[Bug 1784] ssh-keygen fails when filename of key file contains multiple slashes

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Sun Jun 20 05:45:43 EST 2010


https://bugzilla.mindrot.org/show_bug.cgi?id=1784

--- Comment #1 from B S Srinidhi <srinidhi.bs at gmail.com>  ---
It looks like the following code snippet might be the cause:

 1896:        /* Create ~/.ssh directory if it doesn't already exist.
*/
 1897:        snprintf(dotsshdir, sizeof dotsshdir, "%s/%s",
 1898:            pw->pw_dir, _PATH_SSH_USER_DIR);
 1899:        if (strstr(identity_file, dotsshdir) != NULL) {

From:
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/ssh-keygen.c?annotate=1.190

dotsshdir is expected to be a substring of identity_file. I think
before
calling strstr() on the 2 strings, identity_file should be
canonicalized
- either by realpath() or canonicalize_file_name()

On the same note, ssh-keygen will fail if the identity_file contains a
relative path:

# su - foo -c "ssh-keygen -t rsa -f /home/foo/bin/../.ssh/id_rsa -N ''"
Generating public/private rsa key pair.
open /home/foo/bin/../.ssh/id_rsa failed: No such file or directory.
Saving the key failed: /home/foo/bin/../.ssh/id_rsa.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list