From 9fc2073320b27f003764c2d78541a41e306a7f2a Mon Sep 17 00:00:00 2001
From: Hans Nilsson <hans@erlang.org>
Date: Tue, 10 Oct 2017 21:58:46 +0200
Subject: ssh: Server checks host key files at start and at accept

---
 lib/ssh/src/ssh.erl                    |  6 ++++
 lib/ssh/src/ssh_connection_handler.erl | 58 ++++++++++++++++------------------
 lib/ssh/src/ssh_transport.erl          | 10 ++++--
 3 files changed, 42 insertions(+), 32 deletions(-)

(limited to 'lib/ssh/src')

diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl
index 1a5d48baca..032d87bdad 100644
--- a/lib/ssh/src/ssh.erl
+++ b/lib/ssh/src/ssh.erl
@@ -188,6 +188,7 @@ daemon(Port) ->
 daemon(Socket, UserOptions) when is_port(Socket) ->
     try
         #{} = Options = ssh_options:handle_options(server, UserOptions),
+
         case valid_socket_to_use(Socket, ?GET_OPT(transport,Options)) of
             ok ->
                 {ok, {IP,Port}} = inet:sockname(Socket),
@@ -461,6 +462,9 @@ open_listen_socket(_Host0, Port0, Options0) ->
 %%%----------------------------------------------------------------
 finalize_start(Host, Port, Profile, Options0, F) ->
     try
+        %% throws error:Error if no usable hostkey is found
+        ssh_connection_handler:available_hkey_algorithms(server, Options0),
+
         sshd_sup:start_child(Host, Port, Profile, Options0)
     of
         {error, {already_started, _}} ->
@@ -470,6 +474,8 @@ finalize_start(Host, Port, Profile, Options0, F) ->
         Result = {ok,_} ->
             F(Options0, Result)
     catch
+        error:{shutdown,Err} ->
+            {error,Err};
         exit:{noproc, _} ->
             {error, ssh_not_started}
     end.
diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl
index 4158a52a27..802bf62570 100644
--- a/lib/ssh/src/ssh_connection_handler.erl
+++ b/lib/ssh/src/ssh_connection_handler.erl
@@ -46,6 +46,7 @@
 
 %%% Internal application API
 -export([start_connection/4,
+         available_hkey_algorithms/2,
 	 open_channel/6,
 	 request/6, request/7,
 	 reply_request/3, 
@@ -432,13 +433,12 @@ init_ssh_record(Role, Socket, Opts) ->
     init_ssh_record(Role, Socket, PeerAddr, Opts).
 
 init_ssh_record(Role, _Socket, PeerAddr, Opts) ->
-    KeyCb = ?GET_OPT(key_cb, Opts),
     AuthMethods = ?GET_OPT(auth_methods, Opts),
     S0 = #ssh{role = Role,
-	      key_cb = KeyCb,
+	      key_cb = ?GET_OPT(key_cb, Opts),
 	      opts = Opts,
 	      userauth_supported_methods = AuthMethods,
-	      available_host_keys = supported_host_keys(Role, KeyCb, Opts),
+	      available_host_keys = available_hkey_algorithms(Role, Opts),
 	      random_length_padding = ?GET_OPT(max_random_length_padding, Opts)
 	   },
 
@@ -1544,44 +1544,42 @@ peer_role(client) -> server;
 peer_role(server) -> client.
 
 %%--------------------------------------------------------------------
-supported_host_keys(client, _, Options) ->
-    try
-        find_sup_hkeys(Options)
-    of
-	[] ->
+available_hkey_algorithms(Role, Options) ->
+    KeyCb = ?GET_OPT(key_cb, Options),
+    case [A || A <- available_hkey_algos(Options),
+               (Role==client) orelse available_host_key(KeyCb, A, Options)
+         ] of
+        
+        [] when Role==client ->
 	    error({shutdown, "No public key algs"});
-	Algs ->
-	    [atom_to_list(A) || A<-Algs]
-    catch
-	exit:Reason ->
-	    error({shutdown, Reason})
-    end;
-supported_host_keys(server, KeyCb, Options) ->
-    [atom_to_list(A) || A <- find_sup_hkeys(Options),
-			available_host_key(KeyCb, A, Options)
-    ].
 
+        [] when Role==server ->
+	    error({shutdown, "No host key available"});
 
-find_sup_hkeys(Options) ->
-    case proplists:get_value(public_key,
-                             ?GET_OPT(preferred_algorithms,Options)
-                            )
-    of
-        undefined ->
-            ssh_transport:default_algorithms(public_key);
-        L ->
-            NonSupported =  L--ssh_transport:supported_algorithms(public_key),
-            L -- NonSupported
+	Algs ->
+	    [atom_to_list(A) || A<-Algs]
     end.
 
 
+available_hkey_algos(Options) ->
+    SupAlgos = ssh_transport:supported_algorithms(public_key),
+    HKeys = proplists:get_value(public_key,
+                                ?GET_OPT(preferred_algorithms,Options)
+                               ),
+    NonSupported =  HKeys -- SupAlgos,
+    AvailableAndSupported = HKeys -- NonSupported,
+    AvailableAndSupported.
+
 
 %% Alg :: atom()
 available_host_key({KeyCb,KeyCbOpts}, Alg, Opts) ->
     UserOpts = ?GET_OPT(user_options, Opts),
     case KeyCb:host_key(Alg, [{key_cb_private,KeyCbOpts}|UserOpts]) of
-        {ok,_} -> true;
-        _ -> false
+        {ok,Key} ->
+            %% Check the key - the KeyCb may be a buggy plugin
+            ssh_transport:valid_key_sha_alg(Key, Alg);
+        _ ->
+            false
     end.
 
 
diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl
index 2c5a8ad26e..d8f7a96c15 100644
--- a/lib/ssh/src/ssh_transport.erl
+++ b/lib/ssh/src/ssh_transport.erl
@@ -795,8 +795,14 @@ get_host_key(SSH, SignAlg) ->
     #ssh{key_cb = {KeyCb,KeyCbOpts}, opts = Opts} = SSH,
     UserOpts = ?GET_OPT(user_options, Opts),
     case KeyCb:host_key(SignAlg, [{key_cb_private,KeyCbOpts}|UserOpts]) of
-	{ok, PrivHostKey} ->  PrivHostKey;
-	Result -> exit({error, {Result, unsupported_key_type}})
+	{ok, PrivHostKey} ->
+            %% Check the key - the KeyCb may be a buggy plugin
+            case valid_key_sha_alg(PrivHostKey, SignAlg) of
+                true -> PrivHostKey;
+                false -> exit({error, bad_hostkey})
+            end;
+	Result ->
+            exit({error, {Result, unsupported_key_type}})
     end.
 
 extract_public_key(#'RSAPrivateKey'{modulus = N, publicExponent = E}) ->
-- 
cgit v1.2.3