nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-10 01:48:00 +00:00
Code Issues Projects Releases Wiki Activity

Pageant: verify SSH-1 RSA keys before accepting them.

Browse Source 
In Friday's testing of the BinarySink work, I noticed that if you
accidentally add a mathematically invalid RSA1 key to Pageant, it will
accept it, getting into a state where it can fail assertions when
asked to use the key later. Added a call to rsa_verify(), triggering
an SSH_AGENT_FAILURE response if it doesn't agree the key is good.
This commit is contained in:
Simon Tatham 2018-05-26 18:00:23 +01:00
parent f4ca28a0f4
commit 9375f594c2
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
pageant.c
View File

@ -487,6 +487,11 @@ void pageant_handle_msg(BinarySink *bs,
goto add1_cleanup; goto add1_cleanup;
} }
if (!rsa_verify(key)) {
pageant_failure_msg(bs, "key is invalid", logctx, logfn);
goto add1_cleanup;
}
comment = snewn(commentlen+1, char); comment = snewn(commentlen+1, char);
if (comment) { if (comment) {
memcpy(comment, p + 4, commentlen); memcpy(comment, p + 4, commentlen);