diff options
author | Damien Miller <djm@cvs.openbsd.org> | 2008-06-28 13:58:24 +0000 |
---|---|---|
committer | Damien Miller <djm@cvs.openbsd.org> | 2008-06-28 13:58:24 +0000 |
commit | 9441ae21f20afd024b357b02f6b8789a777b1b4a (patch) | |
tree | eb088b8c4e55814092b66c02cdba7bdd5be1de8b | |
parent | 4211ec31d0c8e690958ca4b0fc1f47cf2ad6d283 (diff) |
refuse to add a key that has unknown constraints specified;
ok markus
-rw-r--r-- | usr.bin/ssh/ssh-agent.c | 24 |
1 files changed, 16 insertions, 8 deletions
diff --git a/usr.bin/ssh/ssh-agent.c b/usr.bin/ssh/ssh-agent.c index 0f6ca08d5f1..d78402aa212 100644 --- a/usr.bin/ssh/ssh-agent.c +++ b/usr.bin/ssh/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.157 2007/09/25 23:48:57 canacar Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.158 2008/06/28 13:58:23 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -512,9 +512,8 @@ process_add_identity(SocketEntry *e, int version) xfree(comment); goto send; } - success = 1; while (buffer_len(&e->request)) { - switch (buffer_get_char(&e->request)) { + switch ((type = buffer_get_char(&e->request))) { case SSH_AGENT_CONSTRAIN_LIFETIME: death = time(NULL) + buffer_get_int(&e->request); break; @@ -522,9 +521,14 @@ process_add_identity(SocketEntry *e, int version) confirm = 1; break; default: - break; + error("process_add_identity: " + "Unknown constraint type %d", type); + xfree(comment); + key_free(k); + goto send; } } + success = 1; if (lifetime && !death) death = time(NULL) + lifetime; if ((id = lookup_identity(k, version)) == NULL) { @@ -590,10 +594,10 @@ no_identities(SocketEntry *e, u_int type) #ifdef SMARTCARD static void -process_add_smartcard_key (SocketEntry *e) +process_add_smartcard_key(SocketEntry *e) { char *sc_reader_id = NULL, *pin; - int i, version, success = 0, death = 0, confirm = 0; + int i, type, version, success = 0, death = 0, confirm = 0; Key **keys, *k; Identity *id; Idtab *tab; @@ -602,7 +606,7 @@ process_add_smartcard_key (SocketEntry *e) pin = buffer_get_string(&e->request, NULL); while (buffer_len(&e->request)) { - switch (buffer_get_char(&e->request)) { + switch ((type = buffer_get_char(&e->request))) { case SSH_AGENT_CONSTRAIN_LIFETIME: death = time(NULL) + buffer_get_int(&e->request); break; @@ -610,7 +614,11 @@ process_add_smartcard_key (SocketEntry *e) confirm = 1; break; default: - break; + error("process_add_smartcard_key: " + "Unknown constraint type %d", type); + xfree(sc_reader_id); + xfree(pin); + goto send; } } if (lifetime && !death) |