summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2015-11-16 22:50:01 +0000
committerDamien Miller <djm@mindrot.org>2015-11-17 11:18:58 +1100
commit3a9f84b58b0534bbb485f1eeab75665e2d03371f (patch)
treee5212b2ab04eb66d2a269328ee051966cbf87130
parentdb6f8dc5dd5655b59368efd074994d4568bc3556 (diff)
upstream commit
improve sshkey_read() semantics; only update *cpp when a key is successfully read; ok markus@ Upstream-ID: f371e78e8f4fab366cf69a42bdecedaed5d1b089
-rw-r--r--sshkey.c28
1 files changed, 15 insertions, 13 deletions
diff --git a/sshkey.c b/sshkey.c
index 7ceb915f8..c5185128a 100644
--- a/sshkey.c
+++ b/sshkey.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshkey.c,v 1.24 2015/10/15 23:08:23 djm Exp $ */ 1/* $OpenBSD: sshkey.c,v 1.25 2015/11/16 22:50:01 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
4 * Copyright (c) 2008 Alexander von Gernler. All rights reserved. 4 * Copyright (c) 2008 Alexander von Gernler. All rights reserved.
@@ -1232,11 +1232,10 @@ sshkey_read(struct sshkey *ret, char **cpp)
1232{ 1232{
1233 struct sshkey *k; 1233 struct sshkey *k;
1234 int retval = SSH_ERR_INVALID_FORMAT; 1234 int retval = SSH_ERR_INVALID_FORMAT;
1235 char *cp, *space; 1235 char *ep, *cp, *space;
1236 int r, type, curve_nid = -1; 1236 int r, type, curve_nid = -1;
1237 struct sshbuf *blob; 1237 struct sshbuf *blob;
1238#ifdef WITH_SSH1 1238#ifdef WITH_SSH1
1239 char *ep;
1240 u_long bits; 1239 u_long bits;
1241#endif /* WITH_SSH1 */ 1240#endif /* WITH_SSH1 */
1242 1241
@@ -1255,10 +1254,10 @@ sshkey_read(struct sshkey *ret, char **cpp)
1255 return r; 1254 return r;
1256 if ((r = read_decimal_bignum(&ep, ret->rsa->n)) < 0) 1255 if ((r = read_decimal_bignum(&ep, ret->rsa->n)) < 0)
1257 return r; 1256 return r;
1258 *cpp = ep;
1259 /* validate the claimed number of bits */ 1257 /* validate the claimed number of bits */
1260 if (BN_num_bits(ret->rsa->n) != (int)bits) 1258 if (BN_num_bits(ret->rsa->n) != (int)bits)
1261 return SSH_ERR_KEY_BITS_MISMATCH; 1259 return SSH_ERR_KEY_BITS_MISMATCH;
1260 *cpp = ep;
1262 retval = 0; 1261 retval = 0;
1263#endif /* WITH_SSH1 */ 1262#endif /* WITH_SSH1 */
1264 break; 1263 break;
@@ -1296,9 +1295,9 @@ sshkey_read(struct sshkey *ret, char **cpp)
1296 *space++ = '\0'; 1295 *space++ = '\0';
1297 while (*space == ' ' || *space == '\t') 1296 while (*space == ' ' || *space == '\t')
1298 space++; 1297 space++;
1299 *cpp = space; 1298 ep = space;
1300 } else 1299 } else
1301 *cpp = cp + strlen(cp); 1300 ep = cp + strlen(cp);
1302 if ((r = sshbuf_b64tod(blob, cp)) != 0) { 1301 if ((r = sshbuf_b64tod(blob, cp)) != 0) {
1303 sshbuf_free(blob); 1302 sshbuf_free(blob);
1304 return r; 1303 return r;
@@ -1329,8 +1328,9 @@ sshkey_read(struct sshkey *ret, char **cpp)
1329 ret->cert = k->cert; 1328 ret->cert = k->cert;
1330 k->cert = NULL; 1329 k->cert = NULL;
1331 } 1330 }
1331 switch (sshkey_type_plain(ret->type)) {
1332#ifdef WITH_OPENSSL 1332#ifdef WITH_OPENSSL
1333 if (sshkey_type_plain(ret->type) == KEY_RSA) { 1333 case KEY_RSA:
1334 if (ret->rsa != NULL) 1334 if (ret->rsa != NULL)
1335 RSA_free(ret->rsa); 1335 RSA_free(ret->rsa);
1336 ret->rsa = k->rsa; 1336 ret->rsa = k->rsa;
@@ -1338,8 +1338,8 @@ sshkey_read(struct sshkey *ret, char **cpp)
1338#ifdef DEBUG_PK 1338#ifdef DEBUG_PK
1339 RSA_print_fp(stderr, ret->rsa, 8); 1339 RSA_print_fp(stderr, ret->rsa, 8);
1340#endif 1340#endif
1341 } 1341 break;
1342 if (sshkey_type_plain(ret->type) == KEY_DSA) { 1342 case KEY_DSA:
1343 if (ret->dsa != NULL) 1343 if (ret->dsa != NULL)
1344 DSA_free(ret->dsa); 1344 DSA_free(ret->dsa);
1345 ret->dsa = k->dsa; 1345 ret->dsa = k->dsa;
@@ -1347,9 +1347,9 @@ sshkey_read(struct sshkey *ret, char **cpp)
1347#ifdef DEBUG_PK 1347#ifdef DEBUG_PK
1348 DSA_print_fp(stderr, ret->dsa, 8); 1348 DSA_print_fp(stderr, ret->dsa, 8);
1349#endif 1349#endif
1350 } 1350 break;
1351# ifdef OPENSSL_HAS_ECC 1351# ifdef OPENSSL_HAS_ECC
1352 if (sshkey_type_plain(ret->type) == KEY_ECDSA) { 1352 case KEY_ECDSA:
1353 if (ret->ecdsa != NULL) 1353 if (ret->ecdsa != NULL)
1354 EC_KEY_free(ret->ecdsa); 1354 EC_KEY_free(ret->ecdsa);
1355 ret->ecdsa = k->ecdsa; 1355 ret->ecdsa = k->ecdsa;
@@ -1359,17 +1359,19 @@ sshkey_read(struct sshkey *ret, char **cpp)
1359#ifdef DEBUG_PK 1359#ifdef DEBUG_PK
1360 sshkey_dump_ec_key(ret->ecdsa); 1360 sshkey_dump_ec_key(ret->ecdsa);
1361#endif 1361#endif
1362 } 1362 break;
1363# endif /* OPENSSL_HAS_ECC */ 1363# endif /* OPENSSL_HAS_ECC */
1364#endif /* WITH_OPENSSL */ 1364#endif /* WITH_OPENSSL */
1365 if (sshkey_type_plain(ret->type) == KEY_ED25519) { 1365 case KEY_ED25519:
1366 free(ret->ed25519_pk); 1366 free(ret->ed25519_pk);
1367 ret->ed25519_pk = k->ed25519_pk; 1367 ret->ed25519_pk = k->ed25519_pk;
1368 k->ed25519_pk = NULL; 1368 k->ed25519_pk = NULL;
1369#ifdef DEBUG_PK 1369#ifdef DEBUG_PK
1370 /* XXX */ 1370 /* XXX */
1371#endif 1371#endif
1372 break;
1372 } 1373 }
1374 *cpp = ep;
1373 retval = 0; 1375 retval = 0;
1374/*XXXX*/ 1376/*XXXX*/
1375 sshkey_free(k); 1377 sshkey_free(k);