diff options
author | djm@openbsd.org <djm@openbsd.org> | 2020-02-07 03:27:54 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2020-02-07 14:31:02 +1100 |
commit | fd68dc27864b099b552a6d9d507ca4b83afd6a76 (patch) | |
tree | 802ef9ef60fab818d4c6701f962e5c608224f760 /ssh-keygen.c | |
parent | 96bd895a0a0b3a36f81c14db8c91513578fc5563 (diff) |
upstream: fix two PIN entry bugs on FIDO keygen: 1) it would allow more
than the intended number of prompts (3) and 2) it would SEGV too many
incorrect PINs were entered; based on patch by Gabriel Kihlman
OpenBSD-Commit-ID: 9c0011f28ba8bd8adf2014424b64960333da1718
Diffstat (limited to 'ssh-keygen.c')
-rw-r--r-- | ssh-keygen.c | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c index a6ba6cc7a..0d6ed1fff 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-keygen.c,v 1.397 2020/02/06 22:30:54 naddy Exp $ */ | 1 | /* $OpenBSD: ssh-keygen.c,v 1.398 2020/02/07 03:27:54 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -3588,7 +3588,7 @@ main(int argc, char **argv) | |||
3588 | passphrase = NULL; | 3588 | passphrase = NULL; |
3589 | if ((attest = sshbuf_new()) == NULL) | 3589 | if ((attest = sshbuf_new()) == NULL) |
3590 | fatal("sshbuf_new failed"); | 3590 | fatal("sshbuf_new failed"); |
3591 | for (i = 0 ; i < 3; i++) { | 3591 | for (i = 0 ; ; i++) { |
3592 | fflush(stdout); | 3592 | fflush(stdout); |
3593 | r = sshsk_enroll(type, sk_provider, sk_device, | 3593 | r = sshsk_enroll(type, sk_provider, sk_device, |
3594 | sk_application == NULL ? "ssh:" : sk_application, | 3594 | sk_application == NULL ? "ssh:" : sk_application, |
@@ -3598,15 +3598,21 @@ main(int argc, char **argv) | |||
3598 | break; | 3598 | break; |
3599 | if (r != SSH_ERR_KEY_WRONG_PASSPHRASE) | 3599 | if (r != SSH_ERR_KEY_WRONG_PASSPHRASE) |
3600 | fatal("Key enrollment failed: %s", ssh_err(r)); | 3600 | fatal("Key enrollment failed: %s", ssh_err(r)); |
3601 | if (passphrase != NULL) | 3601 | else if (i > 0) |
3602 | error("PIN incorrect"); | ||
3603 | if (passphrase != NULL) { | ||
3602 | freezero(passphrase, strlen(passphrase)); | 3604 | freezero(passphrase, strlen(passphrase)); |
3605 | passphrase = NULL; | ||
3606 | } | ||
3607 | if (i >= 3) | ||
3608 | fatal("Too many incorrect PINs"); | ||
3603 | passphrase = read_passphrase("Enter PIN for " | 3609 | passphrase = read_passphrase("Enter PIN for " |
3604 | "authenticator: ", RP_ALLOW_STDIN); | 3610 | "authenticator: ", RP_ALLOW_STDIN); |
3605 | } | 3611 | } |
3606 | if (passphrase != NULL) | 3612 | if (passphrase != NULL) { |
3607 | freezero(passphrase, strlen(passphrase)); | 3613 | freezero(passphrase, strlen(passphrase)); |
3608 | if (i > 3) | 3614 | passphrase = NULL; |
3609 | fatal("Too many incorrect PINs"); | 3615 | } |
3610 | break; | 3616 | break; |
3611 | default: | 3617 | default: |
3612 | if ((r = sshkey_generate(type, bits, &private)) != 0) | 3618 | if ((r = sshkey_generate(type, bits, &private)) != 0) |