. * Add checks for en_publickey_from_ec_evp and en_publickey_from_ed_evp
This commit is contained in:
Ryan Kelley
GitHub
@@ -1313,10 +1313,14 @@ gen_publickey_from_rsa_evp(LIBSSH2_SESSION *session,
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
memcpy(method_buf, "ssh-rsa", 7);
|
memcpy(method_buf, "ssh-rsa", 7);
|
||||||
*method = method_buf;
|
*method = method_buf;
|
||||||
*method_len = 7;
|
if(method_len) {
|
||||||
*pubkeydata = key;
|
*method_len = 7;
|
||||||
*pubkeydata_len = key_len;
|
}
|
||||||
|
*pubkeydata = key;
|
||||||
|
if(pubkeydata_len) {
|
||||||
|
*pubkeydata_len = key_len;
|
||||||
|
}
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
__alloc_error:
|
__alloc_error:
|
||||||
@@ -1754,10 +1758,14 @@ gen_publickey_from_dsa_evp(LIBSSH2_SESSION *session,
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
memcpy(method_buf, "ssh-dss", 7);
|
memcpy(method_buf, "ssh-dss", 7);
|
||||||
*method = method_buf;
|
*method = method_buf;
|
||||||
*method_len = 7;
|
if(method_len) {
|
||||||
*pubkeydata = key;
|
*method_len = 7;
|
||||||
*pubkeydata_len = key_len;
|
}
|
||||||
|
*pubkeydata = key;
|
||||||
|
if(pubkeydata_len) {
|
||||||
|
*pubkeydata_len = key_len;
|
||||||
|
}
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
__alloc_error:
|
__alloc_error:
|
||||||
@@ -2142,10 +2150,14 @@ gen_publickey_from_ed_evp(LIBSSH2_SESSION *session,
|
|||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
|
|
||||||
*method = methodBuf;
|
*method = methodBuf;
|
||||||
*method_len = sizeof(methodName) - 1;
|
if(method_len) {
|
||||||
*pubkeydata = keyBuf;
|
*method_len = sizeof(methodName) - 1;
|
||||||
*pubkeydata_len = bufLen;
|
}
|
||||||
|
*pubkeydata = keyBuf;
|
||||||
|
if(pubkeydata_len) {
|
||||||
|
*pubkeydata_len = bufLen;
|
||||||
|
}
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
fail:
|
fail:
|
||||||
@@ -3219,6 +3231,7 @@ gen_publickey_from_ec_evp(LIBSSH2_SESSION *session,
|
|||||||
unsigned char *p;
|
unsigned char *p;
|
||||||
unsigned char *method_buf = NULL;
|
unsigned char *method_buf = NULL;
|
||||||
unsigned char *key;
|
unsigned char *key;
|
||||||
|
size_t method_buf_len = 0;
|
||||||
size_t key_len = 0;
|
size_t key_len = 0;
|
||||||
unsigned char *octal_value = NULL;
|
unsigned char *octal_value = NULL;
|
||||||
size_t octal_len;
|
size_t octal_len;
|
||||||
@@ -3256,24 +3269,29 @@ gen_publickey_from_ec_evp(LIBSSH2_SESSION *session,
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
if(is_sk)
|
if(is_sk)
|
||||||
*method_len = 34;
|
method_buf_len = 34;
|
||||||
else
|
else
|
||||||
*method_len = 19;
|
method_buf_len = 19;
|
||||||
|
|
||||||
method_buf = LIBSSH2_ALLOC(session, *method_len);
|
method_buf = LIBSSH2_ALLOC(session, method_buf_len);
|
||||||
if(!method_buf) {
|
if(!method_buf) {
|
||||||
return _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
|
return _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
|
||||||
"out of memory");
|
"out of memory");
|
||||||
}
|
}
|
||||||
|
|
||||||
if(is_sk)
|
if(is_sk) {
|
||||||
memcpy(method_buf, "sk-ecdsa-sha2-nistp256@openssh.com", *method_len);
|
memcpy(method_buf, "sk-ecdsa-sha2-nistp256@openssh.com",
|
||||||
else if(type == LIBSSH2_EC_CURVE_NISTP256)
|
method_buf_len);
|
||||||
memcpy(method_buf, "ecdsa-sha2-nistp256", *method_len);
|
}
|
||||||
else if(type == LIBSSH2_EC_CURVE_NISTP384)
|
else if(type == LIBSSH2_EC_CURVE_NISTP256) {
|
||||||
memcpy(method_buf, "ecdsa-sha2-nistp384", *method_len);
|
memcpy(method_buf, "ecdsa-sha2-nistp256", method_buf_len);
|
||||||
else if(type == LIBSSH2_EC_CURVE_NISTP521)
|
}
|
||||||
memcpy(method_buf, "ecdsa-sha2-nistp521", *method_len);
|
else if(type == LIBSSH2_EC_CURVE_NISTP384) {
|
||||||
|
memcpy(method_buf, "ecdsa-sha2-nistp384", method_buf_len);
|
||||||
|
}
|
||||||
|
else if(type == LIBSSH2_EC_CURVE_NISTP521) {
|
||||||
|
memcpy(method_buf, "ecdsa-sha2-nistp521", method_buf_len);
|
||||||
|
}
|
||||||
else {
|
else {
|
||||||
_libssh2_debug((session,
|
_libssh2_debug((session,
|
||||||
LIBSSH2_TRACE_ERROR,
|
LIBSSH2_TRACE_ERROR,
|
||||||
@@ -3311,9 +3329,9 @@ gen_publickey_from_ec_evp(LIBSSH2_SESSION *session,
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* Key form is: type_len(4) + type(method_len) + domain_len(4) + domain(8)
|
/* Key form is: type_len(4) + type(method_buf_len) + domain_len(4)
|
||||||
+ pub_key_len(4) + pub_key(~65). */
|
+ domain(8) + pub_key_len(4) + pub_key(~65). */
|
||||||
key_len = 4 + *method_len + 4 + 8 + 4 + octal_len;
|
key_len = 4 + method_buf_len + 4 + 8 + 4 + octal_len;
|
||||||
key = LIBSSH2_ALLOC(session, key_len);
|
key = LIBSSH2_ALLOC(session, key_len);
|
||||||
if(!key) {
|
if(!key) {
|
||||||
rc = -1;
|
rc = -1;
|
||||||
@@ -3324,7 +3342,7 @@ gen_publickey_from_ec_evp(LIBSSH2_SESSION *session,
|
|||||||
p = key;
|
p = key;
|
||||||
|
|
||||||
/* Key type */
|
/* Key type */
|
||||||
_libssh2_store_str(&p, (const char *)method_buf, *method_len);
|
_libssh2_store_str(&p, (const char *)method_buf, method_buf_len);
|
||||||
|
|
||||||
/* Name domain */
|
/* Name domain */
|
||||||
if(is_sk) {
|
if(is_sk) {
|
||||||
@@ -3337,9 +3355,14 @@ gen_publickey_from_ec_evp(LIBSSH2_SESSION *session,
|
|||||||
/* Public key */
|
/* Public key */
|
||||||
_libssh2_store_str(&p, (const char *)octal_value, octal_len);
|
_libssh2_store_str(&p, (const char *)octal_value, octal_len);
|
||||||
|
|
||||||
*method = method_buf;
|
*method = method_buf;
|
||||||
*pubkeydata = key;
|
if(method_len) {
|
||||||
*pubkeydata_len = key_len;
|
*method_len = method_buf_len;
|
||||||
|
}
|
||||||
|
*pubkeydata = key;
|
||||||
|
if(pubkeydata_len) {
|
||||||
|
*pubkeydata_len = key_len;
|
||||||
|
}
|
||||||
|
|
||||||
clean_exit:
|
clean_exit:
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user