diff options
author | djm@openbsd.org <djm@openbsd.org> | 2017-08-11 04:47:12 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2017-08-12 16:47:10 +1000 |
commit | c4972d0a9bd6f898462906b4827e09b7caea2d9b (patch) | |
tree | 01d1c95f7bc5e6fabb7c0270e2e1a4f4814afceb /sshconnect2.c | |
parent | 4b3ecbb663c919132dddb3758e17a23089413519 (diff) |
upstream commit
refuse to a private keys when its corresponding .pub key
does not match. bz#2737 ok dtucker@
Upstream-ID: 54ff5e2db00037f9db8d61690f26ef8f16e0d913
Diffstat (limited to 'sshconnect2.c')
-rw-r--r-- | sshconnect2.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/sshconnect2.c b/sshconnect2.c index d2de5bc96..0638818fd 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshconnect2.c,v 1.264 2017/06/14 00:31:38 dtucker Exp $ */ | 1 | /* $OpenBSD: sshconnect2.c,v 1.265 2017/08/11 04:47:12 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2008 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2008 Damien Miller. All rights reserved. |
@@ -1037,6 +1037,11 @@ identity_sign(struct identity *id, u_char **sigp, size_t *lenp, | |||
1037 | /* load the private key from the file */ | 1037 | /* load the private key from the file */ |
1038 | if ((prv = load_identity_file(id)) == NULL) | 1038 | if ((prv = load_identity_file(id)) == NULL) |
1039 | return SSH_ERR_KEY_NOT_FOUND; | 1039 | return SSH_ERR_KEY_NOT_FOUND; |
1040 | if (id->key != NULL && !sshkey_equal_public(prv, id->key)) { | ||
1041 | error("%s: private key %s contents do not match public", | ||
1042 | __func__, id->filename); | ||
1043 | return SSH_ERR_KEY_NOT_FOUND; | ||
1044 | } | ||
1040 | ret = sshkey_sign(prv, sigp, lenp, data, datalen, | 1045 | ret = sshkey_sign(prv, sigp, lenp, data, datalen, |
1041 | key_sign_encode(prv), compat); | 1046 | key_sign_encode(prv), compat); |
1042 | sshkey_free(prv); | 1047 | sshkey_free(prv); |