summaryrefslogtreecommitdiff
path: root/usr.bin/ssh/sshconnect.c
diff options
context:
space:
mode:
Diffstat (limited to 'usr.bin/ssh/sshconnect.c')
-rw-r--r--usr.bin/ssh/sshconnect.c27
1 files changed, 21 insertions, 6 deletions
diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c
index 6ec8c4abfe9..eba68ca8c59 100644
--- a/usr.bin/ssh/sshconnect.c
+++ b/usr.bin/ssh/sshconnect.c
@@ -15,7 +15,7 @@ login (authentication) dialog.
*/
#include "includes.h"
-RCSID("$Id: sshconnect.c,v 1.24 1999/10/27 16:37:46 deraadt Exp $");
+RCSID("$Id: sshconnect.c,v 1.25 1999/11/02 19:42:36 markus Exp $");
#include <ssl/bn.h>
#include "xmalloc.h"
@@ -449,7 +449,10 @@ respond_to_rsa_challenge(BIGNUM *challenge, RSA *prv)
/* Compute the response. */
/* The response is MD5 of decrypted challenge plus session id. */
len = BN_num_bytes(challenge);
- assert(len <= sizeof(buf) && len);
+ if (len <= 0 || len > sizeof(buf))
+ packet_disconnect("respond_to_rsa_challenge: bad challenge length %d",
+ len);
+
memset(buf, 0, sizeof(buf));
BN_bn2bin(challenge, buf + sizeof(buf) - len);
MD5_Init(&md);
@@ -1290,8 +1293,14 @@ void ssh_login(int host_key_valid,
if (BN_cmp(public_key->n, host_key->n) < 0)
{
/* Public key has smaller modulus. */
- assert(BN_num_bits(host_key->n) >=
- BN_num_bits(public_key->n) + SSH_KEY_BITS_RESERVED);
+ if (BN_num_bits(host_key->n) <
+ BN_num_bits(public_key->n) + SSH_KEY_BITS_RESERVED) {
+ fatal("respond_to_rsa_challenge: host_key %d < public_key %d + "
+ "SSH_KEY_BITS_RESERVED %d",
+ BN_num_bits(host_key->n),
+ BN_num_bits(public_key->n),
+ SSH_KEY_BITS_RESERVED);
+ }
rsa_public_encrypt(key, key, public_key);
rsa_public_encrypt(key, key, host_key);
@@ -1299,8 +1308,14 @@ void ssh_login(int host_key_valid,
else
{
/* Host key has smaller modulus (or they are equal). */
- assert(BN_num_bits(public_key->n) >=
- BN_num_bits(host_key->n) + SSH_KEY_BITS_RESERVED);
+ if (BN_num_bits(public_key->n) <
+ BN_num_bits(host_key->n) + SSH_KEY_BITS_RESERVED) {
+ fatal("respond_to_rsa_challenge: public_key %d < host_key %d + "
+ "SSH_KEY_BITS_RESERVED %d",
+ BN_num_bits(public_key->n),
+ BN_num_bits(host_key->n),
+ SSH_KEY_BITS_RESERVED);
+ }
rsa_public_encrypt(key, key, host_key);
rsa_public_encrypt(key, key, public_key);