diff options
| author | dtucker@openbsd.org <dtucker@openbsd.org> | 2020-02-18 08:58:33 +0000 |
|---|---|---|
| committer | Darren Tucker <dtucker@dtucker.net> | 2020-02-18 20:23:25 +1100 |
| commit | 264a966216137c9f4f8220fd9142242d784ba059 (patch) | |
| tree | 287b1b3a451a09bef465eafb22cb562d3605fdeb /ssh-add.c | |
| parent | de1f3564cd85915b3002859873a37cb8d31ac9ce (diff) | |
upstream: Ensure that the key lifetime provided fits within the
values allowed by the wire format (u32). Prevents integer wraparound of the
timeout values. bz#3119, ok markus@ djm@
OpenBSD-Commit-ID: 8afe6038b5cdfcf63360788f012a7ad81acc46a2
Diffstat (limited to 'ssh-add.c')
| -rw-r--r-- | ssh-add.c | 13 |
1 files changed, 7 insertions, 6 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh-add.c,v 1.152 2020/02/06 22:30:54 naddy Exp $ */ | 1 | /* $OpenBSD: ssh-add.c,v 1.153 2020/02/18 08:58:33 dtucker Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -90,7 +90,7 @@ static char *default_files[] = { | |||
| 90 | static int fingerprint_hash = SSH_FP_HASH_DEFAULT; | 90 | static int fingerprint_hash = SSH_FP_HASH_DEFAULT; |
| 91 | 91 | ||
| 92 | /* Default lifetime (0 == forever) */ | 92 | /* Default lifetime (0 == forever) */ |
| 93 | static int lifetime = 0; | 93 | static long lifetime = 0; |
| 94 | 94 | ||
| 95 | /* User has to confirm key use */ | 95 | /* User has to confirm key use */ |
| 96 | static int confirm = 0; | 96 | static int confirm = 0; |
| @@ -328,7 +328,7 @@ add_file(int agent_fd, const char *filename, int key_only, int qflag, | |||
| 328 | filename, comment); | 328 | filename, comment); |
| 329 | if (lifetime != 0) { | 329 | if (lifetime != 0) { |
| 330 | fprintf(stderr, | 330 | fprintf(stderr, |
| 331 | "Lifetime set to %d seconds\n", lifetime); | 331 | "Lifetime set to %ld seconds\n", lifetime); |
| 332 | } | 332 | } |
| 333 | if (confirm != 0) { | 333 | if (confirm != 0) { |
| 334 | fprintf(stderr, "The user must confirm " | 334 | fprintf(stderr, "The user must confirm " |
| @@ -384,7 +384,7 @@ add_file(int agent_fd, const char *filename, int key_only, int qflag, | |||
| 384 | fprintf(stderr, "Certificate added: %s (%s)\n", certpath, | 384 | fprintf(stderr, "Certificate added: %s (%s)\n", certpath, |
| 385 | private->cert->key_id); | 385 | private->cert->key_id); |
| 386 | if (lifetime != 0) { | 386 | if (lifetime != 0) { |
| 387 | fprintf(stderr, "Lifetime set to %d seconds\n", | 387 | fprintf(stderr, "Lifetime set to %ld seconds\n", |
| 388 | lifetime); | 388 | lifetime); |
| 389 | } | 389 | } |
| 390 | if (confirm != 0) { | 390 | if (confirm != 0) { |
| @@ -571,7 +571,7 @@ load_resident_keys(int agent_fd, const char *skprovider, int qflag) | |||
| 571 | sshkey_type(keys[i]), fp); | 571 | sshkey_type(keys[i]), fp); |
| 572 | if (lifetime != 0) { | 572 | if (lifetime != 0) { |
| 573 | fprintf(stderr, | 573 | fprintf(stderr, |
| 574 | "Lifetime set to %d seconds\n", lifetime); | 574 | "Lifetime set to %ld seconds\n", lifetime); |
| 575 | } | 575 | } |
| 576 | if (confirm != 0) { | 576 | if (confirm != 0) { |
| 577 | fprintf(stderr, "The user must confirm " | 577 | fprintf(stderr, "The user must confirm " |
| @@ -720,7 +720,8 @@ main(int argc, char **argv) | |||
| 720 | pkcs11provider = optarg; | 720 | pkcs11provider = optarg; |
| 721 | break; | 721 | break; |
| 722 | case 't': | 722 | case 't': |
| 723 | if ((lifetime = convtime(optarg)) == -1) { | 723 | if ((lifetime = convtime(optarg)) == -1 || |
| 724 | lifetime < 0 || lifetime > UINT32_MAX) { | ||
| 724 | fprintf(stderr, "Invalid lifetime\n"); | 725 | fprintf(stderr, "Invalid lifetime\n"); |
| 725 | ret = 1; | 726 | ret = 1; |
| 726 | goto done; | 727 | goto done; |