return &list[i];
}
assert(!"No space in KEXINIT list");
+ return NULL;
}
/*
}
set_busy_status(ssh->frontend, BUSY_CPU); /* cogitate */
ssh_pkt_getstring(pktin, &s->hostkeydata, &s->hostkeylen);
+ if (!s->hostkeydata) {
+ bombout(("unable to parse key exchange reply packet"));
+ crStopV;
+ }
s->hkey = ssh->hostkey->newkey(ssh->hostkey,
s->hostkeydata, s->hostkeylen);
s->f = ssh2_pkt_getmp(pktin);
crStopV;
}
ssh_pkt_getstring(pktin, &s->sigdata, &s->siglen);
+ if (!s->sigdata) {
+ bombout(("unable to parse key exchange reply packet"));
+ crStopV;
+ }
{
const char *err = dh_validate_f(ssh->kex_ctx, s->f);
}
ssh_pkt_getstring(pktin, &s->hostkeydata, &s->hostkeylen);
+ if (!s->hostkeydata) {
+ bombout(("unable to parse ECDH reply packet"));
+ crStopV;
+ }
hash_string(ssh->kex->hash, ssh->exhash, s->hostkeydata, s->hostkeylen);
s->hkey = ssh->hostkey->newkey(ssh->hostkey,
s->hostkeydata, s->hostkeylen);
char *keydata;
int keylen;
ssh_pkt_getstring(pktin, &keydata, &keylen);
+ if (!keydata) {
+ bombout(("unable to parse ECDH reply packet"));
+ crStopV;
+ }
hash_string(ssh->kex->hash, ssh->exhash, keydata, keylen);
s->K = ssh_ecdhkex_getkey(s->eckey, keydata, keylen);
if (!s->K) {
}
ssh_pkt_getstring(pktin, &s->sigdata, &s->siglen);
+ if (!s->sigdata) {
+ bombout(("unable to parse key exchange reply packet"));
+ crStopV;
+ }
ssh_ecdhkex_freekey(s->eckey);
} else {
}
ssh_pkt_getstring(pktin, &s->hostkeydata, &s->hostkeylen);
+ if (!s->hostkeydata) {
+ bombout(("unable to parse RSA public key packet"));
+ crStopV;
+ }
hash_string(ssh->kex->hash, ssh->exhash,
s->hostkeydata, s->hostkeylen);
s->hkey = ssh->hostkey->newkey(ssh->hostkey,
{
char *keydata;
ssh_pkt_getstring(pktin, &keydata, &s->rsakeylen);
+ if (!keydata) {
+ bombout(("unable to parse RSA public key packet"));
+ crStopV;
+ }
s->rsakeydata = snewn(s->rsakeylen, char);
memcpy(s->rsakeydata, keydata, s->rsakeylen);
}
}
ssh_pkt_getstring(pktin, &s->sigdata, &s->siglen);
+ if (!s->sigdata) {
+ bombout(("unable to parse signature packet"));
+ crStopV;
+ }
sfree(s->rsakeydata);
}
{
if (ssh->version == 2 &&
!conf_get_int(ssh->conf, CONF_ssh_no_shell) &&
- count234(ssh->channels) == 0 &&
+ (ssh->channels && count234(ssh->channels) == 0) &&
!(ssh->connshare && share_ndownstreams(ssh->connshare) > 0)) {
/*
* We used to send SSH_MSG_DISCONNECT here, because I'd
s->can_keyb_inter = conf_get_int(ssh->conf, CONF_try_ki_auth) &&
in_commasep_string("keyboard-interactive", methods, methlen);
#ifndef NO_GSSAPI
- if (!ssh->gsslibs)
- ssh->gsslibs = ssh_gss_setup(ssh->conf);
- s->can_gssapi = conf_get_int(ssh->conf, CONF_try_gssapi_auth) &&
- in_commasep_string("gssapi-with-mic", methods, methlen) &&
- ssh->gsslibs->nlibraries > 0;
+ if (conf_get_int(ssh->conf, CONF_try_gssapi_auth) &&
+ in_commasep_string("gssapi-with-mic", methods, methlen)) {
+ /* Try loading the GSS libraries and see if we
+ * have any. */
+ if (!ssh->gsslibs)
+ ssh->gsslibs = ssh_gss_setup(ssh->conf);
+ s->can_gssapi = (ssh->gsslibs->nlibraries > 0);
+ } else {
+ /* No point in even bothering to try to load the
+ * GSS libraries, if the user configuration and
+ * server aren't both prepared to attempt GSSAPI
+ * auth in the first place. */
+ s->can_gssapi = FALSE;
+ }
#endif
}
* Try to send data on all channels if we can.
*/
for (i = 0; NULL != (c = index234(ssh->channels, i)); i++)
- ssh2_try_send_and_unthrottle(ssh, c);
+ if (c->type != CHAN_SHARING)
+ ssh2_try_send_and_unthrottle(ssh, c);
}
}