From 2d6298de90b74f4660865e28bf00a9a43c8dd1ca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Juhani=20Krekel=C3=A4?= Date: Sun, 5 Jan 2020 18:58:57 +0200 Subject: [PATCH] Verify the public keys we're sending and handle parse failure --- kishib.py | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/kishib.py b/kishib.py index 6abb3a7..4dfeba8 100644 --- a/kishib.py +++ b/kishib.py @@ -186,6 +186,10 @@ def parse_pubkey(pubkey): pubkey = pubkey[:-1] fields = pubkey.split(b' ') + # There should be no newlines after this + if b'\n' in pubkey: + raise PubkeyParseError + # algorithm keymaterial [comment] if len(fields) < 2: raise PubkeyParseError @@ -305,11 +309,20 @@ def main(): except IOError as err: error('Could not read server public key: %s' % err) + try: + parse_pubkey(server_pubkey) + except PubkeyParseError: + error('Public key is in an unrecognized format') + client_pubkey = server(server_pubkey, port) verify(client_pubkey, server_pubkey) - algorithm, keymaterial, comment = parse_pubkey(client_pubkey) + try: + algorithm, keymaterial, comment = parse_pubkey(client_pubkey) + except PubkeyParseError: + error('Parse error on client\'s pubkey') + authorized_keys_entry = serialize_authorized_keys(algorithm, keymaterial, comment) if output_file is None: @@ -355,6 +368,11 @@ def main(): except IOError as err: error('Could not read client public key: %s' % err) + try: + parse_pubkey(client_pubkey) + except PubkeyParseError: + error('Public key is in an unrecognized format') + host, = fixed # Support internationalized domain names host = host.encode('idna').decode() @@ -363,7 +381,11 @@ def main(): verify(client_pubkey, server_pubkey) - algorithm, keymaterial, comment = parse_pubkey(server_pubkey) + try: + algorithm, keymaterial, comment = parse_pubkey(server_pubkey) + except PubkeyParseError: + error('Parse error on server\'s pubkey') + known_hosts_entry = serialize_known_hosts(host.encode(), ssh_port, algorithm, keymaterial) if output_file is None: