Mercurial > dropbear
comparison buffer.c @ 1739:13d834efc376 fuzz
merge from main
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Thu, 15 Oct 2020 19:55:15 +0800 |
parents | 1051e4eea25a |
children | ff51d5967e2d |
comparison
equal
deleted
inserted
replaced
1562:768ebf737aa0 | 1739:13d834efc376 |
---|---|
226 | 226 |
227 return ret; | 227 return ret; |
228 } | 228 } |
229 | 229 |
230 /* Return a string as a newly allocated buffer */ | 230 /* Return a string as a newly allocated buffer */ |
231 buffer * buf_getstringbuf(buffer *buf) { | 231 static buffer * buf_getstringbuf_int(buffer *buf, int incllen) { |
232 buffer *ret = NULL; | 232 buffer *ret = NULL; |
233 unsigned int len = buf_getint(buf); | 233 unsigned int len = buf_getint(buf); |
234 int extra = 0; | |
234 if (len > MAX_STRING_LEN) { | 235 if (len > MAX_STRING_LEN) { |
235 dropbear_exit("String too long"); | 236 dropbear_exit("String too long"); |
236 } | 237 } |
237 ret = buf_new(len); | 238 if (incllen) { |
239 extra = 4; | |
240 } | |
241 ret = buf_new(len+extra); | |
242 if (incllen) { | |
243 buf_putint(ret, len); | |
244 } | |
238 memcpy(buf_getwriteptr(ret, len), buf_getptr(buf, len), len); | 245 memcpy(buf_getwriteptr(ret, len), buf_getptr(buf, len), len); |
239 buf_incrpos(buf, len); | 246 buf_incrpos(buf, len); |
240 buf_incrlen(ret, len); | 247 buf_incrlen(ret, len); |
248 buf_setpos(ret, 0); | |
241 return ret; | 249 return ret; |
250 } | |
251 | |
252 /* Return a string as a newly allocated buffer */ | |
253 buffer * buf_getstringbuf(buffer *buf) { | |
254 return buf_getstringbuf_int(buf, 0); | |
255 } | |
256 | |
257 /* Returns a string in a new buffer, including the length */ | |
258 buffer * buf_getbuf(buffer *buf) { | |
259 return buf_getstringbuf_int(buf, 1); | |
242 } | 260 } |
243 | 261 |
244 /* Just increment the buffer position the same as if we'd used buf_getstring, | 262 /* Just increment the buffer position the same as if we'd used buf_getstring, |
245 * but don't bother copying/malloc()ing for it */ | 263 * but don't bother copying/malloc()ing for it */ |
246 void buf_eatstring(buffer *buf) { | 264 void buf_eatstring(buffer *buf) { |
287 | 305 |
288 | 306 |
289 /* for our purposes we only need positive (or 0) numbers, so will | 307 /* for our purposes we only need positive (or 0) numbers, so will |
290 * fail if we get negative numbers */ | 308 * fail if we get negative numbers */ |
291 void buf_putmpint(buffer* buf, mp_int * mp) { | 309 void buf_putmpint(buffer* buf, mp_int * mp) { |
292 | 310 size_t written; |
293 unsigned int len, pad = 0; | 311 unsigned int len, pad = 0; |
294 TRACE2(("enter buf_putmpint")) | 312 TRACE2(("enter buf_putmpint")) |
295 | 313 |
296 dropbear_assert(mp != NULL); | 314 dropbear_assert(mp != NULL); |
297 | 315 |
298 if (SIGN(mp) == MP_NEG) { | 316 if (mp_isneg(mp)) { |
299 dropbear_exit("negative bignum"); | 317 dropbear_exit("negative bignum"); |
300 } | 318 } |
301 | 319 |
302 /* zero check */ | 320 /* zero check */ |
303 if (USED(mp) == 1 && DIGIT(mp, 0) == 0) { | 321 if (mp_iszero(mp)) { |
304 len = 0; | 322 len = 0; |
305 } else { | 323 } else { |
306 /* SSH spec requires padding for mpints with the MSB set, this code | 324 /* SSH spec requires padding for mpints with the MSB set, this code |
307 * implements it */ | 325 * implements it */ |
308 len = mp_count_bits(mp); | 326 len = mp_count_bits(mp); |
319 /* store the actual value */ | 337 /* store the actual value */ |
320 if (len > 0) { | 338 if (len > 0) { |
321 if (pad) { | 339 if (pad) { |
322 buf_putbyte(buf, 0x00); | 340 buf_putbyte(buf, 0x00); |
323 } | 341 } |
324 if (mp_to_unsigned_bin(mp, buf_getwriteptr(buf, len-pad)) != MP_OKAY) { | 342 if (mp_to_ubin(mp, buf_getwriteptr(buf, len-pad), len-pad, &written) != MP_OKAY) { |
325 dropbear_exit("mpint error"); | 343 dropbear_exit("mpint error"); |
326 } | 344 } |
327 buf_incrwritepos(buf, len-pad); | 345 buf_incrwritepos(buf, written); |
328 } | 346 } |
329 | 347 |
330 TRACE2(("leave buf_putmpint")) | 348 TRACE2(("leave buf_putmpint")) |
331 } | 349 } |
332 | 350 |
350 /* check for negative */ | 368 /* check for negative */ |
351 if (*buf_getptr(buf, 1) & (1 << (CHAR_BIT-1))) { | 369 if (*buf_getptr(buf, 1) & (1 << (CHAR_BIT-1))) { |
352 return DROPBEAR_FAILURE; | 370 return DROPBEAR_FAILURE; |
353 } | 371 } |
354 | 372 |
355 if (mp_read_unsigned_bin(mp, buf_getptr(buf, len), len) != MP_OKAY) { | 373 if (mp_from_ubin(mp, buf_getptr(buf, len), len) != MP_OKAY) { |
356 return DROPBEAR_FAILURE; | 374 return DROPBEAR_FAILURE; |
357 } | 375 } |
358 | 376 |
359 buf_incrpos(buf, len); | 377 buf_incrpos(buf, len); |
360 return DROPBEAR_SUCCESS; | 378 return DROPBEAR_SUCCESS; |