Mercurial > dropbear
comparison cli-kex.c @ 1733:d529a52b2f7c coverity coverity
merge coverity from main
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Fri, 26 Jun 2020 21:07:34 +0800 |
| parents | 8f93f37c01de |
| children | 6e71440b1e47 |
comparison
equal
deleted
inserted
replaced
| 1643:b59623a64678 | 1733:d529a52b2f7c |
|---|---|
| 79 if (cli_ses.curve25519_param) { | 79 if (cli_ses.curve25519_param) { |
| 80 free_kexcurve25519_param(cli_ses.curve25519_param); | 80 free_kexcurve25519_param(cli_ses.curve25519_param); |
| 81 } | 81 } |
| 82 cli_ses.curve25519_param = gen_kexcurve25519_param(); | 82 cli_ses.curve25519_param = gen_kexcurve25519_param(); |
| 83 } | 83 } |
| 84 buf_putstring(ses.writepayload, (const char*)cli_ses.curve25519_param->pub, CURVE25519_LEN); | 84 buf_putstring(ses.writepayload, cli_ses.curve25519_param->pub, CURVE25519_LEN); |
| 85 break; | 85 break; |
| 86 #endif | 86 #endif |
| 87 } | 87 } |
| 88 | 88 |
| 89 cli_ses.param_kex_algo = ses.newkeys->algo_kex; | 89 cli_ses.param_kex_algo = ses.newkeys->algo_kex; |
| 92 | 92 |
| 93 /* Handle a diffie-hellman key exchange reply. */ | 93 /* Handle a diffie-hellman key exchange reply. */ |
| 94 void recv_msg_kexdh_reply() { | 94 void recv_msg_kexdh_reply() { |
| 95 | 95 |
| 96 sign_key *hostkey = NULL; | 96 sign_key *hostkey = NULL; |
| 97 unsigned int type, keybloblen; | 97 unsigned int keytype, keybloblen; |
| 98 unsigned char* keyblob = NULL; | 98 unsigned char* keyblob = NULL; |
| 99 | 99 |
| 100 TRACE(("enter recv_msg_kexdh_reply")) | 100 TRACE(("enter recv_msg_kexdh_reply")) |
| 101 | 101 |
| 102 if (cli_ses.kex_state != KEXDH_INIT_SENT) { | 102 if (cli_ses.kex_state != KEXDH_INIT_SENT) { |
| 103 dropbear_exit("Received out-of-order kexdhreply"); | 103 dropbear_exit("Received out-of-order kexdhreply"); |
| 104 } | 104 } |
| 105 type = ses.newkeys->algo_hostkey; | 105 keytype = ses.newkeys->algo_hostkey; |
| 106 TRACE(("type is %d", type)) | 106 TRACE(("keytype is %d", keytype)) |
| 107 | 107 |
| 108 hostkey = new_sign_key(); | 108 hostkey = new_sign_key(); |
| 109 keybloblen = buf_getint(ses.payload); | 109 keybloblen = buf_getint(ses.payload); |
| 110 | 110 |
| 111 keyblob = buf_getptr(ses.payload, keybloblen); | 111 keyblob = buf_getptr(ses.payload, keybloblen); |
| 112 if (!ses.kexstate.donefirstkex) { | 112 if (!ses.kexstate.donefirstkex) { |
| 113 /* Only makes sense the first time */ | 113 /* Only makes sense the first time */ |
| 114 checkhostkey(keyblob, keybloblen); | 114 checkhostkey(keyblob, keybloblen); |
| 115 } | 115 } |
| 116 | 116 |
| 117 if (buf_get_pub_key(ses.payload, hostkey, &type) != DROPBEAR_SUCCESS) { | 117 if (buf_get_pub_key(ses.payload, hostkey, &keytype) != DROPBEAR_SUCCESS) { |
| 118 TRACE(("failed getting pubkey")) | 118 TRACE(("failed getting pubkey")) |
| 119 dropbear_exit("Bad KEX packet"); | 119 dropbear_exit("Bad KEX packet"); |
| 120 } | 120 } |
| 121 | 121 |
| 122 switch (ses.newkeys->algo_kex->mode) { | 122 switch (ses.newkeys->algo_kex->mode) { |
| 153 } | 153 } |
| 154 break; | 154 break; |
| 155 #endif | 155 #endif |
| 156 } | 156 } |
| 157 | 157 |
| 158 #if DROPBEAR_NORMAL_DH | |
| 158 if (cli_ses.dh_param) { | 159 if (cli_ses.dh_param) { |
| 159 free_kexdh_param(cli_ses.dh_param); | 160 free_kexdh_param(cli_ses.dh_param); |
| 160 cli_ses.dh_param = NULL; | 161 cli_ses.dh_param = NULL; |
| 161 } | 162 } |
| 163 #endif | |
| 162 #if DROPBEAR_ECDH | 164 #if DROPBEAR_ECDH |
| 163 if (cli_ses.ecdh_param) { | 165 if (cli_ses.ecdh_param) { |
| 164 free_kexecdh_param(cli_ses.ecdh_param); | 166 free_kexecdh_param(cli_ses.ecdh_param); |
| 165 cli_ses.ecdh_param = NULL; | 167 cli_ses.ecdh_param = NULL; |
| 166 } | 168 } |
| 171 cli_ses.curve25519_param = NULL; | 173 cli_ses.curve25519_param = NULL; |
| 172 } | 174 } |
| 173 #endif | 175 #endif |
| 174 | 176 |
| 175 cli_ses.param_kex_algo = NULL; | 177 cli_ses.param_kex_algo = NULL; |
| 176 if (buf_verify(ses.payload, hostkey, ses.hash) != DROPBEAR_SUCCESS) { | 178 if (buf_verify(ses.payload, hostkey, ses.newkeys->algo_signature, |
| 179 ses.hash) != DROPBEAR_SUCCESS) { | |
| 177 dropbear_exit("Bad hostkey signature"); | 180 dropbear_exit("Bad hostkey signature"); |
| 178 } | 181 } |
| 179 | 182 |
| 180 sign_key_free(hostkey); | 183 sign_key_free(hostkey); |
| 181 hostkey = NULL; | 184 hostkey = NULL; |
| 408 if (line != NULL) { | 411 if (line != NULL) { |
| 409 buf_free(line); | 412 buf_free(line); |
| 410 } | 413 } |
| 411 m_free(fingerprint); | 414 m_free(fingerprint); |
| 412 } | 415 } |
| 416 | |
| 417 void recv_msg_ext_info(void) { | |
| 418 /* This message is not client-specific in the protocol but Dropbear only handles | |
| 419 a server-sent message at present. */ | |
| 420 unsigned int num_ext; | |
| 421 unsigned int i; | |
| 422 | |
| 423 TRACE(("enter recv_msg_ext_info")) | |
| 424 | |
| 425 /* Must be after the first SSH_MSG_NEWKEYS */ | |
| 426 TRACE(("last %d, donefirst %d, donescond %d", ses.lastpacket, ses.kexstate.donefirstkex, ses.kexstate.donesecondkex)) | |
| 427 if (!(ses.lastpacket == SSH_MSG_NEWKEYS && !ses.kexstate.donesecondkex)) { | |
| 428 TRACE(("leave recv_msg_ext_info: ignoring packet received at the wrong time")) | |
| 429 return; | |
| 430 } | |
| 431 | |
| 432 num_ext = buf_getint(ses.payload); | |
| 433 TRACE(("received SSH_MSG_EXT_INFO with %d items", num_ext)) | |
| 434 | |
| 435 for (i = 0; i < num_ext; i++) { | |
| 436 unsigned int name_len; | |
| 437 char *ext_name = buf_getstring(ses.payload, &name_len); | |
| 438 TRACE(("extension %d name '%s'", i, ext_name)) | |
| 439 if (cli_ses.server_sig_algs == NULL | |
| 440 && name_len == strlen(SSH_SERVER_SIG_ALGS) | |
| 441 && strcmp(ext_name, SSH_SERVER_SIG_ALGS) == 0) { | |
| 442 cli_ses.server_sig_algs = buf_getbuf(ses.payload); | |
| 443 } else { | |
| 444 /* valid extension values could be >MAX_STRING_LEN */ | |
| 445 buf_eatstring(ses.payload); | |
| 446 } | |
| 447 m_free(ext_name); | |
| 448 } | |
| 449 TRACE(("leave recv_msg_ext_info")) | |
| 450 } |