tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

upstream: Ensure that the key lifetime provided fits within the 

values allowed by the wire format (u32). Prevents integer wraparound of the
timeout values. bz#3119, ok markus@ djm@

OpenBSD-Commit-ID: 8afe6038b5cdfcf63360788f012a7ad81acc46a2
This commit is contained in:
dtucker@openbsd.org 2020-02-18 08:58:33 +00:00 committed by Darren Tucker
parent de1f3564cd
commit 264a966216
1 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
ssh-add.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-add.c,v 1.152 2020/02/06 22:30:54 naddy Exp $ */ /* $OpenBSD: ssh-add.c,v 1.153 2020/02/18 08:58:33 dtucker Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -90,7 +90,7 @@ static char *default_files[] = {
static int fingerprint_hash = SSH_FP_HASH_DEFAULT; static int fingerprint_hash = SSH_FP_HASH_DEFAULT;
/* Default lifetime (0 == forever) */ /* Default lifetime (0 == forever) */
static int lifetime = 0; static long lifetime = 0;
/* User has to confirm key use */ /* User has to confirm key use */
static int confirm = 0; static int confirm = 0;
@ -328,7 +328,7 @@ add_file(int agent_fd, const char *filename, int key_only, int qflag,
filename, comment); filename, comment);
if (lifetime != 0) { if (lifetime != 0) {
fprintf(stderr, fprintf(stderr,
"Lifetime set to %d seconds\n", lifetime); "Lifetime set to %ld seconds\n", lifetime);
} }
if (confirm != 0) { if (confirm != 0) {
fprintf(stderr, "The user must confirm " fprintf(stderr, "The user must confirm "
@ -384,7 +384,7 @@ add_file(int agent_fd, const char *filename, int key_only, int qflag,
fprintf(stderr, "Certificate added: %s (%s)\n", certpath, fprintf(stderr, "Certificate added: %s (%s)\n", certpath,
private->cert->key_id); private->cert->key_id);
if (lifetime != 0) { if (lifetime != 0) {
fprintf(stderr, "Lifetime set to %d seconds\n", fprintf(stderr, "Lifetime set to %ld seconds\n",
lifetime); lifetime);
} }
if (confirm != 0) { if (confirm != 0) {
@ -571,7 +571,7 @@ load_resident_keys(int agent_fd, const char *skprovider, int qflag)
sshkey_type(keys[i]), fp); sshkey_type(keys[i]), fp);
if (lifetime != 0) { if (lifetime != 0) {
fprintf(stderr, fprintf(stderr,
"Lifetime set to %d seconds\n", lifetime); "Lifetime set to %ld seconds\n", lifetime);
} }
if (confirm != 0) { if (confirm != 0) {
fprintf(stderr, "The user must confirm " fprintf(stderr, "The user must confirm "
@ -720,7 +720,8 @@ main(int argc, char **argv)
pkcs11provider = optarg; pkcs11provider = optarg;
break; break;
case 't': case 't':
if ((lifetime = convtime(optarg)) == -1) { if ((lifetime = convtime(optarg)) == -1 ||
lifetime < 0 || lifetime > UINT32_MAX) {
fprintf(stderr, "Invalid lifetime\n"); fprintf(stderr, "Invalid lifetime\n");
ret = 1; ret = 1;
goto done; goto done;