version 1.3, 2015/01/12 15:18:07 |
version 1.4, 2015/01/14 15:02:39 |
|
|
size_t len; |
size_t len; |
int r; |
int r; |
|
|
if ((r = sshbuf_peek_string_direct(buf, &d, &len)) < 0) |
if ((r = sshbuf_get_bignum2_bytes_direct(buf, &d, &len)) != 0) |
return r; |
return r; |
/* Refuse negative (MSB set) bignums */ |
|
if ((len != 0 && (*d & 0x80) != 0)) |
|
return SSH_ERR_BIGNUM_IS_NEGATIVE; |
|
/* Refuse overlong bignums, allow prepended \0 to avoid MSB set */ |
|
if (len > SSHBUF_MAX_BIGNUM + 1 || |
|
(len == SSHBUF_MAX_BIGNUM + 1 && *d != 0)) |
|
return SSH_ERR_BIGNUM_TOO_LARGE; |
|
if (v != NULL && BN_bin2bn(d, len, v) == NULL) |
if (v != NULL && BN_bin2bn(d, len, v) == NULL) |
return SSH_ERR_ALLOC_FAIL; |
return SSH_ERR_ALLOC_FAIL; |
/* Consume the string */ |
|
if (sshbuf_get_string_direct(buf, NULL, NULL) != 0) { |
|
/* Shouldn't happen */ |
|
SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR")); |
|
SSHBUF_ABORT(); |
|
return SSH_ERR_INTERNAL_ERROR; |
|
} |
|
return 0; |
return 0; |
} |
} |
|
|