[openssh-commits] [openssh] 03/07: upstream: check private key type against requested key type in

[git+noreply at mindrot.org]

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 421169d0e758351b105eabfcebf42378ebf17217
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Wed Apr 8 00:05:59 2020 +0000

    upstream: check private key type against requested key type in
    
    new-style private decoding; ok markus@
    
    OpenBSD-Commit-ID: 04d44b3a34ce12ce5187fb6f6e441a88c8c51662
---
 sshkey.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/sshkey.c b/sshkey.c
index 7ff61c85..a134e581 100644
--- a/sshkey.c
+++ b/sshkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey.c,v 1.104 2020/04/08 00:04:32 djm Exp $ */
+/* $OpenBSD: sshkey.c,v 1.105 2020/04/08 00:05:59 djm Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Alexander von Gernler.  All rights reserved.
@@ -4326,6 +4326,12 @@ sshkey_parse_private2(struct sshbuf *blob, int type, const char *passphrase,
 	    &decrypted, &pubkey)) != 0)
 		goto out;
 
+	if (type != KEY_UNSPEC &&
+	    sshkey_type_plain(type) != sshkey_type_plain(pubkey->type)) {
+		r = SSH_ERR_KEY_TYPE_MISMATCH;
+		goto out;
+	}
+
 	/* Load the private key and comment */
 	if ((r = sshkey_private_deserialize(decrypted, &k)) != 0 ||
 	    (r = sshbuf_get_cstring(decrypted, &comment, NULL)) != 0)

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.