1
0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-09 17:38:00 +00:00

Fix manual host key validation.

When the user tries to add a string to the CONF_ssh_manual_hostkeys
list box, we call a validation function which is supposed to look
along the string for either a valid-looking SSH key fingerprint, or a
base64 public key blob, and after it finds it, move that key alone to
the start of the input string and delete all the surrounding cruft.

SHA-256 key fingerprints were being detected all right, but not moved
to the start of the string sensibly - we just returned true without
rewriting anything. (Probably inadequate testing when I added SHA-256
fairly recently.)

And the code that moved a full public-key blob to the front of the
string triggered an ASan error on the grounds that it used strcpy with
the source and destination overlapping. I actually hadn't known that
was supposed to be a bad thing these days! But it's easily fixed by
making it a memmove instead.
This commit is contained in:
Simon Tatham 2021-10-25 18:12:21 +01:00
parent efa89573ae
commit e24444dba8

View File

@ -38,8 +38,11 @@ bool validate_manual_hostkey(char *key)
if (strstartswith(q, "SHA256:")) {
/* Test for a valid SHA256 key fingerprint. */
r = q + 7;
if (strlen(r) == 43 && r[strspn(r, BASE64_CHARS_NOEQ)] == 0)
if (strspn(r, BASE64_CHARS_NOEQ) == 43) {
memmove(key, q, 50); /* 7-char prefix + 43-char base64 */
key[50] = '\0';
return true;
}
}
r = q;
@ -106,7 +109,9 @@ bool validate_manual_hostkey(char *key)
if (strlen(q) < minlen)
goto not_ssh2_blob; /* sorry */
strcpy(key, q);
size_t base64_len = strspn(q, BASE64_CHARS_ALL);
memmove(key, q, base64_len);
key[base64_len] = '\0';
return true;
}
not_ssh2_blob:;