| version 1.232, 2016/07/15 05:01:58 |
version 1.233, 2016/07/18 06:08:01 |
|
|
| { |
{ |
| struct session_state *state = ssh->state; |
struct session_state *state = ssh->state; |
| u_char type, *cp, macbuf[SSH_DIGEST_MAX_LENGTH]; |
u_char type, *cp, macbuf[SSH_DIGEST_MAX_LENGTH]; |
| u_char padlen, pad = 0; |
u_char tmp, padlen, pad = 0; |
| u_int authlen = 0, aadlen = 0; |
u_int authlen = 0, aadlen = 0; |
| u_int len; |
u_int len; |
| struct sshenc *enc = NULL; |
struct sshenc *enc = NULL; |
|
|
| if (padlen < 4) |
if (padlen < 4) |
| padlen += block_size; |
padlen += block_size; |
| if (state->extra_pad) { |
if (state->extra_pad) { |
| /* will wrap if extra_pad+padlen > 255 */ |
tmp = state->extra_pad; |
| state->extra_pad = |
state->extra_pad = |
| roundup(state->extra_pad, block_size); |
roundup(state->extra_pad, block_size); |
| pad = state->extra_pad - |
/* check if roundup overflowed */ |
| ((len + padlen) % state->extra_pad); |
if (state->extra_pad < tmp) |
| |
return SSH_ERR_INVALID_ARGUMENT; |
| |
tmp = (len + padlen) % state->extra_pad; |
| |
/* Check whether pad calculation below will underflow */ |
| |
if (tmp > state->extra_pad) |
| |
return SSH_ERR_INVALID_ARGUMENT; |
| |
pad = state->extra_pad - tmp; |
| DBG(debug3("%s: adding %d (len %d padlen %d extra_pad %d)", |
DBG(debug3("%s: adding %d (len %d padlen %d extra_pad %d)", |
| __func__, pad, len, padlen, state->extra_pad)); |
__func__, pad, len, padlen, state->extra_pad)); |
| |
tmp = padlen; |
| padlen += pad; |
padlen += pad; |
| |
/* Check whether padlen calculation overflowed */ |
| |
if (padlen < tmp) |
| |
return SSH_ERR_INVALID_ARGUMENT; /* overflow */ |
| state->extra_pad = 0; |
state->extra_pad = 0; |
| } |
} |
| if ((r = sshbuf_reserve(state->outgoing_packet, padlen, &cp)) != 0) |
if ((r = sshbuf_reserve(state->outgoing_packet, padlen, &cp)) != 0) |
![[BACK]](/icons/back.gif){kind=icon}
Return to packet.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh