comparison cli-kex.c @ 1733:d529a52b2f7c coverity coverity

merge coverity from main
author Matt Johnston <matt@ucc.asn.au>
date Fri, 26 Jun 2020 21:07:34 +0800
parents 8f93f37c01de
children 6e71440b1e47
comparison
equal deleted inserted replaced
1643:b59623a64678 1733:d529a52b2f7c
79 if (cli_ses.curve25519_param) { 79 if (cli_ses.curve25519_param) {
80 free_kexcurve25519_param(cli_ses.curve25519_param); 80 free_kexcurve25519_param(cli_ses.curve25519_param);
81 } 81 }
82 cli_ses.curve25519_param = gen_kexcurve25519_param(); 82 cli_ses.curve25519_param = gen_kexcurve25519_param();
83 } 83 }
84 buf_putstring(ses.writepayload, (const char*)cli_ses.curve25519_param->pub, CURVE25519_LEN); 84 buf_putstring(ses.writepayload, cli_ses.curve25519_param->pub, CURVE25519_LEN);
85 break; 85 break;
86 #endif 86 #endif
87 } 87 }
88 88
89 cli_ses.param_kex_algo = ses.newkeys->algo_kex; 89 cli_ses.param_kex_algo = ses.newkeys->algo_kex;
92 92
93 /* Handle a diffie-hellman key exchange reply. */ 93 /* Handle a diffie-hellman key exchange reply. */
94 void recv_msg_kexdh_reply() { 94 void recv_msg_kexdh_reply() {
95 95
96 sign_key *hostkey = NULL; 96 sign_key *hostkey = NULL;
97 unsigned int type, keybloblen; 97 unsigned int keytype, keybloblen;
98 unsigned char* keyblob = NULL; 98 unsigned char* keyblob = NULL;
99 99
100 TRACE(("enter recv_msg_kexdh_reply")) 100 TRACE(("enter recv_msg_kexdh_reply"))
101 101
102 if (cli_ses.kex_state != KEXDH_INIT_SENT) { 102 if (cli_ses.kex_state != KEXDH_INIT_SENT) {
103 dropbear_exit("Received out-of-order kexdhreply"); 103 dropbear_exit("Received out-of-order kexdhreply");
104 } 104 }
105 type = ses.newkeys->algo_hostkey; 105 keytype = ses.newkeys->algo_hostkey;
106 TRACE(("type is %d", type)) 106 TRACE(("keytype is %d", keytype))
107 107
108 hostkey = new_sign_key(); 108 hostkey = new_sign_key();
109 keybloblen = buf_getint(ses.payload); 109 keybloblen = buf_getint(ses.payload);
110 110
111 keyblob = buf_getptr(ses.payload, keybloblen); 111 keyblob = buf_getptr(ses.payload, keybloblen);
112 if (!ses.kexstate.donefirstkex) { 112 if (!ses.kexstate.donefirstkex) {
113 /* Only makes sense the first time */ 113 /* Only makes sense the first time */
114 checkhostkey(keyblob, keybloblen); 114 checkhostkey(keyblob, keybloblen);
115 } 115 }
116 116
117 if (buf_get_pub_key(ses.payload, hostkey, &type) != DROPBEAR_SUCCESS) { 117 if (buf_get_pub_key(ses.payload, hostkey, &keytype) != DROPBEAR_SUCCESS) {
118 TRACE(("failed getting pubkey")) 118 TRACE(("failed getting pubkey"))
119 dropbear_exit("Bad KEX packet"); 119 dropbear_exit("Bad KEX packet");
120 } 120 }
121 121
122 switch (ses.newkeys->algo_kex->mode) { 122 switch (ses.newkeys->algo_kex->mode) {
153 } 153 }
154 break; 154 break;
155 #endif 155 #endif
156 } 156 }
157 157
158 #if DROPBEAR_NORMAL_DH
158 if (cli_ses.dh_param) { 159 if (cli_ses.dh_param) {
159 free_kexdh_param(cli_ses.dh_param); 160 free_kexdh_param(cli_ses.dh_param);
160 cli_ses.dh_param = NULL; 161 cli_ses.dh_param = NULL;
161 } 162 }
163 #endif
162 #if DROPBEAR_ECDH 164 #if DROPBEAR_ECDH
163 if (cli_ses.ecdh_param) { 165 if (cli_ses.ecdh_param) {
164 free_kexecdh_param(cli_ses.ecdh_param); 166 free_kexecdh_param(cli_ses.ecdh_param);
165 cli_ses.ecdh_param = NULL; 167 cli_ses.ecdh_param = NULL;
166 } 168 }
171 cli_ses.curve25519_param = NULL; 173 cli_ses.curve25519_param = NULL;
172 } 174 }
173 #endif 175 #endif
174 176
175 cli_ses.param_kex_algo = NULL; 177 cli_ses.param_kex_algo = NULL;
176 if (buf_verify(ses.payload, hostkey, ses.hash) != DROPBEAR_SUCCESS) { 178 if (buf_verify(ses.payload, hostkey, ses.newkeys->algo_signature,
179 ses.hash) != DROPBEAR_SUCCESS) {
177 dropbear_exit("Bad hostkey signature"); 180 dropbear_exit("Bad hostkey signature");
178 } 181 }
179 182
180 sign_key_free(hostkey); 183 sign_key_free(hostkey);
181 hostkey = NULL; 184 hostkey = NULL;
408 if (line != NULL) { 411 if (line != NULL) {
409 buf_free(line); 412 buf_free(line);
410 } 413 }
411 m_free(fingerprint); 414 m_free(fingerprint);
412 } 415 }
416
417 void recv_msg_ext_info(void) {
418 /* This message is not client-specific in the protocol but Dropbear only handles
419 a server-sent message at present. */
420 unsigned int num_ext;
421 unsigned int i;
422
423 TRACE(("enter recv_msg_ext_info"))
424
425 /* Must be after the first SSH_MSG_NEWKEYS */
426 TRACE(("last %d, donefirst %d, donescond %d", ses.lastpacket, ses.kexstate.donefirstkex, ses.kexstate.donesecondkex))
427 if (!(ses.lastpacket == SSH_MSG_NEWKEYS && !ses.kexstate.donesecondkex)) {
428 TRACE(("leave recv_msg_ext_info: ignoring packet received at the wrong time"))
429 return;
430 }
431
432 num_ext = buf_getint(ses.payload);
433 TRACE(("received SSH_MSG_EXT_INFO with %d items", num_ext))
434
435 for (i = 0; i < num_ext; i++) {
436 unsigned int name_len;
437 char *ext_name = buf_getstring(ses.payload, &name_len);
438 TRACE(("extension %d name '%s'", i, ext_name))
439 if (cli_ses.server_sig_algs == NULL
440 && name_len == strlen(SSH_SERVER_SIG_ALGS)
441 && strcmp(ext_name, SSH_SERVER_SIG_ALGS) == 0) {
442 cli_ses.server_sig_algs = buf_getbuf(ses.payload);
443 } else {
444 /* valid extension values could be >MAX_STRING_LEN */
445 buf_eatstring(ses.payload);
446 }
447 m_free(ext_name);
448 }
449 TRACE(("leave recv_msg_ext_info"))
450 }