diff options
| author | jp161948 <none@none> | 2006-09-19 04:24:41 -0700 |
|---|---|---|
| committer | jp161948 <none@none> | 2006-09-19 04:24:41 -0700 |
| commit | 26ba198477055398633f319757f934b7ce73784e (patch) | |
| tree | af1fc5a615d40fd013ee35e3b321d1933d5483d4 /usr/src/cmd/ssh/libssh/common/key.c | |
| parent | 27fbcf8a5036d0cea1c401094c8bb0731ddc87ec (diff) | |
| download | illumos-gate-26ba198477055398633f319757f934b7ce73784e.tar.gz | |
6448031 ssh-keygen does not overwrite old key information when told yes
6451031 broken key in authorized_keys causes sshd to exit
6455367 ssh-agent can accept connections from other users depending on permissions of socket directory
6457202 server side of scp creates a directory even when not in recursive mode
6457241 server side of scp allows dir creation outside of the target subdirectory
6457952 scp performs local copying even when expected target directory is not a directory
6457959 scp doesn't print stderr messages in certain situations
6466048 scp should not call write() for the last chunk of data twice
6468175 sshd may set MAIL variable with two slashes in a row
Diffstat (limited to 'usr/src/cmd/ssh/libssh/common/key.c')
| -rw-r--r-- | usr/src/cmd/ssh/libssh/common/key.c | 34 |
1 files changed, 25 insertions, 9 deletions
diff --git a/usr/src/cmd/ssh/libssh/common/key.c b/usr/src/cmd/ssh/libssh/common/key.c index 8f2f488912..105fa6ee43 100644 --- a/usr/src/cmd/ssh/libssh/common/key.c +++ b/usr/src/cmd/ssh/libssh/common/key.c @@ -692,24 +692,38 @@ key_from_blob(u_char *blob, int blen) #endif buffer_init(&b); buffer_append(&b, blob, blen); - ktype = buffer_get_string(&b, NULL); + if ((ktype = buffer_get_string_ret(&b, NULL)) == NULL) { + error("key_from_blob: can't read key type"); + goto out; + } + type = key_type_from_name(ktype); switch (type) { case KEY_RSA: key = key_new(type); - buffer_get_bignum2(&b, key->rsa->e); - buffer_get_bignum2(&b, key->rsa->n); + if (buffer_get_bignum2_ret(&b, key->rsa->e) == -1 || + buffer_get_bignum2_ret(&b, key->rsa->n) == -1) { + error("key_from_blob: can't read rsa key"); + key_free(key); + key = NULL; + goto out; + } #ifdef DEBUG_PK RSA_print_fp(stderr, key->rsa, 8); #endif break; case KEY_DSA: key = key_new(type); - buffer_get_bignum2(&b, key->dsa->p); - buffer_get_bignum2(&b, key->dsa->q); - buffer_get_bignum2(&b, key->dsa->g); - buffer_get_bignum2(&b, key->dsa->pub_key); + if (buffer_get_bignum2_ret(&b, key->dsa->p) == -1 || + buffer_get_bignum2_ret(&b, key->dsa->q) == -1 || + buffer_get_bignum2_ret(&b, key->dsa->g) == -1 || + buffer_get_bignum2_ret(&b, key->dsa->pub_key) == -1) { + error("key_from_blob: can't read dsa key"); + key_free(key); + key = NULL; + goto out; + } #ifdef DEBUG_PK DSA_print_fp(stderr, key->dsa, 8); #endif @@ -719,12 +733,14 @@ key_from_blob(u_char *blob, int blen) break; default: error("key_from_blob: cannot handle type %s", ktype); - break; + goto out; } rlen = buffer_len(&b); if (key != NULL && rlen != 0) error("key_from_blob: remaining bytes in key blob %d", rlen); - xfree(ktype); + out: + if (ktype != NULL) + xfree(ktype); buffer_free(&b); return key; } |