[openssh-commits] [openssh] 01/03: upstream: two more bounds-checking sshbuf counterparts to common

git+noreply at mindrot.org git+noreply at mindrot.org
Mon Jul 15 23:21:30 AEST 2019 

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit e18a27eedccb024acb3cd9820b650a5dff323f01
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Mon Jul 15 13:11:38 2019 +0000

    upstream: two more bounds-checking sshbuf counterparts to common
    
    string operations: sshbuf_cmp() (bcmp-like) and sshbuf_find() (memmem like)
    
    feedback and ok markus@
    
    OpenBSD-Commit-ID: fd071ec2485c7198074a168ff363a0d6052a706a
---
 sshbuf-misc.c | 39 ++++++++++++++++++++++++++++++++++++++-
 sshbuf.h      | 29 ++++++++++++++++++++++++++++-
 2 files changed, 66 insertions(+), 2 deletions(-)

diff --git a/sshbuf-misc.c b/sshbuf-misc.c
index a077a01e..83b59810 100644
--- a/sshbuf-misc.c
+++ b/sshbuf-misc.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: sshbuf-misc.c,v 1.7 2019/07/07 01:05:00 dtucker Exp $	*/
+/*	$OpenBSD: sshbuf-misc.c,v 1.8 2019/07/15 13:11:38 djm Exp $	*/
 /*
  * Copyright (c) 2011 Damien Miller
  *
@@ -158,3 +158,40 @@ sshbuf_dup_string(struct sshbuf *buf)
 	return r;
 }
 
+int
+sshbuf_cmp(const struct sshbuf *b, size_t offset,
+    const u_char *s, size_t len)
+{
+	if (sshbuf_ptr(b) == NULL)
+		return SSH_ERR_INTERNAL_ERROR;
+	if (offset > SSHBUF_SIZE_MAX || len > SSHBUF_SIZE_MAX || len == 0)
+		return SSH_ERR_INVALID_ARGUMENT;
+	if (offset + len > sshbuf_len(b))
+		return SSH_ERR_MESSAGE_INCOMPLETE;
+	if (timingsafe_bcmp(sshbuf_ptr(b) + offset, s, len) != 0)
+		return SSH_ERR_INVALID_FORMAT;
+	return 0;
+}
+
+int
+sshbuf_find(const struct sshbuf *b, size_t start_offset,
+    const u_char *s, size_t len, size_t *offsetp)
+{
+	void *p;
+
+	if (offsetp != NULL)
+		*offsetp = 0;
+
+	if (sshbuf_ptr(b) == NULL)
+		return SSH_ERR_INTERNAL_ERROR;
+	if (start_offset > SSHBUF_SIZE_MAX || len > SSHBUF_SIZE_MAX || len == 0)
+		return SSH_ERR_INVALID_ARGUMENT;
+	if (start_offset > sshbuf_len(b) || start_offset + len > sshbuf_len(b))
+		return SSH_ERR_MESSAGE_INCOMPLETE;
+	if ((p = memmem(sshbuf_ptr(b) + start_offset,
+	    sshbuf_len(b) - start_offset, s, len)) == NULL)
+		return SSH_ERR_INVALID_FORMAT;
+	if (offsetp != NULL)
+		*offsetp = (const u_char *)p - sshbuf_ptr(b);
+	return 0;
+}
diff --git a/sshbuf.h b/sshbuf.h
index 1d9d5bb2..79700b54 100644
--- a/sshbuf.h
+++ b/sshbuf.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: sshbuf.h,v 1.14 2019/07/14 23:32:27 djm Exp $	*/
+/*	$OpenBSD: sshbuf.h,v 1.15 2019/07/15 13:11:38 djm Exp $	*/
 /*
  * Copyright (c) 2011 Damien Miller
  *
@@ -256,6 +256,33 @@ char	*sshbuf_dtob64(struct sshbuf *buf);
 /* Decode base64 data and append it to the buffer */
 int	sshbuf_b64tod(struct sshbuf *buf, const char *b64);
 
+/*
+ * Tests whether the buffer contains the specified byte sequence at the
+ * specified offset. Returns 0 on successful match, or a ssherr.h code
+ * otherwise. SSH_ERR_INVALID_FORMAT indicates sufficient bytes were
+ * present but the buffer contents did not match those supplied. Zero-
+ * length comparisons are not allowed.
+ *
+ * If sufficient data is present to make a comparison, then it is
+ * performed with timing independent of the value of the data. If
+ * insufficient data is present then the comparison is not attempted at
+ * all.
+ */
+int	sshbuf_cmp(const struct sshbuf *b, size_t offset,
+    const u_char *s, size_t len);
+
+/*
+ * Searches the buffer for the specified string. Returns 0 on success
+ * and updates *offsetp with the offset of the first match, relative to
+ * the start of the buffer. Otherwise sshbuf_find will return a ssherr.h
+ * error code. SSH_ERR_INVALID_FORMAT indicates sufficient bytes were
+ * present in the buffer for a match to be possible but none was found.
+ * Searches for zero-length data are not allowed.
+ */
+int
+sshbuf_find(const struct sshbuf *b, size_t start_offset,
+    const u_char *s, size_t len, size_t *offsetp);
+
 /*
  * Duplicate the contents of a buffer to a string (caller to free).
  * Returns NULL on buffer error, or if the buffer contains a premature

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list