summaryrefslogtreecommitdiff
path: root/ssh-add.c
diff options
context:
space:
mode:
Diffstat (limited to 'ssh-add.c')
-rw-r--r--ssh-add.c10
1 files changed, 9 insertions, 1 deletions
diff --git a/ssh-add.c b/ssh-add.c
index 738644d27..0111b7793 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -142,7 +142,7 @@ static int
142add_file(AuthenticationConnection *ac, const char *filename, int key_only) 142add_file(AuthenticationConnection *ac, const char *filename, int key_only)
143{ 143{
144 Key *private, *cert; 144 Key *private, *cert;
145 char *comment = NULL; 145 char *comment = NULL, *fp;
146 char msg[1024], *certpath = NULL; 146 char msg[1024], *certpath = NULL;
147 int fd, perms_ok, ret = -1; 147 int fd, perms_ok, ret = -1;
148 Buffer keyblob; 148 Buffer keyblob;
@@ -218,6 +218,14 @@ add_file(AuthenticationConnection *ac, const char *filename, int key_only)
218 } else { 218 } else {
219 fprintf(stderr, "Could not add identity: %s\n", filename); 219 fprintf(stderr, "Could not add identity: %s\n", filename);
220 } 220 }
221 if (blacklisted_key(private, &fp) == 1) {
222 fprintf(stderr, "Public key %s blacklisted (see "
223 "ssh-vulnkey(1)); refusing to add it\n", fp);
224 xfree(fp);
225 key_free(private);
226 xfree(comment);
227 return -1;
228 }
221 229
222 /* Skip trying to load the cert if requested */ 230 /* Skip trying to load the cert if requested */
223 if (key_only) 231 if (key_only)