[openssh-commits] [openssh] 01/03: upstream: In sshkey_in_file(), ignore keys that are considered for

git+noreply at mindrot.org git+noreply at mindrot.org
Fri Sep 21 22:49:36 AEST 2018 

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit bbc8af72ba68da014d4de6e21a85eb5123384226
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Fri Sep 21 12:20:12 2018 +0000

    upstream: In sshkey_in_file(), ignore keys that are considered for
    
    being too short (i.e. SSH_ERR_KEY_LENGTH). These keys will not be considered
    to be "in the file". This allows key revocation lists to contain short keys
    without the entire revocation list being considered invalid.
    
    bz#2897; ok dtucker
    
    OpenBSD-Commit-ID: d9f3d857d07194a42ad7e62889a74dc3f9d9924b
---
 authfile.c | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/authfile.c b/authfile.c
index be4a5773..b1c92f4a 100644
--- a/authfile.c
+++ b/authfile.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfile.c,v 1.130 2018/07/09 21:59:10 markus Exp $ */
+/* $OpenBSD: authfile.c,v 1.131 2018/09/21 12:20:12 djm Exp $ */
 /*
  * Copyright (c) 2000, 2013 Markus Friedl.  All rights reserved.
  *
@@ -459,6 +459,8 @@ sshkey_in_file(struct sshkey *key, const char *filename, int strict_type,
 		return SSH_ERR_SYSTEM_ERROR;
 
 	while (getline(&line, &linesize, f) != -1) {
+		sshkey_free(pub);
+		pub = NULL;
 		cp = line;
 
 		/* Skip leading whitespace. */
@@ -477,16 +479,20 @@ sshkey_in_file(struct sshkey *key, const char *filename, int strict_type,
 			r = SSH_ERR_ALLOC_FAIL;
 			goto out;
 		}
-		if ((r = sshkey_read(pub, &cp)) != 0)
+		switch (r = sshkey_read(pub, &cp)) {
+		case 0:
+			break;
+		case SSH_ERR_KEY_LENGTH:
+			continue;
+		default:
 			goto out;
+		}
 		if (sshkey_compare(key, pub) ||
 		    (check_ca && sshkey_is_cert(key) &&
 		    sshkey_compare(key->cert->signature_key, pub))) {
 			r = 0;
 			goto out;
 		}
-		sshkey_free(pub);
-		pub = NULL;
 	}
 	r = SSH_ERR_KEY_NOT_FOUND;
  out:

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list