diff options
| author | markus@openbsd.org <markus@openbsd.org> | 2020-03-06 18:21:28 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2020-03-13 13:18:09 +1100 |
| commit | 05efe270df1e925db0af56a806d18b5063db4b6d (patch) | |
| tree | 8e294232e50cd83a807cd0eaa97fdf01d31d5b55 /sshkey.c | |
| parent | 1ddf5682f3992bdacd29164891abb71a19c2cf61 (diff) | |
upstream: passphrase depends on kdfname, not ciphername (possible
null-deref); ok djm
OpenBSD-Commit-ID: 0d39668edf5e790b5837df4926ee1141cec5471c
Diffstat (limited to 'sshkey.c')
| -rw-r--r-- | sshkey.c | 16 |
1 files changed, 8 insertions, 8 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: sshkey.c,v 1.100 2020/02/26 13:40:09 jsg Exp $ */ | 1 | /* $OpenBSD: sshkey.c,v 1.101 2020/03/06 18:21:28 markus Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
| 4 | * Copyright (c) 2008 Alexander von Gernler. All rights reserved. | 4 | * Copyright (c) 2008 Alexander von Gernler. All rights reserved. |
| @@ -4147,20 +4147,20 @@ sshkey_parse_private2(struct sshbuf *blob, int type, const char *passphrase, | |||
| 4147 | r = SSH_ERR_KEY_UNKNOWN_CIPHER; | 4147 | r = SSH_ERR_KEY_UNKNOWN_CIPHER; |
| 4148 | goto out; | 4148 | goto out; |
| 4149 | } | 4149 | } |
| 4150 | if ((passphrase == NULL || strlen(passphrase) == 0) && | ||
| 4151 | strcmp(ciphername, "none") != 0) { | ||
| 4152 | /* passphrase required */ | ||
| 4153 | r = SSH_ERR_KEY_WRONG_PASSPHRASE; | ||
| 4154 | goto out; | ||
| 4155 | } | ||
| 4156 | if (strcmp(kdfname, "none") != 0 && strcmp(kdfname, "bcrypt") != 0) { | 4150 | if (strcmp(kdfname, "none") != 0 && strcmp(kdfname, "bcrypt") != 0) { |
| 4157 | r = SSH_ERR_KEY_UNKNOWN_CIPHER; | 4151 | r = SSH_ERR_KEY_UNKNOWN_CIPHER; |
| 4158 | goto out; | 4152 | goto out; |
| 4159 | } | 4153 | } |
| 4160 | if (!strcmp(kdfname, "none") && strcmp(ciphername, "none") != 0) { | 4154 | if (strcmp(kdfname, "none") == 0 && strcmp(ciphername, "none") != 0) { |
| 4161 | r = SSH_ERR_INVALID_FORMAT; | 4155 | r = SSH_ERR_INVALID_FORMAT; |
| 4162 | goto out; | 4156 | goto out; |
| 4163 | } | 4157 | } |
| 4158 | if ((passphrase == NULL || strlen(passphrase) == 0) && | ||
| 4159 | strcmp(kdfname, "none") != 0) { | ||
| 4160 | /* passphrase required */ | ||
| 4161 | r = SSH_ERR_KEY_WRONG_PASSPHRASE; | ||
| 4162 | goto out; | ||
| 4163 | } | ||
| 4164 | if (nkeys != 1) { | 4164 | if (nkeys != 1) { |
| 4165 | /* XXX only one key supported */ | 4165 | /* XXX only one key supported */ |
| 4166 | r = SSH_ERR_INVALID_FORMAT; | 4166 | r = SSH_ERR_INVALID_FORMAT; |