diff options
| author | Jay Satiro <raysatiro@yahoo.com> | 2020-02-23 18:37:09 -0500 |
|---|---|---|
| committer | Jay Satiro <raysatiro@yahoo.com> | 2020-03-07 03:06:11 -0500 |
| commit | 09aa807240b9dcde78a919ff712316a1daf0655e (patch) | |
| tree | f94d596f877bd3b95aa0933e88b3af0f02bd6b40 /tests/sshserver.pl | |
| parent | e54b1885d19dee5ed04761295020a0a84b8296ca (diff) | |
| download | curl-09aa807240b9dcde78a919ff712316a1daf0655e.tar.gz | |
libssh: Fix matching user-specified MD5 hex key
Prior to this change a match would never be successful because it
was mistakenly coded to compare binary data from libssh to a
user-specified hex string (ie CURLOPT_SSH_HOST_PUBLIC_KEY_MD5).
Reported-by: fds242@users.noreply.github.com
Fixes https://github.com/curl/curl/issues/4971
Closes https://github.com/curl/curl/pull/4974
Diffstat (limited to 'tests/sshserver.pl')
| -rw-r--r-- | tests/sshserver.pl | 28 |
1 files changed, 24 insertions, 4 deletions
diff --git a/tests/sshserver.pl b/tests/sshserver.pl index 197e8b872..4414ca51b 100644 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -28,6 +28,9 @@ use strict; use warnings; use Cwd; use Cwd 'abs_path'; +use Digest::MD5; +use Digest::MD5 'md5_hex'; +use MIME::Base64; #*************************************************************************** # Variables and subs imported from sshhelp module @@ -48,6 +51,7 @@ use sshhelp qw( $sftpcmds $hstprvkeyf $hstpubkeyf + $hstpubmd5f $cliprvkeyf $clipubkeyf display_sshdconfig @@ -357,10 +361,11 @@ if((($sshid =~ /OpenSSH/) && ($sshvernum < 299)) || # if((! -e $hstprvkeyf) || (! -s $hstprvkeyf) || (! -e $hstpubkeyf) || (! -s $hstpubkeyf) || + (! -e $hstpubmd5f) || (! -s $hstpubmd5f) || (! -e $cliprvkeyf) || (! -s $cliprvkeyf) || (! -e $clipubkeyf) || (! -s $clipubkeyf)) { # Make sure all files are gone so ssh-keygen doesn't complain - unlink($hstprvkeyf, $hstpubkeyf, $cliprvkeyf, $clipubkeyf); + unlink($hstprvkeyf, $hstpubkeyf, $hstpubmd5f, $cliprvkeyf, $clipubkeyf); logmsg 'generating host keys...' if($verbose); if(system "\"$sshkeygen\" -q -t rsa -f $hstprvkeyf -C 'curl test server' -N ''") { logmsg 'Could not generate host key'; @@ -374,6 +379,21 @@ if((! -e $hstprvkeyf) || (! -s $hstprvkeyf) || # Make sure that permissions are restricted so openssh doesn't complain system "chmod 600 $hstprvkeyf"; system "chmod 600 $cliprvkeyf"; + # Save md5 hash of public host key + open(RSAKEYFILE, "<$hstpubkeyf"); + my @rsahostkey = do { local $/ = ' '; <RSAKEYFILE> }; + close(RSAKEYFILE); + if(!$rsahostkey[1]) { + logmsg 'Failed parsing base64 encoded RSA host key'; + exit 1; + } + open(PUBMD5FILE, ">$hstpubmd5f"); + print PUBMD5FILE md5_hex(decode_base64($rsahostkey[1])); + close(PUBMD5FILE); + if((! -e $hstpubmd5f) || (! -s $hstpubmd5f)) { + logmsg 'Failed writing md5 hash of RSA host key'; + exit 1; + } } @@ -1099,8 +1119,8 @@ elsif($verbose && ($rc >> 8)) { #*************************************************************************** # Clean up once the server has stopped # -unlink($hstprvkeyf, $hstpubkeyf, $cliprvkeyf, $clipubkeyf, $knownhosts); -unlink($sshdconfig, $sshconfig, $sftpconfig); - +unlink($hstprvkeyf, $hstpubkeyf, $hstpubmd5f, + $cliprvkeyf, $clipubkeyf, $knownhosts, + $sshdconfig, $sshconfig, $sftpconfig); exit 0; |