1 files changed, 17 insertions, 1 deletions
diff --git a/ssh.c b/ssh.c
index a7f448bb6..0f4756ef2 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1218,7 +1218,7 @@ ssh_session2(void)
 static void
 load_public_identity_files(void)
 {
-        char *filename, *cp, thishost[NI_MAXHOST];
+        char *filename, *cp, thishost[NI_MAXHOST], *fp;
        int i = 0;
        Key *public;
        struct passwd *pw;
@@ -1260,6 +1260,22 @@ load_public_identity_files(void)
                public = key_load_public(filename, NULL);
                debug("identity file %s type %d", filename,
                    public ? public->type : -1);
+                if (blacklisted_key(public, &fp) == 1) {
+                        if (options.use_blacklisted_keys)
+                                logit("Public key %s blacklisted (see "
+                                    "ssh-vulnkey(1)); continuing anyway", fp);
+                        else
+                                logit("Public key %s blacklisted (see "
+                                    "ssh-vulnkey(1)); refusing to send it",
+                                    fp);
+                        xfree(fp);
+                        if (!options.use_blacklisted_keys) {
+                                key_free(public);
+                                xfree(filename);
+                                filename = NULL;
+                                public = NULL;
+                        }
+                }
                xfree(options.identity_files[i]);
                options.identity_files[i] = filename;
                options.identity_keys[i] = public;

diff --git a/ssh.c b/ssh.c index a7f448bb6..0f4756ef2 100644 --- a/ssh.c +++ b/ssh.c
@@ -1218,7 +1218,7 @@ ssh_session2(void)
1218	static void	1218	static void
1219	load_public_identity_files(void)	1219	load_public_identity_files(void)
1220	{	1220	{
1221	char filename, cp, thishost[NI_MAXHOST];	1221	char filename, cp, thishost[NI_MAXHOST], *fp;
1222	int i = 0;	1222	int i = 0;
1223	Key *public;	1223	Key *public;
1224	struct passwd *pw;	1224	struct passwd *pw;
@@ -1260,6 +1260,22 @@ load_public_identity_files(void)
1260	public = key_load_public(filename, NULL);	1260	public = key_load_public(filename, NULL);
1261	debug("identity file %s type %d", filename,	1261	debug("identity file %s type %d", filename,
1262	public ? public->type : -1);	1262	public ? public->type : -1);
		1263	if (blacklisted_key(public, &fp) == 1) {
		1264	if (options.use_blacklisted_keys)
		1265	logit("Public key %s blacklisted (see "
		1266	"ssh-vulnkey(1)); continuing anyway", fp);
		1267	else
		1268	logit("Public key %s blacklisted (see "
		1269	"ssh-vulnkey(1)); refusing to send it",
		1270	fp);
		1271	xfree(fp);
		1272	if (!options.use_blacklisted_keys) {
		1273	key_free(public);
		1274	xfree(filename);
		1275	filename = NULL;
		1276	public = NULL;
		1277	}
		1278	}
1263	xfree(options.identity_files[i]);	1279	xfree(options.identity_files[i]);
1264	options.identity_files[i] = filename;	1280	options.identity_files[i] = filename;
1265	options.identity_keys[i] = public;	1281	options.identity_keys[i] = public;