Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
LSH
lsh
Commits
f2f90c88
Commit
f2f90c88
authored
Sep 03, 2000
by
Niels Möller
Browse files
*** empty log message ***
Rev: doc/TODO:1.87 Rev: src/srp_exchange.c:1.8
parent
4aedfd97
Changes
2
Hide whitespace changes
Inline
Side-by-side
doc/TODO
View file @
f2f90c88
...
...
@@ -228,3 +228,8 @@ Should lsh fail if some port forwardings fails? In particular,
is pretty useless if the server doesn't let us bind the remote port.
Move all dsa-related declarations from publickey_crypto.h and
dsa_keygen.h to dsa.h.
Add reasonable limits to all calls to parse_bignum(), sexp2bignum_u()
and sexp_get_un().
src/srp_exchange.c
View file @
f2f90c88
...
...
@@ -75,7 +75,8 @@ make_srp_entry(struct lsh_string *name, struct sexp *e)
SEXP_NEXT
(
i
);
if
(
!
sexp2bignum_u
(
SEXP_GET
(
i
),
res
->
verifier
))
/* FIXME: Pass a more restrictive limit to sexp2bignum_u. */
if
(
!
sexp2bignum_u
(
SEXP_GET
(
i
),
res
->
verifier
,
0
))
{
KILL
(
res
);
return
NULL
;
...
...
@@ -185,7 +186,8 @@ srp_process_init_msg(struct dh_instance *self, struct lsh_string *packet)
if
(
parse_uint8
(
&
buffer
,
&
msg_number
)
&&
(
msg_number
==
SSH_MSG_KEXSRP_INIT
)
&&
(
(
name
=
parse_string_copy
(
&
buffer
)
))
&&
parse_bignum
(
&
buffer
,
self
->
e
)
/* FIXME: Pass a more restrictive limit to parse_bignum. */
&&
parse_bignum
(
&
buffer
,
self
->
e
,
0
)
&&
(
mpz_cmp_ui
(
self
->
e
,
1
)
>
0
)
&&
GROUP_RANGE
(
self
->
method
->
G
,
self
->
e
)
&&
parse_eod
(
&
buffer
)
)
...
...
@@ -279,7 +281,8 @@ srp_process_reply_msg(struct dh_instance *dh, struct lsh_string *packet)
if
(
parse_uint8
(
&
buffer
,
&
msg_number
)
&&
(
msg_number
==
SSH_MSG_KEXSRP_REPLY
)
&&
(
(
salt
=
parse_string_copy
(
&
buffer
)
))
&&
parse_bignum
(
&
buffer
,
dh
->
f
)
/* FIXME: Pass a more restrictive limit to parse_bignum. */
&&
parse_bignum
(
&
buffer
,
dh
->
f
,
0
)
&&
(
mpz_cmp_ui
(
dh
->
f
,
1
)
>
0
)
&&
GROUP_RANGE
(
dh
->
method
->
G
,
dh
->
f
)
&&
parse_eod
(
&
buffer
))
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment