diff options
author | Daiki Ueno <ueno@gnu.org> | 2018-07-18 14:47:18 +0000 |
---|---|---|
committer | Daiki Ueno <ueno@gnu.org> | 2018-07-18 14:47:18 +0000 |
commit | 5388c93e398a484147039225e500ce8beb9f0c5e (patch) | |
tree | fbc47df44788a28bec1ac525faa5e632205a463e | |
parent | 2a26b20ab61919fee8b4d0ffae5e18303e41501c (diff) | |
parent | cc8d6cd12aff280f1a32b15238508a64931381d6 (diff) | |
download | gnome-keyring-5388c93e398a484147039225e500ce8beb9f0c5e.tar.gz |
Merge branch 'wip/dueno/openssh-parse' into 'master'
ssh-agent: Make public key parsing even robuster
See merge request GNOME/gnome-keyring!2
-rw-r--r-- | daemon/ssh-agent/gkd-ssh-agent-util.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/daemon/ssh-agent/gkd-ssh-agent-util.c b/daemon/ssh-agent/gkd-ssh-agent-util.c index 22c64b59..1b3cc4b4 100644 --- a/daemon/ssh-agent/gkd-ssh-agent-util.c +++ b/daemon/ssh-agent/gkd-ssh-agent-util.c @@ -106,6 +106,8 @@ _gkd_ssh_agent_parse_public_key (GBytes *input, guint save; const guchar *data; gsize n_data; + const guchar *keytype; + gsize n_keytype; g_return_val_if_fail (input, NULL); @@ -137,6 +139,8 @@ _gkd_ssh_agent_parse_public_key (GBytes *input, if (at != NULL) n_data = at - data; + keytype = data; + /* Find the first space */ at = memchr (data, ' ', n_data); if (!at) { @@ -144,6 +148,8 @@ _gkd_ssh_agent_parse_public_key (GBytes *input, return NULL; } + n_keytype = at - data; + /* Skip more whitespace */ n_data -= (at - data); data = at; @@ -173,6 +179,15 @@ _gkd_ssh_agent_parse_public_key (GBytes *input, return NULL; } + /* Check if the key type is prefixed to the decoded blob */ + if (!(n_decoded > n_keytype + 4 && + egg_buffer_decode_uint32 (decoded) == n_keytype && + memcmp (keytype, decoded + 4, n_keytype) == 0)) { + g_message ("SSH public key missing key type"); + g_free (decoded); + return NULL; + } + /* Skip more whitespace */ n_data -= (at - data); data = at; |