- dtucker@cvs.openbsd.org 2010/01/13 01:10:56

[key.c] Ignore and log any Protocol 1 keys where the claimed size is not equal to the actual size. Noted by Derek Martin, ok djm@
author: dtucker <dtucker> 2010-01-13 11:43:05 +0000
committer: dtucker <dtucker> 2010-01-13 11:43:05 +0000
commit: 9f36cc9bdc034e9e27816df12b4f40b7f71237a4 (patch)
tree: 908a5ff21626e1c196426c3a714feab9cf61ca8c /key.c
parent: adc0a94b86360a76c82e619e6aa2ebb717da45b6 (diff)
download: openssh-9f36cc9bdc034e9e27816df12b4f40b7f71237a4.tar.gz
1 files changed, 7 insertions, 1 deletions
diff --git a/key.c b/key.c
index f2edf6d5..5aea416b 100644
--- a/key.c
+++ b/key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: key.c,v 1.81 2009/12/11 18:16:33 markus Exp $ */
+/* $OpenBSD: key.c,v 1.82 2010/01/13 01:10:56 dtucker Exp $ */
 /*
  * read_bignum():
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -522,6 +522,12 @@ key_read(Key *ret, char **cpp)
 			return -1;
 		if (!read_bignum(cpp, ret->rsa->n))
 			return -1;
+		/* validate the claimed number of bits */
+		if ((u_int)BN_num_bits(ret->rsa->n) != bits) {
+			verbose("key_read: claimed key size %d does not match "
+			   "actual %d", bits, BN_num_bits(ret->rsa->n));
+			return -1;
+		}
 		success = 1;
 		break;
 	case KEY_UNSPEC:
author	dtucker <dtucker>	2010-01-13 11:43:05 +0000
committer	dtucker <dtucker>	2010-01-13 11:43:05 +0000
commit	9f36cc9bdc034e9e27816df12b4f40b7f71237a4 (patch)
tree	908a5ff21626e1c196426c3a714feab9cf61ca8c /key.c
parent	adc0a94b86360a76c82e619e6aa2ebb717da45b6 (diff)
download	openssh-9f36cc9bdc034e9e27816df12b4f40b7f71237a4.tar.gz