diff options
-rw-r--r-- | usr.bin/ssh/auth-rsa.c | 4 | ||||
-rw-r--r-- | usr.bin/ssh/auth1.c | 16 | ||||
-rw-r--r-- | usr.bin/ssh/auth2-chall.c | 4 | ||||
-rw-r--r-- | usr.bin/ssh/auth2.c | 14 | ||||
-rw-r--r-- | usr.bin/ssh/channels.c | 26 | ||||
-rw-r--r-- | usr.bin/ssh/clientloop.c | 14 | ||||
-rw-r--r-- | usr.bin/ssh/kex.c | 4 | ||||
-rw-r--r-- | usr.bin/ssh/kexdh.c | 4 | ||||
-rw-r--r-- | usr.bin/ssh/kexgex.c | 8 | ||||
-rw-r--r-- | usr.bin/ssh/packet.c | 4 | ||||
-rw-r--r-- | usr.bin/ssh/packet.h | 5 | ||||
-rw-r--r-- | usr.bin/ssh/serverloop.c | 12 | ||||
-rw-r--r-- | usr.bin/ssh/session.c | 26 | ||||
-rw-r--r-- | usr.bin/ssh/ssh.c | 6 | ||||
-rw-r--r-- | usr.bin/ssh/sshconnect1.c | 16 | ||||
-rw-r--r-- | usr.bin/ssh/sshconnect2.c | 10 | ||||
-rw-r--r-- | usr.bin/ssh/sshd.c | 4 |
17 files changed, 89 insertions, 88 deletions
diff --git a/usr.bin/ssh/auth-rsa.c b/usr.bin/ssh/auth-rsa.c index 1d74a79cd86..4403c149082 100644 --- a/usr.bin/ssh/auth-rsa.c +++ b/usr.bin/ssh/auth-rsa.c @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rsa.c,v 1.48 2001/12/27 20:39:58 markus Exp $"); +RCSID("$OpenBSD: auth-rsa.c,v 1.49 2001/12/28 12:14:27 markus Exp $"); #include <openssl/rsa.h> #include <openssl/md5.h> @@ -94,7 +94,7 @@ auth_rsa_challenge_dialog(RSA *pk) packet_read_expect(&plen, SSH_CMSG_AUTH_RSA_RESPONSE); for (i = 0; i < 16; i++) response[i] = packet_get_char(); - packet_done(); + packet_check_eom(); /* The response is MD5 of decrypted challenge plus session id. */ len = BN_num_bytes(challenge); diff --git a/usr.bin/ssh/auth1.c b/usr.bin/ssh/auth1.c index af7ca8e7164..ffa67bc3d0e 100644 --- a/usr.bin/ssh/auth1.c +++ b/usr.bin/ssh/auth1.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth1.c,v 1.31 2001/12/27 20:39:58 markus Exp $"); +RCSID("$OpenBSD: auth1.c,v 1.32 2001/12/28 12:14:27 markus Exp $"); #include "xmalloc.h" #include "rsa.h" @@ -112,7 +112,7 @@ do_authloop(Authctxt *authctxt) verbose("Kerberos authentication disabled."); } else { char *kdata = packet_get_string(&dlen); - packet_done(); + packet_check_eom(); if (kdata[0] == 4) { /* KRB_PROT_VERSION */ #ifdef KRB4 @@ -174,7 +174,7 @@ do_authloop(Authctxt *authctxt) * IP-spoofing on a local network.) */ client_user = packet_get_string(&ulen); - packet_done(); + packet_check_eom(); /* Try to authenticate using /etc/hosts.equiv and .rhosts. */ authenticated = auth_rhosts(pw, client_user); @@ -205,7 +205,7 @@ do_authloop(Authctxt *authctxt) verbose("Warning: keysize mismatch for client_host_key: " "actual %d, announced %d", BN_num_bits(client_host_key->rsa->n), bits); - packet_done(); + packet_check_eom(); authenticated = auth_rhosts_rsa(pw, client_user, client_host_key); @@ -224,7 +224,7 @@ do_authloop(Authctxt *authctxt) if ((n = BN_new()) == NULL) fatal("do_authloop: BN_new failed"); packet_get_bignum(n, &nlen); - packet_done(); + packet_check_eom(); authenticated = auth_rsa(pw, n); BN_clear_free(n); break; @@ -240,7 +240,7 @@ do_authloop(Authctxt *authctxt) * not visible to an outside observer. */ password = packet_get_string(&dlen); - packet_done(); + packet_check_eom(); /* Try authentication with the password. */ authenticated = auth_password(authctxt, password); @@ -269,7 +269,7 @@ do_authloop(Authctxt *authctxt) if (options.challenge_response_authentication == 1) { char *response = packet_get_string(&dlen); debug("got response '%s'", response); - packet_done(); + packet_check_eom(); authenticated = verify_response(authctxt, response); memset(response, 'r', dlen); xfree(response); @@ -332,7 +332,7 @@ do_authentication(void) /* Get the user name. */ user = packet_get_string(&ulen); - packet_done(); + packet_check_eom(); if ((style = strchr(user, ':')) != NULL) *style++ = '\0'; diff --git a/usr.bin/ssh/auth2-chall.c b/usr.bin/ssh/auth2-chall.c index 8679f632ff8..4211b0f6410 100644 --- a/usr.bin/ssh/auth2-chall.c +++ b/usr.bin/ssh/auth2-chall.c @@ -23,7 +23,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: auth2-chall.c,v 1.11 2001/12/20 22:50:24 djm Exp $"); +RCSID("$OpenBSD: auth2-chall.c,v 1.12 2001/12/28 12:14:27 markus Exp $"); #include "ssh2.h" #include "auth.h" @@ -257,7 +257,7 @@ input_userauth_info_response(int type, int plen, u_int32_t seq, void *ctxt) for (i = 0; i < nresp; i++) response[i] = packet_get_string(NULL); } - packet_done(); + packet_check_eom(); if (authctxt->valid) { res = kbdintctxt->device->respond(kbdintctxt->ctxt, diff --git a/usr.bin/ssh/auth2.c b/usr.bin/ssh/auth2.c index 0809d4cebb3..b32b7779ad0 100644 --- a/usr.bin/ssh/auth2.c +++ b/usr.bin/ssh/auth2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2.c,v 1.78 2001/12/20 22:50:24 djm Exp $"); +RCSID("$OpenBSD: auth2.c,v 1.79 2001/12/28 12:14:27 markus Exp $"); #include <openssl/evp.h> @@ -144,7 +144,7 @@ input_service_request(int type, int plen, u_int32_t seq, void *ctxt) u_int len; int accept = 0; char *service = packet_get_string(&len); - packet_done(); + packet_check_eom(); if (authctxt == NULL) fatal("input_service_request: no authctxt"); @@ -308,7 +308,7 @@ userauth_none(Authctxt *authctxt) Authmethod *m = authmethod_lookup("none"); if (m != NULL) m->enabled = NULL; - packet_done(); + packet_check_eom(); userauth_banner(); return authctxt->valid ? auth_password(authctxt, "") : 0; } @@ -324,7 +324,7 @@ userauth_passwd(Authctxt *authctxt) if (change) log("password change not supported"); password = packet_get_string(&len); - packet_done(); + packet_check_eom(); if (authctxt->valid && auth_password(authctxt, password) == 1) authenticated = 1; @@ -341,7 +341,7 @@ userauth_kbdint(Authctxt *authctxt) lang = packet_get_string(NULL); devs = packet_get_string(NULL); - packet_done(); + packet_check_eom(); debug("keyboard-interactive devs %s", devs); @@ -393,7 +393,7 @@ userauth_pubkey(Authctxt *authctxt) if (key != NULL) { if (have_sig) { sig = packet_get_string(&slen); - packet_done(); + packet_check_eom(); buffer_init(&b); if (datafellows & SSH_OLD_SESSIONID) { buffer_append(&b, session_id2, session_id2_len); @@ -426,7 +426,7 @@ userauth_pubkey(Authctxt *authctxt) xfree(sig); } else { debug("test whether pkalg/pkblob are acceptable"); - packet_done(); + packet_check_eom(); /* XXX fake reply and always send PK_OK ? */ /* diff --git a/usr.bin/ssh/channels.c b/usr.bin/ssh/channels.c index cb7d7ef5605..ab239f76a83 100644 --- a/usr.bin/ssh/channels.c +++ b/usr.bin/ssh/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.151 2001/12/27 20:39:58 markus Exp $"); +RCSID("$OpenBSD: channels.c,v 1.152 2001/12/28 12:14:27 markus Exp $"); #include "ssh.h" #include "ssh1.h" @@ -1748,7 +1748,7 @@ channel_input_data(int type, int plen, u_int32_t seq, void *ctxt) } c->local_window -= data_len; } - packet_done(); + packet_check_eom(); buffer_append(&c->output, data, data_len); xfree(data); } @@ -1780,7 +1780,7 @@ channel_input_extended_data(int type, int plen, u_int32_t seq, void *ctxt) return; } data = packet_get_string(&data_len); - packet_done(); + packet_check_eom(); if (data_len > c->local_window) { log("channel %d: rcvd too much extended_data %d, win %d", c->self, data_len, c->local_window); @@ -1800,7 +1800,7 @@ channel_input_ieof(int type, int plen, u_int32_t seq, void *ctxt) Channel *c; id = packet_get_int(); - packet_done(); + packet_check_eom(); c = channel_lookup(id); if (c == NULL) packet_disconnect("Received ieof for nonexistent channel %d.", id); @@ -1821,7 +1821,7 @@ channel_input_close(int type, int plen, u_int32_t seq, void *ctxt) Channel *c; id = packet_get_int(); - packet_done(); + packet_check_eom(); c = channel_lookup(id); if (c == NULL) packet_disconnect("Received close for nonexistent channel %d.", id); @@ -1858,7 +1858,7 @@ channel_input_oclose(int type, int plen, u_int32_t seq, void *ctxt) int id = packet_get_int(); Channel *c = channel_lookup(id); - packet_done(); + packet_check_eom(); if (c == NULL) packet_disconnect("Received oclose for nonexistent channel %d.", id); chan_rcvd_oclose(c); @@ -1870,7 +1870,7 @@ channel_input_close_confirmation(int type, int plen, u_int32_t seq, void *ctxt) int id = packet_get_int(); Channel *c = channel_lookup(id); - packet_done(); + packet_check_eom(); if (c == NULL) packet_disconnect("Received close confirmation for " "out-of-range channel %d.", id); @@ -1908,7 +1908,7 @@ channel_input_open_confirmation(int type, int plen, u_int32_t seq, void *ctxt) debug("channel %d: open confirm rwindow %d rmax %d", c->self, c->remote_window, c->remote_maxpacket); } - packet_done(); + packet_check_eom(); } static char * @@ -1953,7 +1953,7 @@ channel_input_open_failure(int type, int plen, u_int32_t seq, void *ctxt) if (lang != NULL) xfree(lang); } - packet_done(); + packet_check_eom(); /* Free the channel. This will also close the socket. */ channel_free(c); } @@ -2002,7 +2002,7 @@ channel_input_window_adjust(int type, int plen, u_int32_t seq, void *ctxt) return; } adjust = packet_get_int(); - packet_done(); + packet_check_eom(); debug2("channel %d: rcvd adjust %d", id, adjust); c->remote_window += adjust; } @@ -2024,7 +2024,7 @@ channel_input_port_open(int type, int plen, u_int32_t seq, void *ctxt) } else { originator_string = xstrdup("unknown (remote did not supply name)"); } - packet_done(); + packet_check_eom(); sock = channel_connect_to(host, host_port); if (sock != -1) { c = channel_new("connected socket", @@ -2610,7 +2610,7 @@ x11_input_open(int type, int plen, u_int32_t seq, void *ctxt) } else { remote_host = xstrdup("unknown (remote did not supply name)"); } - packet_done(); + packet_check_eom(); /* Obtain a connection to the real X display. */ sock = x11_connect_display(); @@ -2861,7 +2861,7 @@ auth_input_open_request(int type, int plen, u_int32_t seq, void *ctxt) /* Read the remote channel number from the message. */ remote_id = packet_get_int(); - packet_done(); + packet_check_eom(); /* * Get a connection to the local authentication agent (this may again diff --git a/usr.bin/ssh/clientloop.c b/usr.bin/ssh/clientloop.c index f71717554b0..3231b212e5c 100644 --- a/usr.bin/ssh/clientloop.c +++ b/usr.bin/ssh/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.92 2001/12/27 20:39:58 markus Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.93 2001/12/28 12:14:27 markus Exp $"); #include "ssh.h" #include "ssh1.h" @@ -1012,7 +1012,7 @@ client_input_stdout_data(int type, int plen, u_int32_t seq, void *ctxt) { u_int data_len; char *data = packet_get_string(&data_len); - packet_done(); + packet_check_eom(); buffer_append(&stdout_buffer, data, data_len); memset(data, 0, data_len); xfree(data); @@ -1022,7 +1022,7 @@ client_input_stderr_data(int type, int plen, u_int32_t seq, void *ctxt) { u_int data_len; char *data = packet_get_string(&data_len); - packet_done(); + packet_check_eom(); buffer_append(&stderr_buffer, data, data_len); memset(data, 0, data_len); xfree(data); @@ -1031,7 +1031,7 @@ static void client_input_exit_status(int type, int plen, u_int32_t seq, void *ctxt) { exit_status = packet_get_int(); - packet_done(); + packet_check_eom(); /* Acknowledge the exit. */ packet_start(SSH_CMSG_EXIT_CONFIRMATION); packet_send(); @@ -1057,7 +1057,7 @@ client_request_forwarded_tcpip(const char *request_type, int rchan) listen_port = packet_get_int(); originator_address = packet_get_string(NULL); originator_port = packet_get_int(); - packet_done(); + packet_check_eom(); debug("client_request_forwarded_tcpip: listen %s port %d, originator %s port %d", listen_address, listen_port, originator_address, originator_port); @@ -1101,7 +1101,7 @@ client_request_x11(const char *request_type, int rchan) } else { originator_port = packet_get_int(); } - packet_done(); + packet_check_eom(); /* XXX check permission */ debug("client_request_x11: request from %s %d", originator, originator_port); @@ -1226,7 +1226,7 @@ client_input_channel_req(int type, int plen, u_int32_t seq, void *ctxt) } else if (strcmp(rtype, "exit-status") == 0) { success = 1; exit_status = packet_get_int(); - packet_done(); + packet_check_eom(); } if (reply) { packet_start(success ? diff --git a/usr.bin/ssh/kex.c b/usr.bin/ssh/kex.c index 8e3d83befde..e4163214de1 100644 --- a/usr.bin/ssh/kex.c +++ b/usr.bin/ssh/kex.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kex.c,v 1.38 2001/12/20 22:50:24 djm Exp $"); +RCSID("$OpenBSD: kex.c,v 1.39 2001/12/28 12:14:27 markus Exp $"); #include <openssl/crypto.h> @@ -187,7 +187,7 @@ kex_input_kexinit(int type, int plen, u_int32_t seq, void *ctxt) xfree(packet_get_string(NULL)); packet_get_char(); packet_get_int(); - packet_done(); + packet_check_eom(); kex_kexinit_finish(kex); } diff --git a/usr.bin/ssh/kexdh.c b/usr.bin/ssh/kexdh.c index 059b41c4157..43a14f5584b 100644 --- a/usr.bin/ssh/kexdh.c +++ b/usr.bin/ssh/kexdh.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kexdh.c,v 1.9 2001/12/27 19:37:22 markus Exp $"); +RCSID("$OpenBSD: kexdh.c,v 1.10 2001/12/28 12:14:27 markus Exp $"); #include <openssl/crypto.h> #include <openssl/bn.h> @@ -142,7 +142,7 @@ kexdh_client(Kex *kex) /* signed H */ signature = packet_get_string(&slen); - packet_done(); + packet_check_eom(); if (!dh_pub_is_valid(dh, dh_server_pub)) packet_disconnect("bad server public DH value"); diff --git a/usr.bin/ssh/kexgex.c b/usr.bin/ssh/kexgex.c index 8822c8dcd73..49f639c61ca 100644 --- a/usr.bin/ssh/kexgex.c +++ b/usr.bin/ssh/kexgex.c @@ -24,7 +24,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kexgex.c,v 1.12 2001/12/27 19:37:23 markus Exp $"); +RCSID("$OpenBSD: kexgex.c,v 1.13 2001/12/28 12:14:27 markus Exp $"); #include <openssl/bn.h> @@ -146,7 +146,7 @@ kexgex_client(Kex *kex) if ((g = BN_new()) == NULL) fatal("BN_new"); packet_get_bignum2(g, &dlen); - packet_done(); + packet_check_eom(); if (BN_num_bits(p) < min || BN_num_bits(p) > max) fatal("DH_GEX group out of range: %d !< %d !< %d", @@ -196,7 +196,7 @@ kexgex_client(Kex *kex) /* signed H */ signature = packet_get_string(&slen); - packet_done(); + packet_check_eom(); if (!dh_pub_is_valid(dh, dh_server_pub)) packet_disconnect("bad server public DH value"); @@ -289,7 +289,7 @@ kexgex_server(Kex *kex) default: fatal("protocol error during kex, no DH_GEX_REQUEST: %d", type); } - packet_done(); + packet_check_eom(); if (max < min || nbits < min || max < nbits) fatal("DH_GEX_REQUEST, bad parameters: %d !< %d !< %d", diff --git a/usr.bin/ssh/packet.c b/usr.bin/ssh/packet.c index 83ab12446e0..367ffa8ae42 100644 --- a/usr.bin/ssh/packet.c +++ b/usr.bin/ssh/packet.c @@ -37,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: packet.c,v 1.78 2001/12/27 20:39:58 markus Exp $"); +RCSID("$OpenBSD: packet.c,v 1.79 2001/12/28 12:14:27 markus Exp $"); #include "xmalloc.h" #include "buffer.h" @@ -632,7 +632,7 @@ packet_read_seqnr(int *payload_len_ptr, u_int32_t *seqnr_p) || type == SSH_SMSG_FAILURE || type == SSH_CMSG_EOF || type == SSH_CMSG_EXIT_CONFIRMATION)) - packet_done(); + packet_check_eom(); /* If we got a packet, return it. */ if (type != SSH_MSG_NONE) { xfree(setp); diff --git a/usr.bin/ssh/packet.h b/usr.bin/ssh/packet.h index 11e8be8c078..269b4c7f80d 100644 --- a/usr.bin/ssh/packet.h +++ b/usr.bin/ssh/packet.h @@ -11,7 +11,7 @@ * called by a name other than "ssh" or "Secure Shell". */ -/* RCSID("$OpenBSD: packet.h,v 1.29 2001/12/27 20:39:58 markus Exp $"); */ +/* RCSID("$OpenBSD: packet.h,v 1.30 2001/12/28 12:14:27 markus Exp $"); */ #ifndef PACKET_H #define PACKET_H @@ -74,7 +74,8 @@ extern int max_packet_size; int packet_set_maxsize(int); #define packet_get_maxsize() max_packet_size -#define packet_done() \ +/* don't allow remaining bytes after the end of the message */ +#define packet_check_eom() \ do { \ int _len = packet_remaining(); \ if (_len > 0) { \ diff --git a/usr.bin/ssh/serverloop.c b/usr.bin/ssh/serverloop.c index 3e21c53f6a7..b68150cb32f 100644 --- a/usr.bin/ssh/serverloop.c +++ b/usr.bin/ssh/serverloop.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: serverloop.c,v 1.90 2001/12/27 20:39:58 markus Exp $"); +RCSID("$OpenBSD: serverloop.c,v 1.91 2001/12/28 12:14:27 markus Exp $"); #include "xmalloc.h" #include "packet.h" @@ -806,7 +806,7 @@ server_input_stdin_data(int type, int plen, u_int32_t seq, void *ctxt) if (fdin == -1) return; data = packet_get_string(&data_len); - packet_done(); + packet_check_eom(); buffer_append(&stdin_buffer, data, data_len); memset(data, 0, data_len); xfree(data); @@ -821,7 +821,7 @@ server_input_eof(int type, int plen, u_int32_t seq, void *ctxt) * drained. */ debug("EOF received for stdin."); - packet_done(); + packet_check_eom(); stdin_eof = 1; } @@ -834,7 +834,7 @@ server_input_window_size(int type, int plen, u_int32_t seq, void *ctxt) int ypixel = packet_get_int(); debug("Window change received."); - packet_done(); + packet_check_eom(); if (fdin != -1) pty_change_window_size(fdin, row, col, xpixel, ypixel); } @@ -851,7 +851,7 @@ server_request_direct_tcpip(char *ctype) target_port = packet_get_int(); originator = packet_get_string(NULL); originator_port = packet_get_int(); - packet_done(); + packet_check_eom(); debug("server_request_direct_tcpip: originator %s port %d, target %s port %d", originator, originator_port, target, target_port); @@ -878,7 +878,7 @@ server_request_session(char *ctype) Channel *c; debug("input_session_request"); - packet_done(); + packet_check_eom(); /* * A server session has no fd to read or write until a * CHANNEL_REQUEST for a shell is made, so we set the type to diff --git a/usr.bin/ssh/session.c b/usr.bin/ssh/session.c index 9ef81bd047d..3a171d0af29 100644 --- a/usr.bin/ssh/session.c +++ b/usr.bin/ssh/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.115 2001/12/27 20:39:58 markus Exp $"); +RCSID("$OpenBSD: session.c,v 1.116 2001/12/28 12:14:27 markus Exp $"); #include "ssh.h" #include "ssh1.h" @@ -205,7 +205,7 @@ do_authenticated1(Authctxt *authctxt) switch (type) { case SSH_CMSG_REQUEST_COMPRESSION: compression_level = packet_get_int(); - packet_done(); + packet_check_eom(); if (compression_level < 1 || compression_level > 9) { packet_send_debug("Received illegal compression level %d.", compression_level); @@ -236,7 +236,7 @@ do_authenticated1(Authctxt *authctxt) } else { s->screen = 0; } - packet_done(); + packet_check_eom(); success = session_setup_x11fwd(s); if (!success) { xfree(s->auth_proto); @@ -280,7 +280,7 @@ do_authenticated1(Authctxt *authctxt) verbose("Kerberos TGT passing disabled."); } else { char *kdata = packet_get_string(&dlen); - packet_done(); + packet_check_eom(); /* XXX - 0x41, see creds_to_radix version */ if (kdata[0] != 0x41) { @@ -314,7 +314,7 @@ do_authenticated1(Authctxt *authctxt) } else { /* Accept AFS token. */ char *token = packet_get_string(&dlen); - packet_done(); + packet_check_eom(); if (auth_afs_token(s->authctxt, token)) success = 1; @@ -336,7 +336,7 @@ do_authenticated1(Authctxt *authctxt) } else { do_exec(s, NULL); } - packet_done(); + packet_check_eom(); session_close(s); return; @@ -1221,7 +1221,7 @@ session_window_change_req(Session *s) s->row = packet_get_int(); s->xpixel = packet_get_int(); s->ypixel = packet_get_int(); - packet_done(); + packet_check_eom(); pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel); return 1; } @@ -1286,7 +1286,7 @@ session_pty_req(Session *s) /* Set window size from the packet. */ pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel); - packet_done(); + packet_check_eom(); session_proctitle(s); return 1; } @@ -1300,7 +1300,7 @@ session_subsystem_req(Session *s) char *cmd, *subsys = packet_get_string(&len); int i; - packet_done(); + packet_check_eom(); log("subsystem request for %s", subsys); for (i = 0; i < options.num_subsystems; i++) { @@ -1335,7 +1335,7 @@ session_x11_req(Session *s) s->auth_proto = packet_get_string(NULL); s->auth_data = packet_get_string(NULL); s->screen = packet_get_int(); - packet_done(); + packet_check_eom(); success = session_setup_x11fwd(s); if (!success) { @@ -1350,7 +1350,7 @@ session_x11_req(Session *s) static int session_shell_req(Session *s) { - packet_done(); + packet_check_eom(); do_exec(s, NULL); return 1; } @@ -1360,7 +1360,7 @@ session_exec_req(Session *s) { u_int len; char *command = packet_get_string(&len); - packet_done(); + packet_check_eom(); do_exec(s, command); xfree(command); return 1; @@ -1370,7 +1370,7 @@ static int session_auth_agent_req(Session *s) { static int called = 0; - packet_done(); + packet_check_eom(); if (no_agent_forwarding_flag) { debug("session_auth_agent_req: no_agent_forwarding_flag"); return 0; diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index 9de0f94593d..30b4d5a7938 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.154 2001/12/27 20:39:58 markus Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.155 2001/12/28 12:14:27 markus Exp $"); #include <openssl/evp.h> #include <openssl/err.h> @@ -956,7 +956,7 @@ ssh_session(void) /* Read response from the server. */ type = packet_read(&plen); - packet_done(); + packet_check_eom(); if (type != SSH_SMSG_SUCCESS) log("Warning: Remote host denied authentication agent forwarding."); } @@ -1003,7 +1003,7 @@ client_subsystem_reply(int type, int plen, u_int32_t seq, void *ctxt) len = buffer_len(&command); if (len > 900) len = 900; - packet_done(); + packet_check_eom(); if (type == SSH2_MSG_CHANNEL_FAILURE) fatal("Request for subsystem '%.*s' failed on channel %d", len, (u_char *)buffer_ptr(&command), id); diff --git a/usr.bin/ssh/sshconnect1.c b/usr.bin/ssh/sshconnect1.c index 240bdffe2c4..a5fef1036d4 100644 --- a/usr.bin/ssh/sshconnect1.c +++ b/usr.bin/ssh/sshconnect1.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect1.c,v 1.44 2001/12/27 20:39:58 markus Exp $"); +RCSID("$OpenBSD: sshconnect1.c,v 1.45 2001/12/28 12:14:27 markus Exp $"); #include <openssl/bn.h> #include <openssl/evp.h> @@ -109,7 +109,7 @@ try_agent_authentication(void) type); packet_get_bignum(challenge, &clen); - packet_done(); + packet_check_eom(); debug("Received RSA challenge from server."); @@ -243,7 +243,7 @@ try_rsa_authentication(int idx) if ((challenge = BN_new()) == NULL) fatal("try_rsa_authentication: BN_new failed"); packet_get_bignum(challenge, &clen); - packet_done(); + packet_check_eom(); debug("Received RSA challenge from server."); @@ -357,7 +357,7 @@ try_rhosts_rsa_authentication(const char *local_user, Key * host_key) if ((challenge = BN_new()) == NULL) fatal("try_rhosts_rsa_authentication: BN_new failed"); packet_get_bignum(challenge, &clen); - packet_done(); + packet_check_eom(); debug("Received RSA challenge for host key from server."); @@ -464,7 +464,7 @@ try_krb4_authentication(void) memcpy(auth.dat, reply, auth.length); xfree(reply); - packet_done(); + packet_check_eom(); /* * If his response isn't properly encrypted with the session @@ -573,7 +573,7 @@ try_krb5_authentication(krb5_context *context, krb5_auth_context *auth_context) /* Get server's response. */ ap.data = packet_get_string((unsigned int *) &ap.length); - packet_done(); + packet_check_eom(); /* XXX je to dobre? */ problem = krb5_rd_rep(*context, *auth_context, &ap, &reply); @@ -838,7 +838,7 @@ try_challenge_response_authentication(void) return 0; } challenge = packet_get_string(&clen); - packet_done(); + packet_check_eom(); snprintf(prompt, sizeof prompt, "%s%s", challenge, strchr(challenge, '\n') ? "" : "\nResponse: "); xfree(challenge); @@ -964,7 +964,7 @@ ssh_kex(char *host, struct sockaddr *hostaddr) supported_ciphers = packet_get_int(); supported_authentications = packet_get_int(); - packet_done(); + packet_check_eom(); debug("Received server public key (%d bits) and host key (%d bits).", BN_num_bits(server_key->rsa->n), BN_num_bits(host_key->rsa->n)); diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c index d7143cd18bd..cf873b8dddd 100644 --- a/usr.bin/ssh/sshconnect2.c +++ b/usr.bin/ssh/sshconnect2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.89 2001/12/20 22:50:24 djm Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.90 2001/12/28 12:14:27 markus Exp $"); #include <openssl/bn.h> #include <openssl/md5.h> @@ -247,7 +247,7 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host, } else { debug("buggy server: service_accept w/o service"); } - packet_done(); + packet_check_eom(); debug("got SSH2_MSG_SERVICE_ACCEPT"); if (options.preferred_authentications == NULL) @@ -347,7 +347,7 @@ input_userauth_failure(int type, int plen, u_int32_t seq, void *ctxt) authlist = packet_get_string(NULL); partial = packet_get_char(); - packet_done(); + packet_check_eom(); if (partial != 0) log("Authenticated with partial success."); @@ -379,7 +379,7 @@ input_userauth_pk_ok(int type, int plen, u_int32_t seq, void *ctxt) pkalg = packet_get_string(&alen); pkblob = packet_get_string(&blen); } - packet_done(); + packet_check_eom(); debug("input_userauth_pk_ok: pkalg %s blen %d lastkey %p hint %d", pkalg, blen, authctxt->last_key, authctxt->last_key_hint); @@ -815,7 +815,7 @@ input_userauth_info_req(int type, int plen, u_int32_t seq, void *ctxt) xfree(response); xfree(prompt); } - packet_done(); /* done with parsing incoming message. */ + packet_check_eom(); /* done with parsing incoming message. */ packet_add_padding(64); packet_send(); diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c index cc36824e250..87e608a5046 100644 --- a/usr.bin/ssh/sshd.c +++ b/usr.bin/ssh/sshd.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.219 2001/12/27 20:39:58 markus Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.220 2001/12/28 12:14:27 markus Exp $"); #include <openssl/dh.h> #include <openssl/bn.h> @@ -1325,7 +1325,7 @@ do_ssh1_kex(void) protocol_flags = packet_get_int(); packet_set_protocol_flags(protocol_flags); - packet_done(); + packet_check_eom(); /* * Decrypt it using our private server key and private host key (key |