*/
#include "includes.h"
-RCSID("$OpenBSD: auth-rsa.c,v 1.60 2004/06/21 17:36:31 avsm Exp $");
+RCSID("$OpenBSD: auth-rsa.c,v 1.63 2005/06/17 02:44:32 djm Exp $");
#include <openssl/rsa.h>
#include <openssl/md5.h>
#include "hostfile.h"
#include "monitor_wrap.h"
#include "ssh.h"
+#include "misc.h"
/* import */
extern ServerOptions options;
* options bits e n comment
* where bits, e and n are decimal numbers,
* and comment is any string of characters up to newline. The maximum
- * length of a line is 8000 characters. See the documentation for a
+ * length of a line is SSH_MAX_PUBKEY_BYTES characters. See sshd(8) for a
* description of the options.
*/
int
auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
{
- char line[8192], *file;
+ char line[SSH_MAX_PUBKEY_BYTES], *file;
int allowed = 0;
u_int bits;
FILE *f;
* found, perform a challenge-response dialog to verify that the
* user really has the corresponding private key.
*/
- while (fgets(line, sizeof(line), f)) {
+ while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
char *cp;
char *key_options;
-
- linenum++;
+ int keybits;
/* Skip leading whitespace, empty and comment lines. */
for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
continue;
/* check the real bits */
- if (bits != BN_num_bits(key->rsa->n))
+ keybits = BN_num_bits(key->rsa->n);
+ if (keybits < 0 || bits != (u_int)keybits)
logit("Warning: %s, line %lu: keysize mismatch: "
"actual %d vs. announced %d.",
file, linenum, BN_num_bits(key->rsa->n), bits);