security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

ssh: Fix adding an ed25519 key with a zero length comment. 

* agent/command-ssh.c (sexp_key_construct): Do not put an empty string
into an S-expression.
(stream_read_string): Do not not try to a read a zero length block.
--

Actually we could handles this different by not putting a comment tag
into the s-expression, however this requires more code and at other
places we already return "(none)" instead of an empty comment.

The second fix is more or less a cosmetic thing to get better error
messages in case the underlying read system call returns an error.

GnuPG-bug-id: 5794
This commit is contained in:
Werner Koch 2022-01-28 19:59:11 +01:00
parent e1fc053dc1
commit 2331900d1c
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
1 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
agent/command-ssh.c
View File

@ -613,7 +613,7 @@ stream_read_string (estream_t stream, unsigned int secure,
} }
/* Read data. */ /* Read data. */
err = stream_read_data (stream, buffer, length); err = length? stream_read_data (stream, buffer, length) : 0;
if (err) if (err)
goto out; goto out;
@ -623,7 +623,7 @@ stream_read_string (estream_t stream, unsigned int secure,
} }
else /* Dummy read requested. */ else /* Dummy read requested. */
{ {
err = stream_read_skip (stream, length); err = length? stream_read_skip (stream, length) : 0;
if (err) if (err)
goto out; goto out;
} }
@ -1725,6 +1725,11 @@ sexp_key_construct (gcry_sexp_t *r_sexp,
estream_t format = NULL; estream_t format = NULL;
char *algo_name = NULL; char *algo_name = NULL;
/* We can't encode an empty string in an S-expression, thus to keep
* the code simple we use "(none)" instead. */
if (!comment || !*comment)
comment = "(none)";
if ((key_spec.flags & SPEC_FLAG_IS_EdDSA)) if ((key_spec.flags & SPEC_FLAG_IS_EdDSA))
{ {
/* It is much easier and more readable to use a separate code /* It is much easier and more readable to use a separate code
@ -1744,7 +1749,7 @@ sexp_key_construct (gcry_sexp_t *r_sexp,
"(comment%s))", "(comment%s))",
curve_name, curve_name,
mpis[0], mpis[1], mpis[0], mpis[1],
comment? comment:""); comment);
else else
err = gcry_sexp_build (&sexp_new, NULL, err = gcry_sexp_build (&sexp_new, NULL,
"(public-key(ecc(curve %s)" "(public-key(ecc(curve %s)"
@ -1752,7 +1757,8 @@ sexp_key_construct (gcry_sexp_t *r_sexp,
"(comment%s))", "(comment%s))",
curve_name, curve_name,
mpis[0], mpis[0],
comment? comment:""); comment);
} }
else else
{ {