nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-06-30 19:12:48 -05:00
Code Issues Projects Releases Wiki Activity

Fix a segfault in parsing OpenSSH private key files.

Browse Source 
The initial test for a line ending with "PRIVATE KEY-----" failed to
take into account the possibility that the line might be shorter than
that. Fixed by introducing a new library function strendswith(), and
strstartswith() for good measure, and using that.

Thanks to Hanno Böck for spotting this, with the aid of AFL.
This commit is contained in:
Simon Tatham
2015-11-10 18:47:55 +00:00
parent a454399ec8
commit fa7b23ce90
3 changed files with 17 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
import.c
View File

@ -383,8 +383,8 @@ static struct openssh_pem_key *load_openssh_pem_key(const Filename *filename,
goto error;
}
strip_crlf(line);
if (0 != strncmp(line, "-----BEGIN ", 11) ||
0 != strcmp(line+strlen(line)-16, "PRIVATE KEY-----")) {
if (!strstartswith(line, "-----BEGIN ") ||
!strendswith(line, "PRIVATE KEY-----")) {
errmsg = "file does not begin with OpenSSH key header";
goto error;
}
@ -421,8 +421,8 @@ static struct openssh_pem_key *load_openssh_pem_key(const Filename *filename,
goto error;
}
strip_crlf(line);
if (0 == strncmp(line, "-----END ", 9) &&
0 == strcmp(line+strlen(line)-16, "PRIVATE KEY-----")) {
if (strstartswith(line, "-----END ") &&
strendswith(line, "PRIVATE KEY-----")) {
sfree(line);
line = NULL;
break; /* done */