diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2015-01-14 19:33:41 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2015-01-15 21:37:33 +1100 |
| commit | 0088c57af302cda278bd26d8c3ae81d5b6f7c289 (patch) | |
| tree | 3e5799ef035df8ee72066535b47c5aa88ad670ca /ssh-agent.c | |
| parent | b03ebe2c22b8166e4f64c37737f4278676e3488d (diff) | |
upstream commit
fix small regression: ssh-agent would return a success
message but an empty signature if asked to sign using an unknown key; ok
markus@
Diffstat (limited to 'ssh-agent.c')
| -rw-r--r-- | ssh-agent.c | 37 |
1 files changed, 23 insertions, 14 deletions
diff --git a/ssh-agent.c b/ssh-agent.c index 43000a429..24500d9d6 100644 --- a/ssh-agent.c +++ b/ssh-agent.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh-agent.c,v 1.194 2015/01/14 13:09:09 markus Exp $ */ | 1 | /* $OpenBSD: ssh-agent.c,v 1.195 2015/01/14 19:33:41 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -371,28 +371,37 @@ process_sign_request2(SocketEntry *e) | |||
| 371 | int r, ok = -1; | 371 | int r, ok = -1; |
| 372 | struct sshbuf *msg; | 372 | struct sshbuf *msg; |
| 373 | struct sshkey *key; | 373 | struct sshkey *key; |
| 374 | struct identity *id; | ||
| 374 | 375 | ||
| 376 | if ((msg = sshbuf_new()) == NULL) | ||
| 377 | fatal("%s: sshbuf_new failed", __func__); | ||
| 375 | if ((r = sshbuf_get_string(e->request, &blob, &blen)) != 0 || | 378 | if ((r = sshbuf_get_string(e->request, &blob, &blen)) != 0 || |
| 376 | (r = sshbuf_get_string(e->request, &data, &dlen)) != 0 || | 379 | (r = sshbuf_get_string(e->request, &data, &dlen)) != 0 || |
| 377 | (r = sshbuf_get_u32(e->request, &flags)) != 0) | 380 | (r = sshbuf_get_u32(e->request, &flags)) != 0) |
| 378 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 381 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
| 379 | if (flags & SSH_AGENT_OLD_SIGNATURE) | 382 | if (flags & SSH_AGENT_OLD_SIGNATURE) |
| 380 | compat = SSH_BUG_SIGBLOB; | 383 | compat = SSH_BUG_SIGBLOB; |
| 381 | 384 | if ((r = sshkey_from_blob(blob, blen, &key)) != 0) { | |
| 382 | if ((ok = sshkey_from_blob(blob, blen, &key)) != 0) | ||
| 383 | error("%s: cannot parse key blob: %s", __func__, ssh_err(ok)); | 385 | error("%s: cannot parse key blob: %s", __func__, ssh_err(ok)); |
| 384 | else { | 386 | goto send; |
| 385 | Identity *id = lookup_identity(key, 2); | ||
| 386 | if (id != NULL && (!id->confirm || confirm_key(id) == 0)) { | ||
| 387 | if ((ok = sshkey_sign(id->key, &signature, &slen, | ||
| 388 | data, dlen, compat)) != 0) | ||
| 389 | error("%s: sshkey_sign: %s", | ||
| 390 | __func__, ssh_err(ok)); | ||
| 391 | } | ||
| 392 | sshkey_free(key); | ||
| 393 | } | 387 | } |
| 394 | if ((msg = sshbuf_new()) == NULL) | 388 | if ((id = lookup_identity(key, 2)) == NULL) { |
| 395 | fatal("%s: sshbuf_new failed", __func__); | 389 | verbose("%s: %s key not found", __func__, sshkey_type(key)); |
| 390 | goto send; | ||
| 391 | } | ||
| 392 | if (id->confirm && confirm_key(id) != 0) { | ||
| 393 | verbose("%s: user refused key", __func__); | ||
| 394 | goto send; | ||
| 395 | } | ||
| 396 | if ((r = sshkey_sign(id->key, &signature, &slen, | ||
| 397 | data, dlen, compat)) != 0) { | ||
| 398 | error("%s: sshkey_sign: %s", __func__, ssh_err(ok)); | ||
| 399 | goto send; | ||
| 400 | } | ||
| 401 | /* Success */ | ||
| 402 | ok = 0; | ||
| 403 | send: | ||
| 404 | sshkey_free(key); | ||
| 396 | if (ok == 0) { | 405 | if (ok == 0) { |
| 397 | if ((r = sshbuf_put_u8(msg, SSH2_AGENT_SIGN_RESPONSE)) != 0 || | 406 | if ((r = sshbuf_put_u8(msg, SSH2_AGENT_SIGN_RESPONSE)) != 0 || |
| 398 | (r = sshbuf_put_string(msg, signature, slen)) != 0) | 407 | (r = sshbuf_put_string(msg, signature, slen)) != 0) |