summaryrefslogtreecommitdiff
path: root/kex.c
diff options
context:
space:
mode:
authordjm <djm>2010-08-31 12:36:39 +0000
committerdjm <djm>2010-08-31 12:36:39 +0000
commitdac0b76fb075046228ec5f2f1168a87be7398e3f (patch)
treef9a0c4a81ac98c1311908e9743fd1533228a35f2 /kex.c
parentd8d6cde84a0d71f4479911e1e13ae958b50a8335 (diff)
downloadopenssh-dac0b76fb075046228ec5f2f1168a87be7398e3f.tar.gz
- djm@cvs.openbsd.org 2010/08/31 09:58:37
[auth-options.c auth1.c auth2.c bufaux.c buffer.h kex.c key.c packet.c] [packet.h ssh-dss.c ssh-rsa.c] Add buffer_get_cstring() and related functions that verify that the string extracted from the buffer contains no embedded \0 characters* This prevents random (possibly malicious) crap from being appended to strings where it would not be noticed if the string is used with a string(3) function. Use the new API in a few sensitive places. * actually, we allow a single one at the end of the string for now because we don't know how many deployed implementations get this wrong, but don't count on this to remain indefinitely.
Diffstat (limited to 'kex.c')
-rw-r--r--kex.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/kex.c b/kex.c
index 148cfee8..ca5aae3e 100644
--- a/kex.c
+++ b/kex.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.c,v 1.82 2009/10/24 11:13:54 andreas Exp $ */
+/* $OpenBSD: kex.c,v 1.83 2010/08/31 09:58:37 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
*
@@ -98,7 +98,7 @@ kex_buf2prop(Buffer *raw, int *first_kex_follows)
buffer_get_char(&b);
/* extract kex init proposal strings */
for (i = 0; i < PROPOSAL_MAX; i++) {
- proposal[i] = buffer_get_string(&b,NULL);
+ proposal[i] = buffer_get_cstring(&b,NULL);
debug2("kex_parse_kexinit: %s", proposal[i]);
}
/* first kex follows / reserved */