- markus@cvs.openbsd.org 2002/02/04 11:58:10

[auth2.c] cross checking of announced vs actual pktype in pubkey/hostbaed auth; ok stevesk@
2025-07-25 23:05:21 +02:00 · 2002-02-05 12:26:03 +11:00 · 2002-02-05 12:26:03 +11:00 · 9b74bfc5be
commit 9b74bfc5be
parent 4d4d53f399
2 changed files with 86 additions and 69 deletions
--- a/6
+++ b/6
@ -81,6 +81,10 @@
   - stevesk@cvs.openbsd.org 2002/02/04 00:53:39
     [ssh-agent.c]
     unneeded includes
+   - markus@cvs.openbsd.org 2002/02/04 11:58:10
+     [auth2.c]
+     cross checking of announced vs actual pktype in pubkey/hostbaed auth; 
+     ok stevesk@

 20020130
 - (djm) Delay PRNG seeding until we need it in ssh-keygen, from markus@
@ -7483,4 +7487,4 @@
 - Wrote replacements for strlcpy and mkdtemp
 - Released 1.0pre1

-$Id: ChangeLog,v 1.1821 2002/02/05 01:25:28 djm Exp $
+$Id: ChangeLog,v 1.1822 2002/02/05 01:26:03 djm Exp $
--- a/auth2.c
+++ b/auth2.c
@ -23,7 +23,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: auth2.c,v 1.83 2002/01/29 14:32:03 markus Exp $");
+RCSID("$OpenBSD: auth2.c,v 1.84 2002/02/04 11:58:10 markus Exp $");

 #include <openssl/evp.h>

@ -397,7 +397,7 @@ static int
 userauth_pubkey(Authctxt *authctxt)
 {
 	Buffer b;
-	Key *key;
+	Key *key = NULL;
 	char *pkalg, *pkblob, *sig;
 	u_int alen, blen, slen;
 	int have_sig, pktype;
@ -424,13 +424,20 @@ userauth_pubkey(Authctxt *authctxt)
 	pktype = key_type_from_name(pkalg);
 	if (pktype == KEY_UNSPEC) {
 		/* this is perfectly legal */
-		log("userauth_pubkey: unsupported public key algorithm: %s", pkalg);
-		xfree(pkalg);
-		xfree(pkblob);
-		return 0;
+		log("userauth_pubkey: unsupported public key algorithm: %s",
+		    pkalg);
+		goto done;
 	}
 	key = key_from_blob(pkblob, blen);
-	if (key != NULL) {
+	if (key == NULL) {
+		error("userauth_pubkey: cannot decode key: %s", pkalg);
+		goto done;
+	}
+	if (key->type != pktype) {
+		error("userauth_pubkey: type mismatch for decoded key "
+		    "(received %d, expected %d)", key->type, pktype);
+		goto done;
+	}
 	if (have_sig) {
 		sig = packet_get_string(&slen);
 		packet_check_eom();
@ -487,9 +494,10 @@ userauth_pubkey(Authctxt *authctxt)
 	}
 	if (authenticated != 1)
 		auth_clear_options();
-		key_free(key);
-	}
+done:
 	debug2("userauth_pubkey: authenticated %d pkalg %s", authenticated, pkalg);
+	if (key != NULL)
+		key_free(key);
 	xfree(pkalg);
 	xfree(pkblob);
 #ifdef HAVE_CYGWIN
@ -503,7 +511,7 @@ static int
 userauth_hostbased(Authctxt *authctxt)
 {
 	Buffer b;
-	Key *key;
+	Key *key = NULL;
 	char *pkalg, *pkblob, *sig, *cuser, *chost, *service;
 	u_int alen, blen, slen;
 	int pktype;
@ -537,7 +545,12 @@ userauth_hostbased(Authctxt *authctxt)
 	}
 	key = key_from_blob(pkblob, blen);
 	if (key == NULL) {
-		debug("userauth_hostbased: cannot decode key: %s", pkalg);
+		error("userauth_hostbased: cannot decode key: %s", pkalg);
+		goto done;
+	}
+	if (key->type != pktype) {
+		error("userauth_hostbased: type mismatch for decoded key "
+		    "(received %d, expected %d)", key->type, pktype);
 		goto done;
 	}
 	service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" :
@ -562,10 +575,10 @@ userauth_hostbased(Authctxt *authctxt)
 		authenticated = 1;

 	buffer_clear(&b);
-	key_free(key);
-
 done:
 	debug2("userauth_hostbased: authenticated %d", authenticated);
+	if (key != NULL)
+		key_free(key);
 	xfree(pkalg);
 	xfree(pkblob);
 	xfree(cuser);