nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-25 01:02:24 +00:00
Code Issues Projects Releases Wiki Activity

Fix a segfault in parsing OpenSSH private key files.

Browse Source 
The initial test for a line ending with "PRIVATE KEY-----" failed to
take into account the possibility that the line might be shorter than
that. Fixed by introducing a new library function strendswith(), and
strstartswith() for good measure, and using that.

Thanks to Hanno Böck for spotting this, with the aid of AFL.

(cherry picked from commit fa7b23ce90)

Conflicts:
	misc.c
	misc.h

(cherry-picker's note: the conflicts were only due to other functions
introduced on trunk just next to the ones introduced by this commit)
This commit is contained in:
Simon Tatham 2016-02-25 20:22:23 +00:00
parent ac9862ec91
commit c195ff2b4f
3 changed files with 17 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
import.c
View File

@ -345,8 +345,8 @@ static struct openssh_key *load_openssh_key(const Filename *filename,
goto error;
}
strip_crlf(line);
if (0 != strncmp(line, "-----BEGIN ", 11) ||
0 != strcmp(line+strlen(line)-16, "PRIVATE KEY-----")) {
if (!strstartswith(line, "-----BEGIN ") ||
!strendswith(line, "PRIVATE KEY-----")) {
errmsg = "file does not begin with OpenSSH key header";
goto error;
}
@ -369,8 +369,8 @@ static struct openssh_key *load_openssh_key(const Filename *filename,
goto error;
}
strip_crlf(line);
if (0 == strncmp(line, "-----END ", 9) &&
0 == strcmp(line+strlen(line)-16, "PRIVATE KEY-----")) {
if (strstartswith(line, "-----END ") &&
strendswith(line, "PRIVATE KEY-----")) {
sfree(line);
line = NULL;
break; /* done */

11
misc.c
View File

@ -1035,3 +1035,14 @@ int smemeq(const void *av, const void *bv, size_t len)
* we want to return 1, so then we can just shift down. */
return (0x100 - val) >> 8;
}
int strstartswith(const char *s, const char *t)
{
return !memcmp(s, t, strlen(t));
}
int strendswith(const char *s, const char *t)
{
size_t slen = strlen(s), tlen = strlen(t);
return slen >= tlen && !strcmp(s + (slen - tlen), t);
}

2
misc.h
View File

@ -51,6 +51,8 @@ wchar_t *dup_mb_to_wc(int codepage, int flags, const char *string);
int toint(unsigned);
char *fgetline(FILE *fp);
int strstartswith(const char *s, const char *t);
int strendswith(const char *s, const char *t);
void base64_encode_atom(unsigned char *data, int n, char *out);
int base64_decode_atom(char *atom, unsigned char *out);