unsigned char *data = (unsigned char *)vdata;
unsigned char *start = data;
struct conf_entry *entry;
- int primary, used;
+ unsigned primary;
+ int used;
unsigned char *zero;
while (maxsize >= 4) {
primary = GET_32BIT_MSB_FIRST(data);
data += 4, maxsize -= 4;
- if ((unsigned)primary >= N_CONFIG_OPTIONS)
+ if (primary >= N_CONFIG_OPTIONS)
break;
entry = snew(struct conf_entry);
sfree(entry);
goto done;
}
- entry->key.secondary.i = GET_32BIT_MSB_FIRST(data);
+ entry->key.secondary.i = toint(GET_32BIT_MSB_FIRST(data));
data += 4, maxsize -= 4;
break;
case TYPE_STR:
sfree(entry);
goto done;
}
- entry->value.u.intval = GET_32BIT_MSB_FIRST(data);
+ entry->value.u.intval = toint(GET_32BIT_MSB_FIRST(data));
data += 4, maxsize -= 4;
break;
case TYPE_STR:
if (len < 4)
goto error;
- bytes = GET_32BIT(d);
+ bytes = toint(GET_32BIT(d));
if (bytes < 0 || len-4 < bytes)
goto error;
struct mpint_pos n, e, d, p, q, iqmp, dmp1, dmq1;
Bignum bd, bp, bq, bdmp1, bdmq1;
+ /*
+ * These blobs were generated from inside PuTTY, so we needn't
+ * treat them as untrusted.
+ */
pos = 4 + GET_32BIT(pubblob);
pos += ssh2_read_mpint(pubblob+pos, publen-pos, &e);
pos += ssh2_read_mpint(pubblob+pos, publen-pos, &n);
int pos;
struct mpint_pos p, q, g, y, x;
+ /*
+ * These blobs were generated from inside PuTTY, so we needn't
+ * treat them as untrusted.
+ */
pos = 4 + GET_32BIT(pubblob);
pos += ssh2_read_mpint(pubblob+pos, publen-pos, &p);
pos += ssh2_read_mpint(pubblob+pos, publen-pos, &q);
pos = 8;
if (key->keyblob_len < pos+4)
goto done; /* key is far too short */
- pos += 4 + GET_32BIT(key->keyblob + pos); /* skip key type */
- if (key->keyblob_len < pos+4)
+ len = toint(GET_32BIT(key->keyblob + pos));
+ if (len < 0 || len > key->keyblob_len - pos - 4)
goto done; /* key is far too short */
- len = GET_32BIT(key->keyblob + pos); /* find cipher-type length */
- if (key->keyblob_len < pos+4+len)
+ pos += 4 + len; /* skip key type */
+ len = toint(GET_32BIT(key->keyblob + pos)); /* find cipher-type length */
+ if (len < 0 || len > key->keyblob_len - pos - 4)
goto done; /* cipher type string is incomplete */
if (len != 4 || 0 != memcmp(key->keyblob + pos + 4, "none", 4))
answer = 1;
static int sshcom_read_mpint(void *data, int len, struct mpint_pos *ret)
{
- int bits;
- int bytes;
+ unsigned bits, bytes;
unsigned char *d = (unsigned char *) data;
if (len < 4)
*/
pos = 8;
if (key->keyblob_len < pos+4 ||
- (len = GET_32BIT(key->keyblob + pos)) > key->keyblob_len - pos - 4) {
+ (len = toint(GET_32BIT(key->keyblob + pos))) < 0 ||
+ len > key->keyblob_len - pos - 4) {
errmsg = "key blob does not contain a key type string";
goto error;
}
* Determine the cipher type.
*/
if (key->keyblob_len < pos+4 ||
- (len = GET_32BIT(key->keyblob + pos)) > key->keyblob_len - pos - 4) {
+ (len = toint(GET_32BIT(key->keyblob + pos))) < 0 ||
+ len > key->keyblob_len - pos - 4) {
errmsg = "key blob does not contain a cipher type string";
goto error;
}
* Get hold of the encrypted part of the key.
*/
if (key->keyblob_len < pos+4 ||
- (len = GET_32BIT(key->keyblob + pos)) > key->keyblob_len - pos - 4) {
+ (len = toint(GET_32BIT(key->keyblob + pos))) < 0 ||
+ len > key->keyblob_len - pos - 4) {
errmsg = "key blob does not contain actual key data";
goto error;
}
/*
* Strip away the containing string to get to the real meat.
*/
- len = GET_32BIT(ciphertext);
+ len = toint(GET_32BIT(ciphertext));
if (len < 0 || len > cipherlen-4) {
errmsg = "containing string was ill-formed";
goto error;
int pos;
struct mpint_pos n, e, d, p, q, iqmp;
+ /*
+ * These blobs were generated from inside PuTTY, so we needn't
+ * treat them as untrusted.
+ */
pos = 4 + GET_32BIT(pubblob);
pos += ssh2_read_mpint(pubblob+pos, publen-pos, &e);
pos += ssh2_read_mpint(pubblob+pos, publen-pos, &n);
int pos;
struct mpint_pos p, q, g, y, x;
+ /*
+ * These blobs were generated from inside PuTTY, so we needn't
+ * treat them as untrusted.
+ */
pos = 4 + GET_32BIT(pubblob);
pos += ssh2_read_mpint(pubblob+pos, publen-pos, &p);
pos += ssh2_read_mpint(pubblob+pos, publen-pos, &q);
}
}
+int toint(unsigned u)
+{
+ /*
+ * Convert an unsigned to an int, without running into the
+ * undefined behaviour which happens by the strict C standard if
+ * the value overflows. You'd hope that sensible compilers would
+ * do the sensible thing in response to a cast, but actually I
+ * don't trust modern compilers not to do silly things like
+ * assuming that _obviously_ you wouldn't have caused an overflow
+ * and so they can elide an 'if (i < 0)' test immediately after
+ * the cast.
+ *
+ * Sensible compilers ought of course to optimise this entire
+ * function into 'just return the input value'!
+ */
+ if (u <= (unsigned)INT_MAX)
+ return (int)u;
+ else if (u >= (unsigned)INT_MIN) /* wrap in cast _to_ unsigned is OK */
+ return INT_MIN + (int)(u - (unsigned)INT_MIN);
+ else
+ return INT_MIN; /* fallback; should never occur on binary machines */
+}
+
/*
* Do an sprintf(), but into a custom-allocated buffer.
*
char *dupvprintf(const char *fmt, va_list ap);
void burnstr(char *string);
+int toint(unsigned);
+
char *fgetline(FILE *fp);
void base64_encode_atom(unsigned char *data, int n, char *out);
*p = NULL;
if (pkt->length - pkt->savedpos < 4)
return 0;
- *length = GET_32BIT(pkt->data + pkt->savedpos);
+ *length = toint(GET_32BIT(pkt->data + pkt->savedpos));
pkt->savedpos += 4;
if ((int)(pkt->length - pkt->savedpos) < *length || *length < 0) {
*length = 0;
/* See if that gives us a valid packet. */
if (ssh->scmac->verresult(ssh->sc_mac_ctx,
st->pktin->data + st->packetlen) &&
- (st->len = GET_32BIT(st->pktin->data)) + 4 == st->packetlen)
+ ((st->len = toint(GET_32BIT(st->pktin->data))) ==
+ st->packetlen-4))
break;
if (st->packetlen >= OUR_V2_PACKETLIMIT) {
bombout(("No valid incoming packet found"));
/*
* Now get the length figure.
*/
- st->len = GET_32BIT(st->pktin->data);
+ st->len = toint(GET_32BIT(st->pktin->data));
/*
* _Completely_ silly lengths should be stomped on before they
*length = 0;
if (pkt->length - pkt->savedpos < 4)
return;
- len = GET_32BIT(pkt->body + pkt->savedpos);
+ len = toint(GET_32BIT(pkt->body + pkt->savedpos));
if (len < 0)
return;
*length = len;
* See if this is in fact an ssh-rsa signature and a buggy
* server; otherwise we can just do this the easy way.
*/
- if ((ssh->remote_bugs & BUG_SSH2_RSA_PADDING) &&
+ if ((ssh->remote_bugs & BUG_SSH2_RSA_PADDING) && pkblob_len > 4+7+4 &&
(GET_32BIT(pkblob) == 7 && !memcmp(pkblob+4, "ssh-rsa", 7))) {
int pos, len, siglen;
*/
pos = 4+7; /* skip over "ssh-rsa" */
- pos += 4 + GET_32BIT(pkblob+pos); /* skip over exponent */
- len = GET_32BIT(pkblob+pos); /* find length of modulus */
+ len = toint(GET_32BIT(pkblob+pos)); /* get length of exponent */
+ if (len < 0 || len > pkblob_len - pos - 4)
+ goto give_up;
+ pos += 4 + len; /* skip over exponent */
+ if (pkblob_len - pos < 4)
+ goto give_up;
+ len = toint(GET_32BIT(pkblob+pos)); /* find length of modulus */
+ if (len < 0 || len > pkblob_len - pos - 4)
+ goto give_up;
pos += 4; /* find modulus itself */
while (len > 0 && pkblob[pos] == 0)
len--, pos++;
* Now find the signature integer.
*/
pos = 4+7; /* skip over "ssh-rsa" */
- siglen = GET_32BIT(sigblob+pos);
+ if (sigblob_len < pos+4)
+ goto give_up;
+ siglen = toint(GET_32BIT(sigblob+pos));
+ if (siglen != sigblob_len - pos - 4)
+ goto give_up;
/* debug(("signature length is %d\n", siglen)); */
if (len != siglen) {
return;
}
- /* Otherwise fall through and do it the easy way. */
+ /* Otherwise fall through and do it the easy way. We also come
+ * here as a fallback if we discover above that the key blob
+ * is misformatted in some way. */
+ give_up:;
}
ssh2_pkt_addstring_start(pkt);
if (s->response && s->responselen >= 5 &&
s->response[4] == SSH1_AGENT_RSA_IDENTITIES_ANSWER) {
s->p = s->response + 5;
- s->nkeys = GET_32BIT(s->p);
+ s->nkeys = toint(GET_32BIT(s->p));
+ if (s->nkeys < 0) {
+ logeventf(ssh, "Pageant reported negative key count %d",
+ s->nkeys);
+ s->nkeys = 0;
+ }
s->p += 4;
logeventf(ssh, "Pageant has %d SSH-1 keys", s->nkeys);
for (s->keyi = 0; s->keyi < s->nkeys; s->keyi++) {
int n, ok = FALSE;
do { /* do while (0) to make breaking easy */
n = ssh1_read_bignum
- (s->p, s->responselen-(s->p-s->response),
+ (s->p, toint(s->responselen-(s->p-s->response)),
&s->key.exponent);
if (n < 0)
break;
s->p += n;
n = ssh1_read_bignum
- (s->p, s->responselen-(s->p-s->response),
+ (s->p, toint(s->responselen-(s->p-s->response)),
&s->key.modulus);
if (n < 0)
- break;
+ break;
s->p += n;
if (s->responselen - (s->p-s->response) < 4)
break;
- s->commentlen = GET_32BIT(s->p);
+ s->commentlen = toint(GET_32BIT(s->p));
s->p += 4;
- if (s->responselen - (s->p-s->response) <
+ if (s->commentlen < 0 ||
+ toint(s->responselen - (s->p-s->response)) <
s->commentlen)
break;
s->commentp = (char *)s->p;
is_int = FALSE;
} else {
int maybe_int = FALSE, maybe_str = FALSE;
-#define CHECK_HYPOTHESIS(offset, result) \
- do { \
- long q = offset; \
- if (q >= 0 && q+4 <= len) { \
- q = q + 4 + GET_32BIT(p+q); \
- if (q >= 0 && q+4 <= len && \
- ((q = q + 4 + GET_32BIT(p+q))!= 0) && q == len) \
- result = TRUE; \
- } \
- } while(0)
+#define CHECK_HYPOTHESIS(offset, result) \
+ do \
+ { \
+ int q = toint(offset); \
+ if (q >= 0 && q+4 <= len) { \
+ q = toint(q + 4 + GET_32BIT(p+q)); \
+ if (q >= 0 && q+4 <= len && \
+ ((q = toint(q + 4 + GET_32BIT(p+q))) != 0) && \
+ q == len) \
+ result = TRUE; \
+ } \
+ } while(0)
CHECK_HYPOTHESIS(4+1, maybe_int);
CHECK_HYPOTHESIS(4+num+1, maybe_str);
#undef CHECK_HYPOTHESIS
int keyi;
unsigned char *p;
p = s->agent_response + 5;
- s->nkeys = GET_32BIT(p);
+ s->nkeys = toint(GET_32BIT(p));
+
+ /*
+ * Vet the Pageant response to ensure that the key
+ * count and blob lengths make sense.
+ */
+ if (s->nkeys < 0) {
+ logeventf(ssh, "Pageant response contained a negative"
+ " key count %d", s->nkeys);
+ s->nkeys = 0;
+ goto done_agent_query;
+ } else {
+ unsigned char *q = p + 4;
+ int lenleft = s->agent_responselen - 5 - 4;
+
+ for (keyi = 0; keyi < s->nkeys; keyi++) {
+ int bloblen, commentlen;
+ if (lenleft < 4) {
+ logeventf(ssh, "Pageant response was truncated");
+ s->nkeys = 0;
+ goto done_agent_query;
+ }
+ bloblen = toint(GET_32BIT(q));
+ if (bloblen < 0 || bloblen > lenleft) {
+ logeventf(ssh, "Pageant response was truncated");
+ s->nkeys = 0;
+ goto done_agent_query;
+ }
+ lenleft -= 4 + bloblen;
+ q += 4 + bloblen;
+ commentlen = toint(GET_32BIT(q));
+ if (commentlen < 0 || commentlen > lenleft) {
+ logeventf(ssh, "Pageant response was truncated");
+ s->nkeys = 0;
+ goto done_agent_query;
+ }
+ lenleft -= 4 + commentlen;
+ q += 4 + commentlen;
+ }
+ }
+
p += 4;
logeventf(ssh, "Pageant has %d SSH-2 keys", s->nkeys);
if (s->publickey_blob) {
/* See if configured key is in agent. */
for (keyi = 0; keyi < s->nkeys; keyi++) {
- s->pklen = GET_32BIT(p);
+ s->pklen = toint(GET_32BIT(p));
if (s->pklen == s->publickey_bloblen &&
!memcmp(p+4, s->publickey_blob,
s->publickey_bloblen)) {
break;
}
p += 4 + s->pklen;
- p += GET_32BIT(p) + 4; /* comment */
+ p += toint(GET_32BIT(p)) + 4; /* comment */
}
if (!s->pkblob_in_agent) {
logevent("Configured key file not in Pageant");
} else {
logevent("Failed to get reply from Pageant");
}
+ done_agent_query:;
}
}
logeventf(ssh, "Trying Pageant key #%d", s->keyi);
/* Unpack key from agent response */
- s->pklen = GET_32BIT(s->agentp);
+ s->pklen = toint(GET_32BIT(s->agentp));
s->agentp += 4;
s->pkblob = (char *)s->agentp;
s->agentp += s->pklen;
- s->alglen = GET_32BIT(s->pkblob);
+ s->alglen = toint(GET_32BIT(s->pkblob));
s->alg = s->pkblob + 4;
- s->commentlen = GET_32BIT(s->agentp);
+ s->commentlen = toint(GET_32BIT(s->agentp));
s->agentp += 4;
s->commentp = (char *)s->agentp;
s->agentp += s->commentlen;
s->ret = vret;
sfree(s->agentreq);
if (s->ret) {
- if (s->ret[4] == SSH2_AGENT_SIGN_RESPONSE) {
+ if (s->retlen >= 9 &&
+ s->ret[4] == SSH2_AGENT_SIGN_RESPONSE &&
+ GET_32BIT(s->ret + 5) <= (unsigned)(s->retlen-9)) {
logevent("Sending Pageant's response");
ssh2_add_sigblob(ssh, s->pktout,
s->pkblob, s->pklen,
*p = NULL;
if (*datalen < 4)
return;
- *length = GET_32BIT(*data);
+ *length = toint(GET_32BIT(*data));
if (*length < 0)
return;
*datalen -= 4;
i += j;
/* Next, the comment field. */
- j = GET_32BIT(buf + i);
+ j = toint(GET_32BIT(buf + i));
i += 4;
if (j < 0 || len - i < j)
goto end;
*p = NULL;
if (*datalen < 4)
return;
- *length = GET_32BIT(*data);
+ *length = toint(GET_32BIT(*data));
if (*length < 0)
return;
*datalen -= 4;
}
conn->retlen += ret;
if (conn->retsize == 4 && conn->retlen == 4) {
- conn->retsize = GET_32BIT(conn->retbuf);
+ conn->retsize = toint(GET_32BIT(conn->retbuf) + 4);
if (conn->retsize <= 0) {
conn->retbuf = NULL;
conn->retlen = 0;
goto done;
}
- conn->retsize += 4;
assert(conn->retbuf == conn->sizebuf);
conn->retbuf = snewn(conn->retsize, char);
memcpy(conn->retbuf, conn->sizebuf, 4);
MB_OK | MB_ICONERROR);
return;
}
- nkeys = GET_32BIT(keylist);
+ nkeys = toint(GET_32BIT(keylist));
+ if (nkeys < 0) {
+ MessageBox(NULL, "Received broken key list?!", APPNAME,
+ MB_OK | MB_ICONERROR);
+ return;
+ }
p = keylist + 4;
keylistlen -= 4;
MB_OK | MB_ICONERROR);
return;
}
- n = 4 + GET_32BIT(p);
- if (keylistlen < n) {
+ n = toint(4 + GET_32BIT(p));
+ if (n < 0 || keylistlen < n) {
MessageBox(NULL, "Received broken key list?!", APPNAME,
MB_OK | MB_ICONERROR);
return;
MB_OK | MB_ICONERROR);
return;
}
- n = 4 + GET_32BIT(p);
- if (keylistlen < n) {
+ n = toint(4 + GET_32BIT(p));
+ if (n < 0 || keylistlen < n) {
MessageBox(NULL, "Received broken key list?!", APPNAME,
MB_OK | MB_ICONERROR);
return;
if (msgend < p+4)
goto failure;
- b.len = GET_32BIT(p);
+ b.len = toint(GET_32BIT(p));
+ if (b.len < 0 || b.len > msgend - (p+4))
+ goto failure;
p += 4;
- if (msgend < p+b.len)
- goto failure;
b.blob = p;
p += b.len;
if (msgend < p+4)
goto failure;
- datalen = GET_32BIT(p);
+ datalen = toint(GET_32BIT(p));
p += 4;
- if (msgend < p+datalen)
+ if (datalen < 0 || datalen > msgend - p)
goto failure;
data = p;
key = find234(ssh2keys, &b, cmpkeys_ssh2_asymm);
sfree(key);
goto failure;
}
- commentlen = GET_32BIT(p);
+ commentlen = toint(GET_32BIT(p));
- if (msgend < p+commentlen) {
+ if (commentlen < 0 || commentlen > msgend - p) {
freersakey(key);
sfree(key);
goto failure;
if (msgend < p+4)
goto failure;
- alglen = GET_32BIT(p);
+ alglen = toint(GET_32BIT(p));
p += 4;
- if (msgend < p+alglen)
+ if (alglen < 0 || alglen > msgend - p)
goto failure;
alg = p;
p += alglen;
sfree(key);
goto failure;
}
- commlen = GET_32BIT(p);
+ commlen = toint(GET_32BIT(p));
p += 4;
- if (msgend < p+commlen) {
+ if (commlen < 0 || commlen > msgend - p) {
key->alg->freekey(key->data);
sfree(key);
goto failure;
if (msgend < p+4)
goto failure;
- b.len = GET_32BIT(p);
+ b.len = toint(GET_32BIT(p));
p += 4;
- if (msgend < p+b.len)
+ if (b.len < 0 || b.len > msgend - p)
goto failure;
b.blob = p;
p += b.len;