[openssh-commits] [openssh] 11/22: upstream: passphrase depends on kdfname, not ciphername (possible

git+noreply at mindrot.org git+noreply at mindrot.org
Fri Mar 13 13:18:48 AEDT 2020


This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 05efe270df1e925db0af56a806d18b5063db4b6d
Author: markus at openbsd.org <markus at openbsd.org>
Date:   Fri Mar 6 18:21:28 2020 +0000

    upstream: passphrase depends on kdfname, not ciphername (possible
    
    null-deref); ok djm
    
    OpenBSD-Commit-ID: 0d39668edf5e790b5837df4926ee1141cec5471c
---
 sshkey.c | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/sshkey.c b/sshkey.c
index 63e568a0..de57c2ad 100644
--- a/sshkey.c
+++ b/sshkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey.c,v 1.100 2020/02/26 13:40:09 jsg Exp $ */
+/* $OpenBSD: sshkey.c,v 1.101 2020/03/06 18:21:28 markus Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Alexander von Gernler.  All rights reserved.
@@ -4147,20 +4147,20 @@ sshkey_parse_private2(struct sshbuf *blob, int type, const char *passphrase,
 		r = SSH_ERR_KEY_UNKNOWN_CIPHER;
 		goto out;
 	}
+	if (strcmp(kdfname, "none") != 0 && strcmp(kdfname, "bcrypt") != 0) {
+		r = SSH_ERR_KEY_UNKNOWN_CIPHER;
+		goto out;
+	}
+	if (strcmp(kdfname, "none") == 0 && strcmp(ciphername, "none") != 0) {
+		r = SSH_ERR_INVALID_FORMAT;
+		goto out;
+	}
 	if ((passphrase == NULL || strlen(passphrase) == 0) &&
-	    strcmp(ciphername, "none") != 0) {
+	    strcmp(kdfname, "none") != 0) {
 		/* passphrase required */
 		r = SSH_ERR_KEY_WRONG_PASSPHRASE;
 		goto out;
 	}
-	if (strcmp(kdfname, "none") != 0 && strcmp(kdfname, "bcrypt") != 0) {
-		r = SSH_ERR_KEY_UNKNOWN_CIPHER;
-		goto out;
-	}
-	if (!strcmp(kdfname, "none") && strcmp(ciphername, "none") != 0) {
-		r = SSH_ERR_INVALID_FORMAT;
-		goto out;
-	}
 	if (nkeys != 1) {
 		/* XXX only one key supported */
 		r = SSH_ERR_INVALID_FORMAT;

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.


More information about the openssh-commits mailing list