upstream: fix two PIN entry bugs on FIDO keygen: 1) it would allow more

than the intended number of prompts (3) and 2) it would SEGV too many
incorrect PINs were entered; based on patch by Gabriel Kihlman

OpenBSD-Commit-ID: 9c0011f28ba8bd8adf2014424b64960333da1718

diff --git a/ssh-keygen.c b/ssh-keygen.c
index a6ba6cc7abdb80ef60665d69f678ac34051d84ee..0d6ed1fff2c55520872bd3c3d5119b15506ffe6e 100644 (file)
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.397 2020/02/06 22:30:54 naddy Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.398 2020/02/07 03:27:54 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -3588,7 +3588,7 @@ main(int argc, char **argv)
                passphrase = NULL;
                if ((attest = sshbuf_new()) == NULL)
                        fatal("sshbuf_new failed");
-               for (i = 0 ; i < 3; i++) {
+               for (i = 0 ; ; i++) {
                        fflush(stdout);
                        r = sshsk_enroll(type, sk_provider, sk_device,
                            sk_application == NULL ? "ssh:" : sk_application,
@@ -3598,15 +3598,21 @@ main(int argc, char **argv)
                                break;
                        if (r != SSH_ERR_KEY_WRONG_PASSPHRASE)
                                fatal("Key enrollment failed: %s", ssh_err(r));
-                       if (passphrase != NULL)
+                       else if (i > 0)
+                               error("PIN incorrect");
+                       if (passphrase != NULL) {
                                freezero(passphrase, strlen(passphrase));
+                               passphrase = NULL;
+                       }
+                       if (i >= 3)
+                               fatal("Too many incorrect PINs");
                        passphrase = read_passphrase("Enter PIN for "
                            "authenticator: ", RP_ALLOW_STDIN);
                }
-               if (passphrase != NULL)
+               if (passphrase != NULL) {
                        freezero(passphrase, strlen(passphrase));
-               if (i > 3)
-                       fatal("Too many incorrect PINs");
+                       passphrase = NULL;
+               }
                break;
        default:
                if ((r = sshkey_generate(type, bits, &private)) != 0)