ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-02-07 05:17:28 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Don't set pubkey_info directly in checkpubkey_line

Browse Source 
This makes it safe to use from fuzzer-pubkey without leaking
the value since the cleanup isn't called
This commit is contained in:
Matt Johnston 2022-03-16 18:35:23 +08:00
parent 678cc6fcc0
commit 98ef42a856
1 changed files with 15 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
svr-authpubkey.c
View File

@ -257,9 +257,12 @@ static void send_msg_userauth_pk_ok(const char* sigalgo, unsigned int sigalgolen
}
/* Content for SSH_PUBKEYINFO is optionally returned malloced in ret_info (will be
freed if already set */
static int checkpubkey_line(buffer* line, int line_num, const char* filename,
const char* algo, unsigned int algolen,
const unsigned char* keyblob, unsigned int keybloblen) {
const unsigned char* keyblob, unsigned int keybloblen,
char ** ret_info) {
buffer *options_buf = NULL;
char *info_str = NULL;
unsigned int pos, len, infopos, infolen;
@ -378,17 +381,20 @@ static int checkpubkey_line(buffer* line, int line_num, const char* filename,
ret = cmp_base64_key(keyblob, keybloblen, (const unsigned char *) algo, algolen, line, NULL);
/* free pubkey_info if it is filled */
if (ses.authstate.pubkey_info) {
m_free(ses.authstate.pubkey_info);
if (ret_info && *ret_info) {
m_free(*ret_info);
*ret_info = NULL;
}
if (ret == DROPBEAR_SUCCESS) {
if (options_buf) {
ret = svr_add_pubkey_options(options_buf, line_num, filename);
}
/* take the (optional) public key information */
ses.authstate.pubkey_info = info_str;
info_str = NULL;
if (ret_info) {
/* take the (optional) public key information */
*ret_info = info_str;
info_str = NULL;
}
}
out:
@ -470,7 +476,8 @@ static int checkpubkey(const char* keyalgo, unsigned int keyalgolen,
}
line_num++;
ret = checkpubkey_line(line, line_num, filename, keyalgo, keyalgolen, keyblob, keybloblen);
ret = checkpubkey_line(line, line_num, filename, keyalgo, keyalgolen,
keyblob, keybloblen, &ses.authstate.pubkey_info);
if (ret == DROPBEAR_SUCCESS) {
break;
}
@ -587,7 +594,7 @@ static int checkfileperm(char * filename) {
int fuzz_checkpubkey_line(buffer* line, int line_num, char* filename,
const char* algo, unsigned int algolen,
const unsigned char* keyblob, unsigned int keybloblen) {
return checkpubkey_line(line, line_num, filename, algo, algolen, keyblob, keybloblen);
return checkpubkey_line(line, line_num, filename, algo, algolen, keyblob, keybloblen, NULL);
}
#endif