summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2017-02-10 03:36:40 +0000
committerDamien Miller <djm@mindrot.org>2017-02-10 14:38:06 +1100
commita287c5ad1e0bf9811c7b9221979b969255076019 (patch)
treeac2dfb50b846ca3a7a1d623a778759ce9837f552
parente40269be388972848aafcca7060111c70aab5b87 (diff)
upstream commit
Sanitise escape sequences in key comments sent to printf but preserve valid UTF-8 when the locale supports it; bz#2520 ok dtucker@ Upstream-ID: e8eed28712ba7b22d49be534237eed019875bd1e
-rw-r--r--ssh-keygen.c12
1 files changed, 8 insertions, 4 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c
index ced047c06..5e9f0879b 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-keygen.c,v 1.293 2017/02/08 20:32:43 millert Exp $ */ 1/* $OpenBSD: ssh-keygen.c,v 1.294 2017/02/10 03:36:40 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -37,6 +37,7 @@
37#include <string.h> 37#include <string.h>
38#include <unistd.h> 38#include <unistd.h>
39#include <limits.h> 39#include <limits.h>
40#include <locale.h>
40 41
41#include "xmalloc.h" 42#include "xmalloc.h"
42#include "sshkey.h" 43#include "sshkey.h"
@@ -57,6 +58,7 @@
57#include "atomicio.h" 58#include "atomicio.h"
58#include "krl.h" 59#include "krl.h"
59#include "digest.h" 60#include "digest.h"
61#include "utf8.h"
60 62
61#ifdef WITH_OPENSSL 63#ifdef WITH_OPENSSL
62# define DEFAULT_KEY_TYPE_NAME "rsa" 64# define DEFAULT_KEY_TYPE_NAME "rsa"
@@ -843,7 +845,7 @@ fingerprint_one_key(const struct sshkey *public, const char *comment)
843 ra = sshkey_fingerprint(public, fingerprint_hash, SSH_FP_RANDOMART); 845 ra = sshkey_fingerprint(public, fingerprint_hash, SSH_FP_RANDOMART);
844 if (fp == NULL || ra == NULL) 846 if (fp == NULL || ra == NULL)
845 fatal("%s: sshkey_fingerprint failed", __func__); 847 fatal("%s: sshkey_fingerprint failed", __func__);
846 printf("%u %s %s (%s)\n", sshkey_size(public), fp, 848 mprintf("%u %s %s (%s)\n", sshkey_size(public), fp,
847 comment ? comment : "no comment", sshkey_type(public)); 849 comment ? comment : "no comment", sshkey_type(public));
848 if (log_level >= SYSLOG_LEVEL_VERBOSE) 850 if (log_level >= SYSLOG_LEVEL_VERBOSE)
849 printf("%s\n", ra); 851 printf("%s\n", ra);
@@ -1166,7 +1168,7 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx)
1166 known_hosts_hash(l, ctx); 1168 known_hosts_hash(l, ctx);
1167 else if (print_fingerprint) { 1169 else if (print_fingerprint) {
1168 fp = sshkey_fingerprint(l->key, fptype, rep); 1170 fp = sshkey_fingerprint(l->key, fptype, rep);
1169 printf("%s %s %s %s\n", ctx->host, 1171 mprintf("%s %s %s %s\n", ctx->host,
1170 sshkey_type(l->key), fp, l->comment); 1172 sshkey_type(l->key), fp, l->comment);
1171 free(fp); 1173 free(fp);
1172 } else 1174 } else
@@ -1317,7 +1319,7 @@ do_change_passphrase(struct passwd *pw)
1317 fatal("Failed to load key %s: %s", identity_file, ssh_err(r)); 1319 fatal("Failed to load key %s: %s", identity_file, ssh_err(r));
1318 } 1320 }
1319 if (comment) 1321 if (comment)
1320 printf("Key has comment '%s'\n", comment); 1322 mprintf("Key has comment '%s'\n", comment);
1321 1323
1322 /* Ask the new passphrase (twice). */ 1324 /* Ask the new passphrase (twice). */
1323 if (identity_new_passphrase) { 1325 if (identity_new_passphrase) {
@@ -2283,6 +2285,8 @@ main(int argc, char **argv)
2283 2285
2284 seed_rng(); 2286 seed_rng();
2285 2287
2288 msetlocale();
2289
2286 /* we need this for the home * directory. */ 2290 /* we need this for the home * directory. */
2287 pw = getpwuid(getuid()); 2291 pw = getpwuid(getuid());
2288 if (!pw) 2292 if (!pw)