OpenSSH 7.6p1 ssh-agent exiting if passed an invalid key blob
Damien Miller
djm at mindrot.org
Wed Nov 15 11:11:09 AEDT 2017
On Mon, 13 Nov 2017, Ron Frederick wrote:
> Hello,
>
> I noticed a problem recently when running some test code against
> the OpenSSH 7.6p1 ssh-agent. These tests ran fine against OpenSSH
> 7.5p1 and earlier, but with OpenSSH 7.6p1, they were suddenly causing
> ssh-agent to exit.
Sorry, I've committed this fix:
diff --git a/ssh-agent.c b/ssh-agent.c
index 9693722..0c88ab1 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -272,8 +272,11 @@ process_sign_request2(SocketEntry *e)
fatal("%s: sshbuf_new failed", __func__);
if ((r = sshkey_froms(e->request, &key)) != 0 ||
(r = sshbuf_get_string_direct(e->request, &data, &dlen)) != 0 ||
- (r = sshbuf_get_u32(e->request, &flags)) != 0)
- fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ (r = sshbuf_get_u32(e->request, &flags)) != 0) {
+ error("%s: couldn't parse request: %s", __func__, ssh_err(r));
+ goto send;
+ }
+
if (flags & SSH_AGENT_OLD_SIGNATURE)
compat = SSH_BUG_SIGBLOB;
if ((id = lookup_identity(key)) == NULL) {
More information about the openssh-unix-dev
mailing list