From 6f86ee812fa5b063f8feb79f9e3e59eaa59e0209 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Fri, 22 Jul 2011 09:29:40 +0200 Subject: [PATCH] Fix crash while reading unsupported ssh keys. This bug was found by n-roeser at gmx.net (gnupg-devel@, msgid 4DFC7298.4040509@gmx.net). --- agent/ChangeLog | 5 +++++ agent/command-ssh.c | 18 ++++++------------ 2 files changed, 11 insertions(+), 12 deletions(-) diff --git a/agent/ChangeLog b/agent/ChangeLog index 95609cb3d..e1becac51 100644 --- a/agent/ChangeLog +++ b/agent/ChangeLog @@ -1,3 +1,8 @@ +2011-07-22 Werner Koch + + * command-ssh.c (ssh_receive_key): Do not init comment to an empty + static string; in the error case it would be freed. + 2011-07-20 Werner Koch * command.c (do_one_keyinfo, cmd_keyinfo): Support option --ssh-fpr. diff --git a/agent/command-ssh.c b/agent/command-ssh.c index 3fef83ec3..ae193ec94 100644 --- a/agent/command-ssh.c +++ b/agent/command-ssh.c @@ -1409,18 +1409,13 @@ ssh_receive_key (estream_t stream, gcry_sexp_t *key_new, int secret, int read_comment, ssh_key_type_spec_t *key_spec) { gpg_error_t err; - char *key_type; - char *comment; - gcry_sexp_t key; + char *key_type = NULL; + char *comment = NULL; + gcry_sexp_t key = NULL; ssh_key_type_spec_t spec; - gcry_mpi_t *mpi_list; + gcry_mpi_t *mpi_list = NULL; const char *elems; - mpi_list = NULL; - key_type = NULL; - comment = ""; - key = NULL; - err = stream_read_cstring (stream, &key_type); if (err) goto out; @@ -1452,7 +1447,7 @@ ssh_receive_key (estream_t stream, gcry_sexp_t *key_new, int secret, goto out; } - err = sexp_key_construct (&key, spec, secret, mpi_list, comment); + err = sexp_key_construct (&key, spec, secret, mpi_list, comment? comment:""); if (err) goto out; @@ -1464,8 +1459,7 @@ ssh_receive_key (estream_t stream, gcry_sexp_t *key_new, int secret, mpint_list_free (mpi_list); xfree (key_type); - if (read_comment) - xfree (comment); + xfree (comment); return err; }