diff options
| -rw-r--r-- | buffer.c | 4 | ||||
| -rw-r--r-- | circbuffer.c | 14 | ||||
| -rw-r--r-- | common-channel.c | 14 | ||||
| -rw-r--r-- | common-session.c | 2 | ||||
| -rw-r--r-- | dbutil.c | 4 | ||||
| -rw-r--r-- | dbutil.h | 4 | ||||
| -rw-r--r-- | dss.c | 16 | ||||
| -rw-r--r-- | keyimport.c | 18 | ||||
| -rw-r--r-- | packet.c | 10 | ||||
| -rw-r--r-- | queue.c | 4 | ||||
| -rw-r--r-- | rsa.c | 20 | ||||
| -rw-r--r-- | svr-authpubkey.c | 1 | ||||
| -rw-r--r-- | svr-chansession.c | 14 | ||||
| -rw-r--r-- | svr-main.c | 2 |
14 files changed, 67 insertions, 60 deletions
@@ -153,7 +153,7 @@ void buf_incrpos(buffer* buf, int incr) { unsigned char buf_getbyte(buffer* buf) { /* This check is really just ==, but the >= allows us to check for the - * assert()able case of pos > len, which should _never_ happen. */ + * bad case of pos > len, which should _never_ happen. */ if (buf->pos >= buf->len) { dropbear_exit("bad buf_getbyte"); } @@ -270,7 +270,7 @@ void buf_putmpint(buffer* buf, mp_int * mp) { unsigned int len, pad = 0; TRACE(("enter buf_putmpint")) - assert(mp != NULL); + dropbear_assert(mp != NULL); if (SIGN(mp) == MP_NEG) { dropbear_exit("negative bignum"); diff --git a/circbuffer.c b/circbuffer.c index 6dc9179..e70087a 100644 --- a/circbuffer.c +++ b/circbuffer.c @@ -66,8 +66,8 @@ unsigned int cbuf_getavail(circbuffer * cbuf) { unsigned int cbuf_readlen(circbuffer *cbuf) { - assert(((2*cbuf->size)+cbuf->writepos-cbuf->readpos)%cbuf->size == cbuf->used%cbuf->size); - assert(((2*cbuf->size)+cbuf->readpos-cbuf->writepos)%cbuf->size == (cbuf->size-cbuf->used)%cbuf->size); + dropbear_assert(((2*cbuf->size)+cbuf->writepos-cbuf->readpos)%cbuf->size == cbuf->used%cbuf->size); + dropbear_assert(((2*cbuf->size)+cbuf->readpos-cbuf->writepos)%cbuf->size == (cbuf->size-cbuf->used)%cbuf->size); if (cbuf->used == 0) { TRACE(("cbuf_readlen: unused buffer")) @@ -83,9 +83,9 @@ unsigned int cbuf_readlen(circbuffer *cbuf) { unsigned int cbuf_writelen(circbuffer *cbuf) { - assert(cbuf->used <= cbuf->size); - assert(((2*cbuf->size)+cbuf->writepos-cbuf->readpos)%cbuf->size == cbuf->used%cbuf->size); - assert(((2*cbuf->size)+cbuf->readpos-cbuf->writepos)%cbuf->size == (cbuf->size-cbuf->used)%cbuf->size); + dropbear_assert(cbuf->used <= cbuf->size); + dropbear_assert(((2*cbuf->size)+cbuf->writepos-cbuf->readpos)%cbuf->size == cbuf->used%cbuf->size); + dropbear_assert(((2*cbuf->size)+cbuf->readpos-cbuf->writepos)%cbuf->size == (cbuf->size-cbuf->used)%cbuf->size); if (cbuf->used == cbuf->size) { TRACE(("cbuf_writelen: full buffer")) @@ -122,7 +122,7 @@ void cbuf_incrwrite(circbuffer *cbuf, unsigned int len) { } cbuf->used += len; - assert(cbuf->used <= cbuf->size); + dropbear_assert(cbuf->used <= cbuf->size); cbuf->writepos = (cbuf->writepos + len) % cbuf->size; } @@ -132,7 +132,7 @@ void cbuf_incrread(circbuffer *cbuf, unsigned int len) { dropbear_exit("bad cbuf read"); } - assert(cbuf->used >= len); + dropbear_assert(cbuf->used >= len); cbuf->used -= len; cbuf->readpos = (cbuf->readpos + len) % cbuf->size; } diff --git a/common-channel.c b/common-channel.c index dfff1b4..12e7aa7 100644 --- a/common-channel.c +++ b/common-channel.c @@ -409,9 +409,9 @@ static void writechannel(struct Channel* channel, int fd, circbuffer *cbuf) { channel->recvdonelen = 0; } - assert(channel->recvwindow <= RECV_MAXWINDOW); - assert(channel->recvwindow <= cbuf_getavail(channel->writebuf)); - assert(channel->extrabuf == NULL || + dropbear_assert(channel->recvwindow <= RECV_MAXWINDOW); + dropbear_assert(channel->recvwindow <= cbuf_getavail(channel->writebuf)); + dropbear_assert(channel->extrabuf == NULL || channel->recvwindow <= cbuf_getavail(channel->extrabuf)); @@ -603,14 +603,14 @@ static void send_msg_channel_data(struct Channel *channel, int isextended, CHECKCLEARTOWRITE(); - assert(!channel->sentclosed); + dropbear_assert(!channel->sentclosed); if (isextended) { fd = channel->errfd; } else { fd = channel->outfd; } - assert(fd >= 0); + dropbear_assert(fd >= 0); maxlen = MIN(channel->transwindow, channel->transmaxpacket); /* -(1+4+4) is SSH_MSG_CHANNEL_DATA, channel number, string length, and @@ -718,9 +718,9 @@ void common_recv_msg_channel_data(struct Channel *channel, int fd, len -= buflen; } - assert(channel->recvwindow >= datalen); + dropbear_assert(channel->recvwindow >= datalen); channel->recvwindow -= datalen; - assert(channel->recvwindow <= RECV_MAXWINDOW); + dropbear_assert(channel->recvwindow <= RECV_MAXWINDOW); TRACE(("leave recv_msg_channel_data")) } diff --git a/common-session.c b/common-session.c index 06cdbd1..a8cab87 100644 --- a/common-session.c +++ b/common-session.c @@ -126,7 +126,7 @@ void session_loop(void(*loophandler)()) { timeout.tv_usec = 0; FD_ZERO(&writefd); FD_ZERO(&readfd); - assert(ses.payload == NULL); + dropbear_assert(ses.payload == NULL); if (ses.sock != -1) { FD_SET(ses.sock, &readfd); if (!isempty(&ses.writequeue)) { @@ -110,6 +110,10 @@ static void generic_dropbear_exit(int exitcode, const char* format, exit(exitcode); } +void fail_assert(const char* expr, const char* file, int line) { + dropbear_exit("failed assertion (%s:%d): `%s'", file, line, expr); +} + static void generic_dropbear_log(int UNUSED(priority), const char* format, va_list param) { @@ -39,6 +39,7 @@ extern void (*_dropbear_log)(int priority, const char* format, va_list param); void dropbear_exit(const char* format, ...); void dropbear_close(const char* format, ...); void dropbear_log(int priority, const char* format, ...); +void fail_assert(const char* expr, const char* file, int line); #ifdef DEBUG_TRACE void dropbear_trace(const char* format, ...); void printhex(const char * label, const unsigned char * buf, int len); @@ -66,4 +67,7 @@ void setnonblocking(int fd); /* Used to force mp_ints to be initialised */ #define DEF_MP_INT(X) mp_int X = {0, 0, 0, NULL} +/* Dropbear assertion */ +#define dropbear_assert(X) do { if (!(X)) { fail_assert(#X, __FILE__, __LINE__); } } while (0) + #endif /* _DBUTIL_H_ */ @@ -46,7 +46,7 @@ int buf_get_dss_pub_key(buffer* buf, dss_key *key) { TRACE(("enter buf_get_dss_pub_key")) - assert(key != NULL); + dropbear_assert(key != NULL); key->p = m_malloc(sizeof(mp_int)); key->q = m_malloc(sizeof(mp_int)); key->g = m_malloc(sizeof(mp_int)); @@ -80,7 +80,7 @@ int buf_get_dss_priv_key(buffer* buf, dss_key *key) { int ret = DROPBEAR_FAILURE; - assert(key != NULL); + dropbear_assert(key != NULL); ret = buf_get_dss_pub_key(buf, key); if (ret == DROPBEAR_FAILURE) { @@ -137,7 +137,7 @@ void dss_key_free(dss_key *key) { */ void buf_put_dss_pub_key(buffer* buf, dss_key *key) { - assert(key != NULL); + dropbear_assert(key != NULL); buf_putstring(buf, SSH_SIGNKEY_DSS, SSH_SIGNKEY_DSS_LEN); buf_putmpint(buf, key->p); buf_putmpint(buf, key->q); @@ -149,7 +149,7 @@ void buf_put_dss_pub_key(buffer* buf, dss_key *key) { /* Same as buf_put_dss_pub_key, but with the private "x" key appended */ void buf_put_dss_priv_key(buffer* buf, dss_key *key) { - assert(key != NULL); + dropbear_assert(key != NULL); buf_put_dss_pub_key(buf, key); buf_putmpint(buf, key->x); @@ -172,7 +172,7 @@ int buf_dss_verify(buffer* buf, dss_key *key, const unsigned char* data, int stringlen; TRACE(("enter buf_dss_verify")) - assert(key != NULL); + dropbear_assert(key != NULL); m_mp_init_multi(&val1, &val2, &val3, &val4, NULL); @@ -310,7 +310,7 @@ void buf_put_dss_sign(buffer* buf, dss_key *key, const unsigned char* data, hash_state hs; TRACE(("enter buf_put_dss_sign")) - assert(key != NULL); + dropbear_assert(key != NULL); /* hash the data */ sha1_init(&hs); @@ -380,7 +380,7 @@ void buf_put_dss_sign(buffer* buf, dss_key *key, const unsigned char* data, buf_putint(buf, 2*SHA1_HASH_SIZE); writelen = mp_unsigned_bin_size(&dss_r); - assert(writelen <= SHA1_HASH_SIZE); + dropbear_assert(writelen <= SHA1_HASH_SIZE); /* need to pad to 160 bits with leading zeros */ for (i = 0; i < SHA1_HASH_SIZE - writelen; i++) { buf_putbyte(buf, 0); @@ -393,7 +393,7 @@ void buf_put_dss_sign(buffer* buf, dss_key *key, const unsigned char* data, buf_incrwritepos(buf, writelen); writelen = mp_unsigned_bin_size(&dss_s); - assert(writelen <= SHA1_HASH_SIZE); + dropbear_assert(writelen <= SHA1_HASH_SIZE); /* need to pad to 160 bits with leading zeros */ for (i = 0; i < SHA1_HASH_SIZE - writelen; i++) { buf_putbyte(buf, 0); diff --git a/keyimport.c b/keyimport.c index 9f2305d..589b9cb 100644 --- a/keyimport.c +++ b/keyimport.c @@ -203,7 +203,7 @@ static void base64_encode_fp(FILE * fp, unsigned char *data, unsigned long outlen; int rawcpl; rawcpl = cpl * 3 / 4; - assert((unsigned int)cpl < sizeof(out)); + dropbear_assert((unsigned int)cpl < sizeof(out)); while (datalen > 0) { n = (datalen < rawcpl ? datalen : rawcpl); @@ -714,7 +714,7 @@ static int openssh_write(const char *filename, sign_key *key, } #endif - assert(keytype != -1); + dropbear_assert(keytype != -1); /* * Fetch the key blobs. @@ -913,7 +913,7 @@ static int openssh_write(const char *filename, sign_key *key, * with the same value. Those are all removed and the rest is * returned. */ - assert(pos == len); + dropbear_assert(pos == len); while (pos < outlen) { outblob[pos++] = outlen - len; } @@ -1491,7 +1491,7 @@ sign_key *sshcom_read(const char *filename, char *passphrase) privlen = pos - publen; } - assert(privlen > 0); /* should have bombed by now if not */ + dropbear_assert(privlen > 0); /* should have bombed by now if not */ retkey = snew(struct ssh2_userkey); retkey->alg = alg; @@ -1557,7 +1557,7 @@ int sshcom_write(const char *filename, sign_key *key, pos += ssh2_read_mpint(privblob+pos, privlen-pos, &q); pos += ssh2_read_mpint(privblob+pos, privlen-pos, &iqmp); - assert(e.start && iqmp.start); /* can't go wrong */ + dropbear_assert(e.start && iqmp.start); /* can't go wrong */ numbers[0] = e; numbers[1] = d; @@ -1581,7 +1581,7 @@ int sshcom_write(const char *filename, sign_key *key, pos = 0; pos += ssh2_read_mpint(privblob+pos, privlen-pos, &x); - assert(y.start && x.start); /* can't go wrong */ + dropbear_assert(y.start && x.start); /* can't go wrong */ numbers[0] = p; numbers[1] = g; @@ -1593,7 +1593,7 @@ int sshcom_write(const char *filename, sign_key *key, initial_zero = 1; type = "dl-modp{sign{dsa-nist-sha1},dh{plain}}"; } else { - assert(0); /* zoinks! */ + dropbear_assert(0); /* zoinks! */ } /* @@ -1637,13 +1637,13 @@ int sshcom_write(const char *filename, sign_key *key, } ciphertext = (char *)outblob+lenpos+4; cipherlen = pos - (lenpos+4); - assert(!passphrase || cipherlen % 8 == 0); + dropbear_assert(!passphrase || cipherlen % 8 == 0); /* Wrap up the encrypted blob string. */ PUT_32BIT(outblob+lenpos, cipherlen); /* And finally fill in the total length field. */ PUT_32BIT(outblob+4, pos); - assert(pos < outlen); + dropbear_assert(pos < outlen); /* * Encrypt the key. @@ -53,13 +53,13 @@ void write_packet() { buffer * writebuf = NULL; TRACE(("enter write_packet")) - assert(!isempty(&ses.writequeue)); + dropbear_assert(!isempty(&ses.writequeue)); /* Get the next buffer in the queue of encrypted packets to write*/ writebuf = (buffer*)examine(&ses.writequeue); len = writebuf->len - writebuf->pos; - assert(len > 0); + dropbear_assert(len > 0); /* Try to write as much as possible */ written = write(ses.sock, buf_getptr(writebuf, len), len); @@ -118,7 +118,7 @@ void read_packet() { /* Attempt to read the remainder of the packet, note that there * mightn't be any available (EAGAIN) */ - assert(ses.readbuf != NULL); + dropbear_assert(ses.readbuf != NULL); maxlen = ses.readbuf->len - ses.readbuf->pos; len = read(ses.sock, buf_getptr(ses.readbuf, maxlen), maxlen); @@ -162,7 +162,7 @@ static void read_packet_init() { if (ses.readbuf == NULL) { /* start of a new packet */ ses.readbuf = buf_new(INIT_READBUF); - assert(ses.decryptreadbuf == NULL); + dropbear_assert(ses.decryptreadbuf == NULL); ses.decryptreadbuf = buf_new(blocksize); } @@ -600,7 +600,7 @@ static void buf_compress(buffer * dest, buffer * src, unsigned int len) { break; } - assert(ses.keys->trans_zstream->avail_out == 0); + dropbear_assert(ses.keys->trans_zstream->avail_out == 0); /* the buffer has been filled, we must extend. This only happens in * unusual circumstances where the data grows in size after deflate(), @@ -42,7 +42,7 @@ void* dequeue(struct Queue* queue) { void* ret; struct Link* oldhead; - assert(!isempty(queue)); + dropbear_assert(!isempty(queue)); ret = queue->head->item; oldhead = queue->head; @@ -62,7 +62,7 @@ void* dequeue(struct Queue* queue) { void *examine(struct Queue* queue) { - assert(!isempty(queue)); + dropbear_assert(!isempty(queue)); return queue->head->item; } @@ -49,7 +49,7 @@ static void rsa_pad_em(rsa_key * key, int buf_get_rsa_pub_key(buffer* buf, rsa_key *key) { TRACE(("enter buf_get_rsa_pub_key")) - assert(key != NULL); + dropbear_assert(key != NULL); key->e = m_malloc(sizeof(mp_int)); key->n = m_malloc(sizeof(mp_int)); m_mp_init_multi(key->e, key->n, NULL); @@ -80,7 +80,7 @@ int buf_get_rsa_pub_key(buffer* buf, rsa_key *key) { * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ int buf_get_rsa_priv_key(buffer* buf, rsa_key *key) { - assert(key != NULL); + dropbear_assert(key != NULL); TRACE(("enter buf_get_rsa_priv_key")) @@ -163,7 +163,7 @@ void rsa_key_free(rsa_key *key) { void buf_put_rsa_pub_key(buffer* buf, rsa_key *key) { TRACE(("enter buf_put_rsa_pub_key")) - assert(key != NULL); + dropbear_assert(key != NULL); buf_putstring(buf, SSH_SIGNKEY_RSA, SSH_SIGNKEY_RSA_LEN); buf_putmpint(buf, key->e); @@ -178,7 +178,7 @@ void buf_put_rsa_priv_key(buffer* buf, rsa_key *key) { TRACE(("enter buf_put_rsa_priv_key")) - assert(key != NULL); + dropbear_assert(key != NULL); buf_put_rsa_pub_key(buf, key); buf_putmpint(buf, key->d); @@ -209,7 +209,7 @@ int buf_rsa_verify(buffer * buf, rsa_key *key, const unsigned char* data, TRACE(("enter buf_rsa_verify")) - assert(key != NULL); + dropbear_assert(key != NULL); m_mp_init_multi(&rsa_mdash, &rsa_s, &rsa_em, NULL); @@ -267,7 +267,7 @@ void buf_put_rsa_sign(buffer* buf, rsa_key *key, const unsigned char* data, unsigned char *tmpbuf; TRACE(("enter buf_put_rsa_sign")) - assert(key != NULL); + dropbear_assert(key != NULL); m_mp_init_multi(&rsa_s, &rsa_tmp1, &rsa_tmp2, &rsa_tmp3, NULL); @@ -320,7 +320,7 @@ void buf_put_rsa_sign(buffer* buf, rsa_key *key, const unsigned char* data, buf_putint(buf, nsize); /* pad out s to same length as n */ ssize = mp_unsigned_bin_size(&rsa_s); - assert(ssize <= nsize); + dropbear_assert(ssize <= nsize); for (i = 0; i < nsize-ssize; i++) { buf_putbyte(buf, 0x00); } @@ -365,8 +365,8 @@ static void rsa_pad_em(rsa_key * key, hash_state hs; unsigned int nsize; - assert(key != NULL); - assert(data != NULL); + dropbear_assert(key != NULL); + dropbear_assert(data != NULL); nsize = mp_unsigned_bin_size(key->n); rsa_EM = buf_new(nsize-1); @@ -387,7 +387,7 @@ static void rsa_pad_em(rsa_key * key, sha1_done(&hs, buf_getwriteptr(rsa_EM, SHA1_HASH_SIZE)); buf_incrwritepos(rsa_EM, SHA1_HASH_SIZE); - assert(rsa_EM->pos == rsa_EM->size); + dropbear_assert(rsa_EM->pos == rsa_EM->size); /* Create the mp_int from the encoded bytes */ buf_setpos(rsa_EM, 0); diff --git a/svr-authpubkey.c b/svr-authpubkey.c index dcd59f0..a5520e5 100644 --- a/svr-authpubkey.c +++ b/svr-authpubkey.c @@ -266,7 +266,6 @@ static int checkpubkeyperms() { TRACE(("enter checkpubkeyperms")) - assert(ses.authstate.pw); if (ses.authstate.pw->pw_dir == NULL) { goto out; } diff --git a/svr-chansession.c b/svr-chansession.c index 1704c6e..6828537 100644 --- a/svr-chansession.c +++ b/svr-chansession.c @@ -148,8 +148,8 @@ static void send_exitsignalstatus(struct Channel *channel) { static void send_msg_chansess_exitstatus(struct Channel * channel, struct ChanSess * chansess) { - assert(chansess->exit.exitpid != -1); - assert(chansess->exit.exitsignal == -1); + dropbear_assert(chansess->exit.exitpid != -1); + dropbear_assert(chansess->exit.exitsignal == -1); CHECKCLEARTOWRITE(); @@ -170,8 +170,8 @@ static void send_msg_chansess_exitsignal(struct Channel * channel, int i; char* signame = NULL; - assert(chansess->exit.exitpid != -1); - assert(chansess->exit.exitsignal > 0); + dropbear_assert(chansess->exit.exitpid != -1); + dropbear_assert(chansess->exit.exitsignal > 0); CHECKCLEARTOWRITE(); @@ -205,7 +205,7 @@ static int newchansess(struct Channel *channel) { struct ChanSess *chansess; - assert(channel->typedata == NULL); + dropbear_assert(channel->typedata == NULL); chansess = (struct ChanSess*)m_malloc(sizeof(struct ChanSess)); chansess->cmd = NULL; @@ -279,7 +279,7 @@ static void closechansess(struct Channel *channel) { /* clear child pid entries */ for (i = 0; i < svr_ses.childpidsize; i++) { if (svr_ses.childpids[i].chansess == chansess) { - assert(svr_ses.childpids[i].pid > 0); + dropbear_assert(svr_ses.childpids[i].pid > 0); TRACE(("closing pid %d", svr_ses.childpids[i].pid)) TRACE(("exitpid = %d", chansess->exit.exitpid)) svr_ses.childpids[i].pid = -1; @@ -313,7 +313,7 @@ static void chansessionrequest(struct Channel *channel) { } chansess = (struct ChanSess*)channel->typedata; - assert(chansess != NULL); + dropbear_assert(chansess != NULL); TRACE(("type is %s", type)) if (strcmp(type, "window-change") == 0) { @@ -284,7 +284,7 @@ void main_noinetd() { getaddrhostname(&remoteaddr), addrstring); /* don't return */ - assert(0); + dropbear_assert(0); } /* parent */ |