diff options
-rw-r--r-- | README | 2 | ||||
-rw-r--r-- | debian/dropbear.init | 2 | ||||
-rw-r--r-- | libtommath/makefile_include.mk | 2 | ||||
-rw-r--r-- | packet.c | 48 | ||||
-rw-r--r-- | svr-main.c | 2 | ||||
-rw-r--r-- | sysoptions.h | 3 |
6 files changed, 24 insertions, 35 deletions
@@ -8,6 +8,8 @@ which performs multiple tasks, to save disk space) SMALL has some tips on creating small binaries. +A mirror of the Dropbear website and tarballs is available at https://dropbear.nl/mirror/ + Please contact me if you have any questions/bugs found/features/ideas/comments etc :) There is also a mailing list http://lists.ucc.gu.uwa.edu.au/mailman/listinfo/dropbear diff --git a/debian/dropbear.init b/debian/dropbear.init index ef3ec3f..4efe6b5 100644 --- a/debian/dropbear.init +++ b/debian/dropbear.init @@ -25,7 +25,7 @@ set -e cancel() { echo "$1" >&2; exit 0; }; test ! -r /etc/default/dropbear || . /etc/default/dropbear test -x "$DAEMON" || cancel "$DAEMON does not exist or is not executable." -test ! -x /usr/sbin/update-service || ! update-service --check dropbear || +test ! -x /usr/sbin/update-service || ! update-service --check dropbear || \ cancel 'The dropbear service is controlled through runit, use the sv(8) program' test -z "$DROPBEAR_BANNER" || \ diff --git a/libtommath/makefile_include.mk b/libtommath/makefile_include.mk index 711b630..f3ceb9c 100644 --- a/libtommath/makefile_include.mk +++ b/libtommath/makefile_include.mk @@ -104,7 +104,7 @@ LIBTOOLFLAGS += -no-undefined endif # add in the standard FLAGS -LTM_CFLAGS += $(CFLAGS) +LTM_CFLAGS := $(CFLAGS) $(LTM_CFLAGS) LTM_LFLAGS += $(LFLAGS) LTM_LDFLAGS += $(LDFLAGS) LTM_LIBTOOLFLAGS += $(LIBTOOLFLAGS) @@ -430,44 +430,32 @@ static buffer* buf_decompress(const buffer* buf, unsigned int len) { z_streamp zstream; zstream = ses.keys->recv.zstream; - ret = buf_new(len); + /* We use RECV_MAX_PAYLOAD_LEN+1 here to ensure that + we can detect an oversized payload after inflate() */ + ret = buf_new(RECV_MAX_PAYLOAD_LEN+1); zstream->avail_in = len; zstream->next_in = buf_getptr(buf, len); + zstream->avail_out = ret->size; + zstream->next_out = ret->data; - /* decompress the payload, incrementally resizing the output buffer */ - while (1) { - - zstream->avail_out = ret->size - ret->pos; - zstream->next_out = buf_getwriteptr(ret, zstream->avail_out); - - result = inflate(zstream, Z_SYNC_FLUSH); + result = inflate(zstream, Z_SYNC_FLUSH); + if (result != Z_OK) { + dropbear_exit("zlib error"); + } - buf_setlen(ret, ret->size - zstream->avail_out); - buf_setpos(ret, ret->len); + buf_setlen(ret, ret->size - zstream->avail_out); - if (result != Z_BUF_ERROR && result != Z_OK) { - dropbear_exit("zlib error"); - } + if (zstream->avail_in > 0 || ret->len > RECV_MAX_PAYLOAD_LEN) { + /* The remote side sent larger than a payload size + * of uncompressed data. + */ + dropbear_exit("bad packet, oversized decompressed"); + } - if (zstream->avail_in == 0 && - (zstream->avail_out != 0 || result == Z_BUF_ERROR)) { - /* we can only exit if avail_out hasn't all been used, - * and there's no remaining input */ - return ret; - } + /* Success. All input was consumed and avail_out > 0 */ + return ret; - if (zstream->avail_out == 0) { - int new_size = 0; - if (ret->size >= RECV_MAX_PAYLOAD_LEN) { - /* Already been increased as large as it can go, - * yet didn't finish up the decompression */ - dropbear_exit("bad packet, oversized decompressed"); - } - new_size = MIN(RECV_MAX_PAYLOAD_LEN, ret->size + ZLIB_DECOMPRESS_INCR); - ret = buf_resize(ret, new_size); - } - } } #endif @@ -330,7 +330,7 @@ static void main_noinetd(int argc, char ** argv, const char* multipath) { m_free(remote_host); m_free(remote_port); -#ifndef DEBUG_NOFORK +#if !DEBUG_NOFORK if (setsid() < 0) { dropbear_exit("setsid: %s", strerror(errno)); } diff --git a/sysoptions.h b/sysoptions.h index 18df6de..af931ff 100644 --- a/sysoptions.h +++ b/sysoptions.h @@ -68,7 +68,6 @@ #define MAX_TERM_LEN 200 /* max length of TERM name */ #define MAX_HOST_LEN 254 /* max hostname len for tcp fwding */ -#define MAX_IP_LEN 15 /* strlen("255.255.255.255") == 15 */ #define DROPBEAR_MAX_PORTS 10 /* max number of ports which can be specified, ipv4 and ipv6 don't count twice */ @@ -85,7 +84,7 @@ /* success/failure defines */ #define DROPBEAR_SUCCESS 0 #define DROPBEAR_FAILURE -1 - + #define DROPBEAR_PASSWORD_ENV "DROPBEAR_PASSWORD" #define DROPBEAR_NGROUP_MAX 1024 |