diff options
Diffstat (limited to 'usr.bin/ssh/sshconnect.c')
-rw-r--r-- | usr.bin/ssh/sshconnect.c | 27 |
1 files changed, 21 insertions, 6 deletions
diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c index 6ec8c4abfe9..eba68ca8c59 100644 --- a/usr.bin/ssh/sshconnect.c +++ b/usr.bin/ssh/sshconnect.c @@ -15,7 +15,7 @@ login (authentication) dialog. */ #include "includes.h" -RCSID("$Id: sshconnect.c,v 1.24 1999/10/27 16:37:46 deraadt Exp $"); +RCSID("$Id: sshconnect.c,v 1.25 1999/11/02 19:42:36 markus Exp $"); #include <ssl/bn.h> #include "xmalloc.h" @@ -449,7 +449,10 @@ respond_to_rsa_challenge(BIGNUM *challenge, RSA *prv) /* Compute the response. */ /* The response is MD5 of decrypted challenge plus session id. */ len = BN_num_bytes(challenge); - assert(len <= sizeof(buf) && len); + if (len <= 0 || len > sizeof(buf)) + packet_disconnect("respond_to_rsa_challenge: bad challenge length %d", + len); + memset(buf, 0, sizeof(buf)); BN_bn2bin(challenge, buf + sizeof(buf) - len); MD5_Init(&md); @@ -1290,8 +1293,14 @@ void ssh_login(int host_key_valid, if (BN_cmp(public_key->n, host_key->n) < 0) { /* Public key has smaller modulus. */ - assert(BN_num_bits(host_key->n) >= - BN_num_bits(public_key->n) + SSH_KEY_BITS_RESERVED); + if (BN_num_bits(host_key->n) < + BN_num_bits(public_key->n) + SSH_KEY_BITS_RESERVED) { + fatal("respond_to_rsa_challenge: host_key %d < public_key %d + " + "SSH_KEY_BITS_RESERVED %d", + BN_num_bits(host_key->n), + BN_num_bits(public_key->n), + SSH_KEY_BITS_RESERVED); + } rsa_public_encrypt(key, key, public_key); rsa_public_encrypt(key, key, host_key); @@ -1299,8 +1308,14 @@ void ssh_login(int host_key_valid, else { /* Host key has smaller modulus (or they are equal). */ - assert(BN_num_bits(public_key->n) >= - BN_num_bits(host_key->n) + SSH_KEY_BITS_RESERVED); + if (BN_num_bits(public_key->n) < + BN_num_bits(host_key->n) + SSH_KEY_BITS_RESERVED) { + fatal("respond_to_rsa_challenge: public_key %d < host_key %d + " + "SSH_KEY_BITS_RESERVED %d", + BN_num_bits(public_key->n), + BN_num_bits(host_key->n), + SSH_KEY_BITS_RESERVED); + } rsa_public_encrypt(key, key, host_key); rsa_public_encrypt(key, key, public_key); |