Attachment 2804 Details for Bug 2561 – check that key files are loadable in ssh-keygen -A

[patch] check that key files are loadable in ssh-keygen -A

bz2561.diff (text/plain), 3.82 KB, created by Damien Miller on 2016-04-08 14:21:46 AEST

(hide)

Description:

Filename:

MIME Type:

Creator: Damien Miller

Created: 2016-04-08 14:21:46 AEST

Size: 3.82 KB

patch

obsolete

>diff --git a/authfile.c b/authfile.c
>index d670424..04f0c3b 100644
>--- a/authfile.c
>+++ b/authfile.c
>@@ -200,7 +200,8 @@ sshkey_load_private_type(int type, const char *filename, const char *passphrase,
> {
> 	int fd, r;
> 
>-	*keyp = NULL;
>+	if (keyp != NULL)
>+		*keyp = NULL;
> 	if (commentp != NULL)
> 		*commentp = NULL;
> 
>diff --git a/ssh-keygen.c b/ssh-keygen.c
>index 4785201..f0b78bf 100644
>--- a/ssh-keygen.c
>+++ b/ssh-keygen.c
>@@ -979,13 +979,13 @@ do_gen_all_hostkeys(struct passwd *pw)
> #ifdef WITH_SSH1
> 		{ "rsa1", "RSA1", _PATH_HOST_KEY_FILE },
> #endif /* WITH_SSH1 */
>-		{ "rsa", "RSA" ,_PATH_HOST_RSA_KEY_FILE },
>+		{ "rsa", "RSA" , _PATH_HOST_RSA_KEY_FILE },
> 		{ "dsa", "DSA", _PATH_HOST_DSA_KEY_FILE },
> #ifdef OPENSSL_HAS_ECC
>-		{ "ecdsa", "ECDSA",_PATH_HOST_ECDSA_KEY_FILE },
>+		{ "ecdsa", "ECDSA", _PATH_HOST_ECDSA_KEY_FILE },
> #endif /* OPENSSL_HAS_ECC */
> #endif /* WITH_OPENSSL */
>-		{ "ed25519", "ED25519",_PATH_HOST_ED25519_KEY_FILE },
>+		{ "ed25519", "ED25519", _PATH_HOST_ED25519_KEY_FILE },
> 		{ NULL, NULL, NULL }
> 	};
> 
>@@ -993,13 +993,32 @@ do_gen_all_hostkeys(struct passwd *pw)
> 	struct stat st;
> 	struct sshkey *private, *public;
> 	char comment[1024];
>-	int i, type, fd, r;
>+	int prv_fail, i, type, fd, r;
> 	FILE *f;
> 
> 	for (i = 0; key_types[i].key_type; i++) {
>-		if (stat(key_types[i].path, &st) == 0)
>-			continue;
>-		if (errno != ENOENT) {
>+		type = sshkey_type_from_name(key_types[i].key_type);
>+		if (stat(key_types[i].path, &st) == 0) {
>+			/* Check for valid public key */
>+			prv_fail = 0;
>+			if ((r = sshkey_load_public(key_types[i].path,
>+			    NULL, NULL)) == 0) {
>+				if ((r = sshkey_load_private_type(type,
>+				    key_types[i].path, NULL, NULL, NULL,
>+				    NULL)) == 0)
>+					continue;
>+			}
>+			if (r == SSH_ERR_SYSTEM_ERROR) {
>+				error("Unable to load %s key %s: %s",
>+				    prv_fail ? "private" : "public",
>+				    key_types[i].path, ssh_err(r));
>+				first = 0;
>+				continue;
>+			}
>+			debug("%s: load %s %s: %s", __func__,
>+			    prv_fail ? "private" : "public",
>+			    key_types[i].path, ssh_err(r));
>+		} else if (errno != ENOENT) {
> 			error("Could not stat %s: %s", key_types[i].path,
> 			    strerror(errno));
> 			first = 0;
>@@ -1012,7 +1031,6 @@ do_gen_all_hostkeys(struct passwd *pw)
> 		}
> 		printf("%s ", key_types[i].key_type_display);
> 		fflush(stdout);
>-		type = sshkey_type_from_name(key_types[i].key_type);
> 		strlcpy(identity_file, key_types[i].path, sizeof(identity_file));
> 		bits = 0;
> 		type_bits_valid(type, NULL, &bits);
>diff --git a/sshkey.c b/sshkey.c
>index 87b093e..f0f373d 100644
>--- a/sshkey.c
>+++ b/sshkey.c
>@@ -3657,7 +3657,8 @@ sshkey_parse_private_rsa1(struct sshbuf *blob, const char *passphrase,
> 	const struct sshcipher *cipher;
> 	struct sshkey *prv = NULL;
> 
>-	*keyp = NULL;
>+	if (keyp != NULL)
>+		*keyp = NULL;
> 	if (commentp != NULL)
> 		*commentp = NULL;
> 
>@@ -3743,8 +3744,10 @@ sshkey_parse_private_rsa1(struct sshbuf *blob, const char *passphrase,
> 		goto out;
> 	}
> 	r = 0;
>-	*keyp = prv;
>-	prv = NULL;
>+	if (keyp != NULL) {
>+		*keyp = prv;
>+		prv = NULL;
>+	}
> 	if (commentp != NULL) {
> 		*commentp = comment;
> 		comment = NULL;
>@@ -3769,7 +3772,8 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type,
> 	BIO *bio = NULL;
> 	int r;
> 
>-	*keyp = NULL;
>+	if (keyp != NULL)
>+		*keyp = NULL;
> 
> 	if ((bio = BIO_new(BIO_s_mem())) == NULL || sshbuf_len(blob) > INT_MAX)
> 		return SSH_ERR_ALLOC_FAIL;
>@@ -3838,8 +3842,10 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type,
> 		goto out;
> 	}
> 	r = 0;
>-	*keyp = prv;
>-	prv = NULL;
>+	if (keyp != NULL) {
>+		*keyp = prv;
>+		prv = NULL;
>+	}
>  out:
> 	BIO_free(bio);
> 	if (pk != NULL)
>@@ -3853,7 +3859,8 @@ int
> sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type,
>     const char *passphrase, struct sshkey **keyp, char **commentp)
> {
>-	*keyp = NULL;
>+	if (keyp != NULL)
>+		*keyp = NULL;
> 	if (commentp != NULL)
> 		*commentp = NULL;
>

Flags:

dtucker: ok-

Actions: View | Diff

Attachments on bug 2561: 2804 | 2805 | 3003 | 3004 | 3009