diff options
author | Darren Tucker <dtucker@cvs.openbsd.org> | 2009-06-21 07:37:16 +0000 |
---|---|---|
committer | Darren Tucker <dtucker@cvs.openbsd.org> | 2009-06-21 07:37:16 +0000 |
commit | 0ece3a26f5b61ec696f3bce4a140970ca45737e4 (patch) | |
tree | 1f5b154aa109b8af08230d8266558ff27bedf82c | |
parent | bd5c7a3cb0c2fa0ed813f4012b31b75be3a10f25 (diff) |
abort if key_sign fails, preventing possible null deref. Based on report
from Paolo Ganci, ok markus@ djm@
-rw-r--r-- | usr.bin/ssh/kexdhs.c | 6 | ||||
-rw-r--r-- | usr.bin/ssh/kexgexs.c | 6 |
2 files changed, 8 insertions, 4 deletions
diff --git a/usr.bin/ssh/kexdhs.c b/usr.bin/ssh/kexdhs.c index 6c810e8308b..d602b417b18 100644 --- a/usr.bin/ssh/kexdhs.c +++ b/usr.bin/ssh/kexdhs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdhs.c,v 1.9 2006/11/06 21:25:28 markus Exp $ */ +/* $OpenBSD: kexdhs.c,v 1.10 2009/06/21 07:37:15 dtucker Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -134,7 +134,9 @@ kexdh_server(Kex *kex) } /* sign H */ - PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, hashlen)); + if (PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, + hashlen)) < 0) + fatal("kexdh_server: key_sign failed"); /* destroy_sensitive_data(); */ diff --git a/usr.bin/ssh/kexgexs.c b/usr.bin/ssh/kexgexs.c index 9263399c4e5..9ac43b88ece 100644 --- a/usr.bin/ssh/kexgexs.c +++ b/usr.bin/ssh/kexgexs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexs.c,v 1.11 2009/01/01 21:17:36 djm Exp $ */ +/* $OpenBSD: kexgexs.c,v 1.12 2009/06/21 07:37:15 dtucker Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -176,7 +176,9 @@ kexgex_server(Kex *kex) } /* sign H */ - PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, hashlen)); + if (PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, + hashlen)) < 0) + fatal("kexgex_server: key_sign failed"); /* destroy_sensitive_data(); */ |