summaryrefslogtreecommitdiff
path: root/usr.bin/ssh
diff options
context:
space:
mode:
authorDamien Miller <djm@cvs.openbsd.org>2005-06-17 02:44:34 +0000
committerDamien Miller <djm@cvs.openbsd.org>2005-06-17 02:44:34 +0000
commitb5216077cb730c6b79d1055d1def970e752dbe34 (patch)
treef4f04edbda8b821a170db1a0fc39692ec8bfe1f7 /usr.bin/ssh
parent8fe5283bfe2d882aca8af010f5157ba3a42e114d (diff)
make this -Wsign-compare clean; ok avsm@ markus@
Diffstat (limited to 'usr.bin/ssh')
-rw-r--r--usr.bin/ssh/auth-rsa.c6
-rw-r--r--usr.bin/ssh/auth.c4
-rw-r--r--usr.bin/ssh/auth1.c7
-rw-r--r--usr.bin/ssh/auth2-chall.c9
-rw-r--r--usr.bin/ssh/auth2-gss.c4
-rw-r--r--usr.bin/ssh/authfd.c9
-rw-r--r--usr.bin/ssh/authfile.c16
-rw-r--r--usr.bin/ssh/bufaux.c4
-rw-r--r--usr.bin/ssh/canohost.c5
-rw-r--r--usr.bin/ssh/channels.c9
-rw-r--r--usr.bin/ssh/cipher.c8
-rw-r--r--usr.bin/ssh/clientloop.c11
-rw-r--r--usr.bin/ssh/dns.c8
-rw-r--r--usr.bin/ssh/gss-serv.c4
-rw-r--r--usr.bin/ssh/kex.c33
-rw-r--r--usr.bin/ssh/kex.h8
-rw-r--r--usr.bin/ssh/key.c4
-rw-r--r--usr.bin/ssh/mac.c11
-rw-r--r--usr.bin/ssh/match.c4
-rw-r--r--usr.bin/ssh/misc.c13
-rw-r--r--usr.bin/ssh/packet.c8
-rw-r--r--usr.bin/ssh/packet.h4
-rw-r--r--usr.bin/ssh/scp.c10
-rw-r--r--usr.bin/ssh/servconf.c7
-rw-r--r--usr.bin/ssh/session.c6
-rw-r--r--usr.bin/ssh/session.h4
-rw-r--r--usr.bin/ssh/sftp-client.c10
-rw-r--r--usr.bin/ssh/sftp-server.c12
-rw-r--r--usr.bin/ssh/sftp.c13
-rw-r--r--usr.bin/ssh/ssh-keyscan.c12
-rw-r--r--usr.bin/ssh/ssh-rsa.c4
-rw-r--r--usr.bin/ssh/sshconnect.c5
-rw-r--r--usr.bin/ssh/sshconnect1.c4
-rw-r--r--usr.bin/ssh/sshconnect2.c7
-rw-r--r--usr.bin/ssh/sshd.c7
35 files changed, 154 insertions, 136 deletions
diff --git a/usr.bin/ssh/auth-rsa.c b/usr.bin/ssh/auth-rsa.c
index 4378008d361..d9c9652dc71 100644
--- a/usr.bin/ssh/auth-rsa.c
+++ b/usr.bin/ssh/auth-rsa.c
@@ -14,7 +14,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth-rsa.c,v 1.62 2004/12/11 01:48:56 dtucker Exp $");
+RCSID("$OpenBSD: auth-rsa.c,v 1.63 2005/06/17 02:44:32 djm Exp $");
#include <openssl/rsa.h>
#include <openssl/md5.h>
@@ -205,6 +205,7 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
char *cp;
char *key_options;
+ int keybits;
/* Skip leading whitespace, empty and comment lines. */
for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
@@ -243,7 +244,8 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
continue;
/* check the real bits */
- if (bits != BN_num_bits(key->rsa->n))
+ keybits = BN_num_bits(key->rsa->n);
+ if (keybits < 0 || bits != (u_int)keybits)
logit("Warning: %s, line %lu: keysize mismatch: "
"actual %d vs. announced %d.",
file, linenum, BN_num_bits(key->rsa->n), bits);
diff --git a/usr.bin/ssh/auth.c b/usr.bin/ssh/auth.c
index 67009a42be7..f610f1e30d9 100644
--- a/usr.bin/ssh/auth.c
+++ b/usr.bin/ssh/auth.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth.c,v 1.59 2005/06/06 11:20:36 djm Exp $");
+RCSID("$OpenBSD: auth.c,v 1.60 2005/06/17 02:44:32 djm Exp $");
#include <libgen.h>
@@ -64,7 +64,7 @@ allowed_user(struct passwd * pw)
struct stat st;
const char *hostname = NULL, *ipaddr = NULL;
char *shell;
- int i;
+ u_int i;
/* Shouldn't be called if pw is NULL, but better safe than sorry... */
if (!pw || !pw->pw_name)
diff --git a/usr.bin/ssh/auth1.c b/usr.bin/ssh/auth1.c
index 0e1f067cedf..41433ef70d6 100644
--- a/usr.bin/ssh/auth1.c
+++ b/usr.bin/ssh/auth1.c
@@ -10,7 +10,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth1.c,v 1.60 2005/05/20 12:57:01 djm Exp $");
+RCSID("$OpenBSD: auth1.c,v 1.61 2005/06/17 02:44:32 djm Exp $");
#include "xmalloc.h"
#include "rsa.h"
@@ -136,7 +136,7 @@ auth1_process_rsa(Authctxt *authctxt, char *info, size_t infolen)
static int
auth1_process_rhosts_rsa(Authctxt *authctxt, char *info, size_t infolen)
{
- int authenticated = 0;
+ int keybits, authenticated = 0;
u_int bits;
char *client_user;
Key *client_host_key;
@@ -155,7 +155,8 @@ auth1_process_rhosts_rsa(Authctxt *authctxt, char *info, size_t infolen)
packet_get_bignum(client_host_key->rsa->e);
packet_get_bignum(client_host_key->rsa->n);
- if (bits != BN_num_bits(client_host_key->rsa->n)) {
+ keybits = BN_num_bits(client_host_key->rsa->n);
+ if (keybits < 0 || bits != (u_int)keybits) {
verbose("Warning: keysize mismatch for client_host_key: "
"actual %d, announced %d",
BN_num_bits(client_host_key->rsa->n), bits);
diff --git a/usr.bin/ssh/auth2-chall.c b/usr.bin/ssh/auth2-chall.c
index 2dfc139f768..5588e28747c 100644
--- a/usr.bin/ssh/auth2-chall.c
+++ b/usr.bin/ssh/auth2-chall.c
@@ -23,7 +23,7 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
-RCSID("$OpenBSD: auth2-chall.c,v 1.22 2005/01/19 13:11:47 dtucker Exp $");
+RCSID("$OpenBSD: auth2-chall.c,v 1.23 2005/06/17 02:44:32 djm Exp $");
#include "ssh2.h"
#include "auth.h"
@@ -209,8 +209,7 @@ send_userauth_info_request(Authctxt *authctxt)
{
KbdintAuthctxt *kbdintctxt;
char *name, *instr, **prompts;
- int i;
- u_int *echo_on;
+ u_int i, *echo_on;
kbdintctxt = authctxt->kbdintctxt;
if (kbdintctxt->device->query(kbdintctxt->ctxt,
@@ -243,8 +242,8 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
{
Authctxt *authctxt = ctxt;
KbdintAuthctxt *kbdintctxt;
- int i, authenticated = 0, res, len;
- u_int nresp;
+ int authenticated = 0, res, len;
+ u_int i, nresp;
char **response = NULL, *method;
if (authctxt == NULL)
diff --git a/usr.bin/ssh/auth2-gss.c b/usr.bin/ssh/auth2-gss.c
index 3289ba18eed..855b61b4e19 100644
--- a/usr.bin/ssh/auth2-gss.c
+++ b/usr.bin/ssh/auth2-gss.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-gss.c,v 1.8 2004/06/21 17:36:31 avsm Exp $ */
+/* $OpenBSD: auth2-gss.c,v 1.9 2005/06/17 02:44:32 djm Exp $ */
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -61,7 +61,7 @@ userauth_gssapi(Authctxt *authctxt)
int present;
OM_uint32 ms;
u_int len;
- char *doid = NULL;
+ u_char *doid = NULL;
if (!authctxt->valid || authctxt->user == NULL)
return (0);
diff --git a/usr.bin/ssh/authfd.c b/usr.bin/ssh/authfd.c
index 9ce5b5ea8a9..8976616b4ff 100644
--- a/usr.bin/ssh/authfd.c
+++ b/usr.bin/ssh/authfd.c
@@ -35,7 +35,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: authfd.c,v 1.65 2005/05/24 17:32:43 avsm Exp $");
+RCSID("$OpenBSD: authfd.c,v 1.66 2005/06/17 02:44:32 djm Exp $");
#include <openssl/evp.h>
@@ -114,8 +114,7 @@ ssh_get_authentication_socket(void)
static int
ssh_request_reply(AuthenticationConnection *auth, Buffer *request, Buffer *reply)
{
- int l;
- u_int len;
+ u_int l, len;
char buf[1024];
/* Get the length of the message, and format it in the buffer. */
@@ -302,6 +301,7 @@ ssh_get_first_identity(AuthenticationConnection *auth, char **comment, int versi
Key *
ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int version)
{
+ int keybits;
u_int bits;
u_char *blob;
u_int blen;
@@ -322,7 +322,8 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio
buffer_get_bignum(&auth->identities, key->rsa->e);
buffer_get_bignum(&auth->identities, key->rsa->n);
*comment = buffer_get_string(&auth->identities, NULL);
- if (bits != BN_num_bits(key->rsa->n))
+ keybits = BN_num_bits(key->rsa->n);
+ if (keybits < 0 || bits != (u_int)keybits)
logit("Warning: identity keysize mismatch: actual %d, announced %u",
BN_num_bits(key->rsa->n), bits);
break;
diff --git a/usr.bin/ssh/authfile.c b/usr.bin/ssh/authfile.c
index fb0fb0dc8fa..3f88b8162a6 100644
--- a/usr.bin/ssh/authfile.c
+++ b/usr.bin/ssh/authfile.c
@@ -36,7 +36,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: authfile.c,v 1.60 2004/12/11 01:48:56 dtucker Exp $");
+RCSID("$OpenBSD: authfile.c,v 1.61 2005/06/17 02:44:32 djm Exp $");
#include <openssl/err.h>
#include <openssl/evp.h>
@@ -52,6 +52,7 @@ RCSID("$OpenBSD: authfile.c,v 1.60 2004/12/11 01:48:56 dtucker Exp $");
#include "authfile.h"
#include "rsa.h"
#include "misc.h"
+#include "atomicio.h"
/* Version identification string for SSH v1 identity files. */
static const char authfile_id_string[] =
@@ -147,8 +148,8 @@ key_save_private_rsa1(Key *key, const char *filename, const char *passphrase,
buffer_free(&encrypted);
return 0;
}
- if (write(fd, buffer_ptr(&encrypted), buffer_len(&encrypted)) !=
- buffer_len(&encrypted)) {
+ if (atomicio(vwrite, fd, buffer_ptr(&encrypted),
+ buffer_len(&encrypted)) != buffer_len(&encrypted)) {
error("write to key file %s failed: %s", filename,
strerror(errno));
buffer_free(&encrypted);
@@ -236,7 +237,7 @@ key_load_public_rsa1(int fd, const char *filename, char **commentp)
Key *pub;
struct stat st;
char *cp;
- int i;
+ u_int i;
size_t len;
if (fstat(fd, &st) < 0) {
@@ -253,7 +254,7 @@ key_load_public_rsa1(int fd, const char *filename, char **commentp)
buffer_init(&buffer);
cp = buffer_append_space(&buffer, len);
- if (read(fd, cp, (size_t) len) != (size_t) len) {
+ if (atomicio(read, fd, cp, len) != len) {
debug("Read from key file %.200s failed: %.100s", filename,
strerror(errno));
buffer_free(&buffer);
@@ -322,7 +323,8 @@ static Key *
key_load_private_rsa1(int fd, const char *filename, const char *passphrase,
char **commentp)
{
- int i, check1, check2, cipher_type;
+ u_int i;
+ int check1, check2, cipher_type;
size_t len;
Buffer buffer, decrypted;
u_char *cp;
@@ -347,7 +349,7 @@ key_load_private_rsa1(int fd, const char *filename, const char *passphrase,
buffer_init(&buffer);
cp = buffer_append_space(&buffer, len);
- if (read(fd, cp, (size_t) len) != (size_t) len) {
+ if (atomicio(read, fd, cp, len) != len) {
debug("Read from key file %.200s failed: %.100s", filename,
strerror(errno));
buffer_free(&buffer);
diff --git a/usr.bin/ssh/bufaux.c b/usr.bin/ssh/bufaux.c
index 5dbf2b770a8..8d096a05638 100644
--- a/usr.bin/ssh/bufaux.c
+++ b/usr.bin/ssh/bufaux.c
@@ -37,7 +37,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: bufaux.c,v 1.35 2005/03/10 22:01:05 deraadt Exp $");
+RCSID("$OpenBSD: bufaux.c,v 1.36 2005/06/17 02:44:32 djm Exp $");
#include <openssl/bn.h>
#include "bufaux.h"
@@ -154,7 +154,7 @@ buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value)
buf[0] = 0x00;
/* Get the value of in binary */
oi = BN_bn2bin(value, buf+1);
- if (oi != bytes-1) {
+ if (oi < 0 || (u_int)oi != bytes - 1) {
error("buffer_put_bignum2_ret: BN_bn2bin() failed: "
"oi %d != bin_size %d", oi, bytes);
xfree(buf);
diff --git a/usr.bin/ssh/canohost.c b/usr.bin/ssh/canohost.c
index 630a1ace7c2..e81e048be09 100644
--- a/usr.bin/ssh/canohost.c
+++ b/usr.bin/ssh/canohost.c
@@ -12,7 +12,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: canohost.c,v 1.43 2005/06/16 08:00:00 markus Exp $");
+RCSID("$OpenBSD: canohost.c,v 1.44 2005/06/17 02:44:32 djm Exp $");
#include "packet.h"
#include "xmalloc.h"
@@ -137,7 +137,8 @@ check_ip_options(int sock, char *ipaddr)
u_char options[200];
char text[sizeof(options) * 3 + 1];
socklen_t option_size;
- int i, ipproto;
+ u_int i;
+ int ipproto;
struct protoent *ip;
if ((ip = getprotobyname("ip")) != NULL)
diff --git a/usr.bin/ssh/channels.c b/usr.bin/ssh/channels.c
index 6ff0043e41e..691f1469386 100644
--- a/usr.bin/ssh/channels.c
+++ b/usr.bin/ssh/channels.c
@@ -39,7 +39,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: channels.c,v 1.216 2005/06/16 08:00:00 markus Exp $");
+RCSID("$OpenBSD: channels.c,v 1.217 2005/06/17 02:44:32 djm Exp $");
#include "ssh.h"
#include "ssh1.h"
@@ -893,7 +893,7 @@ static int
channel_decode_socks4(Channel *c, fd_set * readset, fd_set * writeset)
{
char *p, *host;
- int len, have, i, found;
+ u_int len, have, i, found;
char username[256];
struct {
u_int8_t version;
@@ -978,7 +978,7 @@ channel_decode_socks5(Channel *c, fd_set * readset, fd_set * writeset)
} s5_req, s5_rsp;
u_int16_t dest_port;
u_char *p, dest_addr[255+1];
- int i, have, found, nmethods, addrlen, af;
+ u_int have, i, found, nmethods, addrlen, af;
debug2("channel %d: decode socks5", c->self);
p = buffer_ptr(&c->input);
@@ -1074,7 +1074,8 @@ static void
channel_pre_dynamic(Channel *c, fd_set * readset, fd_set * writeset)
{
u_char *p;
- int have, ret;
+ u_int have;
+ int ret;
have = buffer_len(&c->input);
c->delayed = 0;
diff --git a/usr.bin/ssh/cipher.c b/usr.bin/ssh/cipher.c
index 18e14774834..e8244752a8e 100644
--- a/usr.bin/ssh/cipher.c
+++ b/usr.bin/ssh/cipher.c
@@ -35,7 +35,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: cipher.c,v 1.75 2005/06/09 13:43:49 dtucker Exp $");
+RCSID("$OpenBSD: cipher.c,v 1.76 2005/06/17 02:44:32 djm Exp $");
#include "xmalloc.h"
#include "log.h"
@@ -221,7 +221,7 @@ cipher_init(CipherContext *cc, Cipher *cipher,
fatal("cipher_init: EVP_CipherInit failed for %s",
cipher->name);
klen = EVP_CIPHER_CTX_key_length(&cc->evp);
- if (klen > 0 && keylen != klen) {
+ if (klen > 0 && keylen != (u_int)klen) {
debug2("cipher_init: set keylen (%d -> %d)", klen, keylen);
if (EVP_CIPHER_CTX_set_key_length(&cc->evp, keylen) == 0)
fatal("cipher_init: set keylen failed (%d -> %d)",
@@ -311,9 +311,9 @@ cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len)
case SSH_CIPHER_DES:
case SSH_CIPHER_BLOWFISH:
evplen = EVP_CIPHER_CTX_iv_length(&cc->evp);
- if (evplen == 0)
+ if (evplen <= 0)
return;
- if (evplen != len)
+ if ((u_int)evplen != len)
fatal("%s: wrong iv length %d != %d", __func__,
evplen, len);
if (c->evptype == evp_aes_128_ctr)
diff --git a/usr.bin/ssh/clientloop.c b/usr.bin/ssh/clientloop.c
index ee36cc9e52c..a030cf6e4a7 100644
--- a/usr.bin/ssh/clientloop.c
+++ b/usr.bin/ssh/clientloop.c
@@ -59,7 +59,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: clientloop.c,v 1.138 2005/06/16 03:38:36 djm Exp $");
+RCSID("$OpenBSD: clientloop.c,v 1.139 2005/06/17 02:44:32 djm Exp $");
#include "ssh.h"
#include "ssh1.h"
@@ -659,12 +659,12 @@ client_process_control(fd_set * readset)
{
Buffer m;
Channel *c;
- int client_fd, new_fd[3], ver, i, allowed;
+ int client_fd, new_fd[3], ver, allowed;
socklen_t addrlen;
struct sockaddr_storage addr;
struct confirm_ctx *cctx;
char *cmd;
- u_int len, env_len, command, flags;
+ u_int i, len, env_len, command, flags;
uid_t euid;
gid_t egid;
@@ -971,7 +971,10 @@ process_escapes(Buffer *bin, Buffer *bout, Buffer *berr, char *buf, int len)
u_char ch;
char *s;
- for (i = 0; i < len; i++) {
+ if (len <= 0)
+ return (0);
+
+ for (i = 0; i < (u_int)len; i++) {
/* Get one character at a time. */
ch = buf[i];
diff --git a/usr.bin/ssh/dns.c b/usr.bin/ssh/dns.c
index 5a964bc7fac..4487c1abaf2 100644
--- a/usr.bin/ssh/dns.c
+++ b/usr.bin/ssh/dns.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dns.c,v 1.11 2005/04/20 10:05:45 jakob Exp $ */
+/* $OpenBSD: dns.c,v 1.12 2005/06/17 02:44:32 djm Exp $ */
/*
* Copyright (c) 2003 Wesley Griffin. All rights reserved.
@@ -43,7 +43,7 @@
#include "uuencode.h"
extern char *__progname;
-RCSID("$OpenBSD: dns.c,v 1.11 2005/04/20 10:05:45 jakob Exp $");
+RCSID("$OpenBSD: dns.c,v 1.12 2005/06/17 02:44:32 djm Exp $");
#ifndef LWRES
static const char *errset_text[] = {
@@ -171,7 +171,7 @@ int
verify_host_key_dns(const char *hostname, struct sockaddr *address,
const Key *hostkey, int *flags)
{
- int counter;
+ u_int counter;
int result;
struct rrsetinfo *fingerprints = NULL;
@@ -274,7 +274,7 @@ export_dns_rr(const char *hostname, const Key *key, FILE *f, int generic)
u_char *rdata_digest;
u_int rdata_digest_len;
- int i;
+ u_int i;
int success = 0;
if (dns_read_key(&rdata_pubkey_algorithm, &rdata_digest_type,
diff --git a/usr.bin/ssh/gss-serv.c b/usr.bin/ssh/gss-serv.c
index de32a3f2ea0..e1b843f01cd 100644
--- a/usr.bin/ssh/gss-serv.c
+++ b/usr.bin/ssh/gss-serv.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: gss-serv.c,v 1.5 2003/11/17 11:06:07 markus Exp $ */
+/* $OpenBSD: gss-serv.c,v 1.6 2005/06/17 02:44:32 djm Exp $ */
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -134,7 +134,7 @@ ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *recv_tok,
static OM_uint32
ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name)
{
- char *tok;
+ u_char *tok;
OM_uint32 offset;
OM_uint32 oidl;
diff --git a/usr.bin/ssh/kex.c b/usr.bin/ssh/kex.c
index a668346c393..8736aa28653 100644
--- a/usr.bin/ssh/kex.c
+++ b/usr.bin/ssh/kex.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: kex.c,v 1.60 2004/06/21 17:36:31 avsm Exp $");
+RCSID("$OpenBSD: kex.c,v 1.61 2005/06/17 02:44:32 djm Exp $");
#include <openssl/crypto.h>
@@ -52,7 +52,7 @@ static void kex_choose_conf(Kex *);
static void
kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX])
{
- int i;
+ u_int i;
buffer_clear(b);
/*
@@ -101,7 +101,7 @@ kex_buf2prop(Buffer *raw, int *first_kex_follows)
static void
kex_prop_free(char **proposal)
{
- int i;
+ u_int i;
for (i = 0; i < PROPOSAL_MAX; i++)
xfree(proposal[i]);
@@ -150,7 +150,7 @@ kex_send_kexinit(Kex *kex)
{
u_int32_t rnd = 0;
u_char *cookie;
- int i;
+ u_int i;
if (kex == NULL) {
error("kex_send_kexinit: no kex, cannot rekey");
@@ -183,8 +183,7 @@ void
kex_input_kexinit(int type, u_int32_t seq, void *ctxt)
{
char *ptr;
- int dlen;
- int i;
+ u_int i, dlen;
Kex *kex = (Kex *)ctxt;
debug("SSH2_MSG_KEXINIT received");
@@ -343,9 +342,7 @@ kex_choose_conf(Kex *kex)
char **my, **peer;
char **cprop, **sprop;
int nenc, nmac, ncomp;
- int mode;
- int ctos; /* direction: if true client-to-server */
- int need;
+ u_int mode, ctos, need;
int first_kex_follows, type;
my = kex_buf2prop(&kex->my, NULL);
@@ -405,15 +402,19 @@ kex_choose_conf(Kex *kex)
}
static u_char *
-derive_key(Kex *kex, int id, int need, u_char *hash, BIGNUM *shared_secret)
+derive_key(Kex *kex, int id, u_int need, u_char *hash, BIGNUM *shared_secret)
{
Buffer b;
const EVP_MD *evp_md = EVP_sha1();
EVP_MD_CTX md;
char c = id;
- int have;
+ u_int have;
int mdsz = EVP_MD_size(evp_md);
- u_char *digest = xmalloc(roundup(need, mdsz));
+ u_char *digest;
+
+ if (mdsz < 0)
+ fatal("derive_key: mdsz < 0");
+ digest = xmalloc(roundup(need, mdsz));
buffer_init(&b);
buffer_put_bignum2(&b, shared_secret);
@@ -455,7 +456,7 @@ void
kex_derive_keys(Kex *kex, u_char *hash, BIGNUM *shared_secret)
{
u_char *keys[NKEYS];
- int i, mode, ctos;
+ u_int i, mode, ctos;
for (i = 0; i < NKEYS; i++)
keys[i] = derive_key(kex, 'A'+i, kex->we_need, hash, shared_secret);
@@ -493,13 +494,13 @@ derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus,
EVP_DigestInit(&md, evp_md);
len = BN_num_bytes(host_modulus);
- if (len < (512 / 8) || len > sizeof(nbuf))
+ if (len < (512 / 8) || (u_int)len > sizeof(nbuf))
fatal("%s: bad host modulus (len %d)", __func__, len);
BN_bn2bin(host_modulus, nbuf);
EVP_DigestUpdate(&md, nbuf, len);
len = BN_num_bytes(server_modulus);
- if (len < (512 / 8) || len > sizeof(nbuf))
+ if (len < (512 / 8) || (u_int)len > sizeof(nbuf))
fatal("%s: bad server modulus (len %d)", __func__, len);
BN_bn2bin(server_modulus, nbuf);
EVP_DigestUpdate(&md, nbuf, len);
@@ -518,7 +519,7 @@ derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus,
void
dump_digest(char *msg, u_char *digest, int len)
{
- int i;
+ u_int i;
fprintf(stderr, "%s\n", msg);
for (i = 0; i< len; i++) {
diff --git a/usr.bin/ssh/kex.h b/usr.bin/ssh/kex.h
index d9e9d6522f5..059d83cd549 100644
--- a/usr.bin/ssh/kex.h
+++ b/usr.bin/ssh/kex.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.h,v 1.35 2004/06/13 12:53:24 djm Exp $ */
+/* $OpenBSD: kex.h,v 1.36 2005/06/17 02:44:32 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -83,9 +83,9 @@ struct Mac {
char *name;
int enabled;
const EVP_MD *md;
- int mac_len;
+ u_int mac_len;
u_char *key;
- int key_len;
+ u_int key_len;
};
struct Comp {
int type;
@@ -101,7 +101,7 @@ struct Kex {
u_char *session_id;
u_int session_id_len;
Newkeys *newkeys[MODE_MAX];
- int we_need;
+ u_int we_need;
int server;
char *name;
int hostkey_type;
diff --git a/usr.bin/ssh/key.c b/usr.bin/ssh/key.c
index e419304641b..08c158b59c1 100644
--- a/usr.bin/ssh/key.c
+++ b/usr.bin/ssh/key.c
@@ -32,7 +32,7 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
-RCSID("$OpenBSD: key.c,v 1.57 2004/10/29 23:57:05 djm Exp $");
+RCSID("$OpenBSD: key.c,v 1.58 2005/06/17 02:44:32 djm Exp $");
#include <openssl/evp.h>
@@ -231,7 +231,7 @@ static char *
key_fingerprint_hex(u_char *dgst_raw, u_int dgst_raw_len)
{
char *retval;
- int i;
+ u_int i;
retval = xmalloc(dgst_raw_len * 3 + 1);
retval[0] = '\0';
diff --git a/usr.bin/ssh/mac.c b/usr.bin/ssh/mac.c
index 097f0b93bf8..2bda5a1b994 100644
--- a/usr.bin/ssh/mac.c
+++ b/usr.bin/ssh/mac.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: mac.c,v 1.6 2003/09/18 13:02:21 miod Exp $");
+RCSID("$OpenBSD: mac.c,v 1.7 2005/06/17 02:44:32 djm Exp $");
#include <openssl/hmac.h>
@@ -51,12 +51,15 @@ struct {
int
mac_init(Mac *mac, char *name)
{
- int i;
+ int i, evp_len;
+
for (i = 0; macs[i].name; i++) {
if (strcmp(name, macs[i].name) == 0) {
if (mac != NULL) {
mac->md = (*macs[i].mdfunc)();
- mac->key_len = mac->mac_len = EVP_MD_size(mac->md);
+ if ((evp_len = EVP_MD_size(mac->md)) <= 0)
+ fatal("mac %s len %d", name, evp_len);
+ mac->key_len = mac->mac_len = (u_int)evp_len;
if (macs[i].truncatebits != 0)
mac->mac_len = macs[i].truncatebits/8;
}
@@ -77,7 +80,7 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen)
if (mac->key == NULL)
fatal("mac_compute: no key");
- if ((u_int)mac->mac_len > sizeof(m))
+ if (mac->mac_len > sizeof(m))
fatal("mac_compute: mac too long");
HMAC_Init(&c, mac->key, mac->key_len, mac->md);
PUT_32BIT(b, seqno);
diff --git a/usr.bin/ssh/match.c b/usr.bin/ssh/match.c
index 3ddb6273027..29fb7dab94e 100644
--- a/usr.bin/ssh/match.c
+++ b/usr.bin/ssh/match.c
@@ -35,7 +35,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: match.c,v 1.19 2002/03/01 13:12:10 markus Exp $");
+RCSID("$OpenBSD: match.c,v 1.20 2005/06/17 02:44:32 djm Exp $");
#include "match.h"
#include "xmalloc.h"
@@ -254,7 +254,7 @@ match_list(const char *client, const char *server, u_int *next)
ret = xstrdup(p);
if (next != NULL)
*next = (cp == NULL) ?
- strlen(c) : cp - c;
+ strlen(c) : (u_int)(cp - c);
xfree(c);
xfree(s);
return ret;
diff --git a/usr.bin/ssh/misc.c b/usr.bin/ssh/misc.c
index dc67f0e352a..3c2943dc71e 100644
--- a/usr.bin/ssh/misc.c
+++ b/usr.bin/ssh/misc.c
@@ -24,7 +24,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: misc.c,v 1.31 2005/06/06 11:20:36 djm Exp $");
+RCSID("$OpenBSD: misc.c,v 1.32 2005/06/17 02:44:32 djm Exp $");
#include "misc.h"
#include "log.h"
@@ -380,7 +380,7 @@ tilde_expand_filename(const char *filename, uid_t uid)
const char *path;
char user[128], ret[MAXPATHLEN];
struct passwd *pw;
- int len;
+ u_int len, slash;
if (*filename != '~')
return (xstrdup(filename));
@@ -388,10 +388,11 @@ tilde_expand_filename(const char *filename, uid_t uid)
path = strchr(filename, '/');
if (path != NULL && path > filename) { /* ~user/path */
- if (path - filename > sizeof(user) - 1)
+ slash = path - filename;
+ if (slash > sizeof(user) - 1)
fatal("tilde_expand_filename: ~username too long");
- memcpy(user, filename, path - filename);
- user[path - filename] = '\0';
+ memcpy(user, filename, slash);
+ user[slash] = '\0';
if ((pw = getpwnam(user)) == NULL)
fatal("tilde_expand_filename: No such user %s", user);
} else if ((pw = getpwuid(uid)) == NULL) /* ~/path */
@@ -429,7 +430,7 @@ percent_expand(const char *string, ...)
const char *key;
const char *repl;
} keys[EXPAND_MAX_KEYS];
- int num_keys, i, j;
+ u_int num_keys, i, j;
char buf[4096];
va_list ap;
diff --git a/usr.bin/ssh/packet.c b/usr.bin/ssh/packet.c
index f0539eae013..516ed10130d 100644
--- a/usr.bin/ssh/packet.c
+++ b/usr.bin/ssh/packet.c
@@ -37,7 +37,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: packet.c,v 1.116 2004/10/20 11:48:53 markus Exp $");
+RCSID("$OpenBSD: packet.c,v 1.117 2005/06/17 02:44:32 djm Exp $");
#include <sys/queue.h>
@@ -987,7 +987,7 @@ packet_read_poll2(u_int32_t *seqnr_p)
static u_int packet_length = 0;
u_int padlen, need;
u_char *macbuf, *cp, type;
- int maclen, block_size;
+ u_int maclen, block_size;
Enc *enc = NULL;
Mac *mac = NULL;
Comp *comp = NULL;
@@ -1224,9 +1224,9 @@ packet_get_bignum2(BIGNUM * value)
}
void *
-packet_get_raw(int *length_ptr)
+packet_get_raw(u_int *length_ptr)
{
- int bytes = buffer_len(&incoming_packet);
+ u_int bytes = buffer_len(&incoming_packet);
if (length_ptr != NULL)
*length_ptr = bytes;
diff --git a/usr.bin/ssh/packet.h b/usr.bin/ssh/packet.h
index 37f82f2f603..1ab6d8572a5 100644
--- a/usr.bin/ssh/packet.h
+++ b/usr.bin/ssh/packet.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.h,v 1.41 2004/05/11 19:01:43 deraadt Exp $ */
+/* $OpenBSD: packet.h,v 1.42 2005/06/17 02:44:33 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -52,7 +52,7 @@ u_int packet_get_char(void);
u_int packet_get_int(void);
void packet_get_bignum(BIGNUM * value);
void packet_get_bignum2(BIGNUM * value);
-void *packet_get_raw(int *length_ptr);
+void *packet_get_raw(u_int *length_ptr);
void *packet_get_string(u_int *length_ptr);
void packet_disconnect(const char *fmt,...) __attribute__((format(printf, 1, 2)));
void packet_send_debug(const char *fmt,...) __attribute__((format(printf, 1, 2)));
diff --git a/usr.bin/ssh/scp.c b/usr.bin/ssh/scp.c
index dade3a2b2b1..c0aa0388ccf 100644
--- a/usr.bin/ssh/scp.c
+++ b/usr.bin/ssh/scp.c
@@ -71,7 +71,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: scp.c,v 1.123 2005/05/26 02:08:05 avsm Exp $");
+RCSID("$OpenBSD: scp.c,v 1.124 2005/06/17 02:44:33 djm Exp $");
#include "xmalloc.h"
#include "atomicio.h"
@@ -186,7 +186,7 @@ do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout, int argc)
}
typedef struct {
- int cnt;
+ size_t cnt;
char *buf;
} BUF;
@@ -719,8 +719,8 @@ sink(int argc, char **argv)
} wrerr;
BUF *bp;
off_t i;
- size_t j;
- int amt, count, exists, first, mask, mode, ofd, omode;
+ size_t j, count;
+ int amt, exists, first, mask, mode, ofd, omode;
off_t size, statbytes;
int setimes, targisdir, wrerrno = 0;
char ch, *cp, *np, *targ, *why, *vect[1], buf[2048];
@@ -828,7 +828,7 @@ sink(int argc, char **argv)
}
if (targisdir) {
static char *namebuf;
- static int cursize;
+ static size_t cursize;
size_t need;
need = strlen(targ) + strlen(cp) + 250;
diff --git a/usr.bin/ssh/servconf.c b/usr.bin/ssh/servconf.c
index 1a8b8d10aba..f987aebc7ac 100644
--- a/usr.bin/ssh/servconf.c
+++ b/usr.bin/ssh/servconf.c
@@ -10,7 +10,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: servconf.c,v 1.141 2005/05/16 15:30:51 markus Exp $");
+RCSID("$OpenBSD: servconf.c,v 1.142 2005/06/17 02:44:33 djm Exp $");
#include "ssh.h"
#include "log.h"
@@ -363,7 +363,7 @@ parse_token(const char *cp, const char *filename,
static void
add_listen_addr(ServerOptions *options, char *addr, u_short port)
{
- int i;
+ u_int i;
if (options->num_ports == 0)
options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
@@ -403,9 +403,10 @@ process_server_config_line(ServerOptions *options, char *line,
const char *filename, int linenum)
{
char *cp, **charptr, *arg, *p;
- int *intptr, value, i, n;
+ int *intptr, value, n;
ServerOpCodes opcode;
u_short port;
+ u_int i;
cp = line;
arg = strdelim(&cp);
diff --git a/usr.bin/ssh/session.c b/usr.bin/ssh/session.c
index 00a1e794660..6c923bf6069 100644
--- a/usr.bin/ssh/session.c
+++ b/usr.bin/ssh/session.c
@@ -33,7 +33,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.181 2004/12/23 17:35:48 markus Exp $");
+RCSID("$OpenBSD: session.c,v 1.182 2005/06/17 02:44:33 djm Exp $");
#include "ssh.h"
#include "ssh1.h"
@@ -1444,7 +1444,7 @@ session_subsystem_req(Session *s)
u_int len;
int success = 0;
char *cmd, *subsys = packet_get_string(&len);
- int i;
+ u_int i;
packet_check_eom();
logit("subsystem request for %.100s", subsys);
@@ -1746,7 +1746,7 @@ session_exit_message(Session *s, int status)
void
session_close(Session *s)
{
- int i;
+ u_int i;
debug("session_close: session %d pid %ld", s->self, (long)s->pid);
if (s->ttyfd != -1)
diff --git a/usr.bin/ssh/session.h b/usr.bin/ssh/session.h
index 48be5070c85..92bd1657339 100644
--- a/usr.bin/ssh/session.h
+++ b/usr.bin/ssh/session.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: session.h,v 1.23 2004/07/17 05:31:41 dtucker Exp $ */
+/* $OpenBSD: session.h,v 1.24 2005/06/17 02:44:33 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -50,7 +50,7 @@ struct Session {
/* proto 2 */
int chanid;
int is_subsystem;
- int num_env;
+ u_int num_env;
struct {
char *name;
char *val;
diff --git a/usr.bin/ssh/sftp-client.c b/usr.bin/ssh/sftp-client.c
index 2aa1d59c5a1..9daf3917adb 100644
--- a/usr.bin/ssh/sftp-client.c
+++ b/usr.bin/ssh/sftp-client.c
@@ -20,7 +20,7 @@
/* XXX: copy between two remote sites */
#include "includes.h"
-RCSID("$OpenBSD: sftp-client.c,v 1.54 2005/05/24 17:32:44 avsm Exp $");
+RCSID("$OpenBSD: sftp-client.c,v 1.55 2005/06/17 02:44:33 djm Exp $");
#include <sys/queue.h>
@@ -311,7 +311,7 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag,
SFTP_DIRENT ***dir)
{
Buffer msg;
- u_int type, id, handle_len, i, expected_id, ents = 0;
+ u_int count, type, id, handle_len, i, expected_id, ents = 0;
char *handle;
id = conn->msg_id++;
@@ -335,8 +335,6 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag,
}
for (; !interrupted;) {
- int count;
-
id = expected_id = conn->msg_id++;
debug3("Sending SSH2_FXP_READDIR I:%u", id);
@@ -744,10 +742,10 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
Attrib junk, *a;
Buffer msg;
char *handle;
- int local_fd, status, num_req, max_req, write_error;
+ int local_fd, status, write_error;
int read_error, write_errno;
u_int64_t offset, size;
- u_int handle_len, mode, type, id, buflen;
+ u_int handle_len, mode, type, id, buflen, num_req, max_req;
off_t progress_counter;
struct request {
u_int id;
diff --git a/usr.bin/ssh/sftp-server.c b/usr.bin/ssh/sftp-server.c
index a660bef98cb..45a19f8fe77 100644
--- a/usr.bin/ssh/sftp-server.c
+++ b/usr.bin/ssh/sftp-server.c
@@ -14,7 +14,7 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "includes.h"
-RCSID("$OpenBSD: sftp-server.c,v 1.47 2004/06/25 05:38:48 dtucker Exp $");
+RCSID("$OpenBSD: sftp-server.c,v 1.48 2005/06/17 02:44:33 djm Exp $");
#include "buffer.h"
#include "bufaux.h"
@@ -128,7 +128,7 @@ Handle handles[100];
static void
handle_init(void)
{
- int i;
+ u_int i;
for (i = 0; i < sizeof(handles)/sizeof(Handle); i++)
handles[i].use = HANDLE_UNUSED;
@@ -137,7 +137,7 @@ handle_init(void)
static int
handle_new(int use, const char *name, int fd, DIR *dirp)
{
- int i;
+ u_int i;
for (i = 0; i < sizeof(handles)/sizeof(Handle); i++) {
if (handles[i].use == HANDLE_UNUSED) {
@@ -154,7 +154,7 @@ handle_new(int use, const char *name, int fd, DIR *dirp)
static int
handle_is_ok(int i, int type)
{
- return i >= 0 && i < sizeof(handles)/sizeof(Handle) &&
+ return i >= 0 && (u_int)i < sizeof(handles)/sizeof(Handle) &&
handles[i].use == type;
}
@@ -475,10 +475,10 @@ process_write(void)
} else {
/* XXX ATOMICIO ? */
ret = write(fd, data, len);
- if (ret == -1) {
+ if (ret < 0) {
error("process_write: write failed");
status = errno_to_portable(errno);
- } else if (ret == len) {
+ } else if ((size_t)ret == len) {
status = SSH2_FX_OK;
} else {
logit("nothing at all written");
diff --git a/usr.bin/ssh/sftp.c b/usr.bin/ssh/sftp.c
index 2fdb05f8fcb..461d57cce95 100644
--- a/usr.bin/ssh/sftp.c
+++ b/usr.bin/ssh/sftp.c
@@ -16,7 +16,7 @@
#include "includes.h"
-RCSID("$OpenBSD: sftp.c,v 1.63 2005/03/10 22:01:05 deraadt Exp $");
+RCSID("$OpenBSD: sftp.c,v 1.64 2005/06/17 02:44:33 djm Exp $");
#include <glob.h>
#include <histedit.h>
@@ -399,7 +399,7 @@ get_pathname(const char **cpp, char **path)
{
const char *cp = *cpp, *end;
char quot;
- int i, j;
+ u_int i, j;
cp += strspn(cp, WHITESPACE);
if (!*cp) {
@@ -659,14 +659,15 @@ sdirent_comp(const void *aa, const void *bb)
static int
do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag)
{
- int n, c = 1, colspace = 0, columns = 1;
+ int n;
+ u_int c = 1, colspace = 0, columns = 1;
SFTP_DIRENT **d;
if ((n = do_readdir(conn, path, &d)) != 0)
return (n);
if (!(lflag & LS_SHORT_VIEW)) {
- int m = 0, width = 80;
+ u_int m = 0, width = 80;
struct winsize ws;
char *tmp;
@@ -742,7 +743,7 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path,
int lflag)
{
glob_t g;
- int i, c = 1, colspace = 0, columns = 1;
+ u_int i, c = 1, colspace = 0, columns = 1;
Attrib *a = NULL;
memset(&g, 0, sizeof(g));
@@ -778,7 +779,7 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path,
}
if (!(lflag & LS_SHORT_VIEW)) {
- int m = 0, width = 80;
+ u_int m = 0, width = 80;
struct winsize ws;
/* Count entries for sort and find longest filename */
diff --git a/usr.bin/ssh/ssh-keyscan.c b/usr.bin/ssh/ssh-keyscan.c
index 6dcc4a52483..5e2377c0a69 100644
--- a/usr.bin/ssh/ssh-keyscan.c
+++ b/usr.bin/ssh/ssh-keyscan.c
@@ -7,7 +7,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-keyscan.c,v 1.54 2005/05/24 17:32:44 avsm Exp $");
+RCSID("$OpenBSD: ssh-keyscan.c,v 1.55 2005/06/17 02:44:33 djm Exp $");
#include <sys/queue.h>
#include <errno.h>
@@ -167,7 +167,7 @@ Linebuf_lineno(Linebuf * lb)
static char *
Linebuf_getline(Linebuf * lb)
{
- int n = 0;
+ size_t n = 0;
void *p;
lb->lineno++;
@@ -484,10 +484,10 @@ conrecycle(int s)
static void
congreet(int s)
{
- int remote_major = 0, remote_minor = 0;
+ int n = 0, remote_major = 0, remote_minor = 0;
char buf[256], *cp;
char remote_version[sizeof buf];
- size_t bufsiz, n = 0;
+ size_t bufsiz;
con *c = &fdcon[s];
bufsiz = sizeof(buf);
@@ -537,12 +537,12 @@ congreet(int s)
n = snprintf(buf, sizeof buf, "SSH-%d.%d-OpenSSH-keyscan\r\n",
c->c_keytype == KT_RSA1? PROTOCOL_MAJOR_1 : PROTOCOL_MAJOR_2,
c->c_keytype == KT_RSA1? PROTOCOL_MINOR_1 : PROTOCOL_MINOR_2);
- if (n == -1 || n >= sizeof buf) {
+ if (n < 0 || (size_t)n >= sizeof(buf)) {
error("snprintf: buffer too small");
confree(s);
return;
}
- if (atomicio(vwrite, s, buf, n) != n) {
+ if (atomicio(vwrite, s, buf, n) != (size_t)n) {
error("write (%s): %s", c->c_name, strerror(errno));
confree(s);
return;
diff --git a/usr.bin/ssh/ssh-rsa.c b/usr.bin/ssh/ssh-rsa.c
index 6e3be0a7ec8..eb422d07e9c 100644
--- a/usr.bin/ssh/ssh-rsa.c
+++ b/usr.bin/ssh/ssh-rsa.c
@@ -14,7 +14,7 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-rsa.c,v 1.31 2003/11/10 16:23:41 jakob Exp $");
+RCSID("$OpenBSD: ssh-rsa.c,v 1.32 2005/06/17 02:44:33 djm Exp $");
#include <openssl/evp.h>
#include <openssl/err.h>
@@ -238,7 +238,7 @@ openssh_RSA_verify(int type, u_char *hash, u_int hashlen,
ERR_error_string(ERR_get_error(), NULL));
goto done;
}
- if (len != hlen + oidlen) {
+ if (len < 0 || (u_int)len != hlen + oidlen) {
error("bad decrypted len: %d != %d + %d", len, hlen, oidlen);
goto done;
}
diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c
index c2fc0940ddc..fac55224bd5 100644
--- a/usr.bin/ssh/sshconnect.c
+++ b/usr.bin/ssh/sshconnect.c
@@ -13,7 +13,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.164 2005/06/06 11:20:36 djm Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.165 2005/06/17 02:44:33 djm Exp $");
#include <openssl/bn.h>
@@ -398,10 +398,11 @@ static void
ssh_exchange_identification(void)
{
char buf[256], remote_version[256]; /* must be same size! */
- int remote_major, remote_minor, i, mismatch;
+ int remote_major, remote_minor, mismatch;
int connection_in = packet_get_connection_in();
int connection_out = packet_get_connection_out();
int minor1 = PROTOCOL_MINOR_1;
+ u_int i;
/* Read other side's version identification. */
for (;;) {
diff --git a/usr.bin/ssh/sshconnect1.c b/usr.bin/ssh/sshconnect1.c
index 6e2e31c0285..bd05723c746 100644
--- a/usr.bin/ssh/sshconnect1.c
+++ b/usr.bin/ssh/sshconnect1.c
@@ -13,7 +13,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect1.c,v 1.60 2004/07/28 09:40:29 markus Exp $");
+RCSID("$OpenBSD: sshconnect1.c,v 1.61 2005/06/17 02:44:33 djm Exp $");
#include <openssl/bn.h>
#include <openssl/md5.h>
@@ -162,7 +162,7 @@ respond_to_rsa_challenge(BIGNUM * challenge, RSA * prv)
/* Compute the response. */
/* The response is MD5 of decrypted challenge plus session id. */
len = BN_num_bytes(challenge);
- if (len <= 0 || len > sizeof(buf))
+ if (len <= 0 || (u_int)len > sizeof(buf))
packet_disconnect(
"respond_to_rsa_challenge: bad challenge length %d", len);
diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c
index b1cad71edb5..ea3f0b4c6a3 100644
--- a/usr.bin/ssh/sshconnect2.c
+++ b/usr.bin/ssh/sshconnect2.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.138 2004/06/13 12:53:24 djm Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.139 2005/06/17 02:44:33 djm Exp $");
#include "ssh.h"
#include "ssh2.h"
@@ -480,7 +480,7 @@ userauth_gssapi(Authctxt *authctxt)
{
Gssctxt *gssctxt = NULL;
static gss_OID_set gss_supported = NULL;
- static int mech = 0;
+ static u_int mech = 0;
OM_uint32 min;
int ok = 0;
@@ -507,7 +507,8 @@ userauth_gssapi(Authctxt *authctxt)
}
}
- if (!ok) return 0;
+ if (!ok)
+ return 0;
authctxt->methoddata=(void *)gssctxt;
diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c
index 9603ab24583..6a454353ccd 100644
--- a/usr.bin/ssh/sshd.c
+++ b/usr.bin/ssh/sshd.c
@@ -42,7 +42,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.310 2005/06/16 08:00:00 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.311 2005/06/17 02:44:33 djm Exp $");
#include <openssl/dh.h>
#include <openssl/bn.h>
@@ -353,7 +353,8 @@ key_regeneration_alarm(int sig)
static void
sshd_exchange_identification(int sock_in, int sock_out)
{
- int i, mismatch;
+ u_int i;
+ int mismatch;
int remote_major, remote_minor;
int major, minor;
char *s;
@@ -1811,7 +1812,7 @@ do_ssh1_kex(void)
if (!rsafail) {
BN_mask_bits(session_key_int, sizeof(session_key) * 8);
len = BN_num_bytes(session_key_int);
- if (len < 0 || len > sizeof(session_key)) {
+ if (len < 0 || (u_int)len > sizeof(session_key)) {
error("do_connection: bad session key len from %s: "
"session_key_int %d > sizeof(session_key) %lu",
get_remote_ipaddr(), len, (u_long)sizeof(session_key));