upstream: fix an unreachable integer overflow similar to the XMSS

case, and some other NULL dereferences found by fuzzing.

fix with and ok markus@

OpenBSD-Commit-ID: 0f81adbb95ef887ce586953e1cb225fa45c7a47b

diff --git a/sshkey.c b/sshkey.c
index 612929427ebbdaf27f333d8898e3cd0fe6c7d222..ef90563b3cde615842a1fd7e1464e9b5ffc35be5 100644 (file)
--- a/sshkey.c
+++ b/sshkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey.c,v 1.83 2019/09/06 05:23:55 djm Exp $ */
+/* $OpenBSD: sshkey.c,v 1.84 2019/10/09 00:04:42 djm Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Alexander von Gernler.  All rights reserved.
@@ -3209,6 +3209,10 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp)
                if ((r = sshkey_froms(buf, &k)) != 0 ||
                    (r = sshbuf_get_bignum2(buf, &dsa_priv_key)) != 0)
                        goto out;
+               if (k->type != type) {
+                       r = SSH_ERR_INVALID_FORMAT;
+                       goto out;
+               }
                if (!DSA_set0_key(k->dsa, NULL, dsa_priv_key)) {
                        r = SSH_ERR_LIBCRYPTO_ERROR;
                        goto out;
@@ -3252,6 +3256,11 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp)
                if ((r = sshkey_froms(buf, &k)) != 0 ||
                    (r = sshbuf_get_bignum2(buf, &exponent)) != 0)
                        goto out;
+               if (k->type != type ||
+                   k->ecdsa_nid != sshkey_ecdsa_nid_from_name(tname)) {
+                       r = SSH_ERR_INVALID_FORMAT;
+                       goto out;
+               }
                if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1) {
                        r = SSH_ERR_LIBCRYPTO_ERROR;
                        goto out;
@@ -3296,6 +3305,10 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp)
                    (r = sshbuf_get_bignum2(buf, &rsa_p)) != 0 ||
                    (r = sshbuf_get_bignum2(buf, &rsa_q)) != 0)
                        goto out;
+               if (k->type != type) {
+                       r = SSH_ERR_INVALID_FORMAT;
+                       goto out;
+               }
                if (!RSA_set0_key(k->rsa, NULL, NULL, rsa_d)) {
                        r = SSH_ERR_LIBCRYPTO_ERROR;
                        goto out;
@@ -3333,13 +3346,17 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp)
                    (r = sshbuf_get_string(buf, &ed25519_pk, &pklen)) != 0 ||
                    (r = sshbuf_get_string(buf, &ed25519_sk, &sklen)) != 0)
                        goto out;
+               if (k->type != type) {
+                       r = SSH_ERR_INVALID_FORMAT;
+                       goto out;
+               }
                if (pklen != ED25519_PK_SZ || sklen != ED25519_SK_SZ) {
                        r = SSH_ERR_INVALID_FORMAT;
                        goto out;
                }
                k->ed25519_pk = ed25519_pk;
                k->ed25519_sk = ed25519_sk;
-               ed25519_pk = ed25519_sk = NULL;
+               ed25519_pk = ed25519_sk = NULL; /* transferred */
                break;
 #ifdef WITH_XMSS
        case KEY_XMSS:
@@ -3370,7 +3387,7 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp)
                    (r = sshbuf_get_string(buf, &xmss_pk, &pklen)) != 0 ||
                    (r = sshbuf_get_string(buf, &xmss_sk, &sklen)) != 0)
                        goto out;
-               if (strcmp(xmss_name, k->xmss_name)) {
+               if (k->type != type || strcmp(xmss_name, k->xmss_name) != 0) {
                        r = SSH_ERR_INVALID_FORMAT;
                        goto out;
                }
@@ -3877,7 +3894,8 @@ sshkey_parse_private2(struct sshbuf *blob, int type, const char *passphrase,
        }
 
        /* check that an appropriate amount of auth data is present */
-       if (sshbuf_len(decoded) < encrypted_len + authlen) {
+       if (sshbuf_len(decoded) < authlen ||
+           sshbuf_len(decoded) - authlen < encrypted_len) {
                r = SSH_ERR_INVALID_FORMAT;
                goto out;
        }