From 7d21cff19caa3f547b2606a11b65efbae9540dbb Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Sun, 31 Mar 2024 14:19:10 +0800 Subject: [PATCH] Check whether server pk_ok signature name is known The would only happen from a misbehaved server, it hits an assertion. Fixes #285 on github --- src/cli-authpubkey.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/cli-authpubkey.c b/src/cli-authpubkey.c index 975d3bde2..5d5cea19e 100644 --- a/src/cli-authpubkey.c +++ b/src/cli-authpubkey.c @@ -66,6 +66,10 @@ void recv_msg_userauth_pk_ok() { algotype = buf_getstring(ses.payload, &algolen); sigtype = signature_type_from_name(algotype, algolen); + if (sigtype == DROPBEAR_SIGNATURE_NONE) { + /* Server replied with an algorithm that we didn't send */ + dropbear_exit("Bad pk_ok"); + } keytype = signkey_type_from_signature(sigtype); TRACE(("recv_msg_userauth_pk_ok: type %d", sigtype)) m_free(algotype);