GNOME Bugzilla – Bug 795699
ssh-agent: Reject SSH v1 public key
Last modified: 2018-07-14 05:46:47 UTC
Reported in Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=1568895
Created attachment 371559 [details] [review] ssh-agent: Make public key parsing robuster Previously, _gkd_ssh_agent_parse_public_key() mistakenly accepted OpenSSH v1 keys as valid, because the second component of the key line looks like a base64 blob: 2048 65537 2444136... This patch checks that the component is really base64 encoded, by checking the length is a multiple of 4.
Attachment 371559 [details] pushed as f3f3cc7 - ssh-agent: Make public key parsing robuster
> Note that this solution is not perfect, as there could be a key with a > public exponent whose decimal length is multiple of 4. More thorough > approach would be to call ssh-keygen -l on each public key. A very robust method would be to compare key types, as the base64 blob *always* starts with its own type as a SSH-string (length-prefixed), e.g ssh-rsa blobs begin with "\x00\x00\x00\x07ssh-rsa"...
Indeed, that sounds like a good idea. Would you like to create a patch?
I've filed an MR here https://gitlab.gnome.org/GNOME/gnome-keyring/merge_requests/2 It would be nice if you could give a quick review.