[openssh-commits] [openssh] 01/02: upstream commit

[git+noreply at mindrot.org]

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit a8c5eeacf032a7d3408957e45dd7603cc1baf55f
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Wed Mar 15 02:19:09 2017 +0000

    upstream commit
    
    Fix segfault when sshd attempts to load RSA1 keys (can
    only happen when protocol v.1 support is enabled for the client). Reported by
    Jakub Jelen in bz#2686; ok dtucker
    
    Upstream-ID: 8fdaec2ba4b5f65db1d094f6714ce64b25d871d7
---
 sshd.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/sshd.c b/sshd.c
index df694fe..0b544f9 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.483 2017/02/24 03:16:34 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.484 2017/03/15 02:19:09 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -1675,6 +1675,15 @@ main(int ac, char **av)
 			continue;
 		key = key_load_private(options.host_key_files[i], "", NULL);
 		pubkey = key_load_public(options.host_key_files[i], NULL);
+
+		if ((pubkey != NULL && pubkey->type == KEY_RSA1) ||
+		    (key != NULL && key->type == KEY_RSA1)) {
+			verbose("Ignoring RSA1 key %s",
+			    options.host_key_files[i])
+			key_free(key);
+			key_free(pubkey);
+			continue;
+		}
 		if (pubkey == NULL && key != NULL)
 			pubkey = key_demote(key);
 		sensitive_data.host_keys[i] = key;

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.