Verify the public keys we're sending and handle parse failure
This commit is contained in:
parent
fe4ea1ab24
commit
2d6298de90
26
kishib.py
26
kishib.py
|
@ -186,6 +186,10 @@ def parse_pubkey(pubkey):
|
||||||
pubkey = pubkey[:-1]
|
pubkey = pubkey[:-1]
|
||||||
fields = pubkey.split(b' ')
|
fields = pubkey.split(b' ')
|
||||||
|
|
||||||
|
# There should be no newlines after this
|
||||||
|
if b'\n' in pubkey:
|
||||||
|
raise PubkeyParseError
|
||||||
|
|
||||||
# algorithm keymaterial [comment]
|
# algorithm keymaterial [comment]
|
||||||
if len(fields) < 2:
|
if len(fields) < 2:
|
||||||
raise PubkeyParseError
|
raise PubkeyParseError
|
||||||
|
@ -305,11 +309,20 @@ def main():
|
||||||
except IOError as err:
|
except IOError as err:
|
||||||
error('Could not read server public key: %s' % err)
|
error('Could not read server public key: %s' % err)
|
||||||
|
|
||||||
|
try:
|
||||||
|
parse_pubkey(server_pubkey)
|
||||||
|
except PubkeyParseError:
|
||||||
|
error('Public key is in an unrecognized format')
|
||||||
|
|
||||||
client_pubkey = server(server_pubkey, port)
|
client_pubkey = server(server_pubkey, port)
|
||||||
|
|
||||||
verify(client_pubkey, server_pubkey)
|
verify(client_pubkey, server_pubkey)
|
||||||
|
|
||||||
algorithm, keymaterial, comment = parse_pubkey(client_pubkey)
|
try:
|
||||||
|
algorithm, keymaterial, comment = parse_pubkey(client_pubkey)
|
||||||
|
except PubkeyParseError:
|
||||||
|
error('Parse error on client\'s pubkey')
|
||||||
|
|
||||||
authorized_keys_entry = serialize_authorized_keys(algorithm, keymaterial, comment)
|
authorized_keys_entry = serialize_authorized_keys(algorithm, keymaterial, comment)
|
||||||
|
|
||||||
if output_file is None:
|
if output_file is None:
|
||||||
|
@ -355,6 +368,11 @@ def main():
|
||||||
except IOError as err:
|
except IOError as err:
|
||||||
error('Could not read client public key: %s' % err)
|
error('Could not read client public key: %s' % err)
|
||||||
|
|
||||||
|
try:
|
||||||
|
parse_pubkey(client_pubkey)
|
||||||
|
except PubkeyParseError:
|
||||||
|
error('Public key is in an unrecognized format')
|
||||||
|
|
||||||
host, = fixed
|
host, = fixed
|
||||||
# Support internationalized domain names
|
# Support internationalized domain names
|
||||||
host = host.encode('idna').decode()
|
host = host.encode('idna').decode()
|
||||||
|
@ -363,7 +381,11 @@ def main():
|
||||||
|
|
||||||
verify(client_pubkey, server_pubkey)
|
verify(client_pubkey, server_pubkey)
|
||||||
|
|
||||||
algorithm, keymaterial, comment = parse_pubkey(server_pubkey)
|
try:
|
||||||
|
algorithm, keymaterial, comment = parse_pubkey(server_pubkey)
|
||||||
|
except PubkeyParseError:
|
||||||
|
error('Parse error on server\'s pubkey')
|
||||||
|
|
||||||
known_hosts_entry = serialize_known_hosts(host.encode(), ssh_port, algorithm, keymaterial)
|
known_hosts_entry = serialize_known_hosts(host.encode(), ssh_port, algorithm, keymaterial)
|
||||||
|
|
||||||
if output_file is None:
|
if output_file is None:
|
||||||
|
|
Loading…
Reference in New Issue