diff options
Diffstat (limited to 'svr-authpubkey.c')
| -rw-r--r-- | svr-authpubkey.c | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/svr-authpubkey.c b/svr-authpubkey.c index ff481c8..ae1402d 100644 --- a/svr-authpubkey.c +++ b/svr-authpubkey.c @@ -176,6 +176,10 @@ out: sign_key_free(key); key = NULL; } + /* Retain pubkey options only if auth succeeded */ + if (!ses.authstate.authdone) { + svr_pubkey_options_cleanup(); + } TRACE(("leave pubkeyauth")) } @@ -206,7 +210,12 @@ static int checkpubkey_line(buffer* line, int line_num, const char* filename, if (line->len < MIN_AUTHKEYS_LINE || line->len > MAX_AUTHKEYS_LINE) { TRACE(("checkpubkey_line: bad line length %d", line->len)) - return DROPBEAR_FAILURE; + goto out; + } + + if (memchr(line->data, 0x0, line->len) != NULL) { + TRACE(("checkpubkey_line: bad line has null char")) + goto out; } /* compare the algorithm. +3 so we have enough bytes to read a space and some base64 characters too. */ @@ -482,4 +491,12 @@ static int checkfileperm(char * filename) { return DROPBEAR_SUCCESS; } +#if DROPBEAR_FUZZ +int fuzz_checkpubkey_line(buffer* line, int line_num, char* filename, + const char* algo, unsigned int algolen, + const unsigned char* keyblob, unsigned int keybloblen) { + return checkpubkey_line(line, line_num, filename, algo, algolen, keyblob, keybloblen); +} +#endif + #endif |