upstream: check private key type against requested key type in

author djm@openbsd.org <djm@openbsd.org>

Wed, 8 Apr 2020 00:05:59 +0000 (00:05 +0000)

committer Damien Miller <djm@mindrot.org>

Wed, 8 Apr 2020 00:14:21 +0000 (10:14 +1000)
author djm@openbsd.org <djm@openbsd.org>
Wed, 8 Apr 2020 00:05:59 +0000 (00:05 +0000)
committer Damien Miller <djm@mindrot.org>
Wed, 8 Apr 2020 00:14:21 +0000 (10:14 +1000)
diff --git a/sshkey.c b/sshkey.c

index 7ff61c85b6433b1937f66e8bc896caca4f95d069..a134e58168121ed6975cc04fdeeebedbe44fb31d 100644 (file)
--- a/sshkey.c
+++ b/sshkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey.c,v 1.104 2020/04/08 00:04:32 djm Exp $ */
+/* $OpenBSD: sshkey.c,v 1.105 2020/04/08 00:05:59 djm Exp $ */
  /*
   * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
   * Copyright (c) 2008 Alexander von Gernler.  All rights reserved.
@@ -4326,6 +4326,12 @@ sshkey_parse_private2(struct sshbuf *blob, int type, const char *passphrase,
             &decrypted, &pubkey)) != 0)
                 goto out;
  
+       if (type != KEY_UNSPEC &&
+           sshkey_type_plain(type) != sshkey_type_plain(pubkey->type)) {
+               r = SSH_ERR_KEY_TYPE_MISMATCH;
+               goto out;
+       }
+
         /* Load the private key and comment */
         if ((r = sshkey_private_deserialize(decrypted, &k)) != 0 ||
             (r = sshbuf_get_cstring(decrypted, &comment, NULL)) != 0)
author	djm@openbsd.org <djm@openbsd.org>
	Wed, 8 Apr 2020 00:05:59 +0000 (00:05 +0000)
committer	Damien Miller <djm@mindrot.org>
	Wed, 8 Apr 2020 00:14:21 +0000 (10:14 +1000)