upstream: In sshkey_in_file(), ignore keys that are considered for
being too short (i.e. SSH_ERR_KEY_LENGTH). These keys will not be considered to be "in the file". This allows key revocation lists to contain short keys without the entire revocation list being considered invalid. bz#2897; ok dtucker OpenBSD-Commit-ID: d9f3d857d07194a42ad7e62889a74dc3f9d9924b
This commit is contained in:
parent
383a33d160
commit
bbc8af72ba
14
authfile.c
14
authfile.c
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: authfile.c,v 1.130 2018/07/09 21:59:10 markus Exp $ */
|
/* $OpenBSD: authfile.c,v 1.131 2018/09/21 12:20:12 djm Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000, 2013 Markus Friedl. All rights reserved.
|
* Copyright (c) 2000, 2013 Markus Friedl. All rights reserved.
|
||||||
*
|
*
|
||||||
|
@ -459,6 +459,8 @@ sshkey_in_file(struct sshkey *key, const char *filename, int strict_type,
|
||||||
return SSH_ERR_SYSTEM_ERROR;
|
return SSH_ERR_SYSTEM_ERROR;
|
||||||
|
|
||||||
while (getline(&line, &linesize, f) != -1) {
|
while (getline(&line, &linesize, f) != -1) {
|
||||||
|
sshkey_free(pub);
|
||||||
|
pub = NULL;
|
||||||
cp = line;
|
cp = line;
|
||||||
|
|
||||||
/* Skip leading whitespace. */
|
/* Skip leading whitespace. */
|
||||||
|
@ -477,16 +479,20 @@ sshkey_in_file(struct sshkey *key, const char *filename, int strict_type,
|
||||||
r = SSH_ERR_ALLOC_FAIL;
|
r = SSH_ERR_ALLOC_FAIL;
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
if ((r = sshkey_read(pub, &cp)) != 0)
|
switch (r = sshkey_read(pub, &cp)) {
|
||||||
|
case 0:
|
||||||
|
break;
|
||||||
|
case SSH_ERR_KEY_LENGTH:
|
||||||
|
continue;
|
||||||
|
default:
|
||||||
goto out;
|
goto out;
|
||||||
|
}
|
||||||
if (sshkey_compare(key, pub) ||
|
if (sshkey_compare(key, pub) ||
|
||||||
(check_ca && sshkey_is_cert(key) &&
|
(check_ca && sshkey_is_cert(key) &&
|
||||||
sshkey_compare(key->cert->signature_key, pub))) {
|
sshkey_compare(key->cert->signature_key, pub))) {
|
||||||
r = 0;
|
r = 0;
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
sshkey_free(pub);
|
|
||||||
pub = NULL;
|
|
||||||
}
|
}
|
||||||
r = SSH_ERR_KEY_NOT_FOUND;
|
r = SSH_ERR_KEY_NOT_FOUND;
|
||||||
out:
|
out:
|
||||||
|
|
Loading…
Reference in New Issue