On Sunday 06 of December 2009 14:45:40 Peter Stuge wrote:
> Hm, this is how it looked before my patch. Do you know what is up
> with that tmp[0] == '\0' thing?
Not exactly. Maybe the RFC knows, but as you see I am afraid to open it ;-)
FWIW attached is the merged patch (yours + my first)...
> Does this change make it work? It seems to me that the result would
> be equivalent?
Yes, it works ... 4096 iterations so far.
> If size<20 then bytes are copied from tmp offset by (20-size), so if
> size=19 and tmp is moved forward, or if size=20 and tmp[0]=0, should
> be the same - right?
No idea.
> I like the error handling, but it didn't have a functional change,
> right?
No it does not. That's why I splitted it into two patches. I wanted to be
obvious what I've changed in the behavior.
Kamil
diff --git a/src/libgcrypt.c b/src/libgcrypt.c
index ba00284..84d708e 100644
--- a/src/libgcrypt.c
+++ b/src/libgcrypt.c
@@ -424,6 +424,8 @@ _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx,
return -1;
}
+ memset(sig, 0, 40);
+
/* Extract R. */
data = gcry_sexp_find_token(sig_sexp, "r", 0);
@@ -443,12 +445,12 @@ _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx,
size--;
}
- if (size != 20) {
+ if (size < 1 || size > 20) {
ret = -1;
goto out;
}
- memcpy(sig, tmp, 20);
+ memcpy(sig + (20 - size), tmp, size);
gcry_sexp_release(data);
@@ -471,12 +473,12 @@ _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx,
size--;
}
- if (size != 20) {
+ if (size < 1 || size > 20) {
ret = -1;
goto out;
}
- memcpy(sig + 20, tmp, 20);
+ memcpy(sig + 20 + (20 - size), tmp, size);
ret = 0;
out:
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
