ssh-agent: Make public key parsing even robusterwip/dueno/openssh-parse

This amends commit f3f3cc70 to take into account of the fact that the
key type is prefixed to the decoded blob.  Suggested by Mantas
Mikulėnas in:
https://bugzilla.gnome.org/show_bug.cgi?id=795699

1 files changed, 15 insertions, 0 deletions

diff --git a/daemon/ssh-agent/gkd-ssh-agent-util.c b/daemon/ssh-agent/gkd-ssh-agent-util.c
index 22c64b59..1b3cc4b4 100644
--- a/daemon/ssh-agent/gkd-ssh-agent-util.c
+++ b/daemon/ssh-agent/gkd-ssh-agent-util.c
@@ -106,6 +106,8 @@ _gkd_ssh_agent_parse_public_key (GBytes *input,
 	guint save;
 	const guchar *data;
 	gsize n_data;
+	const guchar *keytype;
+	gsize n_keytype;
 
 	g_return_val_if_fail (input, NULL);
 
@@ -137,6 +139,8 @@ _gkd_ssh_agent_parse_public_key (GBytes *input,
 	if (at != NULL)
 		n_data = at - data;
 
+	keytype = data;
+
 	/* Find the first space */
 	at = memchr (data, ' ', n_data);
 	if (!at) {
@@ -144,6 +148,8 @@ _gkd_ssh_agent_parse_public_key (GBytes *input,
 		return NULL;
 	}
 
+	n_keytype = at - data;
+
 	/* Skip more whitespace */
 	n_data -= (at - data);
 	data = at;
@@ -173,6 +179,15 @@ _gkd_ssh_agent_parse_public_key (GBytes *input,
 		return NULL;
 	}
 
+	/* Check if the key type is prefixed to the decoded blob */
+	if (!(n_decoded > n_keytype + 4 &&
+	      egg_buffer_decode_uint32 (decoded) == n_keytype &&
+	      memcmp (keytype, decoded + 4, n_keytype) == 0)) {
+		g_message ("SSH public key missing key type");
+		g_free (decoded);
+		return NULL;
+	}
+
 	/* Skip more whitespace */
 	n_data -= (at - data);
 	data = at;