diff options
author | Jay Satiro <raysatiro@yahoo.com> | 2020-02-23 18:37:09 -0500 |
---|---|---|
committer | Jay Satiro <raysatiro@yahoo.com> | 2020-03-07 03:06:11 -0500 |
commit | 09aa807240b9dcde78a919ff712316a1daf0655e (patch) | |
tree | f94d596f877bd3b95aa0933e88b3af0f02bd6b40 /lib | |
parent | e54b1885d19dee5ed04761295020a0a84b8296ca (diff) | |
download | curl-09aa807240b9dcde78a919ff712316a1daf0655e.tar.gz |
libssh: Fix matching user-specified MD5 hex key
Prior to this change a match would never be successful because it
was mistakenly coded to compare binary data from libssh to a
user-specified hex string (ie CURLOPT_SSH_HOST_PUBLIC_KEY_MD5).
Reported-by: fds242@users.noreply.github.com
Fixes https://github.com/curl/curl/issues/4971
Closes https://github.com/curl/curl/pull/4974
Diffstat (limited to 'lib')
-rw-r--r-- | lib/vssh/libssh.c | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/lib/vssh/libssh.c b/lib/vssh/libssh.c index 647b4d491..08d9f9e0f 100644 --- a/lib/vssh/libssh.c +++ b/lib/vssh/libssh.c @@ -345,13 +345,27 @@ static int myssh_is_known(struct connectdata *conn) return rc; if(data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5]) { + int i; + char md5buffer[33]; + const char *pubkey_md5 = data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5]; + rc = ssh_get_publickey_hash(pubkey, SSH_PUBLICKEY_HASH_MD5, &hash, &hlen); - if(rc != SSH_OK) + if(rc != SSH_OK || hlen != 16) { + failf(data, + "Denied establishing ssh session: md5 fingerprint not available"); goto cleanup; + } + + for(i = 0; i < 16; i++) + msnprintf(&md5buffer[i*2], 3, "%02x", (unsigned char)hash[i]); + + infof(data, "SSH MD5 fingerprint: %s\n", md5buffer); - if(hlen != strlen(data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5]) || - memcmp(&data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5], hash, hlen)) { + if(!strcasecompare(md5buffer, pubkey_md5)) { + failf(data, + "Denied establishing ssh session: mismatch md5 fingerprint. " + "Remote %s is not equal to %s", md5buffer, pubkey_md5); rc = SSH_ERROR; goto cleanup; } |