pki: Sanitize input to verification

Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
author: Jakub Jelen <jjelen@redhat.com> 2018-11-26 18:02:22 +0100
committer: Andreas Schneider <asn@cryptomilk.org> 2018-11-30 16:26:07 +0100
commit: b72c9eead6c40c8710af2913faedde3c5eb4384e (patch)
tree: bcaec91b3c35a01a7fbc7fa4cd16c6f9a188055e /src/pki_gcrypt.c
parent: c7628fbfea9ba889cfb1c7fdcc66e233b8c1d673 (diff)
download: libssh-b72c9eead6c40c8710af2913faedde3c5eb4384e.tar.gz
libssh-b72c9eead6c40c8710af2913faedde3c5eb4384e.tar.xz
libssh-b72c9eead6c40c8710af2913faedde3c5eb4384e.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/src/pki_gcrypt.c b/src/pki_gcrypt.c
index 5506edfb..c0cf5926 100644
--- a/src/pki_gcrypt.c
+++ b/src/pki_gcrypt.c
@@ -2034,6 +2034,14 @@ int pki_signature_verify(ssh_session session,
     gcry_sexp_t sexp;
     gcry_error_t err;
 
+    if (key->type != sig->type) {
+        SSH_LOG(SSH_LOG_WARN,
+                "Can not verify %s signature with %s key",
+                sig->type_c,
+                key->type_c);
+        return SSH_ERROR;
+    }
+
     switch(key->type) {
         case SSH_KEYTYPE_DSS:
             /* That is to mark the number as positive */
author	Jakub Jelen <jjelen@redhat.com>	2018-11-26 18:02:22 +0100
committer	Andreas Schneider <asn@cryptomilk.org>	2018-11-30 16:26:07 +0100
commit	b72c9eead6c40c8710af2913faedde3c5eb4384e (patch)
tree	bcaec91b3c35a01a7fbc7fa4cd16c6f9a188055e /src/pki_gcrypt.c
parent	c7628fbfea9ba889cfb1c7fdcc66e233b8c1d673 (diff)
download	libssh-b72c9eead6c40c8710af2913faedde3c5eb4384e.tar.gz libssh-b72c9eead6c40c8710af2913faedde3c5eb4384e.tar.xz libssh-b72c9eead6c40c8710af2913faedde3c5eb4384e.zip