upstream: two defensive changes from Tobias Stoeckmann via GHPR287

enforce stricter invarient for sshbuf_set_parent() - never allow
a buffer to have a previously-set parent changed.

In sshbuf_reset(), if the reallocation fails, then zero the entire
buffer and not the (potentially smaller) default initial alloc size.

OpenBSD-Commit-ID: 14583203aa5d50ad38d2e209ae10abaf8955e6a9

diff --git a/sshbuf.c b/sshbuf.c
index 368ba7980b755a04efbcd99e3999f222b4510ec1..840b899b16beb0e87c558cf357ecff2b5d6ad98e 100644 (file)
--- a/sshbuf.c
+++ b/sshbuf.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: sshbuf.c,v 1.15 2020/02/26 13:40:09 jsg Exp $ */
+/*     $OpenBSD: sshbuf.c,v 1.16 2022/04/08 04:40:40 djm Exp $ */
 /*
  * Copyright (c) 2011 Damien Miller
  *
@@ -109,6 +109,8 @@ sshbuf_set_parent(struct sshbuf *child, struct sshbuf *parent)
        if ((r = sshbuf_check_sanity(child)) != 0 ||
            (r = sshbuf_check_sanity(parent)) != 0)
                return r;
+       if (child->parent != NULL && child->parent != parent)
+               return SSH_ERR_INTERNAL_ERROR;
        child->parent = parent;
        child->parent->refcount++;
        return 0;
@@ -177,7 +179,8 @@ sshbuf_reset(struct sshbuf *buf)
                buf->off = buf->size;
                return;
        }
-       (void) sshbuf_check_sanity(buf);
+       if (sshbuf_check_sanity(buf) != 0)
+               return;
        buf->off = buf->size = 0;
        if (buf->alloc != SSHBUF_SIZE_INIT) {
                if ((d = recallocarray(buf->d, buf->alloc, SSHBUF_SIZE_INIT,
@@ -186,7 +189,7 @@ sshbuf_reset(struct sshbuf *buf)
                        buf->alloc = SSHBUF_SIZE_INIT;
                }
        }
-       explicit_bzero(buf->d, SSHBUF_SIZE_INIT);
+       explicit_bzero(buf->d, buf->alloc);
 }
 
 size_t