diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2024-09-04 07:33:34 +0200 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2024-09-04 07:38:50 +0200 |
| commit | 13cc78d016b67a74a67f1c97c7c348084cd9212c (patch) | |
| tree | fde5c13b55ae79e67bfb146f811d5b273f4bd574 /sshkey.c | |
| parent | upstream: fix RCSID in output (diff) | |
| download | openssh-13cc78d016b67a74a67f1c97c7c348084cd9212c.tar.xz openssh-13cc78d016b67a74a67f1c97c7c348084cd9212c.zip | |
upstream: be more strict in parsing key type names. Only allow
shortnames (e.g "rsa") in user-interface code and require full SSH protocol
names (e.g. "ssh-rsa") everywhere else.
Prompted by bz3725; ok markus@
OpenBSD-Commit-ID: b3d8de9dac37992eab78adbf84fab2fe0d84b187
Diffstat (limited to 'sshkey.c')
| -rw-r--r-- | sshkey.c | 24 |
1 files changed, 19 insertions, 5 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.145 2024/08/20 11:10:04 djm Exp $ */ +/* $OpenBSD: sshkey.c,v 1.146 2024/09/04 05:33:34 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -249,22 +249,36 @@ sshkey_ssh_name_plain(const struct sshkey *k) k->ecdsa_nid); } -int -sshkey_type_from_name(const char *name) +static int +type_from_name(const char *name, int allow_short) { int i; const struct sshkey_impl *impl; for (i = 0; keyimpls[i] != NULL; i++) { impl = keyimpls[i]; + if (impl->name != NULL && strcmp(name, impl->name) == 0) + return impl->type; /* Only allow shortname matches for plain key types */ - if ((impl->name != NULL && strcmp(name, impl->name) == 0) || - (!impl->cert && strcasecmp(impl->shortname, name) == 0)) + if (allow_short && !impl->cert && impl->shortname != NULL && + strcasecmp(impl->shortname, name) == 0) return impl->type; } return KEY_UNSPEC; } +int +sshkey_type_from_name(const char *name) +{ + return type_from_name(name, 0); +} + +int +sshkey_type_from_shortname(const char *name) +{ + return type_from_name(name, 1); +} + static int key_type_is_ecdsa_variant(int type) { |