Mercurial > dropbear
comparison svr-authpubkey.c @ 1478:3a933956437e coverity
update coverity
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Fri, 09 Feb 2018 23:49:22 +0800 |
parents | fb90a5ba84e0 |
children | 35f38af1238b |
comparison
equal
deleted
inserted
replaced
1439:8d24733026c5 | 1478:3a933956437e |
---|---|
68 #if DROPBEAR_SVR_PUBKEY_AUTH | 68 #if DROPBEAR_SVR_PUBKEY_AUTH |
69 | 69 |
70 #define MIN_AUTHKEYS_LINE 10 /* "ssh-rsa AB" - short but doesn't matter */ | 70 #define MIN_AUTHKEYS_LINE 10 /* "ssh-rsa AB" - short but doesn't matter */ |
71 #define MAX_AUTHKEYS_LINE 4200 /* max length of a line in authkeys */ | 71 #define MAX_AUTHKEYS_LINE 4200 /* max length of a line in authkeys */ |
72 | 72 |
73 static int checkpubkey(char* algo, unsigned int algolen, | 73 static int checkpubkey(const char* algo, unsigned int algolen, |
74 unsigned char* keyblob, unsigned int keybloblen); | 74 const unsigned char* keyblob, unsigned int keybloblen); |
75 static int checkpubkeyperms(void); | 75 static int checkpubkeyperms(void); |
76 static void send_msg_userauth_pk_ok(char* algo, unsigned int algolen, | 76 static void send_msg_userauth_pk_ok(const char* algo, unsigned int algolen, |
77 unsigned char* keyblob, unsigned int keybloblen); | 77 const unsigned char* keyblob, unsigned int keybloblen); |
78 static int checkfileperm(char * filename); | 78 static int checkfileperm(char * filename); |
79 | 79 |
80 /* process a pubkey auth request, sending success or failure message as | 80 /* process a pubkey auth request, sending success or failure message as |
81 * appropriate */ | 81 * appropriate */ |
82 void svr_auth_pubkey() { | 82 void svr_auth_pubkey() { |
171 } | 171 } |
172 | 172 |
173 /* Reply that the key is valid for auth, this is sent when the user sends | 173 /* Reply that the key is valid for auth, this is sent when the user sends |
174 * a straight copy of their pubkey to test, to avoid having to perform | 174 * a straight copy of their pubkey to test, to avoid having to perform |
175 * expensive signing operations with a worthless key */ | 175 * expensive signing operations with a worthless key */ |
176 static void send_msg_userauth_pk_ok(char* algo, unsigned int algolen, | 176 static void send_msg_userauth_pk_ok(const char* algo, unsigned int algolen, |
177 unsigned char* keyblob, unsigned int keybloblen) { | 177 const unsigned char* keyblob, unsigned int keybloblen) { |
178 | 178 |
179 TRACE(("enter send_msg_userauth_pk_ok")) | 179 TRACE(("enter send_msg_userauth_pk_ok")) |
180 CHECKCLEARTOWRITE(); | 180 CHECKCLEARTOWRITE(); |
181 | 181 |
182 buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_PK_OK); | 182 buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_PK_OK); |
186 encrypt_packet(); | 186 encrypt_packet(); |
187 TRACE(("leave send_msg_userauth_pk_ok")) | 187 TRACE(("leave send_msg_userauth_pk_ok")) |
188 | 188 |
189 } | 189 } |
190 | 190 |
191 static int checkpubkey_line(buffer* line, int line_num, char* filename, | 191 static int checkpubkey_line(buffer* line, int line_num, const char* filename, |
192 const char* algo, unsigned int algolen, | 192 const char* algo, unsigned int algolen, |
193 const unsigned char* keyblob, unsigned int keybloblen) { | 193 const unsigned char* keyblob, unsigned int keybloblen) { |
194 buffer *options_buf = NULL; | 194 buffer *options_buf = NULL; |
195 unsigned int pos, len; | 195 unsigned int pos, len; |
196 int ret = DROPBEAR_FAILURE; | 196 int ret = DROPBEAR_FAILURE; |
197 | 197 |
198 if (line->len < MIN_AUTHKEYS_LINE || line->len > MAX_AUTHKEYS_LINE) { | 198 if (line->len < MIN_AUTHKEYS_LINE || line->len > MAX_AUTHKEYS_LINE) { |
199 TRACE(("checkpubkey: bad line length %d", line->len)) | 199 TRACE(("checkpubkey_line: bad line length %d", line->len)) |
200 return DROPBEAR_FAILURE; | 200 return DROPBEAR_FAILURE; |
201 } | 201 } |
202 | 202 |
203 /* compare the algorithm. +3 so we have enough bytes to read a space and some base64 characters too. */ | 203 /* compare the algorithm. +3 so we have enough bytes to read a space and some base64 characters too. */ |
204 if (line->pos + algolen+3 > line->len) { | 204 if (line->pos + algolen+3 > line->len) { |
259 } | 259 } |
260 buf_incrpos(line, algolen); | 260 buf_incrpos(line, algolen); |
261 | 261 |
262 /* check for space (' ') character */ | 262 /* check for space (' ') character */ |
263 if (buf_getbyte(line) != ' ') { | 263 if (buf_getbyte(line) != ' ') { |
264 TRACE(("checkpubkey: space character expected, isn't there")) | 264 TRACE(("checkpubkey_line: space character expected, isn't there")) |
265 goto out; | 265 goto out; |
266 } | 266 } |
267 | 267 |
268 /* truncate the line at the space after the base64 data */ | 268 /* truncate the line at the space after the base64 data */ |
269 pos = line->pos; | 269 pos = line->pos; |
271 if (buf_getbyte(line) == ' ') break; | 271 if (buf_getbyte(line) == ' ') break; |
272 } | 272 } |
273 buf_setpos(line, pos); | 273 buf_setpos(line, pos); |
274 buf_setlen(line, line->pos + len); | 274 buf_setlen(line, line->pos + len); |
275 | 275 |
276 TRACE(("checkpubkey: line pos = %d len = %d", line->pos, line->len)) | 276 TRACE(("checkpubkey_line: line pos = %d len = %d", line->pos, line->len)) |
277 | 277 |
278 ret = cmp_base64_key(keyblob, keybloblen, (const unsigned char *) algo, algolen, line, NULL); | 278 ret = cmp_base64_key(keyblob, keybloblen, (const unsigned char *) algo, algolen, line, NULL); |
279 | 279 |
280 if (ret == DROPBEAR_SUCCESS && options_buf) { | 280 if (ret == DROPBEAR_SUCCESS && options_buf) { |
281 ret = svr_add_pubkey_options(options_buf, line_num, filename); | 281 ret = svr_add_pubkey_options(options_buf, line_num, filename); |
290 | 290 |
291 | 291 |
292 /* Checks whether a specified publickey (and associated algorithm) is an | 292 /* Checks whether a specified publickey (and associated algorithm) is an |
293 * acceptable key for authentication */ | 293 * acceptable key for authentication */ |
294 /* Returns DROPBEAR_SUCCESS if key is ok for auth, DROPBEAR_FAILURE otherwise */ | 294 /* Returns DROPBEAR_SUCCESS if key is ok for auth, DROPBEAR_FAILURE otherwise */ |
295 static int checkpubkey(char* algo, unsigned int algolen, | 295 static int checkpubkey(const char* algo, unsigned int algolen, |
296 unsigned char* keyblob, unsigned int keybloblen) { | 296 const unsigned char* keyblob, unsigned int keybloblen) { |
297 | 297 |
298 FILE * authfile = NULL; | 298 FILE * authfile = NULL; |
299 char * filename = NULL; | 299 char * filename = NULL; |
300 int ret = DROPBEAR_FAILURE; | 300 int ret = DROPBEAR_FAILURE; |
301 buffer * line = NULL; | 301 buffer * line = NULL; |
359 TRACE(("checkpubkey: authorized_keys EOF reached")) | 359 TRACE(("checkpubkey: authorized_keys EOF reached")) |
360 break; | 360 break; |
361 } | 361 } |
362 line_num++; | 362 line_num++; |
363 | 363 |
364 if (checkpubkey_line(line, line_num, filename, | 364 ret = checkpubkey_line(line, line_num, filename, algo, algolen, keyblob, keybloblen); |
365 algo, algolen, keyblob, keybloblen) == DROPBEAR_SUCCESS) { | 365 if (ret == DROPBEAR_SUCCESS) { |
366 break; | 366 break; |
367 } | 367 } |
368 | 368 |
369 /* We continue to the next line otherwise */ | 369 /* We continue to the next line otherwise */ |
370 | 370 |