diff options
Diffstat (limited to 'authfile.c')
| -rw-r--r-- | authfile.c | 19 |
1 files changed, 13 insertions, 6 deletions
diff --git a/authfile.c b/authfile.c index cffea2a6c..0d837b9bd 100644 --- a/authfile.c +++ b/authfile.c | |||
| @@ -681,7 +681,7 @@ key_load_public(const char *filename, char **commentp) | |||
| 681 | 681 | ||
| 682 | /* Scan a blacklist of known-vulnerable keys in blacklist_file. */ | 682 | /* Scan a blacklist of known-vulnerable keys in blacklist_file. */ |
| 683 | static int | 683 | static int |
| 684 | blacklisted_key_in_file(const Key *key, const char *blacklist_file) | 684 | blacklisted_key_in_file(const Key *key, const char *blacklist_file, char **fp) |
| 685 | { | 685 | { |
| 686 | int fd = -1; | 686 | int fd = -1; |
| 687 | char *dgst_hex = NULL; | 687 | char *dgst_hex = NULL; |
| @@ -770,16 +770,23 @@ blacklisted_key_in_file(const Key *key, const char *blacklist_file) | |||
| 770 | out: | 770 | out: |
| 771 | if (dgst_packed) | 771 | if (dgst_packed) |
| 772 | xfree(dgst_packed); | 772 | xfree(dgst_packed); |
| 773 | if (dgst_hex) | 773 | if (ret != 1 && dgst_hex) { |
| 774 | xfree(dgst_hex); | 774 | xfree(dgst_hex); |
| 775 | dgst_hex = NULL; | ||
| 776 | } | ||
| 777 | if (fp) | ||
| 778 | *fp = dgst_hex; | ||
| 775 | if (fd >= 0) | 779 | if (fd >= 0) |
| 776 | close(fd); | 780 | close(fd); |
| 777 | return ret; | 781 | return ret; |
| 778 | } | 782 | } |
| 779 | 783 | ||
| 780 | /* Scan blacklists of known-vulnerable keys. */ | 784 | /* |
| 785 | * Scan blacklists of known-vulnerable keys. If a vulnerable key is found, | ||
| 786 | * its fingerprint is returned in *fp, unless fp is NULL. | ||
| 787 | */ | ||
| 781 | int | 788 | int |
| 782 | blacklisted_key(const Key *key) | 789 | blacklisted_key(const Key *key, char **fp) |
| 783 | { | 790 | { |
| 784 | Key *public; | 791 | Key *public; |
| 785 | char *blacklist_file; | 792 | char *blacklist_file; |
| @@ -791,7 +798,7 @@ blacklisted_key(const Key *key) | |||
| 791 | 798 | ||
| 792 | xasprintf(&blacklist_file, "%s.%s-%u", | 799 | xasprintf(&blacklist_file, "%s.%s-%u", |
| 793 | _PATH_BLACKLIST, key_type(public), key_size(public)); | 800 | _PATH_BLACKLIST, key_type(public), key_size(public)); |
| 794 | ret = blacklisted_key_in_file(public, blacklist_file); | 801 | ret = blacklisted_key_in_file(public, blacklist_file, fp); |
| 795 | xfree(blacklist_file); | 802 | xfree(blacklist_file); |
| 796 | if (ret > 0) { | 803 | if (ret > 0) { |
| 797 | key_free(public); | 804 | key_free(public); |
| @@ -800,7 +807,7 @@ blacklisted_key(const Key *key) | |||
| 800 | 807 | ||
| 801 | xasprintf(&blacklist_file, "%s.%s-%u", | 808 | xasprintf(&blacklist_file, "%s.%s-%u", |
| 802 | _PATH_BLACKLIST_CONFIG, key_type(public), key_size(public)); | 809 | _PATH_BLACKLIST_CONFIG, key_type(public), key_size(public)); |
| 803 | ret2 = blacklisted_key_in_file(public, blacklist_file); | 810 | ret2 = blacklisted_key_in_file(public, blacklist_file, fp); |
| 804 | xfree(blacklist_file); | 811 | xfree(blacklist_file); |
| 805 | if (ret2 > ret) | 812 | if (ret2 > ret) |
| 806 | ret = ret2; | 813 | ret = ret2; |