diff options
author | deraadt@openbsd.org <deraadt@openbsd.org> | 2017-05-31 09:15:42 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2017-06-01 14:55:22 +1000 |
commit | 9e509d4ec97cb3d71696f1a2f1fdad254cbbce11 (patch) | |
tree | 8f33ae8fa9bcfa0d9c80d0e0f1555a814a844bc1 /authfile.c | |
parent | dc5dc45662773c0f7745c29cf77ae2d52723e55e (diff) |
upstream commit
Switch to recallocarray() for a few operations. Both
growth and shrinkage are handled safely, and there also is no need for
preallocation dances. Future changes in this area will be less error prone.
Review and one bug found by markus
Upstream-ID: 822d664d6a5a1d10eccb23acdd53578a679d5065
Diffstat (limited to 'authfile.c')
-rw-r--r-- | authfile.c | 16 |
1 files changed, 2 insertions, 14 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.c,v 1.125 2017/05/30 08:49:32 markus Exp $ */ +/* $OpenBSD: authfile.c,v 1.126 2017/05/31 09:15:42 deraadt Exp $ */ /* * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. * @@ -100,25 +100,13 @@ sshkey_load_file(int fd, struct sshbuf *blob) u_char buf[1024]; size_t len; struct stat st; - int r, dontmax = 0; + int r; if (fstat(fd, &st) < 0) return SSH_ERR_SYSTEM_ERROR; if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 && st.st_size > MAX_KEY_FILE_SIZE) return SSH_ERR_INVALID_FORMAT; - /* - * Pre-allocate the buffer used for the key contents and clamp its - * maximum size. This ensures that key contents are never leaked via - * implicit realloc() in the sshbuf code. - */ - if ((st.st_mode & S_IFREG) == 0 || st.st_size <= 0) { - st.st_size = 64*1024; /* 64k ought to be enough for anybody. :) */ - dontmax = 1; - } - if ((r = sshbuf_allocate(blob, st.st_size)) != 0 || - (dontmax && (r = sshbuf_set_max_size(blob, st.st_size)) != 0)) - return r; for (;;) { if ((len = atomicio(read, fd, buf, sizeof(buf))) == 0) { if (errno == EPIPE) |