version 1.106, 2010/03/07 11:57:13 |
version 1.107, 2010/07/13 11:52:06 |
|
|
{ |
{ |
/* make sure key is allowed */ |
/* make sure key is allowed */ |
if (key_blob == NULL || key_bloblen != bloblen || |
if (key_blob == NULL || key_bloblen != bloblen || |
memcmp(key_blob, blob, key_bloblen)) |
timing_safe_cmp(key_blob, blob, key_bloblen)) |
return (0); |
return (0); |
return (1); |
return (1); |
} |
} |
|
|
len = buffer_len(&b); |
len = buffer_len(&b); |
if ((session_id2 == NULL) || |
if ((session_id2 == NULL) || |
(len < session_id2_len) || |
(len < session_id2_len) || |
(memcmp(p, session_id2, session_id2_len) != 0)) |
(timing_safe_cmp(p, session_id2, session_id2_len) != 0)) |
fail++; |
fail++; |
buffer_consume(&b, session_id2_len); |
buffer_consume(&b, session_id2_len); |
} else { |
} else { |
p = buffer_get_string(&b, &len); |
p = buffer_get_string(&b, &len); |
if ((session_id2 == NULL) || |
if ((session_id2 == NULL) || |
(len != session_id2_len) || |
(len != session_id2_len) || |
(memcmp(p, session_id2, session_id2_len) != 0)) |
(timing_safe_cmp(p, session_id2, session_id2_len) != 0)) |
fail++; |
fail++; |
xfree(p); |
xfree(p); |
} |
} |
|
|
p = buffer_get_string(&b, &len); |
p = buffer_get_string(&b, &len); |
if ((session_id2 == NULL) || |
if ((session_id2 == NULL) || |
(len != session_id2_len) || |
(len != session_id2_len) || |
(memcmp(p, session_id2, session_id2_len) != 0)) |
(timing_safe_cmp(p, session_id2, session_id2_len) != 0)) |
fail++; |
fail++; |
xfree(p); |
xfree(p); |
|
|
|
|
|
|
kex = xcalloc(1, sizeof(*kex)); |
kex = xcalloc(1, sizeof(*kex)); |
kex->session_id = buffer_get_string(m, &kex->session_id_len); |
kex->session_id = buffer_get_string(m, &kex->session_id_len); |
if ((session_id2 == NULL) || |
if (session_id2 == NULL || |
(kex->session_id_len != session_id2_len) || |
kex->session_id_len != session_id2_len || |
(memcmp(kex->session_id, session_id2, session_id2_len) != 0)) |
timing_safe_cmp(kex->session_id, session_id2, session_id2_len) != 0) |
fatal("mm_get_get: internal error: bad session id"); |
fatal("mm_get_get: internal error: bad session id"); |
kex->we_need = buffer_get_int(m); |
kex->we_need = buffer_get_int(m); |
kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; |
kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; |