summaryrefslogtreecommitdiff
path: root/ssh-agent.c
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2016-05-02 08:49:03 +0000
committerDamien Miller <djm@mindrot.org>2016-05-02 20:35:04 +1000
commit1a31d02b2411c4718de58ce796dbb7b5e14db93e (patch)
treec6e06a9890e71bc97cd3cdc6ce74919e504c8fd8 /ssh-agent.c
parentd2d6bf864e52af8491a60dd507f85b74361f5da3 (diff)
downloadopenssh-git-1a31d02b2411c4718de58ce796dbb7b5e14db93e.tar.gz
upstream commit
fix signed/unsigned errors reported by clang-3.7; add sshbuf_dup_string() to replace a common idiom of strdup(sshbuf_ptr()) with better safety checking; feedback and ok markus@ Upstream-ID: 71f926d9bb3f1efed51319a6daf37e93d57c8820
Diffstat (limited to 'ssh-agent.c')
-rw-r--r--ssh-agent.c15
1 files changed, 8 insertions, 7 deletions
diff --git a/ssh-agent.c b/ssh-agent.c
index c38906d9..8aa25b30 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.212 2016/02/15 09:47:49 dtucker Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.213 2016/05/02 08:49:03 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -144,8 +144,8 @@ char socket_dir[PATH_MAX];
#define LOCK_SALT_SIZE 16
#define LOCK_ROUNDS 1
int locked = 0;
-char lock_passwd[LOCK_SIZE];
-char lock_salt[LOCK_SALT_SIZE];
+u_char lock_pwhash[LOCK_SIZE];
+u_char lock_salt[LOCK_SALT_SIZE];
extern char *__progname;
@@ -677,7 +677,8 @@ static void
process_lock_agent(SocketEntry *e, int lock)
{
int r, success = 0, delay;
- char *passwd, passwdhash[LOCK_SIZE];
+ char *passwd;
+ u_char passwdhash[LOCK_SIZE];
static u_int fail_count = 0;
size_t pwlen;
@@ -689,11 +690,11 @@ process_lock_agent(SocketEntry *e, int lock)
if (bcrypt_pbkdf(passwd, pwlen, lock_salt, sizeof(lock_salt),
passwdhash, sizeof(passwdhash), LOCK_ROUNDS) < 0)
fatal("bcrypt_pbkdf");
- if (timingsafe_bcmp(passwdhash, lock_passwd, LOCK_SIZE) == 0) {
+ if (timingsafe_bcmp(passwdhash, lock_pwhash, LOCK_SIZE) == 0) {
debug("agent unlocked");
locked = 0;
fail_count = 0;
- explicit_bzero(lock_passwd, sizeof(lock_passwd));
+ explicit_bzero(lock_pwhash, sizeof(lock_pwhash));
success = 1;
} else {
/* delay in 0.1s increments up to 10s */
@@ -710,7 +711,7 @@ process_lock_agent(SocketEntry *e, int lock)
locked = 1;
arc4random_buf(lock_salt, sizeof(lock_salt));
if (bcrypt_pbkdf(passwd, pwlen, lock_salt, sizeof(lock_salt),
- lock_passwd, sizeof(lock_passwd), LOCK_ROUNDS) < 0)
+ lock_pwhash, sizeof(lock_pwhash), LOCK_ROUNDS) < 0)
fatal("bcrypt_pbkdf");
success = 1;
}
View Lorry Controller Status