aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHans Nilsson <[email protected]>2016-09-01 22:38:13 +0200
committerHans Nilsson <[email protected]>2016-09-02 10:32:20 +0200
commitc4e9732c040966366e0719a62550f30e45fc01a3 (patch)
tree9bd47e55da00a21a35e19c06d599669a18184cf4
parent068185ef518384c0141cc643820f3a2a103ff4c3 (diff)
downloadotp-c4e9732c040966366e0719a62550f30e45fc01a3.tar.gz
otp-c4e9732c040966366e0719a62550f30e45fc01a3.tar.bz2
otp-c4e9732c040966366e0719a62550f30e45fc01a3.zip
ssh: separate clauses for first and second pk auth msg
SSH sends the public key and user name twice. If we do not check the validity of that pair at the first time, Codenomicon Defensics will complain.
-rw-r--r--lib/ssh/src/ssh_auth.erl66
1 files changed, 35 insertions, 31 deletions
diff --git a/lib/ssh/src/ssh_auth.erl b/lib/ssh/src/ssh_auth.erl
index 1dcf5d0708..7793d77f36 100644
--- a/lib/ssh/src/ssh_auth.erl
+++ b/lib/ssh/src/ssh_auth.erl
@@ -260,43 +260,45 @@ handle_userauth_request(#ssh_msg_userauth_request{user = User,
handle_userauth_request(#ssh_msg_userauth_request{user = User,
service = "ssh-connection",
method = "publickey",
- data = Data},
+ data = <<?BYTE(?FALSE),
+ ?UINT32(ALen), BAlg:ALen/binary,
+ ?UINT32(KLen), KeyBlob:KLen/binary,
+ _/binary
+ >>
+ },
SessionId,
#ssh{opts = Opts,
userauth_supported_methods = Methods} = Ssh) ->
- <<?BYTE(HaveSig),
- ?UINT32(ALen), BAlg:ALen/binary,
- Rest/binary>> = Data,
-
- {KeyBlob, SigWLen} =
- case Rest of
- <<?UINT32(KLen0), KeyBlob0:KLen0/binary, SigWLen0/binary>> ->
- {KeyBlob0, SigWLen0};
- <<>> ->
- {<<>>, <<>>}
- end,
+ {not_authorized, {User, undefined},
+ ssh_transport:ssh_packet(
+ #ssh_msg_userauth_pk_ok{algorithm_name = binary_to_list(BAlg),
+ key_blob = KeyBlob}, Ssh)};
- case HaveSig of
- ?TRUE ->
- case verify_sig(SessionId, User, "ssh-connection",
- binary_to_list(BAlg),
- KeyBlob, SigWLen, Opts) of
- true ->
- {authorized, User,
- ssh_transport:ssh_packet(
- #ssh_msg_userauth_success{}, Ssh)};
- false ->
- {not_authorized, {User, undefined},
- ssh_transport:ssh_packet(#ssh_msg_userauth_failure{
- authentications = Methods,
- partial_success = false}, Ssh)}
- end;
- ?FALSE ->
- {not_authorized, {User, undefined},
+handle_userauth_request(#ssh_msg_userauth_request{user = User,
+ service = "ssh-connection",
+ method = "publickey",
+ data = <<?BYTE(?TRUE),
+ ?UINT32(ALen), BAlg:ALen/binary,
+ ?UINT32(KLen), KeyBlob:KLen/binary,
+ SigWLen/binary>>
+ },
+ SessionId,
+ #ssh{opts = Opts,
+ userauth_supported_methods = Methods} = Ssh) ->
+
+ case verify_sig(SessionId, User, "ssh-connection",
+ binary_to_list(BAlg),
+ KeyBlob, SigWLen, Opts) of
+ true ->
+ {authorized, User,
ssh_transport:ssh_packet(
- #ssh_msg_userauth_pk_ok{algorithm_name = binary_to_list(BAlg),
- key_blob = KeyBlob}, Ssh)}
+ #ssh_msg_userauth_success{}, Ssh)};
+ false ->
+ {not_authorized, {User, undefined},
+ ssh_transport:ssh_packet(#ssh_msg_userauth_failure{
+ authentications = Methods,
+ partial_success = false}, Ssh)}
end;
handle_userauth_request(#ssh_msg_userauth_request{user = User,
@@ -484,6 +486,8 @@ get_password_option(Opts, User) ->
false -> proplists:get_value(password, Opts, false)
end.
+%%pre_verify_sig(SessionId, User, Service, Alg, KeyBlob, Opts) ->
+
verify_sig(SessionId, User, Service, Alg, KeyBlob, SigWLen, Opts) ->
{ok, Key} = decode_public_key_v2(KeyBlob, Alg),
KeyCb = proplists:get_value(key_cb, Opts, ssh_file),