From 09aa807240b9dcde78a919ff712316a1daf0655e Mon Sep 17 00:00:00 2001 From: Jay Satiro Date: Sun, 23 Feb 2020 18:37:09 -0500 Subject: libssh: Fix matching user-specified MD5 hex key Prior to this change a match would never be successful because it was mistakenly coded to compare binary data from libssh to a user-specified hex string (ie CURLOPT_SSH_HOST_PUBLIC_KEY_MD5). Reported-by: fds242@users.noreply.github.com Fixes https://github.com/curl/curl/issues/4971 Closes https://github.com/curl/curl/pull/4974 --- tests/sshserver.pl | 28 ++++++++++++++++++++++++---- 1 file changed, 24 insertions(+), 4 deletions(-) (limited to 'tests/sshserver.pl') diff --git a/tests/sshserver.pl b/tests/sshserver.pl index 197e8b872..4414ca51b 100644 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -28,6 +28,9 @@ use strict; use warnings; use Cwd; use Cwd 'abs_path'; +use Digest::MD5; +use Digest::MD5 'md5_hex'; +use MIME::Base64; #*************************************************************************** # Variables and subs imported from sshhelp module @@ -48,6 +51,7 @@ use sshhelp qw( $sftpcmds $hstprvkeyf $hstpubkeyf + $hstpubmd5f $cliprvkeyf $clipubkeyf display_sshdconfig @@ -357,10 +361,11 @@ if((($sshid =~ /OpenSSH/) && ($sshvernum < 299)) || # if((! -e $hstprvkeyf) || (! -s $hstprvkeyf) || (! -e $hstpubkeyf) || (! -s $hstpubkeyf) || + (! -e $hstpubmd5f) || (! -s $hstpubmd5f) || (! -e $cliprvkeyf) || (! -s $cliprvkeyf) || (! -e $clipubkeyf) || (! -s $clipubkeyf)) { # Make sure all files are gone so ssh-keygen doesn't complain - unlink($hstprvkeyf, $hstpubkeyf, $cliprvkeyf, $clipubkeyf); + unlink($hstprvkeyf, $hstpubkeyf, $hstpubmd5f, $cliprvkeyf, $clipubkeyf); logmsg 'generating host keys...' if($verbose); if(system "\"$sshkeygen\" -q -t rsa -f $hstprvkeyf -C 'curl test server' -N ''") { logmsg 'Could not generate host key'; @@ -374,6 +379,21 @@ if((! -e $hstprvkeyf) || (! -s $hstprvkeyf) || # Make sure that permissions are restricted so openssh doesn't complain system "chmod 600 $hstprvkeyf"; system "chmod 600 $cliprvkeyf"; + # Save md5 hash of public host key + open(RSAKEYFILE, "<$hstpubkeyf"); + my @rsahostkey = do { local $/ = ' '; }; + close(RSAKEYFILE); + if(!$rsahostkey[1]) { + logmsg 'Failed parsing base64 encoded RSA host key'; + exit 1; + } + open(PUBMD5FILE, ">$hstpubmd5f"); + print PUBMD5FILE md5_hex(decode_base64($rsahostkey[1])); + close(PUBMD5FILE); + if((! -e $hstpubmd5f) || (! -s $hstpubmd5f)) { + logmsg 'Failed writing md5 hash of RSA host key'; + exit 1; + } } @@ -1099,8 +1119,8 @@ elsif($verbose && ($rc >> 8)) { #*************************************************************************** # Clean up once the server has stopped # -unlink($hstprvkeyf, $hstpubkeyf, $cliprvkeyf, $clipubkeyf, $knownhosts); -unlink($sshdconfig, $sshconfig, $sftpconfig); - +unlink($hstprvkeyf, $hstpubkeyf, $hstpubmd5f, + $cliprvkeyf, $clipubkeyf, $knownhosts, + $sshdconfig, $sshconfig, $sftpconfig); exit 0; -- cgit v1.2.3