summaryrefslogtreecommitdiff
path: root/ssh-add.c
diff options
context:
space:
mode:
Diffstat (limited to 'ssh-add.c')
-rw-r--r--ssh-add.c10
1 files changed, 9 insertions, 1 deletions
diff --git a/ssh-add.c b/ssh-add.c
index ad9f7a83e..7249f0da6 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -139,7 +139,7 @@ static int
139add_file(AuthenticationConnection *ac, const char *filename) 139add_file(AuthenticationConnection *ac, const char *filename)
140{ 140{
141 Key *private, *cert; 141 Key *private, *cert;
142 char *comment = NULL; 142 char *comment = NULL, *fp;
143 char msg[1024], *certpath; 143 char msg[1024], *certpath;
144 int fd, perms_ok, ret = -1; 144 int fd, perms_ok, ret = -1;
145 145
@@ -184,6 +184,14 @@ add_file(AuthenticationConnection *ac, const char *filename)
184 "Bad passphrase, try again for %.200s: ", comment); 184 "Bad passphrase, try again for %.200s: ", comment);
185 } 185 }
186 } 186 }
187 if (blacklisted_key(private, &fp) == 1) {
188 fprintf(stderr, "Public key %s blacklisted (see "
189 "ssh-vulnkey(1)); refusing to add it\n", fp);
190 xfree(fp);
191 key_free(private);
192 xfree(comment);
193 return -1;
194 }
187 195
188 if (ssh_add_identity_constrained(ac, private, comment, lifetime, 196 if (ssh_add_identity_constrained(ac, private, comment, lifetime,
189 confirm)) { 197 confirm)) {
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-02 19:26:37 +0000