[openssh-commits] [openssh] 02/10: upstream: handle cr+lf (instead of just cr) in sshsig signature

Fri Sep 8 15:59:32 AEST 2023

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 1ee0a16e07b6f0847ff463d7b5221c4bf1876e25
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Wed Sep 6 23:18:15 2023 +0000

    upstream: handle cr+lf (instead of just cr) in sshsig signature
    
    files
    
    OpenBSD-Commit-ID: 647460a212b916540016d066568816507375fd7f
---
 sshsig.c | 27 +++++++++++++++++++--------
 1 file changed, 19 insertions(+), 8 deletions(-)

diff --git a/sshsig.c b/sshsig.c
index 854d6732..d219db90 100644
--- a/sshsig.c
+++ b/sshsig.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshsig.c,v 1.32 2023/04/06 03:56:02 djm Exp $ */
+/* $OpenBSD: sshsig.c,v 1.33 2023/09/06 23:18:15 djm Exp $ */
 /*
  * Copyright (c) 2019 Google LLC
  *
@@ -38,7 +38,7 @@
 #define SIG_VERSION		0x01
 #define MAGIC_PREAMBLE		"SSHSIG"
 #define MAGIC_PREAMBLE_LEN	(sizeof(MAGIC_PREAMBLE) - 1)
-#define BEGIN_SIGNATURE		"-----BEGIN SSH SIGNATURE-----\n"
+#define BEGIN_SIGNATURE		"-----BEGIN SSH SIGNATURE-----"
 #define END_SIGNATURE		"-----END SSH SIGNATURE-----"
 #define RSA_SIGN_ALG		"rsa-sha2-512" /* XXX maybe make configurable */
 #define RSA_SIGN_ALLOWED	"rsa-sha2-512,rsa-sha2-256"
@@ -59,8 +59,7 @@ sshsig_armor(const struct sshbuf *blob, struct sshbuf **out)
 		goto out;
 	}
 
-	if ((r = sshbuf_put(buf, BEGIN_SIGNATURE,
-	    sizeof(BEGIN_SIGNATURE)-1)) != 0) {
+	if ((r = sshbuf_putf(buf, "%s\n", BEGIN_SIGNATURE)) != 0) {
 		error_fr(r, "sshbuf_putf");
 		goto out;
 	}
@@ -99,23 +98,35 @@ sshsig_dearmor(struct sshbuf *sig, struct sshbuf **out)
 		return SSH_ERR_ALLOC_FAIL;
 	}
 
+	/* Expect and consume preamble + lf/crlf */
 	if ((r = sshbuf_cmp(sbuf, 0,
 	    BEGIN_SIGNATURE, sizeof(BEGIN_SIGNATURE)-1)) != 0) {
 		error("Couldn't parse signature: missing header");
 		goto done;
 	}
-
 	if ((r = sshbuf_consume(sbuf, sizeof(BEGIN_SIGNATURE)-1)) != 0) {
 		error_fr(r, "consume");
 		goto done;
 	}
-
+	if ((r = sshbuf_cmp(sbuf, 0, "\r\n", 2)) == 0)
+		eoffset = 2;
+	else if ((r = sshbuf_cmp(sbuf, 0, "\n", 1)) == 0)
+		eoffset = 1;
+	else {
+		r = SSH_ERR_INVALID_FORMAT;
+		error_f("no header eol");
+		goto done;
+	}
+	if ((r = sshbuf_consume(sbuf, eoffset)) != 0) {
+		error_fr(r, "consume eol");
+		goto done;
+	}
+	/* Find and consume lf + suffix (any prior cr would be ignored) */
 	if ((r = sshbuf_find(sbuf, 0, "\n" END_SIGNATURE,
-	    sizeof("\n" END_SIGNATURE)-1, &eoffset)) != 0) {
+	    sizeof(END_SIGNATURE), &eoffset)) != 0) {
 		error("Couldn't parse signature: missing footer");
 		goto done;
 	}
-
 	if ((r = sshbuf_consume_end(sbuf, sshbuf_len(sbuf)-eoffset)) != 0) {
 		error_fr(r, "consume");
 		goto done;

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
