- dtucker@cvs.openbsd.org 2010/01/13 01:10:56

     [key.c]
     Ignore and log any Protocol 1 keys where the claimed size is not equal to
     the actual size.  Noted by Derek Martin, ok djm@

2 files changed, 11 insertions, 1 deletions

diff --git a/ChangeLog b/ChangeLog
index 8ee8e2768..866e4aa46 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,6 +10,10 @@
    - dtucker@cvs.openbsd.org 2010/01/13 00:19:04
      [sshconnect.c auth.c]
      Fix a couple of typos/mispellings in comments
+   - dtucker@cvs.openbsd.org 2010/01/13 01:10:56
+     [key.c]
+     Ignore and log any Protocol 1 keys where the claimed size is not equal to
+     the actual size.  Noted by Derek Martin, ok djm@
 
 20100112
  - (dtucker) OpenBSD CVS Sync
diff --git a/key.c b/key.c
index f2edf6d5d..5aea416b3 100644
--- a/key.c
+++ b/key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: key.c,v 1.81 2009/12/11 18:16:33 markus Exp $ */
+/* $OpenBSD: key.c,v 1.82 2010/01/13 01:10:56 dtucker Exp $ */
 /*
  * read_bignum():
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -522,6 +522,12 @@ key_read(Key *ret, char **cpp)
                         return -1;
                 if (!read_bignum(cpp, ret->rsa->n))
                         return -1;
+                /* validate the claimed number of bits */
+                if ((u_int)BN_num_bits(ret->rsa->n) != bits) {
+                        verbose("key_read: claimed key size %d does not match "
+                           "actual %d", bits, BN_num_bits(ret->rsa->n));
+                        return -1;
+                }
                 success = 1;
                 break;
         case KEY_UNSPEC: