From 783e5fd206df968123a541a98c11b93f1d9da291 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Mon, 26 Nov 2018 15:42:26 +0100
Subject: pki: Verify the provided public key has expected type

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
 src/pki_crypto.c | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'src/pki_crypto.c')

diff --git a/src/pki_crypto.c b/src/pki_crypto.c
index 8f3b21ea..366b377d 100644
--- a/src/pki_crypto.c
+++ b/src/pki_crypto.c
@@ -1601,6 +1601,14 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
     int rc;
     BIGNUM *pr = NULL, *ps = NULL;
 
+    if (type != pubkey->type) {
+        SSH_LOG(SSH_LOG_WARN,
+                "Incompatible public key provided (%d) expecting (%d)",
+                type,
+                pubkey->type);
+        return NULL;
+    }
+
     sig = ssh_signature_new();
     if (sig == NULL) {
         return NULL;
-- 
cgit v1.2.3