summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@cvs.openbsd.org>2008-06-28 13:58:24 +0000
committerDamien Miller <djm@cvs.openbsd.org>2008-06-28 13:58:24 +0000
commit9441ae21f20afd024b357b02f6b8789a777b1b4a (patch)
treeeb088b8c4e55814092b66c02cdba7bdd5be1de8b
parent4211ec31d0c8e690958ca4b0fc1f47cf2ad6d283 (diff)
refuse to add a key that has unknown constraints specified;
ok markus
-rw-r--r--usr.bin/ssh/ssh-agent.c24
1 files changed, 16 insertions, 8 deletions
diff --git a/usr.bin/ssh/ssh-agent.c b/usr.bin/ssh/ssh-agent.c
index 0f6ca08d5f1..d78402aa212 100644
--- a/usr.bin/ssh/ssh-agent.c
+++ b/usr.bin/ssh/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.157 2007/09/25 23:48:57 canacar Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.158 2008/06/28 13:58:23 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -512,9 +512,8 @@ process_add_identity(SocketEntry *e, int version)
xfree(comment);
goto send;
}
- success = 1;
while (buffer_len(&e->request)) {
- switch (buffer_get_char(&e->request)) {
+ switch ((type = buffer_get_char(&e->request))) {
case SSH_AGENT_CONSTRAIN_LIFETIME:
death = time(NULL) + buffer_get_int(&e->request);
break;
@@ -522,9 +521,14 @@ process_add_identity(SocketEntry *e, int version)
confirm = 1;
break;
default:
- break;
+ error("process_add_identity: "
+ "Unknown constraint type %d", type);
+ xfree(comment);
+ key_free(k);
+ goto send;
}
}
+ success = 1;
if (lifetime && !death)
death = time(NULL) + lifetime;
if ((id = lookup_identity(k, version)) == NULL) {
@@ -590,10 +594,10 @@ no_identities(SocketEntry *e, u_int type)
#ifdef SMARTCARD
static void
-process_add_smartcard_key (SocketEntry *e)
+process_add_smartcard_key(SocketEntry *e)
{
char *sc_reader_id = NULL, *pin;
- int i, version, success = 0, death = 0, confirm = 0;
+ int i, type, version, success = 0, death = 0, confirm = 0;
Key **keys, *k;
Identity *id;
Idtab *tab;
@@ -602,7 +606,7 @@ process_add_smartcard_key (SocketEntry *e)
pin = buffer_get_string(&e->request, NULL);
while (buffer_len(&e->request)) {
- switch (buffer_get_char(&e->request)) {
+ switch ((type = buffer_get_char(&e->request))) {
case SSH_AGENT_CONSTRAIN_LIFETIME:
death = time(NULL) + buffer_get_int(&e->request);
break;
@@ -610,7 +614,11 @@ process_add_smartcard_key (SocketEntry *e)
confirm = 1;
break;
default:
- break;
+ error("process_add_smartcard_key: "
+ "Unknown constraint type %d", type);
+ xfree(sc_reader_id);
+ xfree(pin);
+ goto send;
}
}
if (lifetime && !death)