When choosing a prime from the moduli file, avoid re-using the

linenum variable for something that is not a line number to avoid
the confusion that resulted in the bug in rev. 1.64.  This also
lets us pass the actual linenum to parse_prime() so the error
messages include the correct line number.  OK markus@ some time ago.

diff --git a/usr.bin/ssh/dh.c b/usr.bin/ssh/dh.c
index 7e2df75..c775e8a 100644 (file)
--- a/usr.bin/ssh/dh.c
+++ b/usr.bin/ssh/dh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh.c,v 1.67 2018/09/13 02:08:33 djm Exp $ */
+/* $OpenBSD: dh.c,v 1.68 2018/09/17 15:40:14 millert Exp $ */
 /*
  * Copyright (c) 2000 Niels Provos.  All rights reserved.
  *
@@ -182,15 +182,17 @@ choose_dh(int min, int wantbits, int max)
                logit("WARNING: no suitable primes in %s", _PATH_DH_MODULI);
                return (dh_new_group_fallback(max));
        }
+       which = arc4random_uniform(bestcount);
 
        linenum = 0;
-       which = arc4random_uniform(bestcount);
+       bestcount = 0;
        while (getline(&line, &linesize, f) != -1) {
+               linenum++;
                if (!parse_prime(linenum, line, &dhg))
                        continue;
                if ((dhg.size > max || dhg.size < min) ||
                    dhg.size != best ||
-                   linenum++ != which) {
+                   bestcount++ != which) {
                        BN_clear_free(dhg.g);
                        BN_clear_free(dhg.p);
                        continue;
@@ -200,9 +202,9 @@ choose_dh(int min, int wantbits, int max)
        free(line);
        line = NULL;
        fclose(f);
-       if (linenum != which+1) {
-               logit("WARNING: line %d disappeared in %s, giving up",
-                   which, _PATH_DH_MODULI);
+       if (bestcount != which + 1) {
+               logit("WARNING: selected prime disappeared in %s, giving up",
+                   _PATH_DH_MODULI);
                return (dh_new_group_fallback(max));
        }