- dtucker@cvs.openbsd.org 2010/01/13 01:10:56

     [key.c]
     Ignore and log any Protocol 1 keys where the claimed size is not equal to
     the actual size.  Noted by Derek Martin, ok djm@

diff --git a/ChangeLog b/ChangeLog
index 8ee8e2768f430c08ad9fdfb5246b7d4a8621f436..866e4aa4647b7c530a1f297cdb2cfcad6ad21448 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,6 +10,10 @@
    - dtucker@cvs.openbsd.org 2010/01/13 00:19:04
      [sshconnect.c auth.c]
      Fix a couple of typos/mispellings in comments
+   - dtucker@cvs.openbsd.org 2010/01/13 01:10:56
+     [key.c]
+     Ignore and log any Protocol 1 keys where the claimed size is not equal to
+     the actual size.  Noted by Derek Martin, ok djm@
 
 20100112
  - (dtucker) OpenBSD CVS Sync

diff --git a/key.c b/key.c
index f2edf6d5d56f725c8a3a1b72d7a7e39b86f2d44a..5aea416b33ea7575027ec769c5b963308296d307 100644 (file)
--- a/key.c
+++ b/key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: key.c,v 1.81 2009/12/11 18:16:33 markus Exp $ */
+/* $OpenBSD: key.c,v 1.82 2010/01/13 01:10:56 dtucker Exp $ */
 /*
  * read_bignum():
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -522,6 +522,12 @@ key_read(Key *ret, char **cpp)
                        return -1;
                if (!read_bignum(cpp, ret->rsa->n))
                        return -1;
+               /* validate the claimed number of bits */
+               if ((u_int)BN_num_bits(ret->rsa->n) != bits) {
+                       verbose("key_read: claimed key size %d does not match "
+                          "actual %d", bits, BN_num_bits(ret->rsa->n));
+                       return -1;
+               }
                success = 1;
                break;
        case KEY_UNSPEC: