diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2010-01-13 12:43:05 +0100 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2010-01-13 12:43:05 +0100 |
| commit | 561724f38dd8b4e56ec918a70f9314f41c34b46a (patch) | |
| tree | b6428e41576afcd6963c0e6ffe7df54996731771 /key.c | |
| parent | - (dtucker) OpenBSD CVS Sync (diff) | |
| download | openssh-561724f38dd8b4e56ec918a70f9314f41c34b46a.tar.xz openssh-561724f38dd8b4e56ec918a70f9314f41c34b46a.zip | |
- dtucker@cvs.openbsd.org 2010/01/13 01:10:56
[key.c]
Ignore and log any Protocol 1 keys where the claimed size is not equal to
the actual size. Noted by Derek Martin, ok djm@
Diffstat (limited to '')
| -rw-r--r-- | key.c | 8 |
1 files changed, 7 insertions, 1 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: key.c,v 1.81 2009/12/11 18:16:33 markus Exp $ */ +/* $OpenBSD: key.c,v 1.82 2010/01/13 01:10:56 dtucker Exp $ */ /* * read_bignum(): * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -522,6 +522,12 @@ key_read(Key *ret, char **cpp) return -1; if (!read_bignum(cpp, ret->rsa->n)) return -1; + /* validate the claimed number of bits */ + if ((u_int)BN_num_bits(ret->rsa->n) != bits) { + verbose("key_read: claimed key size %d does not match " + "actual %d", bits, BN_num_bits(ret->rsa->n)); + return -1; + } success = 1; break; case KEY_UNSPEC: |