===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/Attic/bufaux.c,v
retrieving revision 1.42
retrieving revision 1.57
diff -u -r1.42 -r1.57
--- src/usr.bin/ssh/Attic/bufaux.c	2006/04/18 10:44:28	1.42
+++ src/usr.bin/ssh/Attic/bufaux.c	2014/04/16 23:22:45	1.57
@@ -1,4 +1,4 @@
-/* $OpenBSD: bufaux.c,v 1.42 2006/04/18 10:44:28 dtucker Exp $ */
+/* $OpenBSD: bufaux.c,v 1.57 2014/04/16 23:22:45 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -37,11 +37,16 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-#include "includes.h"
+#include <sys/types.h>
 
 #include <openssl/bn.h>
-#include "bufaux.h"
+
+#include <string.h>
+#include <stdarg.h>
+#include <stdlib.h>
+
 #include "xmalloc.h"
+#include "buffer.h"
 #include "log.h"
 #include "misc.h"
 
@@ -78,7 +83,8 @@
 
 	if (buffer_get_ret(buffer, (char *) buf, 4) == -1)
 		return (-1);
-	*ret = get_u32(buf);
+	if (ret != NULL)
+		*ret = get_u32(buf);
 	return (0);
 }
 
@@ -100,7 +106,8 @@
 
 	if (buffer_get_ret(buffer, (char *) buf, 8) == -1)
 		return (-1);
-	*ret = get_u64(buf);
+	if (ret != NULL)
+		*ret = get_u64(buf);
 	return (0);
 }
 
@@ -160,7 +167,10 @@
 	u_int len;
 
 	/* Get the length. */
-	len = buffer_get_int(buffer);
+	if (buffer_get_int_ret(&len, buffer) != 0) {
+		error("buffer_get_string_ret: cannot extract length");
+		return (NULL);
+	}
 	if (len > 256 * 1024) {
 		error("buffer_get_string_ret: bad string length %u", len);
 		return (NULL);
@@ -170,11 +180,11 @@
 	/* Get the string. */
 	if (buffer_get_ret(buffer, value, len) == -1) {
 		error("buffer_get_string_ret: buffer_get failed");
-		xfree(value);
+		free(value);
 		return (NULL);
 	}
 	/* Append a null character to make processing easier. */
-	value[len] = 0;
+	value[len] = '\0';
 	/* Optionally return the length of the string. */
 	if (length_ptr)
 		*length_ptr = len;
@@ -191,6 +201,68 @@
 	return (ret);
 }
 
+char *
+buffer_get_cstring_ret(Buffer *buffer, u_int *length_ptr)
+{
+	u_int length;
+	char *cp, *ret = buffer_get_string_ret(buffer, &length);
+
+	if (ret == NULL)
+		return NULL;
+	if ((cp = memchr(ret, '\0', length)) != NULL) {
+		/* XXX allow \0 at end-of-string for a while, remove later */
+		if (cp == ret + length - 1)
+			error("buffer_get_cstring_ret: string contains \\0");
+		else {
+			explicit_bzero(ret, length);
+			free(ret);
+			return NULL;
+		}
+	}
+	if (length_ptr != NULL)
+		*length_ptr = length;
+	return ret;
+}
+
+char *
+buffer_get_cstring(Buffer *buffer, u_int *length_ptr)
+{
+	char *ret;
+
+	if ((ret = buffer_get_cstring_ret(buffer, length_ptr)) == NULL)
+		fatal("buffer_get_cstring: buffer error");
+	return ret;
+}
+
+void *
+buffer_get_string_ptr_ret(Buffer *buffer, u_int *length_ptr)
+{
+	void *ptr;
+	u_int len;
+
+	if (buffer_get_int_ret(&len, buffer) != 0)
+		return NULL;
+	if (len > 256 * 1024) {
+		error("buffer_get_string_ptr: bad string length %u", len);
+		return NULL;
+	}
+	ptr = buffer_ptr(buffer);
+	buffer_consume(buffer, len);
+	if (length_ptr)
+		*length_ptr = len;
+	return (ptr);
+}
+
+void *
+buffer_get_string_ptr(Buffer *buffer, u_int *length_ptr)
+{
+	void *ret;
+
+	if ((ret = buffer_get_string_ptr_ret(buffer, length_ptr)) == NULL)
+		fatal("buffer_get_string_ptr: buffer error");
+	return (ret);
+}
+
 /*
  * Stores and arbitrary binary string in the buffer.
  */
@@ -212,7 +284,7 @@
  * Returns a character from the buffer (0 - 255).
  */
 int
-buffer_get_char_ret(char *ret, Buffer *buffer)
+buffer_get_char_ret(u_char *ret, Buffer *buffer)
 {
 	if (buffer_get_ret(buffer, ret, 1) == -1) {
 		error("buffer_get_char_ret: buffer_get_ret failed");
@@ -224,11 +296,11 @@
 int
 buffer_get_char(Buffer *buffer)
 {
-	char ch;
+	u_char ch;
 
 	if (buffer_get_char_ret(&ch, buffer) == -1)
 		fatal("buffer_get_char: buffer error");
-	return (u_char) ch;
+	return ch;
 }
 
 /*
@@ -241,3 +313,79 @@
 
 	buffer_append(buffer, &ch, 1);
 }
+
+/* Pseudo bignum functions */
+
+void *
+buffer_get_bignum2_as_string_ret(Buffer *buffer, u_int *length_ptr)
+{
+	u_int len;
+	u_char *bin, *p, *ret;
+
+	if ((p = bin = buffer_get_string_ret(buffer, &len)) == NULL) {
+		error("%s: invalid bignum", __func__);
+		return NULL;
+	}
+
+	if (len > 0 && (bin[0] & 0x80)) {
+		error("%s: negative numbers not supported", __func__);
+		free(bin);
+		return NULL;
+	}
+	if (len > 8 * 1024) {
+		error("%s: cannot handle BN of size %d", __func__, len);
+		free(bin);
+		return NULL;
+	}
+	/* Skip zero prefix on numbers with the MSB set */
+	if (len > 1 && bin[0] == 0x00 && (bin[1] & 0x80) != 0) {
+		p++;
+		len--;
+	}
+	ret = xmalloc(len);
+	memcpy(ret, p, len);
+	explicit_bzero(p, len);
+	free(bin);
+	return ret;
+}
+
+void *
+buffer_get_bignum2_as_string(Buffer *buffer, u_int *l)
+{
+	void *ret = buffer_get_bignum2_as_string_ret(buffer, l);
+
+	if (ret == NULL)
+		fatal("%s: buffer error", __func__);
+	return ret;
+}
+
+/*
+ * Stores a string using the bignum encoding rules (\0 pad if MSB set).
+ */
+void
+buffer_put_bignum2_from_string(Buffer *buffer, const u_char *s, u_int l)
+{
+	u_char *buf, *p;
+	int pad = 0;
+
+	if (l > 8 * 1024)
+		fatal("%s: length %u too long", __func__, l);
+	/* Skip leading zero bytes */
+	for (; l > 0 && *s == 0; l--, s++)
+		;
+	p = buf = xmalloc(l + 1);
+	/*
+	 * If most significant bit is set then prepend a zero byte to
+	 * avoid interpretation as a negative number.
+	 */
+	if (l > 0 && (s[0] & 0x80) != 0) {
+		*p++ = '\0';
+		pad = 1;
+	}
+	memcpy(p, s, l);
+	buffer_put_string(buffer, buf, l + pad);
+	explicit_bzero(buf, l + pad);
+	free(buf);
+}
+
+