ssh: Server checks host key files at start and at accept

author: Hans Nilsson <[email protected]> 2017-10-10 21:58:46 +0200
committer: Hans Nilsson <[email protected]> 2017-10-30 11:59:23 +0100
commit: 9fc2073320b27f003764c2d78541a41e306a7f2a (patch)
tree: 5803fb763b40ead2c658bcb702c3a617a338cbd3 /lib/ssh/src/ssh_transport.erl
parent: 70114aab0eeed0ba10f5ee7497362dcb62d9d892 (diff)
download: otp-9fc2073320b27f003764c2d78541a41e306a7f2a.tar.gz
otp-9fc2073320b27f003764c2d78541a41e306a7f2a.tar.bz2
otp-9fc2073320b27f003764c2d78541a41e306a7f2a.zip
1 files changed, 8 insertions, 2 deletions
diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl
index 2c5a8ad26e..d8f7a96c15 100644
--- a/lib/ssh/src/ssh_transport.erl
+++ b/lib/ssh/src/ssh_transport.erl
@@ -795,8 +795,14 @@ get_host_key(SSH, SignAlg) ->
     #ssh{key_cb = {KeyCb,KeyCbOpts}, opts = Opts} = SSH,
     UserOpts = ?GET_OPT(user_options, Opts),
     case KeyCb:host_key(SignAlg, [{key_cb_private,KeyCbOpts}|UserOpts]) of
-	{ok, PrivHostKey} ->  PrivHostKey;
-	Result -> exit({error, {Result, unsupported_key_type}})
+	{ok, PrivHostKey} ->
+            %% Check the key - the KeyCb may be a buggy plugin
+            case valid_key_sha_alg(PrivHostKey, SignAlg) of
+                true -> PrivHostKey;
+                false -> exit({error, bad_hostkey})
+            end;
+	Result ->
+            exit({error, {Result, unsupported_key_type}})
     end.
 
 extract_public_key(#'RSAPrivateKey'{modulus = N, publicExponent = E}) ->
author	Hans Nilsson <[email protected]>	2017-10-10 21:58:46 +0200
committer	Hans Nilsson <[email protected]>	2017-10-30 11:59:23 +0100
commit	9fc2073320b27f003764c2d78541a41e306a7f2a (patch)
tree	5803fb763b40ead2c658bcb702c3a617a338cbd3 /lib/ssh/src/ssh_transport.erl
parent	70114aab0eeed0ba10f5ee7497362dcb62d9d892 (diff)
download	otp-9fc2073320b27f003764c2d78541a41e306a7f2a.tar.gz otp-9fc2073320b27f003764c2d78541a41e306a7f2a.tar.bz2 otp-9fc2073320b27f003764c2d78541a41e306a7f2a.zip