# # # patch "ssh_agent.cc" # from [4f19a6635327144f22abf323c412491b964e4407] # to [feef6186e41249c2584fbf3aae3fc2898c8d23d1] # ============================================================ --- ssh_agent.cc 4f19a6635327144f22abf323c412491b964e4407 +++ ssh_agent.cc feef6186e41249c2584fbf3aae3fc2898c8d23d1 @@ -10,6 +10,42 @@ using std::min; using std::min; +/* + * The ssh-agent network format is essentially based on a u32 which + * is the length of the packet followed by that number of bytes. + * + * The packet to as for the keys that ssh-agent has is in this format: + * u32 = 1 + * command = 11 + * + * The response packet: + * u32 = length + * data + * byte = packet type (12) + * u32 = number of keys + * u32 = length of key + * data + * u32 = length of type + * data = string, the type of key (ssh-rsa, ssh-dss) + * if(rsa) + * u32 = length of 'e' + * data = binary encoded BigInt, 'e' + * u32 = length of 'n' + * data = binary encoded BigInt, 'n' + * if(dss) + * u32 = length of 'p' + * data = binary encoded BigInt, 'p' + * u32 = length of 'q' + * data = binary encoded BigInt, 'q' + * u32 = length of 'g' + * data = binary encoded BigInt, 'g' + * u32 = length of 'pub_key' + * data = binary encoded BigInt, 'pub_key' + * u32 = length of comment + * data = comment (path to key file) + * (repeat for number of keys) + */ + ssh_agent::ssh_agent() { connect(); @@ -103,7 +139,11 @@ ssh_agent::get_string_from_buf(string co L(FL("ssh_agent: get_string_from_buf: buf length: %u, loc: %u" ) % buf.length() % loc); len = get_long_from_buf(buf, loc); L(FL("ssh_agent: get_string_from_buf: len: %u" ) % len); - E(loc + len <= buf.length(), F("ssh_agent: length (%i) of buf less than loc (%u) + len (%u)") % buf.length() % loc % len); + E(loc + len <= buf.length(), + F("ssh_agent: length (%i) of buf less than loc (%u) + len (%u)") + % buf.length() + % loc + % len); out = buf.substr(loc, len); L(FL("ssh_agent: get_string_from_buf: out length: %u") % out.length()); loc += len; @@ -196,9 +236,9 @@ ssh_agent::fetch_packet(string & packet) read_num_bytes(4, len_buf); u32 l = 0; len = get_long_from_buf(len_buf, l); - E(len > 0, F("zero-length packet from ssh-agent")); + E(len > 0, F("ssh_agent: fetch_packet: zero-length packet from ssh-agent")); - L(FL("ssh_agent: get_keys response len %u") % len); + L(FL("ssh_agent: fetch_packet: response len %u") % len); read_num_bytes(len, packet); } @@ -260,9 +300,14 @@ ssh_agent::get_keys() BigInt n = BigInt::decode((unsigned char *)(n_str.c_str()), n_str.length(), BigInt::Binary); L(FL("ssh_agent: n: %s, len %u") % n % slen); - RSA_PublicKey key(n, e); - keys.push_back(key); + E(key.length() == key_loc, + F("ssh_agent: sign_data: not all or too many key bytes consumed, location (%u), length(%i)") + % key_loc + % key.length()); + RSA_PublicKey rsa_key(n, e); + keys.push_back(rsa_key); + } else L(FL("ssh_agent: ignoring key of type '%s'") % type); @@ -299,6 +344,10 @@ ssh_agent::get_keys() get_string_from_buf(packet, packet_loc, comment_len, comment); L(FL("ssh_agent: comment_len: %u, comment: %s") % comment_len % comment); } + E(packet.length() == packet_loc, + F("ssh_agent: get_keys: not all or too many packet bytes consumed, location (%u), length(%i)") + % packet_loc + % packet.length()); return keys; } @@ -344,6 +393,15 @@ ssh_agent::sign_data(RSA_PublicKey const L(FL("ssh_agent: sign_data: type (%u), '%s'") % type_len % type); get_string_from_buf(full_sig, full_sig_loc, out_len, out); L(FL("ssh_agent: sign_data: output length %u") % out_len); + E(full_sig.length() == full_sig_loc, + F("ssh_agent: sign_data: not all or too many signature bytes consumed, location (%u), length(%i)") + % full_sig_loc + % full_sig.length()); + + E(packet_in.length() == packet_in_loc, + F("ssh_agent: sign_data: not all or too many packet bytes consumed, location (%u), length(%i)") + % packet_in_loc + % packet_in.length()); } // Local Variables: