summaryrefslogtreecommitdiff
path: root/authfile.c
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2018-09-21 12:20:12 +0000
committerDamien Miller <djm@mindrot.org>2018-09-21 22:49:09 +1000
commitbbc8af72ba68da014d4de6e21a85eb5123384226 (patch)
treeaba3471d7c568f32eea927574f0d070cc351baca /authfile.c
parent383a33d160cefbfd1b40fef81f72eadbf9303a66 (diff)
upstream: In sshkey_in_file(), ignore keys that are considered for
being too short (i.e. SSH_ERR_KEY_LENGTH). These keys will not be considered to be "in the file". This allows key revocation lists to contain short keys without the entire revocation list being considered invalid. bz#2897; ok dtucker OpenBSD-Commit-ID: d9f3d857d07194a42ad7e62889a74dc3f9d9924b
Diffstat (limited to 'authfile.c')
-rw-r--r--authfile.c14
1 files changed, 10 insertions, 4 deletions
diff --git a/authfile.c b/authfile.c
index be4a57736..b1c92f4ad 100644
--- a/authfile.c
+++ b/authfile.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: authfile.c,v 1.130 2018/07/09 21:59:10 markus Exp $ */ 1/* $OpenBSD: authfile.c,v 1.131 2018/09/21 12:20:12 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved.
4 * 4 *
@@ -459,6 +459,8 @@ sshkey_in_file(struct sshkey *key, const char *filename, int strict_type,
459 return SSH_ERR_SYSTEM_ERROR; 459 return SSH_ERR_SYSTEM_ERROR;
460 460
461 while (getline(&line, &linesize, f) != -1) { 461 while (getline(&line, &linesize, f) != -1) {
462 sshkey_free(pub);
463 pub = NULL;
462 cp = line; 464 cp = line;
463 465
464 /* Skip leading whitespace. */ 466 /* Skip leading whitespace. */
@@ -477,16 +479,20 @@ sshkey_in_file(struct sshkey *key, const char *filename, int strict_type,
477 r = SSH_ERR_ALLOC_FAIL; 479 r = SSH_ERR_ALLOC_FAIL;
478 goto out; 480 goto out;
479 } 481 }
480 if ((r = sshkey_read(pub, &cp)) != 0) 482 switch (r = sshkey_read(pub, &cp)) {
483 case 0:
484 break;
485 case SSH_ERR_KEY_LENGTH:
486 continue;
487 default:
481 goto out; 488 goto out;
489 }
482 if (sshkey_compare(key, pub) || 490 if (sshkey_compare(key, pub) ||
483 (check_ca && sshkey_is_cert(key) && 491 (check_ca && sshkey_is_cert(key) &&
484 sshkey_compare(key->cert->signature_key, pub))) { 492 sshkey_compare(key->cert->signature_key, pub))) {
485 r = 0; 493 r = 0;
486 goto out; 494 goto out;
487 } 495 }
488 sshkey_free(pub);
489 pub = NULL;
490 } 496 }
491 r = SSH_ERR_KEY_NOT_FOUND; 497 r = SSH_ERR_KEY_NOT_FOUND;
492 out: 498 out: