comparison buffer.c @ 1739:13d834efc376 fuzz

merge from main
author Matt Johnston <matt@ucc.asn.au>
date Thu, 15 Oct 2020 19:55:15 +0800
parents 1051e4eea25a
children ff51d5967e2d
comparison
equal deleted inserted replaced
1562:768ebf737aa0 1739:13d834efc376
226 226
227 return ret; 227 return ret;
228 } 228 }
229 229
230 /* Return a string as a newly allocated buffer */ 230 /* Return a string as a newly allocated buffer */
231 buffer * buf_getstringbuf(buffer *buf) { 231 static buffer * buf_getstringbuf_int(buffer *buf, int incllen) {
232 buffer *ret = NULL; 232 buffer *ret = NULL;
233 unsigned int len = buf_getint(buf); 233 unsigned int len = buf_getint(buf);
234 int extra = 0;
234 if (len > MAX_STRING_LEN) { 235 if (len > MAX_STRING_LEN) {
235 dropbear_exit("String too long"); 236 dropbear_exit("String too long");
236 } 237 }
237 ret = buf_new(len); 238 if (incllen) {
239 extra = 4;
240 }
241 ret = buf_new(len+extra);
242 if (incllen) {
243 buf_putint(ret, len);
244 }
238 memcpy(buf_getwriteptr(ret, len), buf_getptr(buf, len), len); 245 memcpy(buf_getwriteptr(ret, len), buf_getptr(buf, len), len);
239 buf_incrpos(buf, len); 246 buf_incrpos(buf, len);
240 buf_incrlen(ret, len); 247 buf_incrlen(ret, len);
248 buf_setpos(ret, 0);
241 return ret; 249 return ret;
250 }
251
252 /* Return a string as a newly allocated buffer */
253 buffer * buf_getstringbuf(buffer *buf) {
254 return buf_getstringbuf_int(buf, 0);
255 }
256
257 /* Returns a string in a new buffer, including the length */
258 buffer * buf_getbuf(buffer *buf) {
259 return buf_getstringbuf_int(buf, 1);
242 } 260 }
243 261
244 /* Just increment the buffer position the same as if we'd used buf_getstring, 262 /* Just increment the buffer position the same as if we'd used buf_getstring,
245 * but don't bother copying/malloc()ing for it */ 263 * but don't bother copying/malloc()ing for it */
246 void buf_eatstring(buffer *buf) { 264 void buf_eatstring(buffer *buf) {
287 305
288 306
289 /* for our purposes we only need positive (or 0) numbers, so will 307 /* for our purposes we only need positive (or 0) numbers, so will
290 * fail if we get negative numbers */ 308 * fail if we get negative numbers */
291 void buf_putmpint(buffer* buf, mp_int * mp) { 309 void buf_putmpint(buffer* buf, mp_int * mp) {
292 310 size_t written;
293 unsigned int len, pad = 0; 311 unsigned int len, pad = 0;
294 TRACE2(("enter buf_putmpint")) 312 TRACE2(("enter buf_putmpint"))
295 313
296 dropbear_assert(mp != NULL); 314 dropbear_assert(mp != NULL);
297 315
298 if (SIGN(mp) == MP_NEG) { 316 if (mp_isneg(mp)) {
299 dropbear_exit("negative bignum"); 317 dropbear_exit("negative bignum");
300 } 318 }
301 319
302 /* zero check */ 320 /* zero check */
303 if (USED(mp) == 1 && DIGIT(mp, 0) == 0) { 321 if (mp_iszero(mp)) {
304 len = 0; 322 len = 0;
305 } else { 323 } else {
306 /* SSH spec requires padding for mpints with the MSB set, this code 324 /* SSH spec requires padding for mpints with the MSB set, this code
307 * implements it */ 325 * implements it */
308 len = mp_count_bits(mp); 326 len = mp_count_bits(mp);
319 /* store the actual value */ 337 /* store the actual value */
320 if (len > 0) { 338 if (len > 0) {
321 if (pad) { 339 if (pad) {
322 buf_putbyte(buf, 0x00); 340 buf_putbyte(buf, 0x00);
323 } 341 }
324 if (mp_to_unsigned_bin(mp, buf_getwriteptr(buf, len-pad)) != MP_OKAY) { 342 if (mp_to_ubin(mp, buf_getwriteptr(buf, len-pad), len-pad, &written) != MP_OKAY) {
325 dropbear_exit("mpint error"); 343 dropbear_exit("mpint error");
326 } 344 }
327 buf_incrwritepos(buf, len-pad); 345 buf_incrwritepos(buf, written);
328 } 346 }
329 347
330 TRACE2(("leave buf_putmpint")) 348 TRACE2(("leave buf_putmpint"))
331 } 349 }
332 350
350 /* check for negative */ 368 /* check for negative */
351 if (*buf_getptr(buf, 1) & (1 << (CHAR_BIT-1))) { 369 if (*buf_getptr(buf, 1) & (1 << (CHAR_BIT-1))) {
352 return DROPBEAR_FAILURE; 370 return DROPBEAR_FAILURE;
353 } 371 }
354 372
355 if (mp_read_unsigned_bin(mp, buf_getptr(buf, len), len) != MP_OKAY) { 373 if (mp_from_ubin(mp, buf_getptr(buf, len), len) != MP_OKAY) {
356 return DROPBEAR_FAILURE; 374 return DROPBEAR_FAILURE;
357 } 375 }
358 376
359 buf_incrpos(buf, len); 377 buf_incrpos(buf, len);
360 return DROPBEAR_SUCCESS; 378 return DROPBEAR_SUCCESS;