Commit f2f90c88 authored by Niels Möller's avatar Niels Möller
Browse files

*** empty log message ***

Rev: doc/TODO:1.87
Rev: src/srp_exchange.c:1.8
parent 4aedfd97
...@@ -228,3 +228,8 @@ Should lsh fail if some port forwardings fails? In particular, ...@@ -228,3 +228,8 @@ Should lsh fail if some port forwardings fails? In particular,
is pretty useless if the server doesn't let us bind the remote port. is pretty useless if the server doesn't let us bind the remote port.
Move all dsa-related declarations from publickey_crypto.h and
dsa_keygen.h to dsa.h.
Add reasonable limits to all calls to parse_bignum(), sexp2bignum_u()
and sexp_get_un().
...@@ -75,7 +75,8 @@ make_srp_entry(struct lsh_string *name, struct sexp *e) ...@@ -75,7 +75,8 @@ make_srp_entry(struct lsh_string *name, struct sexp *e)
SEXP_NEXT(i); SEXP_NEXT(i);
if (!sexp2bignum_u(SEXP_GET(i), res->verifier)) /* FIXME: Pass a more restrictive limit to sexp2bignum_u. */
if (!sexp2bignum_u(SEXP_GET(i), res->verifier, 0))
{ {
KILL(res); KILL(res);
return NULL; return NULL;
...@@ -185,7 +186,8 @@ srp_process_init_msg(struct dh_instance *self, struct lsh_string *packet) ...@@ -185,7 +186,8 @@ srp_process_init_msg(struct dh_instance *self, struct lsh_string *packet)
if (parse_uint8(&buffer, &msg_number) if (parse_uint8(&buffer, &msg_number)
&& (msg_number == SSH_MSG_KEXSRP_INIT) && (msg_number == SSH_MSG_KEXSRP_INIT)
&& ( (name = parse_string_copy(&buffer) )) && ( (name = parse_string_copy(&buffer) ))
&& parse_bignum(&buffer, self->e) /* FIXME: Pass a more restrictive limit to parse_bignum. */
&& parse_bignum(&buffer, self->e, 0)
&& (mpz_cmp_ui(self->e, 1) > 0) && (mpz_cmp_ui(self->e, 1) > 0)
&& GROUP_RANGE(self->method->G, self->e) && GROUP_RANGE(self->method->G, self->e)
&& parse_eod(&buffer) ) && parse_eod(&buffer) )
...@@ -279,7 +281,8 @@ srp_process_reply_msg(struct dh_instance *dh, struct lsh_string *packet) ...@@ -279,7 +281,8 @@ srp_process_reply_msg(struct dh_instance *dh, struct lsh_string *packet)
if (parse_uint8(&buffer, &msg_number) if (parse_uint8(&buffer, &msg_number)
&& (msg_number == SSH_MSG_KEXSRP_REPLY) && (msg_number == SSH_MSG_KEXSRP_REPLY)
&& ( (salt = parse_string_copy(&buffer) )) && ( (salt = parse_string_copy(&buffer) ))
&& parse_bignum(&buffer, dh->f) /* FIXME: Pass a more restrictive limit to parse_bignum. */
&& parse_bignum(&buffer, dh->f, 0)
&& (mpz_cmp_ui(dh->f, 1) > 0) && (mpz_cmp_ui(dh->f, 1) > 0)
&& GROUP_RANGE(dh->method->G, dh->f) && GROUP_RANGE(dh->method->G, dh->f)
&& parse_eod(&buffer)) && parse_eod(&buffer))
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment