[PATCH] Make SSH2 private key parsing errors fatal

[Damien Miller]

On Sat, 25 Apr 2020, Michael Forney wrote:

> This matches the other do_convert_* functions, which also cannot
> fail. Otherwise, ssh-keygen will crash when it tries to check the
> key type before writing it to stdout.
> 
> For example, if I corrupt the key magic:
> 
> $ sed 's,^P2/5,AAAA,' regress/rsa_ssh2.prv > bad.prv && chmod 600 bad.prv
> $ ssh-keygen -i -f bad.prv
> bad magic 0xeb != 0x3f6ff9eb
> Segmentation fault
> $

I just committed a different fix - thanks

diff --git a/ssh-keygen.c b/ssh-keygen.c
index 526b57f..a046c04 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -653,9 +653,10 @@ do_convert_from_ssh2(struct passwd *pw, struct sshkey **k, int *private)
 		encoded[len-3] = '\0';
 	if ((r = sshbuf_b64tod(buf, encoded)) != 0)
 		fatal("%s: base64 decoding failed: %s", __func__, ssh_err(r));
-	if (*private)
-		*k = do_convert_private_ssh2(buf);
-	else if ((r = sshkey_fromb(buf, k)) != 0)
+	if (*private) {
+		if ((*k = do_convert_private_ssh2(buf)) == NULL)
+			fatal("%s: private key conversion failed", __func__);
+	} else if ((r = sshkey_fromb(buf, k)) != 0)
 		fatal("decode blob failed: %s", ssh_err(r));
 	sshbuf_free(buf);
 	fclose(fp);