- djm@cvs.openbsd.org 2005/06/17 02:44:33

[auth-rsa.c auth.c auth1.c auth2-chall.c auth2-gss.c authfd.c authfile.c] [bufaux.c canohost.c channels.c cipher.c clientloop.c dns.c gss-serv.c] [kex.c kex.h key.c mac.c match.c misc.c packet.c packet.h scp.c] [servconf.c session.c session.h sftp-client.c sftp-server.c sftp.c] [ssh-keyscan.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c] make this -Wsign-compare clean; ok avsm@ markus@ NB. auth1.c changes not committed yet (conflicts with uncommitted sync) NB2. more work may be needed to make portable Wsign-compare clean
SimonWilkinson · Jun 17, 2005 · f0513c0 · f0513c0
1 parent fdd8a69
commit f0513c0
Show file tree

Hide file tree

Showing 35 changed files with 160 additions and 134 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -8,6 +8,15 @@
      [canohost.c channels.c sshd.c]
      don't exit if getpeername fails for forwarded ports; bugzilla #1054;
      ok djm
+   - djm@cvs.openbsd.org 2005/06/17 02:44:33
+     [auth-rsa.c auth.c auth1.c auth2-chall.c auth2-gss.c authfd.c authfile.c]
+     [bufaux.c canohost.c channels.c cipher.c clientloop.c dns.c gss-serv.c]
+     [kex.c kex.h key.c mac.c match.c misc.c packet.c packet.h scp.c]
+     [servconf.c session.c session.h sftp-client.c sftp-server.c sftp.c]
+     [ssh-keyscan.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
+     make this -Wsign-compare clean; ok avsm@ markus@
+     NB. auth1.c changes not committed yet (conflicts with uncommitted sync)
+     NB2. more work may be needed to make portable Wsign-compare clean
 
 20050616
  - (djm) OpenBSD CVS Sync
@@ -2725,4 +2734,4 @@
    - (djm) Trim deprecated options from INSTALL. Mention UsePAM
    - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
 
-$Id: ChangeLog,v 1.3822 2005/06/17 02:55:03 djm Exp $
+$Id: ChangeLog,v 1.3823 2005/06/17 02:59:34 djm Exp $
diff --git a/auth-rsa.c b/auth-rsa.c
@@ -14,7 +14,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth-rsa.c,v 1.62 2004/12/11 01:48:56 dtucker Exp $");
+RCSID("$OpenBSD: auth-rsa.c,v 1.63 2005/06/17 02:44:32 djm Exp $");
 
 #include <openssl/rsa.h>
 #include <openssl/md5.h>
@@ -205,6 +205,7 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
 	while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
 		char *cp;
 		char *key_options;
+		int keybits;
 
 		/* Skip leading whitespace, empty and comment lines. */
 		for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
@@ -243,7 +244,8 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
 			continue;
 
 		/* check the real bits  */
-		if (bits != BN_num_bits(key->rsa->n))
+		keybits = BN_num_bits(key->rsa->n);
+		if (keybits < 0 || bits != (u_int)keybits)
 			logit("Warning: %s, line %lu: keysize mismatch: "
 			    "actual %d vs. announced %d.",
 			    file, linenum, BN_num_bits(key->rsa->n), bits);

diff --git a/auth.c b/auth.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth.c,v 1.59 2005/06/06 11:20:36 djm Exp $");
+RCSID("$OpenBSD: auth.c,v 1.60 2005/06/17 02:44:32 djm Exp $");
 
 #ifdef HAVE_LOGIN_H
 #include <login.h>
@@ -76,7 +76,7 @@ allowed_user(struct passwd * pw)
 	struct stat st;
 	const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL;
 	char *shell;
-	int i;
+	u_int i;
 #ifdef USE_SHADOW
 	struct spwd *spw = NULL;
 #endif

diff --git a/auth2-chall.c b/auth2-chall.c
@@ -23,7 +23,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-RCSID("$OpenBSD: auth2-chall.c,v 1.22 2005/01/19 13:11:47 dtucker Exp $");
+RCSID("$OpenBSD: auth2-chall.c,v 1.23 2005/06/17 02:44:32 djm Exp $");
 
 #include "ssh2.h"
 #include "auth.h"
@@ -239,8 +239,7 @@ send_userauth_info_request(Authctxt *authctxt)
 {
 	KbdintAuthctxt *kbdintctxt;
 	char *name, *instr, **prompts;
-	int i;
-	u_int *echo_on;
+	u_int i, *echo_on;
 
 	kbdintctxt = authctxt->kbdintctxt;
 	if (kbdintctxt->device->query(kbdintctxt->ctxt,
@@ -273,8 +272,8 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
 {
 	Authctxt *authctxt = ctxt;
 	KbdintAuthctxt *kbdintctxt;
-	int i, authenticated = 0, res, len;
-	u_int nresp;
+	int authenticated = 0, res, len;
+	u_int i, nresp;
 	char **response = NULL, *method;
 
 	if (authctxt == NULL)

diff --git a/auth2-gss.c b/auth2-gss.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: auth2-gss.c,v 1.8 2004/06/21 17:36:31 avsm Exp $	*/
+/*	$OpenBSD: auth2-gss.c,v 1.9 2005/06/17 02:44:32 djm Exp $	*/
 
 /*
  * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -61,7 +61,7 @@ userauth_gssapi(Authctxt *authctxt)
 	int present;
 	OM_uint32 ms;
 	u_int len;
-	char *doid = NULL;
+	u_char *doid = NULL;
 
 	if (!authctxt->valid || authctxt->user == NULL)
 		return (0);

diff --git a/authfd.c b/authfd.c
@@ -35,7 +35,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: authfd.c,v 1.65 2005/05/24 17:32:43 avsm Exp $");
+RCSID("$OpenBSD: authfd.c,v 1.66 2005/06/17 02:44:32 djm Exp $");
 
 #include <openssl/evp.h>
 
@@ -114,8 +114,7 @@ ssh_get_authentication_socket(void)
 static int
 ssh_request_reply(AuthenticationConnection *auth, Buffer *request, Buffer *reply)
 {
-	int l;
-	u_int len;
+	u_int l, len;
 	char buf[1024];
 
 	/* Get the length of the message, and format it in the buffer. */
@@ -302,6 +301,7 @@ ssh_get_first_identity(AuthenticationConnection *auth, char **comment, int versi
 Key *
 ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int version)
 {
+	int keybits;
 	u_int bits;
 	u_char *blob;
 	u_int blen;
@@ -322,7 +322,8 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio
 		buffer_get_bignum(&auth->identities, key->rsa->e);
 		buffer_get_bignum(&auth->identities, key->rsa->n);
 		*comment = buffer_get_string(&auth->identities, NULL);
-		if (bits != BN_num_bits(key->rsa->n))
+		keybits = BN_num_bits(key->rsa->n);
+		if (keybits < 0 || bits != (u_int)keybits)
 			logit("Warning: identity keysize mismatch: actual %d, announced %u",
 			    BN_num_bits(key->rsa->n), bits);
 		break;

diff --git a/authfile.c b/authfile.c
@@ -36,7 +36,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: authfile.c,v 1.60 2004/12/11 01:48:56 dtucker Exp $");
+RCSID("$OpenBSD: authfile.c,v 1.61 2005/06/17 02:44:32 djm Exp $");
 
 #include <openssl/err.h>
 #include <openssl/evp.h>
@@ -52,6 +52,7 @@ RCSID("$OpenBSD: authfile.c,v 1.60 2004/12/11 01:48:56 dtucker Exp $");
 #include "authfile.h"
 #include "rsa.h"
 #include "misc.h"
+#include "atomicio.h"
 
 /* Version identification string for SSH v1 identity files. */
 static const char authfile_id_string[] =
@@ -147,8 +148,8 @@ key_save_private_rsa1(Key *key, const char *filename, const char *passphrase,
 		buffer_free(&encrypted);
 		return 0;
 	}
-	if (write(fd, buffer_ptr(&encrypted), buffer_len(&encrypted)) !=
-	    buffer_len(&encrypted)) {
+	if (atomicio(vwrite, fd, buffer_ptr(&encrypted),
+	    buffer_len(&encrypted)) != buffer_len(&encrypted)) {
 		error("write to key file %s failed: %s", filename,
 		    strerror(errno));
 		buffer_free(&encrypted);
@@ -236,7 +237,7 @@ key_load_public_rsa1(int fd, const char *filename, char **commentp)
 	Key *pub;
 	struct stat st;
 	char *cp;
-	int i;
+	u_int i;
 	size_t len;
 
 	if (fstat(fd, &st) < 0) {
@@ -253,7 +254,7 @@ key_load_public_rsa1(int fd, const char *filename, char **commentp)
 	buffer_init(&buffer);
 	cp = buffer_append_space(&buffer, len);
 
-	if (read(fd, cp, (size_t) len) != (size_t) len) {
+	if (atomicio(read, fd, cp, len) != len) {
 		debug("Read from key file %.200s failed: %.100s", filename,
 		    strerror(errno));
 		buffer_free(&buffer);
@@ -322,7 +323,8 @@ static Key *
 key_load_private_rsa1(int fd, const char *filename, const char *passphrase,
     char **commentp)
 {
-	int i, check1, check2, cipher_type;
+	u_int i;
+	int check1, check2, cipher_type;
 	size_t len;
 	Buffer buffer, decrypted;
 	u_char *cp;
@@ -347,7 +349,7 @@ key_load_private_rsa1(int fd, const char *filename, const char *passphrase,
 	buffer_init(&buffer);
 	cp = buffer_append_space(&buffer, len);
 
-	if (read(fd, cp, (size_t) len) != (size_t) len) {
+	if (atomicio(read, fd, cp, len) != len) {
 		debug("Read from key file %.200s failed: %.100s", filename,
 		    strerror(errno));
 		buffer_free(&buffer);

diff --git a/bufaux.c b/bufaux.c
@@ -37,7 +37,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: bufaux.c,v 1.35 2005/03/10 22:01:05 deraadt Exp $");
+RCSID("$OpenBSD: bufaux.c,v 1.36 2005/06/17 02:44:32 djm Exp $");
 
 #include <openssl/bn.h>
 #include "bufaux.h"
@@ -154,7 +154,7 @@ buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value)
 	buf[0] = 0x00;
 	/* Get the value of in binary */
 	oi = BN_bn2bin(value, buf+1);
-	if (oi != bytes-1) {
+	if (oi < 0 || (u_int)oi != bytes - 1) {
 		error("buffer_put_bignum2_ret: BN_bn2bin() failed: "
 		    "oi %d != bin_size %d", oi, bytes);
 		xfree(buf);

diff --git a/canohost.c b/canohost.c
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: canohost.c,v 1.43 2005/06/16 08:00:00 markus Exp $");
+RCSID("$OpenBSD: canohost.c,v 1.44 2005/06/17 02:44:32 djm Exp $");
 
 #include "packet.h"
 #include "xmalloc.h"
@@ -143,7 +143,8 @@ check_ip_options(int sock, char *ipaddr)
 	u_char options[200];
 	char text[sizeof(options) * 3 + 1];
 	socklen_t option_size;
-	int i, ipproto;
+	u_int i;
+	int ipproto;
 	struct protoent *ip;
 
 	if ((ip = getprotobyname("ip")) != NULL)

diff --git a/channels.c b/channels.c
@@ -39,7 +39,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: channels.c,v 1.216 2005/06/16 08:00:00 markus Exp $");
+RCSID("$OpenBSD: channels.c,v 1.217 2005/06/17 02:44:32 djm Exp $");
 
 #include "ssh.h"
 #include "ssh1.h"
@@ -894,7 +894,7 @@ static int
 channel_decode_socks4(Channel *c, fd_set * readset, fd_set * writeset)
 {
 	char *p, *host;
-	int len, have, i, found;
+	u_int len, have, i, found;
 	char username[256];
 	struct {
 		u_int8_t version;
@@ -979,7 +979,7 @@ channel_decode_socks5(Channel *c, fd_set * readset, fd_set * writeset)
 	} s5_req, s5_rsp;
 	u_int16_t dest_port;
 	u_char *p, dest_addr[255+1];
-	int i, have, found, nmethods, addrlen, af;
+	u_int have, i, found, nmethods, addrlen, af;
 
 	debug2("channel %d: decode socks5", c->self);
 	p = buffer_ptr(&c->input);
@@ -1075,7 +1075,8 @@ static void
 channel_pre_dynamic(Channel *c, fd_set * readset, fd_set * writeset)
 {
 	u_char *p;
-	int have, ret;
+	u_int have;
+	int ret;
 
 	have = buffer_len(&c->input);
 	c->delayed = 0;

diff --git a/cipher.c b/cipher.c
@@ -35,7 +35,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: cipher.c,v 1.75 2005/06/09 13:43:49 dtucker Exp $");
+RCSID("$OpenBSD: cipher.c,v 1.76 2005/06/17 02:44:32 djm Exp $");
 
 #include "xmalloc.h"
 #include "log.h"
@@ -235,7 +235,7 @@ cipher_init(CipherContext *cc, Cipher *cipher,
 		fatal("cipher_init: EVP_CipherInit failed for %s",
 		    cipher->name);
 	klen = EVP_CIPHER_CTX_key_length(&cc->evp);
-	if (klen > 0 && keylen != klen) {
+	if (klen > 0 && keylen != (u_int)klen) {
 		debug2("cipher_init: set keylen (%d -> %d)", klen, keylen);
 		if (EVP_CIPHER_CTX_set_key_length(&cc->evp, keylen) == 0)
 			fatal("cipher_init: set keylen failed (%d -> %d)",
@@ -326,9 +326,9 @@ cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len)
 	case SSH_CIPHER_DES:
 	case SSH_CIPHER_BLOWFISH:
 		evplen = EVP_CIPHER_CTX_iv_length(&cc->evp);
-		if (evplen == 0)
+		if (evplen <= 0)
 			return;
-		if (evplen != len)
+		if ((u_int)evplen != len)
 			fatal("%s: wrong iv length %d != %d", __func__,
 			    evplen, len);
 #if OPENSSL_VERSION_NUMBER < 0x00907000L

diff --git a/clientloop.c b/clientloop.c
@@ -59,7 +59,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: clientloop.c,v 1.138 2005/06/16 03:38:36 djm Exp $");
+RCSID("$OpenBSD: clientloop.c,v 1.139 2005/06/17 02:44:32 djm Exp $");
 
 #include "ssh.h"
 #include "ssh1.h"
@@ -659,12 +659,12 @@ client_process_control(fd_set * readset)
 {
 	Buffer m;
 	Channel *c;
-	int client_fd, new_fd[3], ver, i, allowed;
+	int client_fd, new_fd[3], ver, allowed;
 	socklen_t addrlen;
 	struct sockaddr_storage addr;
 	struct confirm_ctx *cctx;
 	char *cmd;
-	u_int len, env_len, command, flags;
+	u_int i, len, env_len, command, flags;
 	uid_t euid;
 	gid_t egid;
 
@@ -971,7 +971,10 @@ process_escapes(Buffer *bin, Buffer *bout, Buffer *berr, char *buf, int len)
 	u_char ch;
 	char *s;
 
-	for (i = 0; i < len; i++) {
+	if (len <= 0)
+		return (0);
+
+	for (i = 0; i < (u_int)len; i++) {
 		/* Get one character at a time. */
 		ch = buf[i];
 

diff --git a/dns.c b/dns.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: dns.c,v 1.11 2005/04/20 10:05:45 jakob Exp $	*/
+/*	$OpenBSD: dns.c,v 1.12 2005/06/17 02:44:32 djm Exp $	*/
 
 /*
  * Copyright (c) 2003 Wesley Griffin. All rights reserved.
@@ -43,7 +43,7 @@
 #include "uuencode.h"
 
 extern char *__progname;
-RCSID("$OpenBSD: dns.c,v 1.11 2005/04/20 10:05:45 jakob Exp $");
+RCSID("$OpenBSD: dns.c,v 1.12 2005/06/17 02:44:32 djm Exp $");
 
 #ifndef LWRES
 static const char *errset_text[] = {
@@ -171,7 +171,7 @@ int
 verify_host_key_dns(const char *hostname, struct sockaddr *address,
     const Key *hostkey, int *flags)
 {
-	int counter;
+	u_int counter;
 	int result;
 	struct rrsetinfo *fingerprints = NULL;
 
@@ -274,7 +274,7 @@ export_dns_rr(const char *hostname, const Key *key, FILE *f, int generic)
 	u_char *rdata_digest;
 	u_int rdata_digest_len;
 
-	int i;
+	u_int i;
 	int success = 0;
 
 	if (dns_read_key(&rdata_pubkey_algorithm, &rdata_digest_type,