openssh bugs - Jun 2010 - [Bug 1784] New: ssh-keygen fails when filename of key file contains multiple slashes

https://bugzilla.mindrot.org/show_bug.cgi?id=1784

           Summary: ssh-keygen fails when filename of key file contains
                    multiple slashes
           Product: Portable OpenSSH
           Version: 5.2p1
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: ssh-keygen
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: srinidhi.bs at gmail.com


In Linux, multiple slashes in the file path have the same effect as a
single slash character. For example, "/home//foo/" is the same as
"/home/foo/". ssh-keygen doesn't work with filenames containing
multiple slashes.

Behavior of ssh-keygen With double slashes:

# su - foo -c "ssh-keygen -t rsa -f /home/foo//.ssh/id_rsa -N
''"
Generating public/private rsa key pair.
open /home/foo//.ssh/id_rsa failed: No such file or directory.
Saving the key failed: /home/foo//.ssh/id_rsa.

# su - foo -c "ssh-keygen -t rsa -f /home/foo/.ssh/id_rsa -N
''"
Generating public/private rsa key pair.
Created directory '/home/foo/.ssh'.
Your identification has been saved in /home/foo/.ssh/id_rsa.
Your public key has been saved in /home/foo/.ssh/id_rsa.pub.
The key fingerprint is:
3a:1b:5a:af:3a:0a:f4:32:da:87:a9:e6:98:b0:d4:87 foo at toruk
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|                 |
|                 |
|                 |
| .      S        |
|. o .  .         |
|o+ E .=          |
|=*= +o =         |
|Ooooooo..        |
+-----------------+

# getent passwd foo
foo:x:1004:100::/home/foo:/bin/bash

# ssh -V
OpenSSH_5.2p1, OpenSSL 0.9.8k 25 Mar 2009

I have also seen the same behavior with OpenSSH_4.2p1.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1784

--- Comment #1 from B S Srinidhi <srinidhi.bs at gmail.com>  ---
It looks like the following code snippet might be the cause:

 1896:        /* Create ~/.ssh directory if it doesn't already exist.
*/
 1897:        snprintf(dotsshdir, sizeof dotsshdir, "%s/%s",
 1898:            pw->pw_dir, _PATH_SSH_USER_DIR);
 1899:        if (strstr(identity_file, dotsshdir) != NULL) {

From:
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/ssh-keygen.c?annotate=1.190

dotsshdir is expected to be a substring of identity_file. I think
before
calling strstr() on the 2 strings, identity_file should be
canonicalized
- either by realpath() or canonicalize_file_name()

On the same note, ssh-keygen will fail if the identity_file contains a
relative path:

# su - foo -c "ssh-keygen -t rsa -f /home/foo/bin/../.ssh/id_rsa -N
''"
Generating public/private rsa key pair.
open /home/foo/bin/../.ssh/id_rsa failed: No such file or directory.
Saving the key failed: /home/foo/bin/../.ssh/id_rsa.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1784

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org
            Summary|ssh-keygen fails when       |ssh-keygen fails to create
                   |filename of key file        |.ssh directory when
                   |contains multiple slashes   |filename of key file
                   |                            |contains multiple slashes
             Status|NEW                         |RESOLVED
         Resolution|                            |WONTFIX

--- Comment #2 from Damien Miller <djm at mindrot.org>  ---
If you are explicitly passing a path to ssh-keygen then don't count on
it to create the directory components for you. I don't think this is
worth complicating our code to fix.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1784

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #3 from Damien Miller <djm at mindrot.org> 2011-01-24 12:33:47
EST ---
Move resolved bugs to CLOSED after 5.7 release

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.