diff options
author | markus@openbsd.org <markus@openbsd.org> | 2018-07-09 21:53:45 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2018-07-10 16:40:18 +1000 |
commit | 235c7c4e3bf046982c2d8242f30aacffa01073d1 (patch) | |
tree | fd07c3d2ef2b932e23f26bbfdb4336e1fcfef3a9 /monitor.c | |
parent | b8d9214d969775e409e1408ecdf0d58fad99b344 (diff) |
upstream: sshd: switch monitor to sshbuf API; lots of help & ok
djm@
OpenBSD-Commit-ID: d89bd02d33974fd35ca0b8940d88572227b34a48
Diffstat (limited to 'monitor.c')
-rw-r--r-- | monitor.c | 494 |
1 files changed, 278 insertions, 216 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.182 2018/07/09 21:35:50 markus Exp $ */ +/* $OpenBSD: monitor.c,v 1.183 2018/07/09 21:53:45 markus Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Markus Friedl <markus@openbsd.org> @@ -69,7 +69,7 @@ #include "xmalloc.h" #include "ssh.h" #include "key.h" -#include "buffer.h" +#include "sshbuf.h" #include "hostfile.h" #include "auth.h" #include "cipher.h" @@ -121,46 +121,46 @@ static struct sshbuf *child_state; /* Functions on the monitor that answer unprivileged requests */ -int mm_answer_moduli(int, Buffer *); -int mm_answer_sign(int, Buffer *); -int mm_answer_pwnamallow(int, Buffer *); -int mm_answer_auth2_read_banner(int, Buffer *); -int mm_answer_authserv(int, Buffer *); -int mm_answer_authpassword(int, Buffer *); -int mm_answer_bsdauthquery(int, Buffer *); -int mm_answer_bsdauthrespond(int, Buffer *); -int mm_answer_skeyquery(int, Buffer *); -int mm_answer_skeyrespond(int, Buffer *); -int mm_answer_keyallowed(int, Buffer *); -int mm_answer_keyverify(int, Buffer *); -int mm_answer_pty(int, Buffer *); -int mm_answer_pty_cleanup(int, Buffer *); -int mm_answer_term(int, Buffer *); -int mm_answer_rsa_keyallowed(int, Buffer *); -int mm_answer_rsa_challenge(int, Buffer *); -int mm_answer_rsa_response(int, Buffer *); -int mm_answer_sesskey(int, Buffer *); -int mm_answer_sessid(int, Buffer *); +int mm_answer_moduli(int, struct sshbuf *); +int mm_answer_sign(int, struct sshbuf *); +int mm_answer_pwnamallow(int, struct sshbuf *); +int mm_answer_auth2_read_banner(int, struct sshbuf *); +int mm_answer_authserv(int, struct sshbuf *); +int mm_answer_authpassword(int, struct sshbuf *); +int mm_answer_bsdauthquery(int, struct sshbuf *); +int mm_answer_bsdauthrespond(int, struct sshbuf *); +int mm_answer_skeyquery(int, struct sshbuf *); +int mm_answer_skeyrespond(int, struct sshbuf *); +int mm_answer_keyallowed(int, struct sshbuf *); +int mm_answer_keyverify(int, struct sshbuf *); +int mm_answer_pty(int, struct sshbuf *); +int mm_answer_pty_cleanup(int, struct sshbuf *); +int mm_answer_term(int, struct sshbuf *); +int mm_answer_rsa_keyallowed(int, struct sshbuf *); +int mm_answer_rsa_challenge(int, struct sshbuf *); +int mm_answer_rsa_response(int, struct sshbuf *); +int mm_answer_sesskey(int, struct sshbuf *); +int mm_answer_sessid(int, struct sshbuf *); #ifdef USE_PAM -int mm_answer_pam_start(int, Buffer *); -int mm_answer_pam_account(int, Buffer *); -int mm_answer_pam_init_ctx(int, Buffer *); -int mm_answer_pam_query(int, Buffer *); -int mm_answer_pam_respond(int, Buffer *); -int mm_answer_pam_free_ctx(int, Buffer *); +int mm_answer_pam_start(int, struct sshbuf *); +int mm_answer_pam_account(int, struct sshbuf *); +int mm_answer_pam_init_ctx(int, struct sshbuf *); +int mm_answer_pam_query(int, struct sshbuf *); +int mm_answer_pam_respond(int, struct sshbuf *); +int mm_answer_pam_free_ctx(int, struct sshbuf *); #endif #ifdef GSSAPI -int mm_answer_gss_setup_ctx(int, Buffer *); -int mm_answer_gss_accept_ctx(int, Buffer *); -int mm_answer_gss_userok(int, Buffer *); -int mm_answer_gss_checkmic(int, Buffer *); +int mm_answer_gss_setup_ctx(int, struct sshbuf *); +int mm_answer_gss_accept_ctx(int, struct sshbuf *); +int mm_answer_gss_userok(int, struct sshbuf *); +int mm_answer_gss_checkmic(int, struct sshbuf *); #endif #ifdef SSH_AUDIT_EVENTS -int mm_answer_audit_event(int, Buffer *); -int mm_answer_audit_command(int, Buffer *); +int mm_answer_audit_event(int, struct sshbuf *); +int mm_answer_audit_command(int, struct sshbuf *); #endif static int monitor_read_log(struct monitor *); @@ -169,7 +169,7 @@ static Authctxt *authctxt; /* local state for key verify */ static u_char *key_blob = NULL; -static u_int key_bloblen = 0; +static size_t key_bloblen = 0; static int key_blobtype = MM_NOKEY; static struct sshauthopt *key_opts = NULL; static char *hostbased_cuser = NULL; @@ -183,7 +183,7 @@ static pid_t monitor_child_pid; struct mon_table { enum monitor_reqtype type; int flags; - int (*f)(int, Buffer *); + int (*f)(int, struct sshbuf *); }; #define MON_ISAUTH 0x0004 /* Required for Authentication */ @@ -426,18 +426,21 @@ monitor_child_postauth(struct monitor *pmonitor) static int monitor_read_log(struct monitor *pmonitor) { - Buffer logmsg; + struct sshbuf *logmsg; u_int len, level; char *msg; + u_char *p; + int r; - buffer_init(&logmsg); + if ((logmsg = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new", __func__); /* Read length */ - buffer_append_space(&logmsg, 4); - if (atomicio(read, pmonitor->m_log_recvfd, - buffer_ptr(&logmsg), buffer_len(&logmsg)) != buffer_len(&logmsg)) { + if ((r = sshbuf_reserve(logmsg, 4, &p)) != 0) + fatal("%s: reserve: %s", __func__, ssh_err(r)); + if (atomicio(read, pmonitor->m_log_recvfd, p, 4) != 4) { if (errno == EPIPE) { - buffer_free(&logmsg); + sshbuf_free(logmsg); debug("%s: child log fd closed", __func__); close(pmonitor->m_log_recvfd); pmonitor->m_log_recvfd = -1; @@ -445,26 +448,28 @@ monitor_read_log(struct monitor *pmonitor) } fatal("%s: log fd read: %s", __func__, strerror(errno)); } - len = buffer_get_int(&logmsg); + if ((r = sshbuf_get_u32(logmsg, &len)) != 0) + fatal("%s: get len: %s", __func__, ssh_err(r)); if (len <= 4 || len > 8192) fatal("%s: invalid log message length %u", __func__, len); /* Read severity, message */ - buffer_clear(&logmsg); - buffer_append_space(&logmsg, len); - if (atomicio(read, pmonitor->m_log_recvfd, - buffer_ptr(&logmsg), buffer_len(&logmsg)) != buffer_len(&logmsg)) + sshbuf_reset(logmsg); + if ((r = sshbuf_reserve(logmsg, len, &p)) != 0) + fatal("%s: reserve: %s", __func__, ssh_err(r)); + if (atomicio(read, pmonitor->m_log_recvfd, p, len) != len) fatal("%s: log fd read: %s", __func__, strerror(errno)); + if ((r = sshbuf_get_u32(logmsg, &level)) != 0 || + (r = sshbuf_get_cstring(logmsg, &msg, NULL)) != 0) + fatal("%s: decode: %s", __func__, ssh_err(r)); /* Log it */ - level = buffer_get_int(&logmsg); - msg = buffer_get_string(&logmsg, NULL); if (log_level_name(level) == NULL) fatal("%s: invalid log level %u (corrupted message?)", __func__, level); do_log2(level, "%s [preauth]", msg); - buffer_free(&logmsg); + sshbuf_free(logmsg); free(msg); return 0; @@ -474,8 +479,8 @@ int monitor_read(struct monitor *pmonitor, struct mon_table *ent, struct mon_table **pent) { - Buffer m; - int ret; + struct sshbuf *m; + int r, ret; u_char type; struct pollfd pfd[2]; @@ -502,10 +507,12 @@ monitor_read(struct monitor *pmonitor, struct mon_table *ent, break; /* Continues below */ } - buffer_init(&m); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new", __func__); - mm_request_receive(pmonitor->m_sendfd, &m); - type = buffer_get_char(&m); + mm_request_receive(pmonitor->m_sendfd, m); + if ((r = sshbuf_get_u8(m, &type)) != 0) + fatal("%s: decode: %s", __func__, ssh_err(r)); debug3("%s: checking request %d", __func__, type); @@ -519,8 +526,8 @@ monitor_read(struct monitor *pmonitor, struct mon_table *ent, if (!(ent->flags & MON_PERMIT)) fatal("%s: unpermitted request %d", __func__, type); - ret = (*ent->f)(pmonitor->m_sendfd, &m); - buffer_free(&m); + ret = (*ent->f)(pmonitor->m_sendfd, m); + sshbuf_free(m); /* The child may use this request only once, disable it */ if (ent->flags & MON_ONCE) { @@ -570,14 +577,16 @@ monitor_reset_key_state(void) #ifdef WITH_OPENSSL int -mm_answer_moduli(int sock, Buffer *m) +mm_answer_moduli(int sock, struct sshbuf *m) { DH *dh; - int min, want, max; + int r; + u_int min, want, max; - min = buffer_get_int(m); - want = buffer_get_int(m); - max = buffer_get_int(m); + if ((r = sshbuf_get_u32(m, &min)) != 0 || + (r = sshbuf_get_u32(m, &want)) != 0 || + (r = sshbuf_get_u32(m, &max)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); debug3("%s: got parameters: %d %d %d", __func__, min, want, max); @@ -586,17 +595,19 @@ mm_answer_moduli(int sock, Buffer *m) fatal("%s: bad parameters: %d %d %d", __func__, min, want, max); - buffer_clear(m); + sshbuf_reset(m); dh = choose_dh(min, want, max); if (dh == NULL) { - buffer_put_char(m, 0); + if ((r = sshbuf_put_u8(m, 0)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); return (0); } else { /* Send first bignum */ - buffer_put_char(m, 1); - buffer_put_bignum2(m, dh->p); - buffer_put_bignum2(m, dh->g); + if ((r = sshbuf_put_u8(m, 1)) != 0 || + (r = sshbuf_put_bignum2(m, dh->p)) != 0 || + (r = sshbuf_put_bignum2(m, dh->g)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); DH_free(dh); } @@ -606,7 +617,7 @@ mm_answer_moduli(int sock, Buffer *m) #endif int -mm_answer_sign(int sock, Buffer *m) +mm_answer_sign(int sock, struct sshbuf *m) { struct ssh *ssh = active_state; /* XXX */ extern int auth_sock; /* XXX move to state struct? */ @@ -708,12 +719,12 @@ mm_answer_sign(int sock, Buffer *m) /* Retrieves the password entry and also checks if the user is permitted */ int -mm_answer_pwnamallow(int sock, Buffer *m) +mm_answer_pwnamallow(int sock, struct sshbuf *m) { struct ssh *ssh = active_state; /* XXX */ char *username; struct passwd *pwent; - int allowed = 0; + int r, allowed = 0; u_int i; debug3("%s", __func__); @@ -721,7 +732,8 @@ mm_answer_pwnamallow(int sock, Buffer *m) if (authctxt->attempt++ != 0) fatal("%s: multiple attempts for getpwnam", __func__); - username = buffer_get_string(m, NULL); + if ((r = sshbuf_get_cstring(m, &username, NULL)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); pwent = getpwnamallow(username); @@ -729,10 +741,11 @@ mm_answer_pwnamallow(int sock, Buffer *m) setproctitle("%s [priv]", pwent ? username : "unknown"); free(username); - buffer_clear(m); + sshbuf_reset(m); if (pwent == NULL) { - buffer_put_char(m, 0); + if ((r = sshbuf_put_u8(m, 0)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); authctxt->pw = fakepw(); goto out; } @@ -741,31 +754,40 @@ mm_answer_pwnamallow(int sock, Buffer *m) authctxt->pw = pwent; authctxt->valid = 1; - buffer_put_char(m, 1); - buffer_put_string(m, pwent, sizeof(struct passwd)); - buffer_put_cstring(m, pwent->pw_name); - buffer_put_cstring(m, "*"); + /* XXX don't sent pwent to unpriv; send fake class/dir/shell too */ + if ((r = sshbuf_put_u8(m, 1)) != 0 || + (r = sshbuf_put_string(m, pwent, sizeof(*pwent))) != 0 || + (r = sshbuf_put_cstring(m, pwent->pw_name)) != 0 || + (r = sshbuf_put_cstring(m, "*")) != 0 || #ifdef HAVE_STRUCT_PASSWD_PW_GECOS - buffer_put_cstring(m, pwent->pw_gecos); + (r = sshbuf_put_cstring(m, pwent->pw_gecos)) != 0 || #endif #ifdef HAVE_STRUCT_PASSWD_PW_CLASS - buffer_put_cstring(m, pwent->pw_class); + (r = sshbuf_put_cstring(m, pwent->pw_class)) != 0 || #endif - buffer_put_cstring(m, pwent->pw_dir); - buffer_put_cstring(m, pwent->pw_shell); + (r = sshbuf_put_cstring(m, pwent->pw_dir)) != 0 || + (r = sshbuf_put_cstring(m, pwent->pw_shell)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); out: ssh_packet_set_log_preamble(ssh, "%suser %s", authctxt->valid ? "authenticating" : "invalid ", authctxt->user); - buffer_put_string(m, &options, sizeof(options)); + if ((r = sshbuf_put_string(m, &options, sizeof(options))) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); #define M_CP_STROPT(x) do { \ - if (options.x != NULL) \ - buffer_put_cstring(m, options.x); \ + if (options.x != NULL) { \ + if ((r = sshbuf_put_cstring(m, options.x)) != 0) \ + fatal("%s: buffer error: %s", \ + __func__, ssh_err(r)); \ + } \ } while (0) #define M_CP_STRARRAYOPT(x, nx) do { \ - for (i = 0; i < options.nx; i++) \ - buffer_put_cstring(m, options.x[i]); \ + for (i = 0; i < options.nx; i++) { \ + if ((r = sshbuf_put_cstring(m, options.x[i])) != 0) \ + fatal("%s: buffer error: %s", \ + __func__, ssh_err(r)); \ + } \ } while (0) /* See comment in servconf.h */ COPY_MATCH_STRING_OPTS(); @@ -797,13 +819,15 @@ mm_answer_pwnamallow(int sock, Buffer *m) return (0); } -int mm_answer_auth2_read_banner(int sock, Buffer *m) +int mm_answer_auth2_read_banner(int sock, struct sshbuf *m) { char *banner; + int r; - buffer_clear(m); + sshbuf_reset(m); banner = auth2_read_banner(); - buffer_put_cstring(m, banner != NULL ? banner : ""); + if ((r = sshbuf_put_cstring(m, banner != NULL ? banner : "")) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); mm_request_send(sock, MONITOR_ANS_AUTH2_READ_BANNER, m); free(banner); @@ -811,12 +835,15 @@ int mm_answer_auth2_read_banner(int sock, Buffer *m) } int -mm_answer_authserv(int sock, Buffer *m) +mm_answer_authserv(int sock, struct sshbuf *m) { + int r; + monitor_permit_authentications(1); - authctxt->service = buffer_get_string(m, NULL); - authctxt->style = buffer_get_string(m, NULL); + if ((r = sshbuf_get_cstring(m, &authctxt->service, NULL)) != 0 || + (r = sshbuf_get_cstring(m, &authctxt->style, NULL)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); debug3("%s: service=%s, style=%s", __func__, authctxt->service, authctxt->style); @@ -829,27 +856,30 @@ mm_answer_authserv(int sock, Buffer *m) } int -mm_answer_authpassword(int sock, Buffer *m) +mm_answer_authpassword(int sock, struct sshbuf *m) { struct ssh *ssh = active_state; /* XXX */ static int call_count; char *passwd; - int authenticated; - u_int plen; + int r, authenticated; + size_t plen; if (!options.password_authentication) fatal("%s: password authentication not enabled", __func__); - passwd = buffer_get_string(m, &plen); + if ((r = sshbuf_get_cstring(m, &passwd, &plen)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); /* Only authenticate if the context is valid */ authenticated = options.password_authentication && auth_password(ssh, passwd); - explicit_bzero(passwd, strlen(passwd)); + explicit_bzero(passwd, plen); free(passwd); - buffer_clear(m); - buffer_put_int(m, authenticated); + sshbuf_reset(m); + if ((r = sshbuf_put_u32(m, authenticated)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); #ifdef USE_PAM - buffer_put_int(m, sshpam_get_maxtries_reached()); + if ((r = sshbuf_put_u32(m, sshpam_get_maxtries_reached())) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); #endif debug3("%s: sending result %d", __func__, authenticated); @@ -867,23 +897,25 @@ mm_answer_authpassword(int sock, Buffer *m) #ifdef BSD_AUTH int -mm_answer_bsdauthquery(int sock, Buffer *m) +mm_answer_bsdauthquery(int sock, struct sshbuf *m) { char *name, *infotxt; - u_int numprompts; - u_int *echo_on; + u_int numprompts, *echo_on, success; char **prompts; - u_int success; + int r; if (!options.kbd_interactive_authentication) fatal("%s: kbd-int authentication not enabled", __func__); success = bsdauth_query(authctxt, &name, &infotxt, &numprompts, &prompts, &echo_on) < 0 ? 0 : 1; - buffer_clear(m); - buffer_put_int(m, success); - if (success) - buffer_put_cstring(m, prompts[0]); + sshbuf_reset(m); + if ((r = sshbuf_put_u32(m, success)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if (success) { + if ((r = sshbuf_put_cstring(m, prompts[0])) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + } debug3("%s: sending challenge success: %u", __func__, success); mm_request_send(sock, MONITOR_ANS_BSDAUTHQUERY, m); @@ -899,25 +931,27 @@ mm_answer_bsdauthquery(int sock, Buffer *m) } int -mm_answer_bsdauthrespond(int sock, Buffer *m) +mm_answer_bsdauthrespond(int sock, struct sshbuf *m) { char *response; - int authok; + int r, authok; if (!options.kbd_interactive_authentication) fatal("%s: kbd-int authentication not enabled", __func__); if (authctxt->as == NULL) fatal("%s: no bsd auth session", __func__); - response = buffer_get_string(m, NULL); + if ((r = sshbuf_get_cstring(m, &response, NULL)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); authok = options.challenge_response_authentication && auth_userresponse(authctxt->as, response, 0); authctxt->as = NULL; debug3("%s: <%s> = <%d>", __func__, response, authok); free(response); - buffer_clear(m); - buffer_put_int(m, authok); + sshbuf_reset(m); + if ((r = sshbuf_put_u32(m, authok)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); debug3("%s: sending authenticated: %d", __func__, authok); mm_request_send(sock, MONITOR_ANS_BSDAUTHRESPOND, m); @@ -1131,25 +1165,23 @@ mm_answer_pam_free_ctx(int sock, Buffer *m) #endif int -mm_answer_keyallowed(int sock, Buffer *m) +mm_answer_keyallowed(int sock, struct sshbuf *m) { struct ssh *ssh = active_state; /* XXX */ - struct sshkey *key; + struct sshkey *key = NULL; char *cuser, *chost; - u_char *blob; - u_int bloblen, pubkey_auth_attempt; + u_int pubkey_auth_attempt; enum mm_keytype type = 0; int r, allowed = 0; struct sshauthopt *opts = NULL; debug3("%s entering", __func__); - type = buffer_get_int(m); - cuser = buffer_get_string(m, NULL); - chost = buffer_get_string(m, NULL); - blob = buffer_get_string(m, &bloblen); - pubkey_auth_attempt = buffer_get_int(m); - - key = key_from_blob(blob, bloblen); + if ((r = sshbuf_get_u32(m, &type)) != 0 || + (r = sshbuf_get_cstring(m, &cuser, NULL)) != 0 || + (r = sshbuf_get_cstring(m, &chost, NULL)) != 0 || + (r = sshkey_froms(m, &key)) != 0 || + (r = sshbuf_get_u32(m, &pubkey_auth_attempt)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); debug3("%s: key_from_blob: %p", __func__, key); @@ -1199,15 +1231,14 @@ mm_answer_keyallowed(int sock, Buffer *m) allowed ? "allowed" : "not allowed"); auth2_record_key(authctxt, 0, key); - sshkey_free(key); /* clear temporarily storage (used by verify) */ monitor_reset_key_state(); if (allowed) { /* Save temporarily for comparison in verify */ - key_blob = blob; - key_bloblen = bloblen; + if ((r = sshkey_to_blob(key, &key_blob, &key_bloblen)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); key_blobtype = type; key_opts = opts; hostbased_cuser = cuser; @@ -1215,13 +1246,14 @@ mm_answer_keyallowed(int sock, Buffer *m) } else { /* Log failed attempt */ auth_log(authctxt, 0, 0, auth_method, NULL); - free(blob); free(cuser); free(chost); } + sshkey_free(key); - buffer_clear(m); - buffer_put_int(m, allowed); + sshbuf_reset(m); + if ((r = sshbuf_put_u32(m, allowed)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); if (opts != NULL && (r = sshauthopt_serialise(opts, m, 1)) != 0) fatal("%s: sshauthopt_serialise: %s", __func__, ssh_err(r)); mm_request_send(sock, MONITOR_ANS_KEYALLOWED, m); @@ -1235,34 +1267,41 @@ mm_answer_keyallowed(int sock, Buffer *m) static int monitor_valid_userblob(u_char *data, u_int datalen) { - Buffer b; - u_char *p; + struct sshbuf *b; + const u_char *p; char *userstyle, *cp; - u_int len; - int fail = 0; + size_t len; + u_char type; + int r, fail = 0; - buffer_init(&b); - buffer_append(&b, data, datalen); + if ((b = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new", __func__); + if ((r = sshbuf_put(b, data, datalen)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); if (datafellows & SSH_OLD_SESSIONID) { - p = buffer_ptr(&b); - len = buffer_len(&b); + p = sshbuf_ptr(b); + len = sshbuf_len(b); if ((session_id2 == NULL) || (len < session_id2_len) || (timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) fail++; - buffer_consume(&b, session_id2_len); + if ((r = sshbuf_consume(b, session_id2_len)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); } else { - p = buffer_get_string(&b, &len); + if ((r = sshbuf_get_string_direct(b, &p, &len)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); if ((session_id2 == NULL) || (len != session_id2_len) || (timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) fail++; - free(p); } - if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) + if ((r = sshbuf_get_u8(b, &type)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if (type != SSH2_MSG_USERAUTH_REQUEST) fail++; - cp = buffer_get_cstring(&b, NULL); + if ((r = sshbuf_get_cstring(b, &cp, NULL)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); xasprintf(&userstyle, "%s%s%s", authctxt->user, authctxt->style ? ":" : "", authctxt->style ? authctxt->style : ""); @@ -1273,18 +1312,22 @@ monitor_valid_userblob(u_char *data, u_int datalen) } free(userstyle); free(cp); - buffer_skip_string(&b); - cp = buffer_get_cstring(&b, NULL); + if ((r = sshbuf_skip_string(b)) != 0 || /* service */ + (r = sshbuf_get_cstring(b, &cp, NULL)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); if (strcmp("publickey", cp) != 0) fail++; free(cp); - if (!buffer_get_char(&b)) + if ((r = sshbuf_get_u8(b, &type)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if (type == 0) fail++; - buffer_skip_string(&b); - buffer_skip_string(&b); - if (buffer_len(&b) != 0) + if ((r = sshbuf_skip_string(b)) != 0 || /* pkalg */ + (r = sshbuf_skip_string(b)) != 0) /* pkblob */ + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if (sshbuf_len(b) != 0) fail++; - buffer_free(&b); + sshbuf_free(b); return (fail == 0); } @@ -1292,59 +1335,69 @@ static int monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser, char *chost) { - Buffer b; - char *p, *userstyle; - u_int len; - int fail = 0; + struct sshbuf *b; + const u_char *p; + char *cp, *userstyle; + size_t len; + int r, fail = 0; + u_char type; - buffer_init(&b); - buffer_append(&b, data, datalen); + if ((b = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new", __func__); + if ((r = sshbuf_put(b, data, datalen)) != 0 || + (r = sshbuf_get_string_direct(b, &p, &len)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - p = buffer_get_string(&b, &len); if ((session_id2 == NULL) || (len != session_id2_len) || (timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) fail++; - free(p); - if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) + if ((r = sshbuf_get_u8(b, &type)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if (type != SSH2_MSG_USERAUTH_REQUEST) fail++; - p = buffer_get_cstring(&b, NULL); + if ((r = sshbuf_get_cstring(b, &cp, NULL)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); xasprintf(&userstyle, "%s%s%s", authctxt->user, authctxt->style ? ":" : "", authctxt->style ? authctxt->style : ""); - if (strcmp(userstyle, p) != 0) { - logit("wrong user name passed to monitor: expected %s != %.100s", - userstyle, p); + if (strcmp(userstyle, cp) != 0) { + logit("wrong user name passed to monitor: " + "expected %s != %.100s", userstyle, cp); fail++; } free(userstyle); - free(p); - buffer_skip_string(&b); /* service */ - p = buffer_get_cstring(&b, NULL); - if (strcmp(p, "hostbased") != 0) + free(cp); + if ((r = sshbuf_skip_string(b)) != 0 || /* service */ + (r = sshbuf_get_cstring(b, &cp, NULL)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if (strcmp(cp, "hostbased") != 0) fail++; - free(p); - buffer_skip_string(&b); /* pkalg */ - buffer_skip_string(&b); /* pkblob */ + free(cp); + if ((r = sshbuf_skip_string(b)) != 0 || /* pkalg */ + (r = sshbuf_skip_string(b)) != 0) /* pkblob */ + fatal("%s: buffer error: %s", __func__, ssh_err(r)); /* verify client host, strip trailing dot if necessary */ - p = buffer_get_string(&b, NULL); - if (((len = strlen(p)) > 0) && p[len - 1] == '.') - p[len - 1] = '\0'; - if (strcmp(p, chost) != 0) + if ((r = sshbuf_get_cstring(b, &cp, NULL)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if (((len = strlen(cp)) > 0) && cp[len - 1] == '.') + cp[len - 1] = '\0'; + if (strcmp(cp, chost) != 0) fail++; - free(p); + free(cp); /* verify client user */ - p = buffer_get_string(&b, NULL); - if (strcmp(p, cuser) != 0) + if ((r = sshbuf_get_cstring(b, &cp, NULL)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if (strcmp(cp, cuser) != 0) fail++; - free(p); + free(cp); - if (buffer_len(&b) != 0) + if (sshbuf_len(b) != 0) fail++; - buffer_free(&b); + sshbuf_free(b); return (fail == 0); } @@ -1460,15 +1513,15 @@ mm_session_close(Session *s) } int -mm_answer_pty(int sock, Buffer *m) +mm_answer_pty(int sock, struct sshbuf *m) { extern struct monitor *pmonitor; Session *s; - int res, fd0; + int r, res, fd0; debug3("%s entering", __func__); - buffer_clear(m); + sshbuf_reset(m); s = session_new(); if (s == NULL) goto error; @@ -1480,8 +1533,9 @@ mm_answer_pty(int sock, Buffer *m) goto error; pty_setowner(authctxt->pw, s->tty); - buffer_put_int(m, 1); - buffer_put_cstring(m, s->tty); + if ((r = sshbuf_put_u32(m, 1)) != 0 || + (r = sshbuf_put_cstring(m, s->tty)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); /* We need to trick ttyslot */ if (dup2(s->ttyfd, 0) == -1) @@ -1493,8 +1547,9 @@ mm_answer_pty(int sock, Buffer *m) close(0); /* send messages generated by record_login */ - buffer_put_string(m, buffer_ptr(loginmsg), buffer_len(loginmsg)); - buffer_clear(loginmsg); + if ((r = sshbuf_put_stringb(m, loginmsg)) != 0) + fatal("%s: put login message: %s", __func__, ssh_err(r)); + sshbuf_reset(loginmsg); mm_request_send(sock, MONITOR_ANS_PTY, m); @@ -1521,29 +1576,32 @@ mm_answer_pty(int sock, Buffer *m) error: if (s != NULL) mm_session_close(s); - buffer_put_int(m, 0); + if ((r = sshbuf_put_u32(m, 0)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); mm_request_send(sock, MONITOR_ANS_PTY, m); return (0); } int -mm_answer_pty_cleanup(int sock, Buffer *m) +mm_answer_pty_cleanup(int sock, struct sshbuf *m) { Session *s; char *tty; + int r; debug3("%s entering", __func__); - tty = buffer_get_string(m, NULL); + if ((r = sshbuf_get_cstring(m, &tty, NULL)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); if ((s = session_by_tty(tty)) != NULL) mm_session_close(s); - buffer_clear(m); + sshbuf_reset(m); free(tty); return (0); } int -mm_answer_term(int sock, Buffer *req) +mm_answer_term(int sock, struct sshbuf *req) { struct ssh *ssh = active_state; /* XXX */ extern struct monitor *pmonitor; @@ -1732,24 +1790,27 @@ monitor_reinit(struct monitor *mon) #ifdef GSSAPI int -mm_answer_gss_setup_ctx(int sock, Buffer *m) +mm_answer_gss_setup_ctx(int sock, struct sshbuf *m) { gss_OID_desc goid; OM_uint32 major; - u_int len; + size_t len; + int r; if (!options.gss_authentication) fatal("%s: GSSAPI authentication not enabled", __func__); - goid.elements = buffer_get_string(m, &len); + if ((r = sshbuf_get_string(m, &goid.elements, &len)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); goid.length = len; major = ssh_gssapi_server_ctx(&gsscontext, &goid); free(goid.elements); - buffer_clear(m); - buffer_put_int(m, major); + sshbuf_reset(m); + if ((r = sshbuf_put_u32(m, major)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); mm_request_send(sock, MONITOR_ANS_GSSSETUP, m); @@ -1760,26 +1821,27 @@ mm_answer_gss_setup_ctx(int sock, Buffer *m) } int -mm_answer_gss_accept_ctx(int sock, Buffer *m) +mm_answer_gss_accept_ctx(int sock, struct sshbuf *m) { gss_buffer_desc in; gss_buffer_desc out = GSS_C_EMPTY_BUFFER; OM_uint32 major, minor; OM_uint32 flags = 0; /* GSI needs this */ - u_int len; + int r; if (!options.gss_authentication) fatal("%s: GSSAPI authentication not enabled", __func__); - in.value = buffer_get_string(m, &len); - in.length = len; + if ((r = sshbuf_get_string(m, &in.value, &in.length)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags); free(in.value); - buffer_clear(m); - buffer_put_int(m, major); - buffer_put_string(m, out.value, out.length); - buffer_put_int(m, flags); + sshbuf_reset(m); + if ((r = sshbuf_put_u32(m, major)) != 0 || + (r = sshbuf_put_string(m, out.value, out.length)) != 0 || + (r = sshbuf_put_u32(m, flags)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); mm_request_send(sock, MONITOR_ANS_GSSSTEP, m); gss_release_buffer(&minor, &out); @@ -1793,27 +1855,26 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m) } int -mm_answer_gss_checkmic(int sock, Buffer *m) +mm_answer_gss_checkmic(int sock, struct sshbuf *m) { gss_buffer_desc gssbuf, mic; OM_uint32 ret; - u_int len; if (!options.gss_authentication) fatal("%s: GSSAPI authentication not enabled", __func__); - gssbuf.value = buffer_get_string(m, &len); - gssbuf.length = len; - mic.value = buffer_get_string(m, &len); - mic.length = len; + if ((r = sshbuf_get_string(m, &gssbuf.value, &gssbuf.length)) != 0 || + (r = sshbuf_get_string(m, &mic.value, &mic.length)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); ret = ssh_gssapi_checkmic(gsscontext, &gssbuf, &mic); free(gssbuf.value); free(mic.value); - buffer_clear(m); - buffer_put_int(m, ret); + sshbuf_reset(m); + if ((r = sshbuf_put_u32(m, ret)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); mm_request_send(sock, MONITOR_ANS_GSSCHECKMIC, m); @@ -1824,7 +1885,7 @@ mm_answer_gss_checkmic(int sock, Buffer *m) } int -mm_answer_gss_userok(int sock, Buffer *m) +mm_answer_gss_userok(int sock, struct sshbuf *m) { int authenticated; const char *displayname; @@ -1834,8 +1895,9 @@ mm_answer_gss_userok(int sock, Buffer *m) authenticated = authctxt->valid && ssh_gssapi_userok(authctxt->user); - buffer_clear(m); - buffer_put_int(m, authenticated); + sshbuf_reset(m); + if ((r = sshbuf_put_u32(m, authenticated)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); debug3("%s: sending result %d", __func__, authenticated); mm_request_send(sock, MONITOR_ANS_GSSUSEROK, m); |