From 1a8a6f76a4bbfa5677c816798df8ea74bd9b5522 Mon Sep 17 00:00:00 2001
From: Simon Tatham <anakin@pobox.com>
Date: Tue, 15 Dec 2020 13:54:55 +0000
Subject: [PATCH] Pageant: accept adding an unencrypted version of an encrypted
 key.

Now, if you send SSH2_AGENTC_ADD_IDENTITY with a cleartext private key
blob, and the agent already contains an encrypted-only version of the
same key, it will drop the cleartext version in alongside it,
effectively decrypting the key as if the passphrase had been typed.
---
 pageant.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/pageant.c b/pageant.c
index 83ad912a..d32344ba 100644
--- a/pageant.c
+++ b/pageant.c
@@ -244,12 +244,21 @@ bool pageant_add_ssh2_key(ssh2_userkey *skey)
     pk->blocked_requests.next = pk->blocked_requests.prev =
         &pk->blocked_requests;
 
-    if (add234(keytree, pk) == pk) {
+    PageantKey *pk_in_tree = add234(keytree, pk);
+    if (pk_in_tree == pk) {
+        /* The key wasn't in the tree at all, and we've just added it. */
         pk->skey = skey;
         if (skey->comment)
             pk->comment = dupstr(skey->comment);
         return true;
+    } else if (!pk_in_tree->skey) {
+        /* The key was only stored encrypted, and now we have an
+         * unencrypted version to add to the existing record. */
+        pk_in_tree->skey = skey;
+        pk_free(pk);
+        return true;
     } else {
+        /* The key was already in the tree in full. */
         pk_free(pk);
         return false;
     }