Commit f2f90c88 authored by Niels Möller's avatar Niels Möller

*** empty log message ***

Rev: doc/TODO:1.87
Rev: src/srp_exchange.c:1.8
parent 4aedfd97
......@@ -228,3 +228,8 @@ Should lsh fail if some port forwardings fails? In particular,
is pretty useless if the server doesn't let us bind the remote port.
Move all dsa-related declarations from publickey_crypto.h and
dsa_keygen.h to dsa.h.
Add reasonable limits to all calls to parse_bignum(), sexp2bignum_u()
and sexp_get_un().
......@@ -75,7 +75,8 @@ make_srp_entry(struct lsh_string *name, struct sexp *e)
SEXP_NEXT(i);
if (!sexp2bignum_u(SEXP_GET(i), res->verifier))
/* FIXME: Pass a more restrictive limit to sexp2bignum_u. */
if (!sexp2bignum_u(SEXP_GET(i), res->verifier, 0))
{
KILL(res);
return NULL;
......@@ -185,7 +186,8 @@ srp_process_init_msg(struct dh_instance *self, struct lsh_string *packet)
if (parse_uint8(&buffer, &msg_number)
&& (msg_number == SSH_MSG_KEXSRP_INIT)
&& ( (name = parse_string_copy(&buffer) ))
&& parse_bignum(&buffer, self->e)
/* FIXME: Pass a more restrictive limit to parse_bignum. */
&& parse_bignum(&buffer, self->e, 0)
&& (mpz_cmp_ui(self->e, 1) > 0)
&& GROUP_RANGE(self->method->G, self->e)
&& parse_eod(&buffer) )
......@@ -279,7 +281,8 @@ srp_process_reply_msg(struct dh_instance *dh, struct lsh_string *packet)
if (parse_uint8(&buffer, &msg_number)
&& (msg_number == SSH_MSG_KEXSRP_REPLY)
&& ( (salt = parse_string_copy(&buffer) ))
&& parse_bignum(&buffer, dh->f)
/* FIXME: Pass a more restrictive limit to parse_bignum. */
&& parse_bignum(&buffer, dh->f, 0)
&& (mpz_cmp_ui(dh->f, 1) > 0)
&& GROUP_RANGE(dh->method->G, dh->f)
&& parse_eod(&buffer))
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment