Segfault on invalid SSH keys.
djm at mindrot.org
Fri Oct 16 02:56:39 AEDT 2015
On Thu, 15 Oct 2015, Steve Kemp wrote:
> > > $ gunzip crash.min.pub.gz
> > > $ ssh-keygen -l -f ./crash.min.pub
> > > Segmentation fault
> > What version of OpenSSH are you using? I don't see a crash with 7.1 or
> > HEAD:
> Debian's wheezy release, which identifies as:
> OpenSSH_6.0p1 Debian-4+deb7u2, OpenSSL 1.0.1e 11 Feb 2013
> Debian's jessie release, which identifies as:
> OpenSSH_6.7p1 Debian-5, OpenSSL 1.0.1k 8 Jan 2015
ok, I can reproduce it in 6.6, but it's fixed in 6.8.
More information about the openssh-unix-dev