version 1.1, 2014/04/30 05:29:56 |
version 1.2, 2014/06/18 15:42:09 |
|
|
|
|
if ((r = sshbuf_peek_string_direct(buf, &d, &len)) < 0) |
if ((r = sshbuf_peek_string_direct(buf, &d, &len)) < 0) |
return r; |
return r; |
/* Refuse negative (MSB set) and overlong bignums */ |
/* Refuse negative (MSB set) bignums */ |
if ((len != 0 && (*d & 0x80) != 0)) |
if ((len != 0 && (*d & 0x80) != 0)) |
return SSH_ERR_BIGNUM_IS_NEGATIVE; |
return SSH_ERR_BIGNUM_IS_NEGATIVE; |
if (len > SSHBUF_MAX_BIGNUM) |
/* Refuse overlong bignums, allow prepended \0 to avoid MSB set */ |
|
if (len > SSHBUF_MAX_BIGNUM + 1 || |
|
(len == SSHBUF_MAX_BIGNUM + 1 && *d != 0)) |
return SSH_ERR_BIGNUM_TOO_LARGE; |
return SSH_ERR_BIGNUM_TOO_LARGE; |
if (v != NULL && BN_bin2bn(d, len, v) == NULL) |
if (v != NULL && BN_bin2bn(d, len, v) == NULL) |
return SSH_ERR_ALLOC_FAIL; |
return SSH_ERR_ALLOC_FAIL; |
|
|
return SSH_ERR_MESSAGE_INCOMPLETE; |
return SSH_ERR_MESSAGE_INCOMPLETE; |
len_bits = PEEK_U16(d); |
len_bits = PEEK_U16(d); |
len_bytes = (len_bits + 7) >> 3; |
len_bytes = (len_bits + 7) >> 3; |
if (len_bytes > SSHBUF_MAX_BIGNUM + 1) |
if (len_bytes > SSHBUF_MAX_BIGNUM) |
return SSH_ERR_BIGNUM_TOO_LARGE; |
return SSH_ERR_BIGNUM_TOO_LARGE; |
if (sshbuf_len(buf) < 2 + len_bytes) |
if (sshbuf_len(buf) < 2 + len_bytes) |
return SSH_ERR_MESSAGE_INCOMPLETE; |
return SSH_ERR_MESSAGE_INCOMPLETE; |