Bugzilla – Attachment 3428 Details for
Bug 3190
Inconsistent handling of private keys without accompanying public keys
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
attempt to load public key from passphraseless private keys
bz3190.diff (text/plain), 2.53 KB, created by
Damien Miller
on 2020-07-17 14:12:37 AEST
(
hide
)
Description:
attempt to load public key from passphraseless private keys
Filename:
MIME Type:
Creator:
Damien Miller
Created:
2020-07-17 14:12:37 AEST
Size:
2.53 KB
patch
obsolete
>Index: authfile.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/authfile.c,v >retrieving revision 1.141 >diff -u -p -r1.141 authfile.c >--- authfile.c 18 Jun 2020 23:33:38 -0000 1.141 >+++ authfile.c 17 Jul 2020 04:10:47 -0000 >@@ -257,8 +257,9 @@ sshkey_try_load_public(struct sshkey **k > int > sshkey_load_public(const char *filename, struct sshkey **keyp, char **commentp) > { >- char *pubfile = NULL; >+ char *pubfile = NULL, *privcmt = NULL; > int r, oerrno; >+ struct sshkey *privkey; > > if (keyp != NULL) > *keyp = NULL; >@@ -274,16 +275,32 @@ sshkey_load_public(const char *filename, > if ((r = sshkey_try_load_public(keyp, pubfile, commentp)) == 0) > goto out; > >- /* finally, try to extract public key from private key file */ >+ /* Try to extract public key from private key file */ > if ((r = sshkey_load_pubkey_from_private(filename, keyp)) == 0) > goto out; > >+ /* >+ * If all else fails, try to load private key (assuming no passphrase) >+ * and discard private elements. >+ */ >+ if ((r = sshkey_load_private(filename, "", &privkey, &privcmt)) == 0) { >+ if ((r = sshkey_from_private(privkey, keyp)) == 0) { >+ if (commentp != NULL) >+ *commentp = privccmt; >+ privcmt = NULL; /* transferred */ >+ } >+ goto out; >+ } >+ } >+ > /* Pretend we couldn't find the key */ > r = SSH_ERR_SYSTEM_ERROR; > errno = ENOENT; > > out: > oerrno = errno; >+ sshkey_free(privkey); >+ free(privcmt); > free(pubfile); > errno = oerrno; > return r; >Index: sshd.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/sshd.c,v >retrieving revision 1.560 >diff -u -p -r1.560 sshd.c >--- sshd.c 3 Jul 2020 10:12:26 -0000 1.560 >+++ sshd.c 17 Jul 2020 04:10:47 -0000 >@@ -1727,6 +1727,10 @@ main(int ac, char **av) > &pubkey, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR) > do_log2(ll, "Unable to load host key \"%s\": %s", > options.host_key_files[i], ssh_err(r)); >+ if (pubkey == NULL && key != NULL) { >+ fatal("loaded private key %s but not public", >+ options.host_key_files[i]); >+ } > if (pubkey != NULL && key != NULL) { > if (!sshkey_equal(pubkey, key)) { > error("Public key for %s does not match " >@@ -1734,11 +1738,6 @@ main(int ac, char **av) > sshkey_free(pubkey); > pubkey = NULL; > } >- } >- if (pubkey == NULL && key != NULL) { >- if ((r = sshkey_from_private(key, &pubkey)) != 0) >- fatal("Could not demote key: \"%s\": %s", >- options.host_key_files[i], ssh_err(r)); > } > sensitive_data.host_keys[i] = key; > sensitive_data.host_pubkeys[i] = pubkey;
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=3428">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 3190
:
3424
|
3425
| 3428