Unreviewed changes
1 is the latest approved patch-set.
The change was submitted with unreviewed changes in the following files:
```
The name of the file: ssh/keys.go
Insertions: 3, Deletions: 3.
@@ -193,7 +193,7 @@
return "", nil, nil, "", nil, err
}
if pubKey.Type() != wantType {
- return "", nil, nil, "", nil, fmt.Errorf("ssh: key type mismatch: found %q, want %q", pubKey.Type(), wantType)
+ return "", nil, nil, "", nil, fmt.Errorf("ssh: known hosts key type mismatch: human-readable type %q, encoded type %q", wantType, pubKey.Type())
}
return marker, strings.Split(hosts, ","), pubKey, comment, rest, nil
@@ -241,7 +241,7 @@
if string(in[:i]) == out.Type() {
return out, comment, options, rest, nil
}
- err = fmt.Errorf("ssh: key type mismatch: found %q, want %q", out.Type(), in[:i])
+ err = fmt.Errorf("ssh: authorized keys key type mismatch: human-readable type %q, encoded type %q", in[:i], out.Type())
}
lastErr = err
@@ -289,7 +289,7 @@
options = candidateOptions
return out, comment, options, rest, nil
}
- err = fmt.Errorf("ssh: key type mismatch: found %q, want %q", out.Type(), in[:i])
+ err = fmt.Errorf("ssh: authorized keys key type mismatch: human-readable type %q, encoded type %q", in[:i], out.Type())
}
lastErr = err
```
Change information
Commit message:
ssh: verify declared key type matches decoded key in authorized_keys
ParseAuthorizedKey and ParseKnownHosts previously ignored the key type
field (e.g. "ssh-rsa") in each entry, relying solely on the type
information embedded within the base64-encoded key blob.
For ParseAuthorizedKey this also caused a single-token option to be
silently dropped: a line such as "restrict <key>" (with the key type
omitted) was parsed as an unrestricted key, because the option token
landed in the key type position and was discarded together with its
meaning. The same happens for no-pty, no-port-forwarding and the other
single-word options. OpenSSH's sshkey_read rejects such lines outright,
as the option token cannot be read as a key type.
OpenSSH's sshkey_read also explicitly verifies that the key type
declared in the text matches the type of the parsed key, returning
SSH_ERR_KEY_TYPE_MISMATCH if they differ.
This change adds, in both functions, a check that the declared key type
matches the decoded key's type, returning an error for malformed lines
where they diverge. This mirrors the fix already applied to the
ssh/knownhosts package in CL 782427.
Change-Id: I9163108d964de4be8a415fe0efd68e6b71f77990
Files:
- M ssh/keys.go
- M ssh/keys_test.go
Change size: M
Delta: 2 files changed, 92 insertions(+), 10 deletions(-)
Branch: refs/heads/master