diff options
author | Darren Tucker <dtucker@zip.com.au> | 2010-01-13 22:43:05 +1100 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2010-01-13 22:43:05 +1100 |
commit | 561724f38dd8b4e56ec918a70f9314f41c34b46a (patch) | |
tree | b6428e41576afcd6963c0e6ffe7df54996731771 | |
parent | e2b36741725c2214f72a3ef07bc0788191ac7ea9 (diff) |
- dtucker@cvs.openbsd.org 2010/01/13 01:10:56
[key.c]
Ignore and log any Protocol 1 keys where the claimed size is not equal to
the actual size. Noted by Derek Martin, ok djm@
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | key.c | 8 |
2 files changed, 11 insertions, 1 deletions
@@ -10,6 +10,10 @@ | |||
10 | - dtucker@cvs.openbsd.org 2010/01/13 00:19:04 | 10 | - dtucker@cvs.openbsd.org 2010/01/13 00:19:04 |
11 | [sshconnect.c auth.c] | 11 | [sshconnect.c auth.c] |
12 | Fix a couple of typos/mispellings in comments | 12 | Fix a couple of typos/mispellings in comments |
13 | - dtucker@cvs.openbsd.org 2010/01/13 01:10:56 | ||
14 | [key.c] | ||
15 | Ignore and log any Protocol 1 keys where the claimed size is not equal to | ||
16 | the actual size. Noted by Derek Martin, ok djm@ | ||
13 | 17 | ||
14 | 20100112 | 18 | 20100112 |
15 | - (dtucker) OpenBSD CVS Sync | 19 | - (dtucker) OpenBSD CVS Sync |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: key.c,v 1.81 2009/12/11 18:16:33 markus Exp $ */ | 1 | /* $OpenBSD: key.c,v 1.82 2010/01/13 01:10:56 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * read_bignum(): | 3 | * read_bignum(): |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -522,6 +522,12 @@ key_read(Key *ret, char **cpp) | |||
522 | return -1; | 522 | return -1; |
523 | if (!read_bignum(cpp, ret->rsa->n)) | 523 | if (!read_bignum(cpp, ret->rsa->n)) |
524 | return -1; | 524 | return -1; |
525 | /* validate the claimed number of bits */ | ||
526 | if ((u_int)BN_num_bits(ret->rsa->n) != bits) { | ||
527 | verbose("key_read: claimed key size %d does not match " | ||
528 | "actual %d", bits, BN_num_bits(ret->rsa->n)); | ||
529 | return -1; | ||
530 | } | ||
525 | success = 1; | 531 | success = 1; |
526 | break; | 532 | break; |
527 | case KEY_UNSPEC: | 533 | case KEY_UNSPEC: |