diff options
author | Colin Watson <cjwatson@debian.org> | 2008-05-17 07:48:57 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2008-05-17 07:48:57 +0000 |
commit | 1f920ffc4c4f933e3c4e8c474460385fea131266 (patch) | |
tree | 7c23ed1becb8b315640229ad8eb18405b532151a /ssh-vulnkey.c | |
parent | 7eb2c79966e70e03a1ecbdf9077d64299241bd3a (diff) |
Check RSA1 keys without the need for a separate blacklist. Thanks to
Simon Tatham for the idea.
Diffstat (limited to 'ssh-vulnkey.c')
-rw-r--r-- | ssh-vulnkey.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/ssh-vulnkey.c b/ssh-vulnkey.c index 3297c431a..f13eb1619 100644 --- a/ssh-vulnkey.c +++ b/ssh-vulnkey.c | |||
@@ -86,21 +86,28 @@ describe_key(const char *msg, const Key *key, const char *comment) | |||
86 | int | 86 | int |
87 | do_key(const Key *key, const char *comment) | 87 | do_key(const Key *key, const char *comment) |
88 | { | 88 | { |
89 | Key *public; | ||
89 | char *blacklist_file; | 90 | char *blacklist_file; |
90 | struct stat st; | 91 | struct stat st; |
91 | int ret = 1; | 92 | int ret = 1; |
92 | 93 | ||
93 | blacklist_file = blacklist_filename(key); | 94 | public = key_demote(key); |
95 | if (public->type == KEY_RSA1) | ||
96 | public->type = KEY_RSA; | ||
97 | |||
98 | blacklist_file = blacklist_filename(public); | ||
94 | if (stat(blacklist_file, &st) < 0) | 99 | if (stat(blacklist_file, &st) < 0) |
95 | describe_key("Unknown (no blacklist information)", | 100 | describe_key("Unknown (no blacklist information)", |
96 | key, comment); | 101 | key, comment); |
97 | else if (blacklisted_key(key)) { | 102 | else if (blacklisted_key(public)) { |
98 | describe_key("COMPROMISED", key, comment); | 103 | describe_key("COMPROMISED", key, comment); |
99 | ret = 0; | 104 | ret = 0; |
100 | } else | 105 | } else |
101 | describe_key("Not blacklisted", key, comment); | 106 | describe_key("Not blacklisted", key, comment); |
102 | xfree(blacklist_file); | 107 | xfree(blacklist_file); |
103 | 108 | ||
109 | key_free(public); | ||
110 | |||
104 | return ret; | 111 | return ret; |
105 | } | 112 | } |
106 | 113 | ||