=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/Attic/bufaux.c,v retrieving revision 1.26 retrieving revision 1.29.2.1 diff -u -r1.26 -r1.29.2.1 --- src/usr.bin/ssh/Attic/bufaux.c 2002/06/23 09:46:51 1.26 +++ src/usr.bin/ssh/Attic/bufaux.c 2004/02/28 03:51:32 1.29.2.1 @@ -37,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: bufaux.c,v 1.26 2002/06/23 09:46:51 deraadt Exp $"); +RCSID("$OpenBSD: bufaux.c,v 1.29.2.1 2004/02/28 03:51:32 brad Exp $"); #include #include "bufaux.h" @@ -50,7 +50,7 @@ * by (bits+7)/8 bytes of binary data, msb first. */ void -buffer_put_bignum(Buffer *buffer, BIGNUM *value) +buffer_put_bignum(Buffer *buffer, const BIGNUM *value) { int bits = BN_num_bits(value); int bin_size = (bits + 7) / 8; @@ -80,7 +80,7 @@ void buffer_get_bignum(Buffer *buffer, BIGNUM *value) { - int bits, bytes; + u_int bits, bytes; u_char buf[2], *bin; /* Get the number for bits. */ @@ -88,6 +88,8 @@ bits = GET_16BIT(buf); /* Compute the number of binary bytes that follow. */ bytes = (bits + 7) / 8; + if (bytes > 8 * 1024) + fatal("buffer_get_bignum: cannot handle BN of size %d", bytes); if (buffer_len(buffer) < bytes) fatal("buffer_get_bignum: input buffer too small"); bin = buffer_ptr(buffer); @@ -99,31 +101,30 @@ * Stores an BIGNUM in the buffer in SSH2 format. */ void -buffer_put_bignum2(Buffer *buffer, BIGNUM *value) +buffer_put_bignum2(Buffer *buffer, const BIGNUM *value) { - int bytes = BN_num_bytes(value) + 1; - u_char *buf = xmalloc(bytes); + u_int bytes; + u_char *buf; int oi; - int hasnohigh = 0; + u_int hasnohigh = 0; + if (BN_is_zero(value)) { + buffer_put_int(buffer, 0); + return; + } + if (value->neg) + fatal("buffer_put_bignum2: negative numbers not supported"); + bytes = BN_num_bytes(value) + 1; /* extra padding byte */ + if (bytes < 2) + fatal("buffer_put_bignum2: BN too small"); + buf = xmalloc(bytes); buf[0] = '\0'; /* Get the value of in binary */ oi = BN_bn2bin(value, buf+1); if (oi != bytes-1) - fatal("buffer_put_bignum: BN_bn2bin() failed: oi %d != bin_size %d", - oi, bytes); + fatal("buffer_put_bignum2: BN_bn2bin() failed: " + "oi %d != bin_size %d", oi, bytes); hasnohigh = (buf[1] & 0x80) ? 0 : 1; - if (value->neg) { - /**XXX should be two's-complement */ - int i, carry; - u_char *uc = buf; - log("negativ!"); - for (i = bytes-1, carry = 1; i>=0; i--) { - uc[i] ^= 0xff; - if (carry) - carry = !++uc[i]; - } - } buffer_put_string(buffer, buf+hasnohigh, bytes-hasnohigh); memset(buf, 0, bytes); xfree(buf); @@ -132,13 +133,17 @@ void buffer_get_bignum2(Buffer *buffer, BIGNUM *value) { - /**XXX should be two's-complement */ - int len; - u_char *bin = buffer_get_string(buffer, (u_int *)&len); + u_int len; + u_char *bin = buffer_get_string(buffer, &len); + if (len > 0 && (bin[0] & 0x80)) + fatal("buffer_get_bignum2: negative numbers not supported"); + if (len > 8 * 1024) + fatal("buffer_get_bignum2: cannot handle BN of size %d", len); BN_bin2bn(bin, len, value); xfree(bin); } + /* * Returns integers from the buffer (msb first). */ @@ -217,7 +222,7 @@ /* Get the length. */ len = buffer_get_int(buffer); if (len > 256 * 1024) - fatal("buffer_get_string: bad string length %d", len); + fatal("buffer_get_string: bad string length %u", len); /* Allocate space for the string. Add one byte for a null character. */ value = xmalloc(len + 1); /* Get the string. */