From d4609682afffc14242fa04f4f33a1b9f3a9e1aaf Mon Sep 17 00:00:00 2001 From: Catalin Patulea Date: Thu, 1 Jan 2015 17:47:46 -0500 Subject: [PATCH] Handle invalid agent keys by skipping rather than exiting. My agent exposes both conventional keys and certs (ecdsa-sha2-nistp256-cert-v01@openssh.com) and I want dropbear to be able to use the former. --- cli-agentfwd.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/cli-agentfwd.c b/cli-agentfwd.c index 535024f..7badc88 100644 --- a/cli-agentfwd.c +++ b/cli-agentfwd.c @@ -210,13 +210,14 @@ static void agent_get_key_list(m_list * ret_list) ret = buf_get_pub_key(key_buf, pubkey, &key_type); buf_free(key_buf); if (ret != DROPBEAR_SUCCESS) { - /* This is slack, properly would cleanup vars etc */ - dropbear_exit("Bad pubkey received from agent"); - } - pubkey->type = key_type; - pubkey->source = SIGNKEY_SOURCE_AGENT; + TRACE(("Skipping bad pubkey from agent")); + sign_key_free(pubkey); + } else { + pubkey->type = key_type; + pubkey->source = SIGNKEY_SOURCE_AGENT; - list_append(ret_list, pubkey); + list_append(ret_list, pubkey); + } /* We'll ignore the comment for now. might want it later.*/ buf_eatstring(inbuf);