agent: unknown flags on ssh signing requests cause an error. T3880 T3880-fix
authorDaniel Kahn Gillmor <dkg@fifthhorseman.net>
Mon, 9 Apr 2018 22:06:38 +0000 (18:06 -0400)
committerDaniel Kahn Gillmor <dkg@fifthhorseman.net>
Mon, 9 Apr 2018 22:06:38 +0000 (18:06 -0400)
* agent/command-ssh.c (ssh_handler_sign_request): if a flag is passed
during an signature request that we do not know how to apply, return
GPG_ERR_UNKNOWN_OPTION.

--

https://tools.ietf.org/html/draft-miller-ssh-agent-02#section-4.5 says:

    If the agent does not support the requested flags, or is otherwise
    unable or unwilling to generate the signature (e.g. because it
    doesn't have the specified key, or the user refused confirmation of a
    constrained key), it must reply with a SSH_AGENT_FAILURE message.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
GnuPG-bug-id: 3880

agent/command-ssh.c

index 5317df5..ac67dd0 100644 (file)
@@ -2864,7 +2864,7 @@ ssh_handler_sign_request (ctrl_t ctrl, estream_t request, estream_t response)
   unsigned char *sig = NULL;
   size_t sig_n;
   u32 data_size;
-  u32 flags;
+  u32 flags, known_flags = 0;
   gpg_error_t err;
   gpg_error_t ret_err;
   int hash_algo;
@@ -2890,6 +2890,7 @@ ssh_handler_sign_request (ctrl_t ctrl, estream_t request, estream_t response)
 
   if (spec.algo == GCRY_PK_RSA)
     {
+      known_flags = SSH_AGENT_RSA_SHA2_256 | SSH_AGENT_RSA_SHA2_512;
       if ((flags & SSH_AGENT_RSA_SHA2_256))
         {
           spec.ssh_identifier = "rsa-sha2-256";
@@ -2902,6 +2903,13 @@ ssh_handler_sign_request (ctrl_t ctrl, estream_t request, estream_t response)
         }
     }
 
+  /* some flag is present that we do not know about. */
+  if (flags & ~known_flags)
+    {
+      err = gpg_error (GPG_ERR_UNKNOWN_OPTION);
+      goto out;
+    }
+
   hash_algo = spec.hash_algo;
   if (!hash_algo)
     hash_algo = GCRY_MD_SHA1;  /* Use the default.  */