=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/Attic/auth-rsa.c,v retrieving revision 1.60 retrieving revision 1.60.2.2 diff -u -r1.60 -r1.60.2.2 --- src/usr.bin/ssh/Attic/auth-rsa.c 2004/06/21 17:36:31 1.60 +++ src/usr.bin/ssh/Attic/auth-rsa.c 2005/09/02 03:44:59 1.60.2.2 @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rsa.c,v 1.60 2004/06/21 17:36:31 avsm Exp $"); +RCSID("$OpenBSD: auth-rsa.c,v 1.60.2.2 2005/09/02 03:44:59 brad Exp $"); #include #include @@ -33,6 +33,7 @@ #include "hostfile.h" #include "monitor_wrap.h" #include "ssh.h" +#include "misc.h" /* import */ extern ServerOptions options; @@ -49,7 +50,7 @@ * options bits e n comment * where bits, e and n are decimal numbers, * and comment is any string of characters up to newline. The maximum - * length of a line is 8000 characters. See the documentation for a + * length of a line is SSH_MAX_PUBKEY_BYTES characters. See sshd(8) for a * description of the options. */ @@ -152,7 +153,7 @@ int auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) { - char line[8192], *file; + char line[SSH_MAX_PUBKEY_BYTES], *file; int allowed = 0; u_int bits; FILE *f; @@ -201,12 +202,11 @@ * found, perform a challenge-response dialog to verify that the * user really has the corresponding private key. */ - while (fgets(line, sizeof(line), f)) { + while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { char *cp; char *key_options; + int keybits; - linenum++; - /* Skip leading whitespace, empty and comment lines. */ for (cp = line; *cp == ' ' || *cp == '\t'; cp++) ; @@ -244,7 +244,8 @@ continue; /* check the real bits */ - if (bits != BN_num_bits(key->rsa->n)) + keybits = BN_num_bits(key->rsa->n); + if (keybits < 0 || bits != (u_int)keybits) logit("Warning: %s, line %lu: keysize mismatch: " "actual %d vs. announced %d.", file, linenum, BN_num_bits(key->rsa->n), bits);