pki: Sanitize input to verification

Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-26 18:02:22 +01:00 · 2018-11-26 18:02:22 +01:00 · b72c9eead6
--- a/src/pki_crypto.c
+++ b/src/pki_crypto.c
@ -1797,7 +1797,15 @@ int pki_signature_verify(ssh_session session,
    int rc;
    int nid;

-    switch(key->type) {
+    if (key->type != sig->type) {
+        SSH_LOG(SSH_LOG_WARN,
+                "Can not verify %s signature with %s key",
+                sig->type_c,
+                key->type_c);
+        return SSH_ERROR;
+    }
+
+    switch (key->type) {
        case SSH_KEYTYPE_DSS:
            rc = DSA_do_verify(hash,
                               hlen,
--- a/src/pki_gcrypt.c
+++ b/src/pki_gcrypt.c
@ -2034,6 +2034,14 @@ int pki_signature_verify(ssh_session session,
    gcry_sexp_t sexp;
    gcry_error_t err;

+    if (key->type != sig->type) {
+        SSH_LOG(SSH_LOG_WARN,
+                "Can not verify %s signature with %s key",
+                sig->type_c,
+                key->type_c);
+        return SSH_ERROR;
+    }
+
    switch(key->type) {
        case SSH_KEYTYPE_DSS:
            /* That is to mark the number as positive */
--- a/src/pki_mbedcrypto.c
+++ b/src/pki_mbedcrypto.c
@ -1008,6 +1008,14 @@ int pki_signature_verify(ssh_session session, const ssh_signature sig, const
    int rc;
    mbedtls_md_type_t md = 0;

+    if (key->type != sig->type) {
+        SSH_LOG(SSH_LOG_WARN,
+                "Can not verify %s signature with %s key",
+                sig->type_c,
+                key->type_c);
+        return SSH_ERROR;
+    }
+
    switch (key->type) {
        case SSH_KEYTYPE_RSA:
            switch (sig->hash_type) {