upstream: require FIDO application strings to start with "ssh:"; ok

markus@ OpenBSD-Commit-ID: 94e9c1c066d42b76f035a3d58250a32b14000afb
author: djm@openbsd.org <djm@openbsd.org> 2020-02-04 10:58:04 +0100
committer: Damien Miller <djm@mindrot.org> 2020-02-04 11:08:10 +0100
commit: d596b1d30dc158915a3979fa409d21ff2465b6ee (patch)
tree: c7c5d1c14cbd5e2e2448043d69b4dc383c56effb /ssh-keygen.c
parent: upstream: revert enabling UpdateHostKeys by default - there are still (diff)
download: openssh-d596b1d30dc158915a3979fa409d21ff2465b6ee.tar.xz
openssh-d596b1d30dc158915a3979fa409d21ff2465b6ee.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 4ee43ab98..2a64622c1 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.395 2020/01/28 08:01:34 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.396 2020/02/04 09:58:04 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -3572,6 +3572,10 @@ main(int argc, char **argv)
 			} else if (strncasecmp(opts[i],
 			    "application=", 12) == 0) {
 				sk_application = xstrdup(opts[i] + 12);
+				if (strncmp(sk_application, "ssh:", 4) != 0) {
+					fatal("FIDO application string must "
+					    "begin with \"ssh:\"");
+				}
 			} else {
 				fatal("Option \"%s\" is unsupported for "
 				    "FIDO authenticator enrollment", opts[i]);
author	djm@openbsd.org <djm@openbsd.org>	2020-02-04 10:58:04 +0100
committer	Damien Miller <djm@mindrot.org>	2020-02-04 11:08:10 +0100
commit	d596b1d30dc158915a3979fa409d21ff2465b6ee (patch)
tree	c7c5d1c14cbd5e2e2448043d69b4dc383c56effb /ssh-keygen.c
parent	upstream: revert enabling UpdateHostKeys by default - there are still (diff)
download	openssh-d596b1d30dc158915a3979fa409d21ff2465b6ee.tar.xz openssh-d596b1d30dc158915a3979fa409d21ff2465b6ee.zip