1
0
mirror of https://github.com/moparisthebest/curl synced 2025-01-03 09:58:02 -05:00

ssh: do not crash if MD5 fingerprint is not provided by libssh2

The MD5 fingerprint cannot be computed when running in FIPS mode.
This commit is contained in:
Kamil Dudka 2012-09-12 16:18:36 +02:00
parent ce515e993f
commit f05e51362f
2 changed files with 15 additions and 8 deletions

View File

@ -42,6 +42,7 @@ This release includes the following bugfixes:
o gnutls: do not fail on non-fatal handshake errors [15] o gnutls: do not fail on non-fatal handshake errors [15]
o SMTP: only send SIZE if supported [16] o SMTP: only send SIZE if supported [16]
o ftpserver: respond with a 250 to SMTP EHLO o ftpserver: respond with a 250 to SMTP EHLO
o ssh: do not crash if MD5 fingerprint is not provided by libssh2
This release includes the following known bugs: This release includes the following known bugs:

View File

@ -650,19 +650,25 @@ static bool ssh_check_fingerprint(struct connectdata *conn)
const char *fingerprint = libssh2_hostkey_hash(sshc->ssh_session, const char *fingerprint = libssh2_hostkey_hash(sshc->ssh_session,
LIBSSH2_HOSTKEY_HASH_MD5); LIBSSH2_HOSTKEY_HASH_MD5);
if(fingerprint) {
/* The fingerprint points to static storage (!), don't free() it. */ /* The fingerprint points to static storage (!), don't free() it. */
for(i = 0; i < 16; i++) for(i = 0; i < 16; i++)
snprintf(&md5buffer[i*2], 3, "%02x", (unsigned char) fingerprint[i]); snprintf(&md5buffer[i*2], 3, "%02x", (unsigned char) fingerprint[i]);
infof(data, "SSH MD5 fingerprint: %s\n", md5buffer); infof(data, "SSH MD5 fingerprint: %s\n", md5buffer);
}
/* Before we authenticate we check the hostkey's MD5 fingerprint /* Before we authenticate we check the hostkey's MD5 fingerprint
* against a known fingerprint, if available. * against a known fingerprint, if available.
*/ */
if(pubkey_md5 && strlen(pubkey_md5) == 32) { if(pubkey_md5 && strlen(pubkey_md5) == 32) {
if(!strequal(md5buffer, pubkey_md5)) { if(!fingerprint || !strequal(md5buffer, pubkey_md5)) {
if(fingerprint)
failf(data, failf(data,
"Denied establishing ssh session: mismatch md5 fingerprint. " "Denied establishing ssh session: mismatch md5 fingerprint. "
"Remote %s is not equal to %s", md5buffer, pubkey_md5); "Remote %s is not equal to %s", md5buffer, pubkey_md5);
else
failf(data,
"Denied establishing ssh session: md5 fingerprint not available");
state(conn, SSH_SESSION_FREE); state(conn, SSH_SESSION_FREE);
sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION; sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION;
return sshc->actualcode; return sshc->actualcode;