Am I misinterpreting the libssh2_knownhost_check API?
I'm trying to display the old and new host-keys to my users when there
is a mismatch and so I looked at what curl does. However, I'm not
convinced it's using the API correctly. It appears to try to use
binary data as NULL-terminated string:
keycheck = libssh2_knownhost_check(sshc->kh,
conn->host.name,
remotekey, keylen,
LIBSSH2_KNOWNHOST_TYPE_PLAIN|
LIBSSH2_KNOWNHOST_KEYENC_RAW|
keybit,
&host);
The key held by 'host' here should be in binary format because
LIBSSH2_KNOWNHOST_KEYENC_RAW was used. But now curl tries to treat it
like a NULL-terminated string:
infof(data, "SSH host check: %d, key: %s\n", keycheck,
(keycheck <= LIBSSH2_KNOWNHOST_CHECK_MISMATCH)?
host->key:"<none>");
As the key will always start with '\0' this would lead to no key
showing up in the final string. Then it stores the key in a struct
whose specification says "points to a zero-terminated string encoded
with base64 if len is zero, otherwise to the raw data":
/* setup 'knownkey' */
if(keycheck <= LIBSSH2_KNOWNHOST_CHECK_MISMATCH) {
knownkey.key = host->key;
knownkey.len = 0;
knownkey.keytype = (keytype == LIBSSH2_HOSTKEY_TYPE_RSA)?
CURLKHTYPE_RSA : CURLKHTYPE_DSS;
knownkeyp = &knownkey;
}
So clearly this code is assuming again that the key is a
NULL-terminated base64-encoded string which AFAICS it isn't.
This may be a curl bug but I'm posting it here first in case I'm
misinterpreting the knownhost API. Am I?
Alex
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2010-03-06