ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-02-07 13:21:15 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Don't set pubkey_info directly in checkpubkey_line

Browse Source 
This makes it safe to use from fuzzer-pubkey without leaking
the value since the cleanup isn't called
This commit is contained in:
Matt Johnston 2022-03-16 18:35:23 +08:00
parent 678cc6fcc0
commit 98ef42a856
1 changed files with 15 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
svr-authpubkey.c
View File

@ -257,9 +257,12 @@ static void send_msg_userauth_pk_ok(const char* sigalgo, unsigned int sigalgolen
} }
/* Content for SSH_PUBKEYINFO is optionally returned malloced in ret_info (will be
freed if already set */
static int checkpubkey_line(buffer* line, int line_num, const char* filename, static int checkpubkey_line(buffer* line, int line_num, const char* filename,
const char* algo, unsigned int algolen, const char* algo, unsigned int algolen,
const unsigned char* keyblob, unsigned int keybloblen) { const unsigned char* keyblob, unsigned int keybloblen,
char ** ret_info) {
buffer *options_buf = NULL; buffer *options_buf = NULL;
char *info_str = NULL; char *info_str = NULL;
unsigned int pos, len, infopos, infolen; unsigned int pos, len, infopos, infolen;
@ -378,18 +381,21 @@ static int checkpubkey_line(buffer* line, int line_num, const char* filename,
ret = cmp_base64_key(keyblob, keybloblen, (const unsigned char *) algo, algolen, line, NULL); ret = cmp_base64_key(keyblob, keybloblen, (const unsigned char *) algo, algolen, line, NULL);
/* free pubkey_info if it is filled */ /* free pubkey_info if it is filled */
if (ses.authstate.pubkey_info) { if (ret_info && *ret_info) {
m_free(ses.authstate.pubkey_info); m_free(*ret_info);
*ret_info = NULL;
} }
if (ret == DROPBEAR_SUCCESS) { if (ret == DROPBEAR_SUCCESS) {
if (options_buf) { if (options_buf) {
ret = svr_add_pubkey_options(options_buf, line_num, filename); ret = svr_add_pubkey_options(options_buf, line_num, filename);
} }
if (ret_info) {
/* take the (optional) public key information */ /* take the (optional) public key information */
ses.authstate.pubkey_info = info_str; *ret_info = info_str;
info_str = NULL; info_str = NULL;
} }
}
out: out:
if (options_buf) { if (options_buf) {
@ -470,7 +476,8 @@ static int checkpubkey(const char* keyalgo, unsigned int keyalgolen,
} }
line_num++; line_num++;
ret = checkpubkey_line(line, line_num, filename, keyalgo, keyalgolen, keyblob, keybloblen); ret = checkpubkey_line(line, line_num, filename, keyalgo, keyalgolen,
keyblob, keybloblen, &ses.authstate.pubkey_info);
if (ret == DROPBEAR_SUCCESS) { if (ret == DROPBEAR_SUCCESS) {
break; break;
} }
@ -587,7 +594,7 @@ static int checkfileperm(char * filename) {
int fuzz_checkpubkey_line(buffer* line, int line_num, char* filename, int fuzz_checkpubkey_line(buffer* line, int line_num, char* filename,
const char* algo, unsigned int algolen, const char* algo, unsigned int algolen,
const unsigned char* keyblob, unsigned int keybloblen) { const unsigned char* keyblob, unsigned int keybloblen) {
return checkpubkey_line(line, line_num, filename, algo, algolen, keyblob, keybloblen); return checkpubkey_line(line, line_num, filename, algo, algolen, keyblob, keybloblen, NULL);
} }
#endif #endif