ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-02-07 21:23:51 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix out-of-bounds read on normal ecdsa-sha2-[identifier] keys

Browse Source
This commit is contained in:
Egor Duda 2021-12-24 12:10:36 +03:00
parent c8fcc08fe0
commit c66f0e98c9
No known key found for this signature in database
GPG Key ID: 8610EBBBC18A37F1
1 changed files with 14 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
ecdsa.c
View File

@ -76,23 +76,31 @@ ecc_key *gen_ecdsa_priv_key(unsigned int bit_size) {
ecc_key *buf_get_ecdsa_pub_key(buffer* buf) { ecc_key *buf_get_ecdsa_pub_key(buffer* buf) {
unsigned char *key_ident = NULL, *identifier = NULL; unsigned char *key_ident = NULL, *identifier = NULL;
unsigned int key_ident_len, identifier_len; unsigned int key_ident_len, identifier_len, prefix_len, rest_len;
buffer *q_buf = NULL; buffer *q_buf = NULL;
struct dropbear_ecc_curve **curve; struct dropbear_ecc_curve **curve;
ecc_key *new_key = NULL; ecc_key *new_key = NULL;
/* string "ecdsa-sha2-[identifier]" */ /* string "ecdsa-sha2-[identifier]" or "sk-ecdsa-sha2-[identifier]@openssh.com" */
key_ident = (unsigned char*)buf_getstring(buf, &key_ident_len); key_ident = (unsigned char*)buf_getstring(buf, &key_ident_len);
/* string "[identifier]" */ /* string "[identifier]" */
identifier = (unsigned char*)buf_getstring(buf, &identifier_len); identifier = (unsigned char*)buf_getstring(buf, &identifier_len);
if (key_ident_len != identifier_len + strlen ("sk-") + strlen ("@openssh.com") + strlen("ecdsa-sha2-") && prefix_len = strlen ("ecdsa-sha2-");
key_ident_len != identifier_len + strlen("ecdsa-sha2-")) { rest_len = prefix_len;
#if DROPBEAR_SK_ECDSA
if (memcmp (key_ident, "sk-", 3) == 0) {
prefix_len = strlen ("sk-ecdsa-sha2-");
rest_len = prefix_len + strlen ("@openssh.com");
}
#endif
if (key_ident_len != identifier_len + rest_len) {
TRACE(("Bad identifier lengths")) TRACE(("Bad identifier lengths"))
goto out; goto out;
} }
if (memcmp(&key_ident[strlen("sk-ecdsa-sha2-")], identifier, identifier_len) != 0 && if (memcmp(&key_ident[prefix_len], identifier, identifier_len) != 0) {
memcmp(&key_ident[strlen("ecdsa-sha2-")], identifier, identifier_len) != 0) {
TRACE(("mismatching identifiers")) TRACE(("mismatching identifiers"))
goto out; goto out;
} }