| Summary: | ssh-keygen -A does not recreate broken zero-sized host keys | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | Krzysztof Cieplucha <krzysztof.cieplucha> | ||||||||||||
| Component: | ssh-keygen | Assignee: | Damien Miller <djm> | ||||||||||||
| Status: | CLOSED FIXED | ||||||||||||||
| Severity: | normal | CC: | djm, dtucker, krzysztof.cieplucha | ||||||||||||
| Priority: | P5 | ||||||||||||||
| Version: | 7.2p1 | ||||||||||||||
| Hardware: | All | ||||||||||||||
| OS: | All | ||||||||||||||
| Bug Depends on: | |||||||||||||||
| Bug Blocks: | 2698 | ||||||||||||||
| Attachments: |
|
||||||||||||||
|
Description
Krzysztof Cieplucha
2016-04-03 22:50:45 AEST
Created attachment 2804 [details]
check that key files are loadable in ssh-keygen -A
This patch checks that public and private key files can be loaded and will re-generate keys if they can't.
Changes to authfile.c/sshkey.c required to allow running sshkey_load_public()/sshkey_load_private_type() with a NULL key argument.
Comment on attachment 2804 [details]
check that key files are loadable in ssh-keygen -A
I am not sure this is a good idea. It has the possibility of overwriting the private key if it can't be loaded due to any of: file system problem, ssh-keygen bugs, encrypted private keys, bugs in libcraypto.
Created attachment 2805 [details]
overwrite zero-length key files, move keys into place atomically
Darren correctly points out that the previous diff could clobber valid keys under some circumstances.
This diff is much less aggressive: it only overwrites zero-length private keys, and uses rename() to atomically move finished private keys into position so there should be fewer circumstances under which it leaves partial keys at valid keys path names.
retarget unfinished bugs to next release retarget unfinished bugs to next release retarget unfinished bugs to next release retarget unfinished bugs to next release OpenSSH 7.4 release is closing; punt the bugs to 7.5 Move incomplete bugs to openssh-7.6 target since 7.5 shipped a while back. To calibrate expectations, there's little chance all of these are going to make 7.6. remove 7.5 target Created attachment 3003 [details]
update to current
Update to HEAD, remove appending '/' to path since the paths we later append start with '/' anyway.
Comment on attachment 3003 [details] update to current >+ public = private = NULL; >+ xasprintf(&prv_tmp, "%s%s.XXXXXXXXXX", >+ identity_file, key_types[i].path); >+ xasprintf(&pub_tmp, "%s%s.pub.XXXXXXXXXX", >+ identity_file, key_types[i].path); >+ xasprintf(&prv_file, "%s%s", >+ identity_file, key_types[i].path); >+ xasprintf(&pub_file, "%s%s.pub", >+ identity_file, key_types[i].path); >+ >+ if (stat(prv_file, &st) == 0) { >+ if (st.st_size != 0) >+ continue; This will leak prv_tmp and friends in the case where the key already exists. The next iteration of the loop will allocate them again, leaking the first. Created attachment 3004 [details]
revised diff
incorporating feedback: skip good keys early, NULL filenames to avoid risk of double-free, check fwrite/fclose errors
Created attachment 3009 [details]
fix double-fclose
Patch applied - this will be in OpenSSH 7.6 Close all resolved bugs after release of OpenSSH 7.7. |