diff options
author | Ben Lindstrom <mouring@eviladmin.org> | 2002-03-22 02:30:41 +0000 |
---|---|---|
committer | Ben Lindstrom <mouring@eviladmin.org> | 2002-03-22 02:30:41 +0000 |
commit | 7a2073c50b92c053594d48a651ebafae052a71ed (patch) | |
tree | 7cfceb925262a07a356b0667e19f33eec497b602 /kexgex.c | |
parent | 0f345f5ee1e71e1e9f8780ec13b2da23b6a9f7f8 (diff) |
- provos@cvs.openbsd.org 2002/03/18 17:50:31
[auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c auth-skey.c auth.h
auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c kexgex.c servconf.c
session.h servconf.h serverloop.c session.c sshd.c]
integrate privilege separated openssh; its turned off by default for now.
work done by me and markus@
applied, but outside of ensure that smaller code bits migrated with
their owners.. no work was tried to 'fix' it to work. =) Later project!
Diffstat (limited to 'kexgex.c')
-rw-r--r-- | kexgex.c | 9 |
1 files changed, 6 insertions, 3 deletions
@@ -24,7 +24,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kexgex.c,v 1.20 2002/02/28 15:46:33 markus Exp $"); +RCSID("$OpenBSD: kexgex.c,v 1.21 2002/03/18 17:50:31 provos Exp $"); #include <openssl/bn.h> @@ -38,6 +38,7 @@ RCSID("$OpenBSD: kexgex.c,v 1.20 2002/02/28 15:46:33 markus Exp $"); #include "dh.h" #include "ssh2.h" #include "compat.h" +#include "monitor_wrap.h" static u_char * kexgex_hash( @@ -296,7 +297,8 @@ kexgex_server(Kex *kex) fatal("DH_GEX_REQUEST, bad parameters: %d !< %d !< %d", min, nbits, max); - dh = choose_dh(min, nbits, max); + /* Contact privileged parent */ + dh = PRIVSEP(choose_dh(min, nbits, max)); if (dh == NULL) packet_disconnect("Protocol error: no matching DH grp found"); @@ -379,7 +381,7 @@ kexgex_server(Kex *kex) /* sign H */ /* XXX hashlen depends on KEX */ - key_sign(server_host_key, &signature, &slen, hash, 20); + PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, 20)); /* destroy_sensitive_data(); */ @@ -390,6 +392,7 @@ kexgex_server(Kex *kex) packet_put_bignum2(dh->pub_key); /* f */ packet_put_string(signature, slen); packet_send(); + xfree(signature); xfree(server_host_key_blob); /* have keys, free DH */ |