diff options
author | Jakub Jelen <jjelen@redhat.com> | 2018-11-26 18:02:22 +0100 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2018-11-30 16:26:07 +0100 |
commit | b72c9eead6c40c8710af2913faedde3c5eb4384e (patch) | |
tree | bcaec91b3c35a01a7fbc7fa4cd16c6f9a188055e /src/pki_gcrypt.c | |
parent | c7628fbfea9ba889cfb1c7fdcc66e233b8c1d673 (diff) | |
download | libssh-b72c9eead6c40c8710af2913faedde3c5eb4384e.tar.gz libssh-b72c9eead6c40c8710af2913faedde3c5eb4384e.tar.xz libssh-b72c9eead6c40c8710af2913faedde3c5eb4384e.zip |
pki: Sanitize input to verification
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src/pki_gcrypt.c')
-rw-r--r-- | src/pki_gcrypt.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/pki_gcrypt.c b/src/pki_gcrypt.c index 5506edfb..c0cf5926 100644 --- a/src/pki_gcrypt.c +++ b/src/pki_gcrypt.c @@ -2034,6 +2034,14 @@ int pki_signature_verify(ssh_session session, gcry_sexp_t sexp; gcry_error_t err; + if (key->type != sig->type) { + SSH_LOG(SSH_LOG_WARN, + "Can not verify %s signature with %s key", + sig->type_c, + key->type_c); + return SSH_ERROR; + } + switch(key->type) { case SSH_KEYTYPE_DSS: /* That is to mark the number as positive */ |