diff options
| -rw-r--r-- | .gitignore | 21 | ||||
| -rw-r--r-- | CHANGES | 2 | ||||
| -rw-r--r-- | cli-runopts.c | 2 | ||||
| -rw-r--r-- | cli-session.c | 4 | ||||
| -rw-r--r-- | common-kex.c | 2 | ||||
| -rw-r--r-- | compat.c | 2 | ||||
| -rw-r--r-- | configure.ac | 90 | ||||
| -rw-r--r-- | dbrandom.c | 6 | ||||
| -rw-r--r-- | dropbearkey.c | 2 | ||||
| -rw-r--r-- | dss.c | 8 | ||||
| -rw-r--r-- | keyimport.c | 10 | ||||
| -rw-r--r-- | libtommath/bn_mp_exteuclid.c | 33 | ||||
| -rw-r--r-- | rsa.c | 2 | ||||
| -rw-r--r-- | scpmisc.c | 2 | ||||
| -rw-r--r-- | svr-runopts.c | 4 | ||||
| -rw-r--r-- | svr-session.c | 2 | ||||
| -rw-r--r-- | tcp-accept.c | 8 | ||||
| -rw-r--r-- | termcodes.c | 24 |
18 files changed, 152 insertions, 72 deletions
diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..b81c1ea --- /dev/null +++ b/.gitignore @@ -0,0 +1,21 @@ +*~ +*.o +*.a +*.da +*.bb +*.bbg +*.prof +/autom4te.cache +/config.log +/config.status +/dbclient +/dropbear +/dropbearconvert +/dropbearkey +/dropbearmulti +/scp +/scp-progress +Makefile +config.h +config.h.in +configure @@ -5,6 +5,7 @@ dropbear is running with -a (Allow connections to forwarded ports from any host) This could potentially allow arbitrary code execution as root by an authenticated user. Affects versions 2013.56 to 2016.74. Thanks to Mark Shepard for reporting the crash. + CVE-2017-9078 https://secure.ucc.asn.au/hg/dropbear/rev/c8114a48837c - Security: Fix information disclosure with ~/.ssh/authorized_keys symlink. Dropbear parsed authorized_keys as root, even if it were a symlink. The fix @@ -16,6 +17,7 @@ contents of that file. This information disclosure is to an already authenticated user. Thanks to Jann Horn of Google Project Zero for reporting this. + CVE-2017-9079 https://secure.ucc.asn.au/hg/dropbear/rev/0d889b068123 - Generate hostkeys with dropbearkey atomically and flush to disk with fsync Thanks to Andrei Gherzan for a patch diff --git a/cli-runopts.c b/cli-runopts.c index 4a89ba3..ca50709 100644 --- a/cli-runopts.c +++ b/cli-runopts.c @@ -106,7 +106,7 @@ static void printhelp() { void cli_getopts(int argc, char ** argv) { unsigned int i, j; - char ** next = 0; + char ** next = NULL; enum { OPT_EXTENDED_OPTIONS, #if DROPBEAR_CLI_PUBKEY_AUTH diff --git a/cli-session.c b/cli-session.c index d89416f..f1115d6 100644 --- a/cli-session.c +++ b/cli-session.c @@ -81,7 +81,7 @@ static const packettype cli_packettypes[] = { {SSH_MSG_REQUEST_SUCCESS, ignore_recv_response}, {SSH_MSG_REQUEST_FAILURE, ignore_recv_response}, #endif - {0, 0} /* End */ + {0, NULL} /* End */ }; static const struct ChanType *cli_chantypes[] = { @@ -287,7 +287,7 @@ static void cli_sessionloop() { int devnull; /* keeping stdin open steals input from the terminal and is confusing, though stdout/stderr could be useful. */ - devnull = open(_PATH_DEVNULL, O_RDONLY); + devnull = open(DROPBEAR_PATH_DEVNULL, O_RDONLY); if (devnull < 0) { dropbear_exit("Opening /dev/null: %d %s", errno, strerror(errno)); diff --git a/common-kex.c b/common-kex.c index 1f3d51b..fc2daad 100644 --- a/common-kex.c +++ b/common-kex.c @@ -782,7 +782,7 @@ static void finish_kexhashbuf(void) { hash_desc->done(&hs, buf_getwriteptr(ses.hash, hash_desc->hashsize)); buf_setlen(ses.hash, hash_desc->hashsize); -#if (DEBUG_KEXHASH) && (DEBUG_TRACE) +#if defined(DEBUG_KEXHASH) && DEBUG_TRACE if (!debug_trace) { printhex("kexhashbuf", ses.kexhashbuf->data, ses.kexhashbuf->len); printhex("kexhash", ses.hash->data, ses.hash->len); @@ -174,7 +174,7 @@ int daemon(int nochdir, int noclose) { if (!nochdir) (void)chdir("/"); - if (!noclose && (fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) { + if (!noclose && (fd = open(DROPBEAR_PATH_DEVNULL, O_RDWR, 0)) != -1) { (void)dup2(fd, STDIN_FILENO); (void)dup2(fd, STDOUT_FILENO); (void)dup2(fd, STDERR_FILENO); diff --git a/configure.ac b/configure.ac index 9a7fbc9..e2ab814 100644 --- a/configure.ac +++ b/configure.ac @@ -45,8 +45,8 @@ case "$host" in sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'` if test "$sol2ver" -ge 8; then AC_MSG_RESULT(yes) - AC_DEFINE(DISABLE_UTMP,,Disable utmp) - AC_DEFINE(DISABLE_WTMP,,Disable wtmp) + AC_DEFINE(DISABLE_UTMP,1,Disable utmp) + AC_DEFINE(DISABLE_WTMP,1,Disable wtmp) else AC_MSG_RESULT(no) fi @@ -55,18 +55,18 @@ case "$host" in ;; *-*-aix*) - AC_DEFINE(AIX,,Using AIX) + AC_DEFINE(AIX,1,Using AIX) # OpenSSH thinks it's broken. If it isn't, let me know. - AC_DEFINE(BROKEN_GETADDRINFO,,Broken getaddrinfo) + AC_DEFINE(BROKEN_GETADDRINFO,1,Broken getaddrinfo) ;; *-*-hpux*) LIBS="$LIBS -lsec" # It's probably broken. - AC_DEFINE(BROKEN_GETADDRINFO,,Broken getaddrinfo) + AC_DEFINE(BROKEN_GETADDRINFO,1,Broken getaddrinfo) ;; *-dec-osf*) - AC_DEFINE(BROKEN_GETADDRINFO,,Broken getaddrinfo) + AC_DEFINE(BROKEN_GETADDRINFO,1,Broken getaddrinfo) ;; esac @@ -80,7 +80,7 @@ AC_CHECK_DECL(__UCLIBC__, [ no_loginfunc_check=1 AC_MSG_NOTICE([Using uClibc - login() and logout() probably don't work, so we won't use them.]) - ],,,) + ],,) dnl We test for crypt() specially. On Linux (and others?) it resides in libcrypt dnl but we don't want link all binaries to -lcrypt, just dropbear server. @@ -118,7 +118,7 @@ AC_ARG_ENABLE(zlib, [ --disable-zlib Don't include zlib support], [ if test "x$enableval" = "xno"; then - AC_DEFINE(DISABLE_ZLIB,, Use zlib) + AC_DEFINE(DISABLE_ZLIB,1,Use zlib) AC_MSG_NOTICE(Disabling zlib) else AC_CHECK_LIB(z, deflate, , AC_MSG_ERROR([*** zlib missing - install first or check config.log ***])) @@ -159,13 +159,13 @@ AC_ARG_ENABLE(pam, AC_MSG_NOTICE(Enabling PAM) AC_CHECK_FUNCS(pam_fail_delay) else - AC_DEFINE(DISABLE_PAM,, Use PAM) + AC_DEFINE(DISABLE_PAM,1,Use PAM) AC_MSG_NOTICE(Disabling PAM) fi ], [ # disable it by default - AC_DEFINE(DISABLE_PAM,, Use PAM) + AC_DEFINE(DISABLE_PAM,1,Use PAM) AC_MSG_NOTICE(Disabling PAM) ] ) @@ -177,7 +177,7 @@ AC_ARG_ENABLE(openpty, AC_MSG_NOTICE(Not using openpty) else AC_MSG_NOTICE(Using openpty if available) - AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)]) + AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY,1,[Have openpty() function])]) fi ], [ @@ -191,7 +191,7 @@ AC_ARG_ENABLE(syslog, [ --disable-syslog Don't include syslog support], [ if test "x$enableval" = "xno"; then - AC_DEFINE(DISABLE_SYSLOG,, Using syslog) + AC_DEFINE(DISABLE_SYSLOG,1,Using syslog) AC_MSG_NOTICE(Disabling syslog) else AC_MSG_NOTICE(Enabling syslog) @@ -308,7 +308,7 @@ AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ ) ]) if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then - AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6,,Have struct sockaddr_in6) + AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6,1,Have struct sockaddr_in6) fi AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ @@ -322,7 +322,7 @@ AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ ) ]) if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then - AC_DEFINE(HAVE_STRUCT_IN6_ADDR,,Have struct in6_addr) + AC_DEFINE(HAVE_STRUCT_IN6_ADDR,1,Have struct in6_addr) fi AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ @@ -337,7 +337,7 @@ AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ ) ]) if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then - AC_DEFINE(HAVE_STRUCT_ADDRINFO,,Have struct addrinfo) + AC_DEFINE(HAVE_STRUCT_ADDRINFO,1,Have struct addrinfo) fi @@ -401,21 +401,21 @@ AC_ARG_ENABLE(bundled-libtom, AC_MSG_NOTICE(Forcing bundled libtom*) else BUNDLED_LIBTOM=0 - AC_CHECK_LIB(tommath, mp_exptmod, LIBTOM_LIBS="$LIBTOM_LIBS -ltommath", + AC_CHECK_LIB(tommath, mp_exptmod, LIBTOM_LIBS="-ltommath $LIBTOM_LIBS", [AC_MSG_ERROR([Missing system libtommath and --disable-bundled-libtom was specified])] ) - AC_CHECK_LIB(tomcrypt, register_cipher, LIBTOM_LIBS="$LIBTOM_LIBS -ltomcrypt", + AC_CHECK_LIB(tomcrypt, register_cipher, LIBTOM_LIBS="-ltomcrypt $LIBTOM_LIBS", [AC_MSG_ERROR([Missing system libtomcrypt and --disable-bundled-libtom was specified])] ) fi ], [ BUNDLED_LIBTOM=0 - AC_CHECK_LIB(tommath, mp_exptmod, LIBTOM_LIBS="$LIBTOM_LIBS -ltommath", BUNDLED_LIBTOM=1) - AC_CHECK_LIB(tomcrypt, register_cipher, LIBTOM_LIBS="$LIBTOM_LIBS -ltomcrypt", BUNDLED_LIBTOM=1) + AC_CHECK_LIB(tommath, mp_exptmod, LIBTOM_LIBS="-ltommath $LIBTOM_LIBS", BUNDLED_LIBTOM=1) + AC_CHECK_LIB(tomcrypt, register_cipher, LIBTOM_LIBS="-ltomcrypt $LIBTOM_LIBS", BUNDLED_LIBTOM=1) ] ) if test $BUNDLED_LIBTOM = 1 ; then - AC_DEFINE(BUNDLED_LIBTOM,,Use bundled libtom) + AC_DEFINE(BUNDLED_LIBTOM,1,Use bundled libtom) fi AC_SUBST(LIBTOM_LIBS) @@ -426,36 +426,64 @@ dnl Added from OpenSSH 3.6.1p2's configure.ac dnl allow user to disable some login recording features AC_ARG_ENABLE(lastlog, [ --disable-lastlog Disable use of lastlog even if detected [no]], - [ AC_DEFINE(DISABLE_LASTLOG,,Disable use of lastlog()) ] + [ + if test "x$enableval" = "xno" ; then + AC_DEFINE(DISABLE_LASTLOG,1,Disable use of lastlog()) + fi + ] ) AC_ARG_ENABLE(utmp, [ --disable-utmp Disable use of utmp even if detected [no]], - [ AC_DEFINE(DISABLE_UTMP,,Disable use of utmp) ] + [ + if test "x$enableval" = "xno" ; then + AC_DEFINE(DISABLE_UTMP,1,Disable use of utmp) + fi + ] ) AC_ARG_ENABLE(utmpx, [ --disable-utmpx Disable use of utmpx even if detected [no]], - [ AC_DEFINE(DISABLE_UTMPX,,Disable use of utmpx) ] + [ + if test "x$enableval" = "xno" ; then + AC_DEFINE(DISABLE_UTMPX,1,Disable use of utmpx) + fi + ] ) AC_ARG_ENABLE(wtmp, [ --disable-wtmp Disable use of wtmp even if detected [no]], - [ AC_DEFINE(DISABLE_WTMP,,Disable use of wtmp) ] + [ + if test "x$enableval" = "xno" ; then + AC_DEFINE(DISABLE_WTMP,1,Disable use of wtmp) + fi + ] ) AC_ARG_ENABLE(wtmpx, [ --disable-wtmpx Disable use of wtmpx even if detected [no]], - [ AC_DEFINE(DISABLE_WTMPX,,Disable use of wtmpx) ] + [ + if test "x$enableval" = "xno" ; then + AC_DEFINE(DISABLE_WTMPX,1,Disable use of wtmpx) + fi + ] ) AC_ARG_ENABLE(loginfunc, [ --disable-loginfunc Disable use of login() etc. [no]], [ no_loginfunc_check=1 - AC_MSG_NOTICE(Not using login() etc) ] + AC_MSG_NOTICE([Not using login() etc]) ] ) AC_ARG_ENABLE(pututline, [ --disable-pututline Disable use of pututline() etc. ([uw]tmp) [no]], - [ AC_DEFINE(DISABLE_PUTUTLINE,,Disable use of pututline()) ] + [ + if test "x$enableval" = "xno" ; then + AC_DEFINE(DISABLE_PUTUTLINE,1,Disable use of pututline()) + fi + ] ) AC_ARG_ENABLE(pututxline, [ --disable-pututxline Disable use of pututxline() etc. ([uw]tmpx) [no]], - [ AC_DEFINE(DISABLE_PUTUTXLINE,,Disable use of pututxline()) ] + [ + if test "x$enableval" = "xno" ; then + AC_DEFINE(DISABLE_PUTUTXLINE,1,Disable use of pututxline()) + fi + ] ) AC_ARG_WITH(lastlog, [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], @@ -470,7 +498,7 @@ AC_ARG_WITH(lastlog, if test -z "$no_loginfunc_check"; then dnl Checks for libutil functions (login(), logout() etc, not openpty() ) - AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN,,Have login() function)]) + AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN,1,[Have login() function])]) AC_CHECK_FUNCS(logout updwtmp logwtmp) fi @@ -666,7 +694,7 @@ AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME)) if test -z "$no_ptmx_check" ; then if test x"$cross_compiling" = x"no" ; then if test -e /dev/ptmx ; then - AC_DEFINE(USE_DEV_PTMX,,Use /dev/ptmx) + AC_DEFINE(USE_DEV_PTMX,1,Use /dev/ptmx) fi else AC_MSG_NOTICE([Not checking for /dev/ptmx, we're cross-compiling]) @@ -676,7 +704,7 @@ fi if test -z "$no_ptc_check" ; then if test x"$cross_compiling" = x"no" ; then if test -e /dev/ptc ; then - AC_DEFINE(HAVE_DEV_PTS_AND_PTC,,Use /dev/ptc & /dev/pts) + AC_DEFINE(HAVE_DEV_PTS_AND_PTC,1,Use /dev/ptc & /dev/pts) fi else AC_MSG_NOTICE([Not checking for /dev/ptc & /dev/pts since we're cross-compiling]) @@ -59,7 +59,7 @@ process_file(hash_state *hs, const char *filename, unsigned int readcount; int ret = DROPBEAR_FAILURE; -#if DROPBEAR_PRNGD_SOCKET +#ifdef DROPBEAR_PRNGD_SOCKET if (prngd) { readfd = connect_unix(filename); @@ -107,7 +107,7 @@ process_file(hash_state *hs, const char *filename, wantread = MIN(sizeof(readbuf), len-readcount); } -#if DROPBEAR_PRNGD_SOCKET +#ifdef DROPBEAR_PRNGD_SOCKET if (prngd) { char egdcmd[2]; @@ -215,7 +215,7 @@ void seedrandom() { /* existing state */ sha1_process(&hs, (void*)hashpool, sizeof(hashpool)); -#if DROPBEAR_PRNGD_SOCKET +#ifdef DROPBEAR_PRNGD_SOCKET if (process_file(&hs, DROPBEAR_PRNGD_SOCKET, INIT_SEED_SIZE, 1) != DROPBEAR_SUCCESS) { dropbear_exit("Failure reading random device %s", diff --git a/dropbearkey.c b/dropbearkey.c index a0d315b..5cb12ef 100644 --- a/dropbearkey.c +++ b/dropbearkey.c @@ -134,7 +134,7 @@ int main(int argc, char ** argv) { #endif int i; - char ** next = 0; + char ** next = NULL; char * filename = NULL; enum signkey_type keytype = DROPBEAR_SIGNKEY_NONE; char * typetext = NULL; @@ -181,6 +181,10 @@ int buf_dss_verify(buffer* buf, dropbear_dss_key *key, buffer *data_buf) { TRACE(("verify failed, s' >= q")) goto out; } + if (mp_cmp_d(&val1, 0) != MP_GT) { + TRACE(("verify failed, s' <= 0")) + goto out; + } /* let val2 = w = (s')^-1 mod q*/ if (mp_invmod(&val1, key->q, &val2) != MP_OKAY) { goto out; @@ -202,6 +206,10 @@ int buf_dss_verify(buffer* buf, dropbear_dss_key *key, buffer *data_buf) { TRACE(("verify failed, r' >= q")) goto out; } + if (mp_cmp_d(&val1, 0) != MP_GT) { + TRACE(("verify failed, r' <= 0")) + goto out; + } /* let val4 = u2 = ((r')w) mod q */ if (mp_mulmod(&val1, &val2, key->q, &val4) != MP_OKAY) { goto out; diff --git a/keyimport.c b/keyimport.c index d64a6f7..6aab273 100644 --- a/keyimport.c +++ b/keyimport.c @@ -694,7 +694,7 @@ static sign_key *openssh_read(const char *filename, char * UNUSED(passphrase)) &id, &len, &flags); p += ret; /* id==4 for octet string */ - if (ret < 0 || id != 4 || len < 0 || + if (ret < 0 || id != 4 || len < 0 || key->keyblob+key->keyblob_len-p < len) { errmsg = "ASN.1 decoding failure"; goto error; @@ -708,7 +708,7 @@ static sign_key *openssh_read(const char *filename, char * UNUSED(passphrase)) &id, &len, &flags); p += ret; /* id==0 */ - if (ret < 0 || id != 0 || len < 0) { + if (ret < 0 || id != 0 || len < 0) { errmsg = "ASN.1 decoding failure"; goto error; } @@ -717,7 +717,7 @@ static sign_key *openssh_read(const char *filename, char * UNUSED(passphrase)) &id, &len, &flags); p += ret; /* id==6 for object */ - if (ret < 0 || id != 6 || len < 0 || + if (ret < 0 || id != 6 || len < 0 || key->keyblob+key->keyblob_len-p < len) { errmsg = "ASN.1 decoding failure"; goto error; @@ -756,7 +756,7 @@ static sign_key *openssh_read(const char *filename, char * UNUSED(passphrase)) &id, &len, &flags); p += ret; /* id==1 */ - if (ret < 0 || id != 1 || len < 0) { + if (ret < 0 || id != 1 || len < 0) { errmsg = "ASN.1 decoding failure"; goto error; } @@ -765,7 +765,7 @@ static sign_key *openssh_read(const char *filename, char * UNUSED(passphrase)) &id, &len, &flags); p += ret; /* id==3 for bit string */ - if (ret < 0 || id != 3 || len < 0 || + if (ret < 0 || id != 3 || len < 0 || key->keyblob+key->keyblob_len-p < len) { errmsg = "ASN.1 decoding failure"; goto error; diff --git a/libtommath/bn_mp_exteuclid.c b/libtommath/bn_mp_exteuclid.c index 25ccba9..f4f1c7b 100644 --- a/libtommath/bn_mp_exteuclid.c +++ b/libtommath/bn_mp_exteuclid.c @@ -29,34 +29,34 @@ int mp_exteuclid(mp_int *a, mp_int *b, mp_int *U1, mp_int *U2, mp_int *U3) /* initialize, (u1,u2,u3) = (1,0,a) */ mp_set(&u1, 1); - if ((err = mp_copy(a, &u3)) != MP_OKAY) { goto _ERR; } + if ((err = mp_copy(a, &u3)) != MP_OKAY) { goto LBL_ERR; } /* initialize, (v1,v2,v3) = (0,1,b) */ mp_set(&v2, 1); - if ((err = mp_copy(b, &v3)) != MP_OKAY) { goto _ERR; } + if ((err = mp_copy(b, &v3)) != MP_OKAY) { goto LBL_ERR; } /* loop while v3 != 0 */ while (mp_iszero(&v3) == MP_NO) { /* q = u3/v3 */ - if ((err = mp_div(&u3, &v3, &q, NULL)) != MP_OKAY) { goto _ERR; } + if ((err = mp_div(&u3, &v3, &q, NULL)) != MP_OKAY) { goto LBL_ERR; } /* (t1,t2,t3) = (u1,u2,u3) - (v1,v2,v3)q */ - if ((err = mp_mul(&v1, &q, &tmp)) != MP_OKAY) { goto _ERR; } - if ((err = mp_sub(&u1, &tmp, &t1)) != MP_OKAY) { goto _ERR; } - if ((err = mp_mul(&v2, &q, &tmp)) != MP_OKAY) { goto _ERR; } - if ((err = mp_sub(&u2, &tmp, &t2)) != MP_OKAY) { goto _ERR; } - if ((err = mp_mul(&v3, &q, &tmp)) != MP_OKAY) { goto _ERR; } - if ((err = mp_sub(&u3, &tmp, &t3)) != MP_OKAY) { goto _ERR; } + if ((err = mp_mul(&v1, &q, &tmp)) != MP_OKAY) { goto LBL_ERR; } + if ((err = mp_sub(&u1, &tmp, &t1)) != MP_OKAY) { goto LBL_ERR; } + if ((err = mp_mul(&v2, &q, &tmp)) != MP_OKAY) { goto LBL_ERR; } + if ((err = mp_sub(&u2, &tmp, &t2)) != MP_OKAY) { goto LBL_ERR; } + if ((err = mp_mul(&v3, &q, &tmp)) != MP_OKAY) { goto LBL_ERR; } + if ((err = mp_sub(&u3, &tmp, &t3)) != MP_OKAY) { goto LBL_ERR; } /* (u1,u2,u3) = (v1,v2,v3) */ - if ((err = mp_copy(&v1, &u1)) != MP_OKAY) { goto _ERR; } - if ((err = mp_copy(&v2, &u2)) != MP_OKAY) { goto _ERR; } - if ((err = mp_copy(&v3, &u3)) != MP_OKAY) { goto _ERR; } + if ((err = mp_copy(&v1, &u1)) != MP_OKAY) { goto LBL_ERR; } + if ((err = mp_copy(&v2, &u2)) != MP_OKAY) { goto LBL_ERR; } + if ((err = mp_copy(&v3, &u3)) != MP_OKAY) { goto LBL_ERR; } /* (v1,v2,v3) = (t1,t2,t3) */ - if ((err = mp_copy(&t1, &v1)) != MP_OKAY) { goto _ERR; } - if ((err = mp_copy(&t2, &v2)) != MP_OKAY) { goto _ERR; } - if ((err = mp_copy(&t3, &v3)) != MP_OKAY) { goto _ERR; } + if ((err = mp_copy(&t1, &v1)) != MP_OKAY) { goto LBL_ERR; } + if ((err = mp_copy(&t2, &v2)) != MP_OKAY) { goto LBL_ERR; } + if ((err = mp_copy(&t3, &v3)) != MP_OKAY) { goto LBL_ERR; } } /* make sure U3 >= 0 */ @@ -72,7 +72,8 @@ int mp_exteuclid(mp_int *a, mp_int *b, mp_int *U1, mp_int *U2, mp_int *U3) if (U3 != NULL) { mp_exch(U3, &u3); } err = MP_OKAY; -_ERR: mp_clear_multi(&u1, &u2, &u3, &v1, &v2, &v3, &t1, &t2, &t3, &q, &tmp, NULL); +LBL_ERR: + mp_clear_multi(&u1, &u2, &u3, &v1, &v2, &v3, &t1, &t2, &t3, &q, &tmp, NULL); return err; } #endif @@ -324,7 +324,7 @@ void buf_put_rsa_sign(buffer* buf, dropbear_rsa_key *key, buffer *data_buf) { buf_incrwritepos(buf, ssize); mp_clear(&rsa_s); -#if defined(DEBUG_RSA) && defined(DEBUG_TRACE) +#if defined(DEBUG_RSA) && DEBUG_TRACE if (!debug_trace) { printhex("RSA sig", buf->data, buf->len); } @@ -235,7 +235,7 @@ sanitise_stdfd(void) { int nullfd, dupfd; - if ((nullfd = dupfd = open(_PATH_DEVNULL, O_RDWR)) == -1) { + if ((nullfd = dupfd = open(DROPBEAR_PATH_DEVNULL, O_RDWR)) == -1) { fprintf(stderr, "Couldn't open /dev/null: %s", strerror(errno)); exit(1); } diff --git a/svr-runopts.c b/svr-runopts.c index ae4a7fa..93058f7 100644 --- a/svr-runopts.c +++ b/svr-runopts.c @@ -114,7 +114,7 @@ static void printhelp(const char * progname) { void svr_getopts(int argc, char ** argv) { unsigned int i, j; - char ** next = 0; + char ** next = NULL; int nextisport = 0; char* recv_window_arg = NULL; char* keepalive_arg = NULL; @@ -289,7 +289,7 @@ void svr_getopts(int argc, char ** argv) { if (*next == NULL) { dropbear_exit("Invalid null argument"); } - next = 0x00; + next = NULL; if (keyfile) { addhostkey(keyfile); diff --git a/svr-session.c b/svr-session.c index 543a830..c0dba5d 100644 --- a/svr-session.c +++ b/svr-session.c @@ -67,7 +67,7 @@ static const packettype svr_packettypes[] = { {SSH_MSG_CHANNEL_OPEN_CONFIRMATION, recv_msg_channel_open_confirmation}, {SSH_MSG_CHANNEL_OPEN_FAILURE, recv_msg_channel_open_failure}, #endif - {0, 0} /* End */ + {0, NULL} /* End */ }; static const struct ChanType *svr_chantypes[] = { diff --git a/tcp-accept.c b/tcp-accept.c index 04fa25f..82f4a86 100644 --- a/tcp-accept.c +++ b/tcp-accept.c @@ -55,19 +55,19 @@ int tcp_prio_inithandler(struct Channel* channel) static void tcp_acceptor(struct Listener *listener, int sock) { int fd; - struct sockaddr_storage addr; + struct sockaddr_storage sa; socklen_t len; char ipstring[NI_MAXHOST], portstring[NI_MAXSERV]; struct TCPListener *tcpinfo = (struct TCPListener*)(listener->typedata); - len = sizeof(addr); + len = sizeof(sa); - fd = accept(sock, (struct sockaddr*)&addr, &len); + fd = accept(sock, (struct sockaddr*)&sa, &len); if (fd < 0) { return; } - if (getnameinfo((struct sockaddr*)&addr, len, ipstring, sizeof(ipstring), + if (getnameinfo((struct sockaddr*)&sa, len, ipstring, sizeof(ipstring), portstring, sizeof(portstring), NI_NUMERICHOST | NI_NUMERICSERV) != 0) { m_close(fd); diff --git a/termcodes.c b/termcodes.c index 490e6ce..c5819c1 100644 --- a/termcodes.c +++ b/termcodes.c @@ -34,7 +34,11 @@ const struct TermCode termcodes[MAX_TERMCODE+1] = { {VKILL, TERMCODE_CONTROLCHAR}, {VEOF, TERMCODE_CONTROLCHAR}, {VEOL, TERMCODE_CONTROLCHAR}, +#ifdef VEOL2 {VEOL2, TERMCODE_CONTROLCHAR}, +#else + {0, 0}, +#endif {VSTART, TERMCODE_CONTROLCHAR}, {VSTOP, TERMCODE_CONTROLCHAR}, {VSUSP, TERMCODE_CONTROLCHAR}, @@ -51,17 +55,25 @@ const struct TermCode termcodes[MAX_TERMCODE+1] = { #ifdef AIX {CERASE, TERMCODE_CONTROLCHAR}, #else +#ifdef VWERASE {VWERASE, TERMCODE_CONTROLCHAR}, +#else + {0, 0}, #endif +#endif +#ifdef VLNEXT {VLNEXT, TERMCODE_CONTROLCHAR}, +#else + {0, 0}, +#endif #ifdef VFLUSH {VFLUSH, TERMCODE_CONTROLCHAR}, -#else +#else {0, 0}, #endif #ifdef VSWTCH {VSWTCH, TERMCODE_CONTROLCHAR}, -#else +#else {0, 0}, #endif #ifdef VSTATUS @@ -135,8 +147,16 @@ const struct TermCode termcodes[MAX_TERMCODE+1] = { {NOFLSH, TERMCODE_LOCAL}, {TOSTOP, TERMCODE_LOCAL}, {IEXTEN, TERMCODE_LOCAL}, +#ifdef ECHOCTL {ECHOCTL, TERMCODE_LOCAL}, +#else + {0, 0}, +#endif +#ifdef ECHOKE {ECHOKE, TERMCODE_LOCAL}, +#else + {0, 0}, +#endif #ifdef PENDIN {PENDIN, TERMCODE_LOCAL}, #else |