Support flags word in SSH2_AGENTC_SIGN_REQUEST.

A couple of people have mentioned to me recently that these days OpenSSH is appending a uint32 flags word to the agent sign request, with flags that ask for an RSA signature to be over a SHA-256 or SHA-512 hash instead of the SHA-1 standardised in ssh-rsa. This commit adds support for the mandatory part of this protocol: we notice the flags word at all (previously we stopped parsing the packet before even finding it there), and return failure to the signing request if it has any flag set that we don't support, which currently means if it has any flag set whatsoever. While I'm here, I've also added an error check for an undecodable sign request. (It seemed silly to be checking get_err(msg) _after_ trying to read the flags word without also having checked it before.)
2025-01-25 01:02:24 +00:00 · 2018-11-19 20:20:00 +00:00 · 2018-11-19 20:20:00 +00:00 · 74f792e00b
commit 74f792e00b
parent 743bfac18e
1 changed files with 39 additions and 0 deletions
--- a/pageant.c
+++ b/pageant.c
@ -5,6 +5,7 @@
 #include <stddef.h>
 #include <stdlib.h>
 #include <assert.h>
+#include <inttypes.h>

 #include "putty.h"
 #include "ssh.h"
@ -322,11 +323,32 @@ void pageant_handle_msg(BinarySink *bs,
 	    struct ssh2_userkey *key;
            ptrlen keyblob, sigdata;
            strbuf *signature;
+            uint32_t flags;

            plog(logctx, logfn, "request: SSH2_AGENTC_SIGN_REQUEST");

            keyblob = get_string(msg);
            sigdata = get_string(msg);
+
+            if (get_err(msg)) {
+                pageant_failure_msg(bs, "unable to decode request",
+                                    logctx, logfn);
+                return;
+            }
+
+            /*
+             * Later versions of the agent protocol added a flags word
+             * on the end of the sign request. That hasn't always been
+             * there, so we don't complain if we don't find it.
+             *
+             * get_uint32 will default to returning zero if no data is
+             * available.
+             */
+            bool have_flags = false;
+            flags = get_uint32(msg);
+            if (!get_err(msg))
+                have_flags = true;
+
            if (logfn) {
                char *fingerprint = ssh2_fingerprint_blob(
                    keyblob.ptr, keyblob.len);
@ -339,6 +361,23 @@ void pageant_handle_msg(BinarySink *bs,
                return;
            }

+            if (have_flags)
+                plog(logctx, logfn, "signature flags = 0x%08"PRIx32, flags);
+            else
+                plog(logctx, logfn, "no signature flags");
+
+            if (flags) {
+                /*
+                 * We MUST reject any message containing flags we
+                 * don't understand.
+                 */
+                char *msg = dupprintf(
+                    "unsupported flag bits 0x%08"PRIx32, flags);
+                pageant_failure_msg(bs, msg, logctx, logfn);
+                sfree(msg);
+                return;
+            }
+
            signature = strbuf_new();
            ssh_key_sign(key->key, sigdata.ptr, sigdata.len,
                         BinarySink_UPCAST(signature));