search for: ssh_krl_from_blob

...omponent: ssh-keygen Assignee: unassigned-bugs at mindrot.org Reporter: peter at pean.org When I have a KRL containing revokations from multiple CA it gets corrupted some way. sshd cant read it. This is what sshd says: debug1: KRL version 0 generated at 20141114T080704 debug3: ssh_krl_from_blob: first pass, section 0x01 debug3: ssh_krl_from_blob: first pass, section 0x01 debug3: ssh_krl_from_blob: second pass, section 0x01 debug3: parse_revoked_certs: subsection type 0x20 debug3: revoked_certs_for_ca_key: new CA RSA debug3: parse_revoked_certs: subsection type 0x22 debug3: parse_revoked_c...

...t parse cursor, rather than the number of parsed bytes before the cursor, is used as the length of the data to be verified. I don't believe this bug has any security implications, though, since both lengths are necessarily smaller than the length of buf. Fixing this bug uncovers another bug in ssh_krl_from_blob [3]: "if (sshbuf_len(sect) > 0)" should read "if (sect != NULL && sshbuf_len(sect) > 0)" (or similar), since a KRL_SECTION_SIGNATURE above might cause sect to be set to NULL. This bug results in a segmentation fault, but I don't believe it can be triggered with...

...ee - HEAD 3dfd8d93dfcc69261f5af99df56f3ff598581979 - rijndael.c:1104:7: error: ?Td4? undeclared (first use in this function) (Td4[(t0 >> 24) ] << 24) ^ ^ introduced in commit a1f8110cd5ed818d59b3a2964fab7de76e92c18e - ./libssh.a(krl.o): In function `ssh_krl_from_blob': krl.c:1007: undefined reference to `reallocarray' introduced in commit in 74de254bb92c684cf53461da97f52d5ba34ded80 - reallocarray() seems to only part of openbsd-5.6 stdlib Petr -- Petr Lautrbach

Hi, In ssh_krl_from_blob(), krl.c:984, /* Record keys used to sign the KRL */ xrealloc(ca_used, nca_used + 1, sizeof(*ca_used)); ca_used[nca_used++] = key; The result of `xrealloc' is never assigned to `ca_used', which remains a null pointer. Will ca_used[...] crash?. Did I miss anything? Thanks. - xi

Hello. I am trying to play through the following test scenario about certificate revocation on Ubuntu 18.04, which has OpenSSH of this version: OpenSSH_7.6p1 Ubuntu-4, OpenSSL 1.0.2n? 7 Dec 2017 1. A CA key is created ssh-keygen -t ed25519 -f ca 2. The CA public key is added to ~/.ssh/authorized_keys on some server: cert-authority ssh-ed25519 AAAA...e ca at yoga 3. A user key is created on a

Hi, It's that time again... OpenSSH 6.2 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This release contains some substantial new features and a number of bugfixes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD:

https://bugzilla.mindrot.org/show_bug.cgi?id=2687 Bug ID: 2687 Summary: Coverity scan fixes Product: Portable OpenSSH Version: 7.4p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: Miscellaneous Assignee: unassigned-bugs at mindrot.org