diff options
author | Andreas Schneider <mail@cynapses.org> | 2009-04-07 19:27:50 +0000 |
---|---|---|
committer | Andreas Schneider <mail@cynapses.org> | 2009-04-07 19:27:50 +0000 |
commit | d51dc0d80eba186a9439dade695a5169261366cd (patch) | |
tree | feda89e1349fa4e31582230ac9840b286dbb0092 /libssh/kex.c | |
parent | efc3c494cc056b0e9855b15bc5a72d90d1ede97d (diff) | |
download | libssh-d51dc0d80eba186a9439dade695a5169261366cd.tar.gz libssh-d51dc0d80eba186a9439dade695a5169261366cd.tar.xz libssh-d51dc0d80eba186a9439dade695a5169261366cd.zip |
Add more error checks to ssh_get_kex().
git-svn-id: svn+ssh://svn.berlios.de/svnroot/repos/libssh/trunk@421 7dcaeef0-15fb-0310-b436-a5af3365683c
Diffstat (limited to 'libssh/kex.c')
-rw-r--r-- | libssh/kex.c | 120 |
1 files changed, 73 insertions, 47 deletions
diff --git a/libssh/kex.c b/libssh/kex.c index 803141e6..0d89f305 100644 --- a/libssh/kex.c +++ b/libssh/kex.c @@ -229,57 +229,83 @@ char *ssh_find_matching(const char *in_d, const char *what_d){ return NULL; } -int ssh_get_kex(SSH_SESSION *session,int server_kex ){ - STRING *str; - char *strings[10]; - int i; - enter_function(); - if(packet_wait(session,SSH2_MSG_KEXINIT,1)){ - leave_function(); - return -1; +int ssh_get_kex(SSH_SESSION *session, int server_kex) { + STRING *str = NULL; + char *strings[10]; + int i; + + enter_function(); + + if (packet_wait(session, SSH2_MSG_KEXINIT, 1)) { + leave_function(); + return -1; + } + + if (buffer_get_data(session->in_buffer,session->server_kex.cookie,16) != 16) { + ssh_set_error(session, SSH_FATAL, "get_kex(): no cookie in packet"); + leave_function(); + return -1; + } + + if (hashbufin_add_cookie(session, session->server_kex.cookie) < 0) { + ssh_set_error(session, SSH_FATAL, "get_kex(): adding cookie failed"); + leave_function(); + return -1; + } + + memset(strings, 0, sizeof(char *) * 10); + + for (i = 0; i < 10; i++) { + str = buffer_get_ssh_string(session->in_buffer); + if (str == NULL) { + break; } - if(buffer_get_data(session->in_buffer,session->server_kex.cookie,16)!=16){ - ssh_set_error(session,SSH_FATAL,"get_kex(): no cookie in packet"); - leave_function(); - return -1; + + if (buffer_add_ssh_string(session->in_hashbuf, str) < 0) { + goto error; } - if (hashbufin_add_cookie(session, session->server_kex.cookie) < 0) { - ssh_set_error(session, SSH_FATAL, "get_kex(): adding cookie failed"); - leave_function(); - return -1; + + strings[i] = string_to_char(str); + if (strings[i] == NULL) { + goto error; } - memset(strings,0,sizeof(char *)*10); - for(i=0;i<10;++i){ - str=buffer_get_ssh_string(session->in_buffer); - if(!str) - break; - if(str){ - buffer_add_ssh_string(session->in_hashbuf,str); - strings[i]=string_to_char(str); - free(str); - } else - strings[i]=NULL; - } - /* copy the server kex info into an array of strings */ - if(server_kex){ - session->client_kex.methods = malloc(10 * sizeof(char **)); - if (session->client_kex.methods == NULL) { - leave_function(); - return -1; - } - for(i=0;i<10;++i) - session->client_kex.methods[i]=strings[i]; - } else { // client - session->server_kex.methods = malloc(10 * sizeof(char **)); - if (session->server_kex.methods == NULL) { - leave_function(); - return -1; - } - for(i=0;i<10;++i) - session->server_kex.methods[i]=strings[i]; + string_free(str); + str = NULL; + } + + /* copy the server kex info into an array of strings */ + if (server_kex) { + session->client_kex.methods = malloc(10 * sizeof(char **)); + if (session->client_kex.methods == NULL) { + leave_function(); + return -1; } - leave_function(); - return 0; + + for (i = 0; i < 10; i++) { + session->client_kex.methods[i] = strings[i]; + } + } else { /* client */ + session->server_kex.methods = malloc(10 * sizeof(char **)); + if (session->server_kex.methods == NULL) { + leave_function(); + return -1; + } + + for (i = 0; i < 10; i++) { + session->server_kex.methods[i] = strings[i]; + } + } + + leave_function(); + return 0; +error: + string_free(str); + for (i = 0; i < 10; i++) { + SAFE_FREE(strings[i]); + } + + leave_function(); + return -1; } void ssh_list_kex(struct ssh_session *session, KEX *kex) { |