Subject: Fwd: libssh2_knownhost_check key format

Fwd: libssh2_knownhost_check key format

From: Alexander Lamaison <swish_at_lammy.co.uk>
Date: Sat, 6 Mar 2010 20:17:41 +0000

Am I misinterpreting the libssh2_knownhost_check API?

I'm trying to display the old and new host-keys to my users when there
is a mismatch and so I looked at what curl does.  However, I'm not
convinced it's using the API correctly.  It appears to try to use
binary data as NULL-terminated string:

     keycheck = libssh2_knownhost_check(sshc->kh,
                                        conn->host.name,
                                        remotekey, keylen,
                                        LIBSSH2_KNOWNHOST_TYPE_PLAIN|
                                        LIBSSH2_KNOWNHOST_KEYENC_RAW|
                                        keybit,
                                        &host);

The key held by 'host' here should be in binary format because
LIBSSH2_KNOWNHOST_KEYENC_RAW was used.  But now curl tries to treat it
like a NULL-terminated string:

     infof(data, "SSH host check: %d, key: %s\n", keycheck,
           (keycheck <= LIBSSH2_KNOWNHOST_CHECK_MISMATCH)?
           host->key:"<none>");

As the key will always start with '\0' this would lead to no key
showing up in the final string.  Then it stores the key in a struct
whose specification says "points to a zero-terminated string encoded
with base64 if len is zero, otherwise to the raw data":

     /* setup 'knownkey' */
     if(keycheck <= LIBSSH2_KNOWNHOST_CHECK_MISMATCH) {
       knownkey.key = host->key;
       knownkey.len = 0;
       knownkey.keytype = (keytype == LIBSSH2_HOSTKEY_TYPE_RSA)?
         CURLKHTYPE_RSA : CURLKHTYPE_DSS;
       knownkeyp = &knownkey;
     }

So clearly this code is assuming again that the key is a
NULL-terminated base64-encoded string which AFAICS it isn't.

This may be a curl bug but I'm posting it here first in case I'm
misinterpreting the knownhost API.  Am I?

Alex
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2010-03-06