File openssh-Add-more-sshbuf-functions-sshbuf_dup_st... of Package openssh-testuser.26950

Overview Repositories Revisions Requests Users Attributes Meta

File openssh-Add-more-sshbuf-functions-sshbuf_dup_string-sshbuf_c.patch of Package openssh-testuser.26950

From e785bb50f5aaed6c090fc59e8313bef7111dc566 Mon Sep 17 00:00:00 2001
From: Michal Suchanek <msuchanek@suse.de>
Date: Fri, 11 Nov 2022 08:14:19 +0100
Subject: [PATCH] Add more sshbuf functions sshbuf_dup_string, sshbuf_cmp,
 sshbuf_find, sshbuf_dtob64_string

Patch-mainline: V_7_3_P1
Git-commit: 1a31d02b2411c4718de58ce796dbb7b5e14db93e (partial - only add sshbuf_dup_string)
Upstream-ID: 71f926d9bb3f1efed51319a6daf37e93d57c8820

fix signed/unsigned errors reported by clang-3.7; add
 sshbuf_dup_string() to replace a common idiom of strdup(sshbuf_ptr()) with
 better safety checking; feedback and ok markus@

Patch-mainline: V_7_3_P1
Git-commit: 01cabf10adc7676cba5f40536a34d3b246edb73f
Upstream-Regress-ID: 7521ff150dc7f20511d1c2c48fd3318e5850a96d

unit tests for sshbuf_dup_string()

Patch-mainline: V_8_1_P1
Git-commit: e18a27eedccb024acb3cd9820b650a5dff323f01
OpenBSD-Commit-ID: fd071ec2485c7198074a168ff363a0d6052a706a

upstream: two more bounds-checking sshbuf counterparts to common
string operations: sshbuf_cmp() (bcmp-like) and sshbuf_find() (memmem like)
feedback and ok markus@

Patch-mainline: V_8_1_P1
Git-commit: 477e2a3be8b10df76e8d76f0427b043280d73d68
upstream: unit tests for sshbuf_cmp() and sshbuf_find(); ok markus
OpenBSD-Regress-ID: b52d36bc3ab6dc158c1e59a9a4735f821cf9e1fd

Patch-mainline: V_8_1_P1
Git-commit: 16dd8b2c78a0de106c7429e2a294d203f6bda3c7
OpenBSD-Commit-ID: 4dba6735d88c57232f6fccec8a08bdcfea44ac4c

upstream: remove mostly vestigal uuencode.[ch]; moving the only unique
functionality there (wrapping of base64-encoded data) to sshbuf functions;
feedback and ok markus@

Patch-mainline: V_8_1_P1
Git-commit: f8829fe57fb0479d6103cfe1190095da3c032c6d
OpenBSD-Regress-ID: 82374a83edf0955fd1477169eee3f5d6467405a6

upstream: adapt to sshbuf_dtob64() change
---
 Makefile.in                                 |   2 +-
 monitor_wrap.c                              |   1 -
 regress/unittests/sshbuf/test_sshbuf_misc.c |  98 +++++++++++++++--
 ssh-keygen.c                                |  51 ++++-----
 sshbuf-misc.c                               | 116 ++++++++++++++++++--
 sshbuf.h                                    |  37 ++++++-
 sshkey.c                                    |  25 +----
 uuencode.c                                  |  95 ----------------
 uuencode.h                                  |  29 -----
 9 files changed, 261 insertions(+), 193 deletions(-)
 delete mode 100644 uuencode.c
 delete mode 100644 uuencode.h

diff --git a/Makefile.in b/Makefile.in
index 552b8d62..1b4be188 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -91,7 +91,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
 	compat.o crc32.o deattack.o fatal.o hostfile.o \
 	log.o match.o md-sha256.o moduli.o nchan.o packet.o opacket.o \
 	readpass.o rsa.o ttymodes.o xmalloc.o addrmatch.o \
-	atomicio.o key.o dispatch.o mac.o uidswap.o uuencode.o misc.o utf8.o \
+	atomicio.o key.o dispatch.o mac.o uidswap.o misc.o utf8.o \
 	monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \
 	msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o \
 	ssh-pkcs11.o smult_curve25519_ref.o \
diff --git a/monitor_wrap.c b/monitor_wrap.c
index 819362c4..2b7cf5cf 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -75,7 +75,6 @@
 #include "atomicio.h"
 #include "monitor_fdpass.h"
 #include "misc.h"
-#include "uuencode.h"
 
 #include "channels.h"
 #include "session.h"
diff --git a/regress/unittests/sshbuf/test_sshbuf_misc.c b/regress/unittests/sshbuf/test_sshbuf_misc.c
index f155491a..0dc39d03 100644
--- a/regress/unittests/sshbuf/test_sshbuf_misc.c
+++ b/regress/unittests/sshbuf/test_sshbuf_misc.c
@@ -19,6 +19,7 @@
 #include "../test_helper/test_helper.h"
 
 #include "sshbuf.h"
+#include "ssherr.h"
 
 void sshbuf_misc_tests(void);
 
@@ -26,7 +27,7 @@ void
 sshbuf_misc_tests(void)
 {
 	struct sshbuf *p1;
-	char tmp[512], *p;
+	char tmp[512], msg[] = "imploring ping silence ping over", *p;
 	FILE *out;
 	size_t sz;
 
@@ -60,48 +61,48 @@ sshbuf_misc_tests(void)
 	sshbuf_free(p1);
 	TEST_DONE();
 
-	TEST_START("sshbuf_dtob64 len 1");
+	TEST_START("sshbuf_dtob64_string len 1");
 	p1 = sshbuf_new();
 	ASSERT_PTR_NE(p1, NULL);
 	ASSERT_INT_EQ(sshbuf_put_u8(p1, 0x11), 0);
-	p = sshbuf_dtob64(p1);
+	p = sshbuf_dtob64_string(p1, 0);
 	ASSERT_PTR_NE(p, NULL);
 	ASSERT_STRING_EQ(p, "EQ==");
 	free(p);
 	sshbuf_free(p1);
 	TEST_DONE();
 
-	TEST_START("sshbuf_dtob64 len 2");
+	TEST_START("sshbuf_dtob64_string len 2");
 	p1 = sshbuf_new();
 	ASSERT_PTR_NE(p1, NULL);
 	ASSERT_INT_EQ(sshbuf_put_u8(p1, 0x11), 0);
 	ASSERT_INT_EQ(sshbuf_put_u8(p1, 0x22), 0);
-	p = sshbuf_dtob64(p1);
+	p = sshbuf_dtob64_string(p1, 0);
 	ASSERT_PTR_NE(p, NULL);
 	ASSERT_STRING_EQ(p, "ESI=");
 	free(p);
 	sshbuf_free(p1);
 	TEST_DONE();
 
-	TEST_START("sshbuf_dtob64 len 3");
+	TEST_START("sshbuf_dtob64_string len 3");
 	p1 = sshbuf_new();
 	ASSERT_PTR_NE(p1, NULL);
 	ASSERT_INT_EQ(sshbuf_put_u8(p1, 0x11), 0);
 	ASSERT_INT_EQ(sshbuf_put_u8(p1, 0x22), 0);
 	ASSERT_INT_EQ(sshbuf_put_u8(p1, 0x33), 0);
-	p = sshbuf_dtob64(p1);
+	p = sshbuf_dtob64_string(p1, 0);
 	ASSERT_PTR_NE(p, NULL);
 	ASSERT_STRING_EQ(p, "ESIz");
 	free(p);
 	sshbuf_free(p1);
 	TEST_DONE();
 
-	TEST_START("sshbuf_dtob64 len 8191");
+	TEST_START("sshbuf_dtob64_string len 8191");
 	p1 = sshbuf_new();
 	ASSERT_PTR_NE(p1, NULL);
 	ASSERT_INT_EQ(sshbuf_reserve(p1, 8192, NULL), 0);
 	bzero(sshbuf_mutable_ptr(p1), 8192);
-	p = sshbuf_dtob64(p1);
+	p = sshbuf_dtob64_string(p1, 0);
 	ASSERT_PTR_NE(p, NULL);
 	ASSERT_SIZE_T_EQ(strlen(p), ((8191 + 2) / 3) * 4);
 	free(p);
@@ -134,5 +135,84 @@ sshbuf_misc_tests(void)
 	ASSERT_U32_EQ(PEEK_U32(sshbuf_ptr(p1)), 0xd00fd00f);
 	sshbuf_free(p1);
 	TEST_DONE();
+
+	TEST_START("sshbuf_dup_string");
+	p1 = sshbuf_new();
+	ASSERT_PTR_NE(p1, NULL);
+	/* Check empty buffer */
+	p = sshbuf_dup_string(p1);
+	ASSERT_PTR_NE(p, NULL);
+	ASSERT_SIZE_T_EQ(strlen(p), 0);
+	free(p);
+	/* Check buffer with string */
+	ASSERT_INT_EQ(sshbuf_put(p1, "quad1", strlen("quad1")), 0);
+	p = sshbuf_dup_string(p1);
+	ASSERT_PTR_NE(p, NULL);
+	ASSERT_SIZE_T_EQ(strlen(p), strlen("quad1"));
+	ASSERT_STRING_EQ(p, "quad1");
+	free(p);
+	/* Check buffer with terminating nul */
+	ASSERT_INT_EQ(sshbuf_put(p1, "\0", 1), 0);
+	p = sshbuf_dup_string(p1);
+	ASSERT_PTR_NE(p, NULL);
+	ASSERT_SIZE_T_EQ(strlen(p), strlen("quad1"));
+	ASSERT_STRING_EQ(p, "quad1");
+	free(p);
+	/* Check buffer with data after nul (expect failure) */
+	ASSERT_INT_EQ(sshbuf_put(p1, "quad2", strlen("quad2")), 0);
+	p = sshbuf_dup_string(p1);
+	ASSERT_PTR_EQ(p, NULL);
+	sshbuf_free(p1);
+	TEST_DONE();
+
+	TEST_START("sshbuf_cmp");
+	p1 = sshbuf_from(msg, sizeof(msg) - 1);
+	ASSERT_PTR_NE(p1, NULL);
+	ASSERT_INT_EQ(sshbuf_cmp(p1, 0, "i", 1), 0);
+	ASSERT_INT_EQ(sshbuf_cmp(p1, 0, "j", 1), SSH_ERR_INVALID_FORMAT);
+	ASSERT_INT_EQ(sshbuf_cmp(p1, 0, "imploring", 9), 0);
+	ASSERT_INT_EQ(sshbuf_cmp(p1, 0, "implored", 9), SSH_ERR_INVALID_FORMAT);
+	ASSERT_INT_EQ(sshbuf_cmp(p1, 10, "ping", 4), 0);
+	ASSERT_INT_EQ(sshbuf_cmp(p1, 10, "ring", 4), SSH_ERR_INVALID_FORMAT);
+	ASSERT_INT_EQ(sshbuf_cmp(p1, 28, "over", 4), 0);
+	ASSERT_INT_EQ(sshbuf_cmp(p1, 28, "rove", 4), SSH_ERR_INVALID_FORMAT);
+	ASSERT_INT_EQ(sshbuf_cmp(p1, 28, "overt", 5),
+	    SSH_ERR_MESSAGE_INCOMPLETE);
+	ASSERT_INT_EQ(sshbuf_cmp(p1, 32, "ping", 4),
+	    SSH_ERR_MESSAGE_INCOMPLETE);
+	ASSERT_INT_EQ(sshbuf_cmp(p1, 1000, "silence", 7),
+	    SSH_ERR_MESSAGE_INCOMPLETE);
+	ASSERT_INT_EQ(sshbuf_cmp(p1, 0, msg, sizeof(msg) - 1), 0);
+	TEST_DONE();
+
+	TEST_START("sshbuf_find");
+	p1 = sshbuf_from(msg, sizeof(msg) - 1);
+	ASSERT_PTR_NE(p1, NULL);
+	ASSERT_INT_EQ(sshbuf_find(p1, 0, "i", 1, &sz), 0);
+	ASSERT_SIZE_T_EQ(sz, 0);
+	ASSERT_INT_EQ(sshbuf_find(p1, 0, "j", 1, &sz), SSH_ERR_INVALID_FORMAT);
+	ASSERT_INT_EQ(sshbuf_find(p1, 0, "imploring", 9, &sz), 0);
+	ASSERT_SIZE_T_EQ(sz, 0);
+	ASSERT_INT_EQ(sshbuf_find(p1, 0, "implored", 9, &sz),
+	    SSH_ERR_INVALID_FORMAT);
+	ASSERT_INT_EQ(sshbuf_find(p1, 3, "ping", 4, &sz), 0);
+	ASSERT_SIZE_T_EQ(sz, 10);
+	ASSERT_INT_EQ(sshbuf_find(p1, 11, "ping", 4, &sz), 0);
+	ASSERT_SIZE_T_EQ(sz, 23);
+	ASSERT_INT_EQ(sshbuf_find(p1, 20, "over", 4, &sz), 0);
+	ASSERT_SIZE_T_EQ(sz, 28);
+	ASSERT_INT_EQ(sshbuf_find(p1, 28, "over", 4, &sz), 0);
+	ASSERT_SIZE_T_EQ(sz, 28);
+	ASSERT_INT_EQ(sshbuf_find(p1, 28, "rove", 4, &sz),
+	    SSH_ERR_INVALID_FORMAT);
+	ASSERT_INT_EQ(sshbuf_find(p1, 28, "overt", 5, &sz),
+	    SSH_ERR_MESSAGE_INCOMPLETE);
+	ASSERT_INT_EQ(sshbuf_find(p1, 32, "ping", 4, &sz),
+	    SSH_ERR_MESSAGE_INCOMPLETE);
+	ASSERT_INT_EQ(sshbuf_find(p1, 1000, "silence", 7, &sz),
+	    SSH_ERR_MESSAGE_INCOMPLETE);
+	ASSERT_INT_EQ(sshbuf_find(p1, 0, msg + 1, sizeof(msg) - 2, &sz), 0);
+	ASSERT_SIZE_T_EQ(sz, 1);
+	TEST_DONE();
 }
 
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 53186982..3df6c340 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -42,7 +42,6 @@
 #include "sshkey.h"
 #include "rsa.h"
 #include "authfile.h"
-#include "uuencode.h"
 #include "sshbuf.h"
 #include "pathnames.h"
 #include "log.h"
@@ -306,27 +305,32 @@ load_identity(char *filename)
 static void
 do_convert_to_ssh2(struct passwd *pw, struct sshkey *k)
 {
-	size_t len;
-	u_char *blob;
-	char comment[61];
+	struct sshbuf *b;
+	char comment[61], *b64;
 	int r;
 
 	if (k->type == KEY_RSA1)
 		fatal("version 1 keys are not supported");
-	if ((r = sshkey_to_blob(k, &blob, &len)) != 0)
+	if ((b = sshbuf_new()) == NULL)
+		fatal("%s: sshbuf_new failed", __func__);
+	if ((r = sshkey_putb(k, b)) != 0)
 		fatal("key_to_blob failed: %s", ssh_err(r));
+	if ((b64 = sshbuf_dtob64_string(b, 1)) == NULL)
+		fatal("%s: sshbuf_dtob64_string failed", __func__);
+
 	/* Comment + surrounds must fit into 72 chars (RFC 4716 sec 3.3) */
 	snprintf(comment, sizeof(comment),
 	    "%u-bit %s, converted by %s@%s from OpenSSH",
 	    sshkey_size(k), sshkey_type(k),
 	    pw->pw_name, hostname);
 
+	sshkey_free(k);
+	sshbuf_free(b);
+
 	fprintf(stdout, "%s\n", SSH_COM_PUBLIC_BEGIN);
-	fprintf(stdout, "Comment: \"%s\"\n", comment);
-	dump_base64(stdout, blob, len);
+	fprintf(stdout, "Comment: \"%s\"\n%s", comment, b64);
 	fprintf(stdout, "%s\n", SSH_COM_PUBLIC_END);
-	sshkey_free(k);
-	free(blob);
+	free(b64);
 	exit(0);
 }
 
@@ -429,9 +433,8 @@ buffer_get_bignum_bits(struct sshbuf *b, BIGNUM *value)
 }
 
 static struct sshkey *
-do_convert_private_ssh2_from_blob(u_char *blob, u_int blen)
+do_convert_private_ssh2(struct sshbuf *b)
 {
-	struct sshbuf *b;
 	struct sshkey *key = NULL;
 	char *type, *cipher;
 	u_char e1, e2, e3, *sig = NULL, data[] = "abcde12345";
@@ -440,15 +443,13 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen)
 	size_t slen;
 	u_long e;
 
-	if ((b = sshbuf_from(blob, blen)) == NULL)
-		fatal("%s: sshbuf_from failed", __func__);
+
 	if ((r = sshbuf_get_u32(b, &magic)) != 0)
 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
 
 	if (magic != SSH_COM_PRIVATE_KEY_MAGIC) {
 		error("bad magic 0x%x != 0x%x", magic,
 		    SSH_COM_PRIVATE_KEY_MAGIC);
-		sshbuf_free(b);
 		return NULL;
 	}
 	if ((r = sshbuf_get_u32(b, &i1)) != 0 ||
@@ -462,7 +463,6 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen)
 	if (strcmp(cipher, "none") != 0) {
 		error("unsupported cipher %s", cipher);
 		free(cipher);
-		sshbuf_free(b);
 		free(type);
 		return NULL;
 	}
@@ -473,7 +473,6 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen)
 	} else if (strstr(type, "rsa")) {
 		ktype = KEY_RSA;
 	} else {
-		sshbuf_free(b);
 		free(type);
 		return NULL;
 	}
@@ -505,7 +504,6 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen)
 			debug("e %lx", e);
 		}
 		if (!BN_set_word(key->rsa->e, e)) {
-			sshbuf_free(b);
 			sshkey_free(key);
 			return NULL;
 		}
@@ -520,9 +518,7 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen)
 	}
 	rlen = sshbuf_len(b);
 	if (rlen != 0)
-		error("do_convert_private_ssh2_from_blob: "
-		    "remaining bytes in key blob %d", rlen);
-	sshbuf_free(b);
+		error("%s: remaining bytes in key blob %d", __func__, rlen);
 
 	/* try the key */
 	if (sshkey_sign(key, &sig, &slen, data, sizeof(data), NULL, 0) != 0 ||
@@ -567,10 +563,12 @@ do_convert_from_ssh2(struct passwd *pw, struct sshkey **k, int *private)
 	int r, blen, escaped = 0;
 	u_int len;
 	char line[1024];
-	u_char blob[8096];
+	struct sshbuf *buf;
 	char encoded[8096];
 	FILE *fp;
 
+	if ((buf = sshbuf_new()) == NULL)
+		fatal("sshbuf_new failed");
 	if ((fp = fopen(identity_file, "r")) == NULL)
 		fatal("%s: %s: %s", __progname, identity_file, strerror(errno));
 	encoded[0] = '\0';
@@ -600,12 +598,11 @@ do_convert_from_ssh2(struct passwd *pw, struct sshkey **k, int *private)
 	    (encoded[len-2] == '=') &&
 	    (encoded[len-3] == '='))
 		encoded[len-3] = '\0';
-	blen = uudecode(encoded, blob, sizeof(blob));
-	if (blen < 0)
-		fatal("uudecode failed.");
+	if ((r = sshbuf_b64tod(buf, encoded)) != 0)
+		fatal("%s: base64 decoding failed: %s", __func__, ssh_err(r));
 	if (*private)
-		*k = do_convert_private_ssh2_from_blob(blob, blen);
-	else if ((r = sshkey_from_blob(blob, blen, k)) != 0)
+		*k = do_convert_private_ssh2(buf);
+	else if ((r = sshkey_fromb(buf, k)) != 0)
 		fatal("decode blob failed: %s", ssh_err(r));
 	fclose(fp);
 }
@@ -1644,7 +1641,7 @@ do_ca_sign(struct passwd *pw, int argc, char **argv)
 			}
 			free(otmp);
 		}
-	
+
 		tmp = tilde_expand_filename(argv[i], pw->pw_uid);
 		if ((r = sshkey_load_public(tmp, &public, &comment)) != 0)
 			fatal("%s: unable to open \"%s\": %s",
diff --git a/sshbuf-misc.c b/sshbuf-misc.c
index 3da4b80e..5cacc587 100644
--- a/sshbuf-misc.c
+++ b/sshbuf-misc.c
@@ -89,24 +89,58 @@ sshbuf_dtob16(struct sshbuf *buf)
 	return ret;
 }
 
+int
+sshbuf_dtob64(const struct sshbuf *d, struct sshbuf *b64, int wrap)
+{
+	size_t i, slen = 0;
+	char *s = NULL;
+	int r;
+
+	if (d == NULL || b64 == NULL || sshbuf_len(d) >= SIZE_MAX / 2)
+		return SSH_ERR_INVALID_ARGUMENT;
+	if (sshbuf_len(d) == 0)
+		return 0;
+	slen = ((sshbuf_len(d) + 2) / 3) * 4 + 1;
+	if ((s = malloc(slen)) == NULL)
+		return SSH_ERR_ALLOC_FAIL;
+	if (b64_ntop(sshbuf_ptr(d), sshbuf_len(d), s, slen) == -1) {
+		r = SSH_ERR_INTERNAL_ERROR;
+		goto fail;
+	}
+	if (wrap) {
+		for (i = 0; s[i] != '\0'; i++) {
+			if ((r = sshbuf_put_u8(b64, s[i])) != 0)
+				goto fail;
+			if (i % 70 == 69 && (r = sshbuf_put_u8(b64, '\n')) != 0)
+				goto fail;
+		}
+		if (i % 70 != 69 && (r = sshbuf_put_u8(b64, '\n')) != 0)
+			goto fail;
+	} else {
+		if ((r = sshbuf_put(b64, s, strlen(s))) != 0)
+			goto fail;
+	}
+	/* Success */
+	r = 0;
+ fail:
+	freezero(s, slen);
+	return r;
+}
+
 char *
-sshbuf_dtob64(struct sshbuf *buf)
+sshbuf_dtob64_string(const struct sshbuf *buf, int wrap)
 {
-	size_t len = sshbuf_len(buf), plen;
-	const u_char *p = sshbuf_ptr(buf);
+	struct sshbuf *tmp;
 	char *ret;
-	int r;
 
-	if (len == 0)
-		return strdup("");
-	plen = ((len + 2) / 3) * 4 + 1;
-	if (SIZE_MAX / 2 <= len || (ret = malloc(plen)) == NULL)
+	if ((tmp = sshbuf_new()) == NULL)
 		return NULL;
-	if ((r = b64_ntop(p, len, ret, plen)) == -1) {
-		explicit_bzero(ret, plen);
-		free(ret);
+	if (sshbuf_dtob64(buf, tmp, wrap) != 0) {
+		sshbuf_free(tmp);
 		return NULL;
 	}
+	ret = sshbuf_dup_string(tmp);
+	sshbuf_free(tmp);
 	return ret;
 }
 
@@ -136,3 +170,63 @@ sshbuf_b64tod(struct sshbuf *buf, const char *b64)
 	return 0;
 }
 
+char *
+sshbuf_dup_string(struct sshbuf *buf)
+{
+	const u_char *p = NULL, *s = sshbuf_ptr(buf);
+	size_t l = sshbuf_len(buf);
+	char *r;
+
+	if (s == NULL || l > SIZE_MAX)
+		return NULL;
+	/* accept a nul only as the last character in the buffer */
+	if (l > 0 && (p = memchr(s, '\0', l)) != NULL) {
+		if (p != s + l - 1)
+			return NULL;
+		l--; /* the nul is put back below */
+	}
+	if ((r = malloc(l + 1)) == NULL)
+		return NULL;
+	if (l > 0)
+		memcpy(r, s, l);
+	r[l] = '\0';
+	return r;
+}
+
+int
+sshbuf_cmp(const struct sshbuf *b, size_t offset,
+    const u_char *s, size_t len)
+{
+	if (sshbuf_ptr(b) == NULL)
+		return SSH_ERR_INTERNAL_ERROR;
+	if (offset > SSHBUF_SIZE_MAX || len > SSHBUF_SIZE_MAX || len == 0)
+		return SSH_ERR_INVALID_ARGUMENT;
+	if (offset + len > sshbuf_len(b))
+		return SSH_ERR_MESSAGE_INCOMPLETE;
+	if (timingsafe_bcmp(sshbuf_ptr(b) + offset, s, len) != 0)
+		return SSH_ERR_INVALID_FORMAT;
+	return 0;
+}
+
+int
+sshbuf_find(const struct sshbuf *b, size_t start_offset,
+    const u_char *s, size_t len, size_t *offsetp)
+{
+	void *p;
+
+	if (offsetp != NULL)
+		*offsetp = 0;
+
+	if (sshbuf_ptr(b) == NULL)
+		return SSH_ERR_INTERNAL_ERROR;
+	if (start_offset > SSHBUF_SIZE_MAX || len > SSHBUF_SIZE_MAX || len == 0)
+		return SSH_ERR_INVALID_ARGUMENT;
+	if (start_offset > sshbuf_len(b) || start_offset + len > sshbuf_len(b))
+		return SSH_ERR_MESSAGE_INCOMPLETE;
+	if ((p = memmem(sshbuf_ptr(b) + start_offset,
+	    sshbuf_len(b) - start_offset, s, len)) == NULL)
+		return SSH_ERR_INVALID_FORMAT;
+	if (offsetp != NULL)
+		*offsetp = (const u_char *)p - sshbuf_ptr(b);
+	return 0;
+}
diff --git a/sshbuf.h b/sshbuf.h
index 1cae68eb..2158af10 100644
--- a/sshbuf.h
+++ b/sshbuf.h
@@ -242,11 +242,46 @@ void	sshbuf_dump_data(const void *s, size_t len, FILE *f);
 char	*sshbuf_dtob16(struct sshbuf *buf);
 
 /* Encode the contents of the buffer as base64 */
-char	*sshbuf_dtob64(struct sshbuf *buf);
+char	*sshbuf_dtob64_string(const struct sshbuf *buf, int wrap);
+int	sshbuf_dtob64(const struct sshbuf *d, struct sshbuf *b64, int wrap);
 
 /* Decode base64 data and append it to the buffer */
 int	sshbuf_b64tod(struct sshbuf *buf, const char *b64);
 
+/*
+ * Tests whether the buffer contains the specified byte sequence at the
+ * specified offset. Returns 0 on successful match, or a ssherr.h code
+ * otherwise. SSH_ERR_INVALID_FORMAT indicates sufficient bytes were
+ * present but the buffer contents did not match those supplied. Zero-
+ * length comparisons are not allowed.
+ *
+ * If sufficient data is present to make a comparison, then it is
+ * performed with timing independent of the value of the data. If
+ * insufficient data is present then the comparison is not attempted at
+ * all.
+ */
+int	sshbuf_cmp(const struct sshbuf *b, size_t offset,
+    const u_char *s, size_t len);
+
+/*
+ * Searches the buffer for the specified string. Returns 0 on success
+ * and updates *offsetp with the offset of the first match, relative to
+ * the start of the buffer. Otherwise sshbuf_find will return a ssherr.h
+ * error code. SSH_ERR_INVALID_FORMAT indicates sufficient bytes were
+ * present in the buffer for a match to be possible but none was found.
+ * Searches for zero-length data are not allowed.
+ */
+int
+sshbuf_find(const struct sshbuf *b, size_t start_offset,
+    const u_char *s, size_t len, size_t *offsetp);
+
+/*
+ * Duplicate the contents of a buffer to a string (caller to free).
+ * Returns NULL on buffer error, or if the buffer contains a premature
+ * nul character.
+ */
+char *sshbuf_dup_string(struct sshbuf *buf);
+
 /* Macros for decoding/encoding integers */
 #define PEEK_U64(p) \
 	(((u_int64_t)(((const u_char *)(p))[0]) << 56) | \
diff --git a/sshkey.c b/sshkey.c
index f7905a2e..22d45d53 100644
--- a/sshkey.c
+++ b/sshkey.c
@@ -1423,7 +1423,7 @@ sshkey_to_base64(const struct sshkey *key, char **b64p)
 		return SSH_ERR_ALLOC_FAIL;
 	if ((r = sshkey_putb(key, b)) != 0)
 		goto out;
-	if ((uu = sshbuf_dtob64(b)) == NULL) {
+	if ((uu = sshbuf_dtob64_string(b, 0)) == NULL) {
 		r = SSH_ERR_ALLOC_FAIL;
 		goto out;
 	}
@@ -3152,25 +3152,12 @@ sshkey_private_to_blob2(const struct sshkey *prv, struct sshbuf *blob,
 	    sshbuf_ptr(encrypted), sshbuf_len(encrypted), 0, authlen)) != 0)
 		goto out;
 
-	/* uuencode */
-	if ((b64 = sshbuf_dtob64(encoded)) == NULL) {
-		r = SSH_ERR_ALLOC_FAIL;
-		goto out;
-	}
-
 	sshbuf_reset(blob);
-	if ((r = sshbuf_put(blob, MARK_BEGIN, MARK_BEGIN_LEN)) != 0)
-		goto out;
-	for (i = 0; i < strlen(b64); i++) {
-		if ((r = sshbuf_put_u8(blob, b64[i])) != 0)
-			goto out;
-		/* insert line breaks */
-		if (i % 70 == 69 && (r = sshbuf_put_u8(blob, '\n')) != 0)
-			goto out;
-	}
-	if (i % 70 != 69 && (r = sshbuf_put_u8(blob, '\n')) != 0)
-		goto out;
-	if ((r = sshbuf_put(blob, MARK_END, MARK_END_LEN)) != 0)
+
+	/* assemble uuencoded key */
+	if ((r = sshbuf_put(blob, MARK_BEGIN, MARK_BEGIN_LEN)) != 0 ||
+	    (r = sshbuf_dtob64(encoded, blob, 1)) != 0 ||
+	    (r = sshbuf_put(blob, MARK_END, MARK_END_LEN)) != 0)
 		goto out;
 
 	/* success */
diff --git a/uuencode.c b/uuencode.c
deleted file mode 100644
index 7fc867a1..00000000
--- a/uuencode.c
+++ /dev/null
@@ -1,95 +0,0 @@
-/* $OpenBSD: uuencode.c,v 1.28 2015/04/24 01:36:24 deraadt Exp $ */
-/*
- * Copyright (c) 2000 Markus Friedl.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "includes.h"
-
-#include <sys/types.h>
-#include <netinet/in.h>
-#include <resolv.h>
-#include <stdio.h>
-#include <stdlib.h>
-
-#include "xmalloc.h"
-#include "uuencode.h"
-
-/*
- * Encode binary 'src' of length 'srclength', writing base64-encoded text
- * to 'target' of size 'targsize'. Will always nul-terminate 'target'.
- * Returns the number of bytes stored in 'target' or -1 on error (inc.
- * 'targsize' too small).
- */
-int
-uuencode(const u_char *src, u_int srclength,
-    char *target, size_t targsize)
-{
-	return __b64_ntop(src, srclength, target, targsize);
-}
-
-/*
- * Decode base64-encoded 'src' into buffer 'target' of 'targsize' bytes.
- * Will skip leading and trailing whitespace. Returns the number of bytes
- * stored in 'target' or -1 on error (inc. targsize too small).
- */
-int
-uudecode(const char *src, u_char *target, size_t targsize)
-{
-	int len;
-	char *encoded, *p;
-
-	/* copy the 'readonly' source */
-	encoded = xstrdup(src);
-	/* skip whitespace and data */
-	for (p = encoded; *p == ' ' || *p == '\t'; p++)
-		;
-	for (; *p != '\0' && *p != ' ' && *p != '\t'; p++)
-		;
-	/* and remove trailing whitespace because __b64_pton needs this */
-	*p = '\0';
-	len = __b64_pton(encoded, target, targsize);
-	free(encoded);
-	return len;
-}
-
-void
-dump_base64(FILE *fp, const u_char *data, u_int len)
-{
-	char *buf;
-	int i, n;
-
-	if (len > 65536) {
-		fprintf(fp, "dump_base64: len > 65536\n");
-		return;
-	}
-	buf = xreallocarray(NULL, 2, len);
-	n = uuencode(data, len, buf, 2*len);
-	for (i = 0; i < n; i++) {
-		fprintf(fp, "%c", buf[i]);
-		if (i % 70 == 69)
-			fprintf(fp, "\n");
-	}
-	if (i % 70 != 69)
-		fprintf(fp, "\n");
-	free(buf);
-}
diff --git a/uuencode.h b/uuencode.h
deleted file mode 100644
index 4d988812..00000000
--- a/uuencode.h
+++ /dev/null
@@ -1,29 +0,0 @@
-/* $OpenBSD: uuencode.h,v 1.14 2010/08/31 11:54:45 djm Exp $ */
-
-/*
- * Copyright (c) 2000 Markus Friedl.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-int	 uuencode(const u_char *, u_int, char *, size_t);
-int	 uudecode(const char *, u_char *, size_t);
-void	 dump_base64(FILE *, const u_char *, u_int);
-- 
2.38.0

Places

File openssh-Add-more-sshbuf-functions-sshbuf_dup_string-sshbuf_c.patch of Package openssh-testuser.26950

Places