Bugzilla – Attachment 3053 Details for
Bug 2779
ssh-keygen let a user certify/sign a key with more principals than openssh will handle
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Fix: Check amount of principals in ssh-keygen
sshkeygen_principals.diff (text/plain), 971 bytes, created by
Guillaume Destuynder (:kang)
on 2017-09-16 08:16:02 AEST
(
hide
)
Description:
Fix: Check amount of principals in ssh-keygen
Filename:
MIME Type:
Creator:
Guillaume Destuynder (:kang)
Created:
2017-09-16 08:16:02 AEST
Size:
971 bytes
patch
obsolete
>commit 0cc725170abb0b9776bd505af3727b8bb0f23137 >Author: Guillaume Destuynder (kang) <kang+mozilla@insecure.ws> >Date: Fri Sep 15 15:05:53 2017 -0700 > > ssh-keygen SSHKEY_CERT_MAX_PRINCIPALS check on create > > ssh-keygen would allow creation of signed certificate for keys with more > principal values in the certificate identity than the sshkey_read() > would allow, causing the user to potentially create an unuseable > certificate. > >diff --git a/ssh-keygen.c b/ssh-keygen.c >index 835f7d01..9b69d87e 100644 >--- a/ssh-keygen.c >+++ b/ssh-keygen.c >@@ -1718,6 +1718,11 @@ do_ca_sign(struct passwd *pw, int argc, char **argv) > fatal("Empty principal name"); > } > free(otmp); >+ if (n > SSHKEY_CERT_MAX_PRINCIPALS) { >+ fatal("%s: invalid format: too many principals (%u)" >+ " for this certificate identity, specify at most %i.", >+ __func__, n, SSHKEY_CERT_MAX_PRINCIPALS); >+ } > } > > tmp = tilde_expand_filename(argv[i], pw->pw_uid);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=3053">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 2779
: 3053