simon-git: putty (master): Simon Tatham
Commits to Tartarus hosted VCS
tartarus-commits at lists.tartarus.org
Sat May 26 18:07:48 BST 2018
TL;DR:
9375f59 Pageant: verify SSH-1 RSA keys before accepting them.
Repository: https://git.tartarus.org/simon/putty.git
On the web: https://git.tartarus.org/?p=simon/putty.git
Branch updated: master
Committer: Simon Tatham <anakin at pobox.com>
Date: 2018-05-26 18:07:48
commit 9375f594c22617ac543aa04b0f46e8ee4a36f5c0
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=9375f594c22617ac543aa04b0f46e8ee4a36f5c0;hp=f4ca28a0f49ff23c8a9835fe62e209aa2c7b5e61
Author: Simon Tatham <anakin at pobox.com>
Date: Sat May 26 18:00:23 2018 +0100
Pageant: verify SSH-1 RSA keys before accepting them.
In Friday's testing of the BinarySink work, I noticed that if you
accidentally add a mathematically invalid RSA1 key to Pageant, it will
accept it, getting into a state where it can fail assertions when
asked to use the key later. Added a call to rsa_verify(), triggering
an SSH_AGENT_FAILURE response if it doesn't agree the key is good.
pageant.c | 5 +++++
1 file changed, 5 insertions(+)
More information about the tartarus-commits
mailing list