diff options
author | djm@openbsd.org <djm@openbsd.org> | 2018-09-21 12:20:12 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2018-09-21 22:49:09 +1000 |
commit | bbc8af72ba68da014d4de6e21a85eb5123384226 (patch) | |
tree | aba3471d7c568f32eea927574f0d070cc351baca /authfile.c | |
parent | 383a33d160cefbfd1b40fef81f72eadbf9303a66 (diff) |
upstream: In sshkey_in_file(), ignore keys that are considered for
being too short (i.e. SSH_ERR_KEY_LENGTH). These keys will not be considered
to be "in the file". This allows key revocation lists to contain short keys
without the entire revocation list being considered invalid.
bz#2897; ok dtucker
OpenBSD-Commit-ID: d9f3d857d07194a42ad7e62889a74dc3f9d9924b
Diffstat (limited to 'authfile.c')
-rw-r--r-- | authfile.c | 14 |
1 files changed, 10 insertions, 4 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.c,v 1.130 2018/07/09 21:59:10 markus Exp $ */ +/* $OpenBSD: authfile.c,v 1.131 2018/09/21 12:20:12 djm Exp $ */ /* * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. * @@ -459,6 +459,8 @@ sshkey_in_file(struct sshkey *key, const char *filename, int strict_type, return SSH_ERR_SYSTEM_ERROR; while (getline(&line, &linesize, f) != -1) { + sshkey_free(pub); + pub = NULL; cp = line; /* Skip leading whitespace. */ @@ -477,16 +479,20 @@ sshkey_in_file(struct sshkey *key, const char *filename, int strict_type, r = SSH_ERR_ALLOC_FAIL; goto out; } - if ((r = sshkey_read(pub, &cp)) != 0) + switch (r = sshkey_read(pub, &cp)) { + case 0: + break; + case SSH_ERR_KEY_LENGTH: + continue; + default: goto out; + } if (sshkey_compare(key, pub) || (check_ca && sshkey_is_cert(key) && sshkey_compare(key->cert->signature_key, pub))) { r = 0; goto out; } - sshkey_free(pub); - pub = NULL; } r = SSH_ERR_KEY_NOT_FOUND; out: |