From: dtucker Date: Mon, 16 Jul 2018 22:25:01 +0000 (+0000) Subject: Slot 0 in the hostbased key array was previously RSA1, but that is X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=c6ff4b20364b050ae82779e09be2c0adf4aa4c49;p=openbsd Slot 0 in the hostbased key array was previously RSA1, but that is now gone and the slot is unused so remove it. Remove two now-unused macros, and add an array bounds check to the two remaining ones (array is statically sized, so mostly a safety check on future changes). ok markus@ --- diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index 1aa3907c414..aeaae37936a 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.485 2018/07/16 11:05:41 dtucker Exp $ */ +/* $OpenBSD: ssh.c,v 1.486 2018/07/16 22:25:01 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1384,34 +1384,34 @@ main(int ac, char **av) sensitive_data.nkeys = 0; sensitive_data.keys = NULL; if (options.hostbased_authentication) { - sensitive_data.nkeys = 11; + sensitive_data.nkeys = 10; sensitive_data.keys = xcalloc(sensitive_data.nkeys, sizeof(struct sshkey)); /* XXX check errors? */ -#define L_KEY(t,p,o) \ - check_load(sshkey_load_private_type(t, p, "", \ - &(sensitive_data.keys[o]), NULL, NULL), p, "key") -#define L_KEYCERT(t,p,o) \ - check_load(sshkey_load_private_cert(t, p, "", \ - &(sensitive_data.keys[o]), NULL), p, "cert and key") -#define L_PUBKEY(p,o) \ +#define L_PUBKEY(p,o) do { \ + if ((o) >= sensitive_data.nkeys) \ + fatal("%s pubkey out of array bounds", __func__); \ check_load(sshkey_load_public(p, &(sensitive_data.keys[o]), NULL), \ - p, "pubkey") -#define L_CERT(p,o) \ - check_load(sshkey_load_cert(p, &(sensitive_data.keys[o])), p, "cert") + p, "pubkey"); \ +} while (0) +#define L_CERT(p,o) do { \ + if ((o) >= sensitive_data.nkeys) \ + fatal("%s cert out of array bounds", __func__); \ + check_load(sshkey_load_cert(p, &(sensitive_data.keys[o])), p, "cert"); \ +} while (0) if (options.hostbased_authentication == 1) { - L_CERT(_PATH_HOST_ECDSA_KEY_FILE, 1); - L_CERT(_PATH_HOST_ED25519_KEY_FILE, 2); - L_CERT(_PATH_HOST_RSA_KEY_FILE, 3); - L_CERT(_PATH_HOST_DSA_KEY_FILE, 4); - L_PUBKEY(_PATH_HOST_ECDSA_KEY_FILE, 5); - L_PUBKEY(_PATH_HOST_ED25519_KEY_FILE, 6); - L_PUBKEY(_PATH_HOST_RSA_KEY_FILE, 7); - L_PUBKEY(_PATH_HOST_DSA_KEY_FILE, 8); - L_CERT(_PATH_HOST_XMSS_KEY_FILE, 9); - L_PUBKEY(_PATH_HOST_XMSS_KEY_FILE, 10); + L_CERT(_PATH_HOST_ECDSA_KEY_FILE, 0); + L_CERT(_PATH_HOST_ED25519_KEY_FILE, 1); + L_CERT(_PATH_HOST_RSA_KEY_FILE, 2); + L_CERT(_PATH_HOST_DSA_KEY_FILE, 3); + L_PUBKEY(_PATH_HOST_ECDSA_KEY_FILE, 4); + L_PUBKEY(_PATH_HOST_ED25519_KEY_FILE, 5); + L_PUBKEY(_PATH_HOST_RSA_KEY_FILE, 6); + L_PUBKEY(_PATH_HOST_DSA_KEY_FILE, 7); + L_CERT(_PATH_HOST_XMSS_KEY_FILE, 8); + L_PUBKEY(_PATH_HOST_XMSS_KEY_FILE, 9); } } /*