ssh-sk-helper: check RP ID against ssh: prefix (#553)

2022-01-21 20:33:17 +01:00 · 2022-01-21 20:33:17 +01:00 · af7130c91b
parent d4b3264993
commit af7130c91b
1 changed files with 19 additions and 0 deletions
--- a/ssh-sk-helper.c
+++ b/ssh-sk-helper.c
@ -112,10 +112,20 @@ process_sign(struct sshbuf *req)

 	if ((r = sshkey_private_deserialize(kbuf, &key)) != 0)
 		fatal_r(r, "%s: Unable to parse private key", __progname);
+#ifndef WINDOWS
 	if (!sshkey_is_sk(key)) {
 		fatal("%s: Unsupported key type %s",
 		    __progname, sshkey_ssh_name(key));
 	}
+#else
+	if (!sshkey_is_sk(key) || key->sk_application == NULL) {
+		fatal("%s: Unsupported key type %s",
+		    __progname, sshkey_ssh_name(key));
+	}
+	if (strncmp(key->sk_application, "ssh:", 4) != 0) {
+		fatal("%s: web-origin key", __progname);
+	}
+#endif

 	debug_f("ready to sign with key %s, provider %s: "
 	    "msg len %zu, compat 0x%lx", sshkey_type(key),
@ -174,6 +184,10 @@ process_enroll(struct sshbuf *req)

 	if (type > INT_MAX)
 		fatal("%s: bad type %u", __progname, type);
+#ifdef WINDOWS
+	if (application == NULL || strncmp(application, "ssh:", 4) != 0)
+		fatal("%s: bogus application", __progname);
+#endif
 	if (sshbuf_len(challenge) == 0) {
 		sshbuf_free(challenge);
 		challenge = NULL;
@ -246,6 +260,11 @@ process_load_resident(struct sshbuf *req)
 		fatal_r(r, "%s: compose", __progname);

 	for (i = 0; i < nkeys; i++) {
+#ifdef WINDOWS
+		if (keys[i]->sk_application == NULL ||
+		    strncmp(keys[i]->sk_application, "ssh:", 4) != 0)
+			fatal("%s: non-ssh application", __progname);
+#endif
 		debug_f("key %zu %s %s", i, sshkey_type(keys[i]),
 		    keys[i]->sk_application);
 		sshbuf_reset(kbuf);