diff options
| author | Erlang/OTP <otp@erlang.org> | 2020-01-16 16:41:48 +0100 |
|---|---|---|
| committer | Erlang/OTP <otp@erlang.org> | 2020-01-16 16:41:48 +0100 |
| commit | f1dd879fef88db3252a90b457d10a567ecaf936a (patch) | |
| tree | f0ef67023943f2be4b269115636a7b1e99c94420 | |
| parent | ccfaa499d9bd587296ca7dea2b10fa1cf6939661 (diff) | |
| parent | 58307dd999c796934dd727e3da3d9033ce35a2f4 (diff) | |
| download | erlang-f1dd879fef88db3252a90b457d10a567ecaf936a.tar.gz | |
Merge branch 'hans/ssh/fix_list_to_atom_20/OTP-16375' into maint-20
* hans/ssh/fix_list_to_atom_20/OTP-16375:
ssh: Replace list_to_atom by list_to_existing_atom
| -rw-r--r-- | lib/ssh/src/ssh_transport.erl | 28 |
1 files changed, 23 insertions, 5 deletions
diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index 6820f534cb..171c9abfee 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -1110,9 +1110,21 @@ alg_final(rcv, SSH0) -> select_all(CL, SL) when length(CL) + length(SL) < ?MAX_NUM_ALGORITHMS -> - A = CL -- SL, %% algortihms only used by client + %% algortihms only used by client + %% NOTE: an algorithm occuring more than once in CL will still be present + %% in CLonly. This is not a problem for nice clients. + CLonly = CL -- SL, + %% algorithms used by client and server (client pref) - lists:map(fun(ALG) -> list_to_atom(ALG) end, (CL -- A)); + lists:foldr(fun(ALG, Acc) -> + try [list_to_existing_atom(ALG) | Acc] + catch + %% If an malicious client uses the same non-existing algorithm twice, + %% we will end up here + _:_ -> Acc + end + end, [], (CL -- CLonly)); + select_all(CL, SL) -> Err = lists:concat(["Received too many algorithms (",length(CL),"+",length(SL)," >= ",?MAX_NUM_ALGORITHMS,")."]), ssh_connection_handler:disconnect( @@ -1871,14 +1883,20 @@ valid_key_sha_alg(_, _) -> false. valid_key_sha_alg_ec(OID, Alg) -> Curve = public_key:oid2ssh_curvename(OID), - Alg == list_to_atom("ecdsa-sha2-" ++ binary_to_list(Curve)). + try Alg == list_to_existing_atom("ecdsa-sha2-" ++ binary_to_list(Curve)) + catch + _:_ -> false + end. public_algo(#'RSAPublicKey'{}) -> 'ssh-rsa'; % FIXME: Not right with draft-curdle-rsa-sha2 public_algo({_, #'Dss-Parms'{}}) -> 'ssh-dss'; public_algo({#'ECPoint'{},{namedCurve,OID}}) -> Curve = public_key:oid2ssh_curvename(OID), - list_to_atom("ecdsa-sha2-" ++ binary_to_list(Curve)). + try list_to_existing_atom("ecdsa-sha2-" ++ binary_to_list(Curve)) + catch + _:_ -> undefined + end. @@ -1907,7 +1925,7 @@ sha(?'secp521r1') -> sha(secp521r1); sha('ecdh-sha2-nistp256') -> sha(secp256r1); sha('ecdh-sha2-nistp384') -> sha(secp384r1); sha('ecdh-sha2-nistp521') -> sha(secp521r1); -sha(Str) when is_list(Str), length(Str)<50 -> sha(list_to_atom(Str)). +sha(Str) when is_list(Str), length(Str)<50 -> sha(list_to_existing_atom(Str)). mac_key_bytes('hmac-sha1') -> 20; |