diff --git a/src/auth.c b/src/auth.c index 7d3d1372..97b6a6e1 100644 --- a/src/auth.c +++ b/src/auth.c @@ -495,7 +495,24 @@ int ssh_userauth_try_publickey(ssh_session session, return SSH_ERROR; } - sig_type_c = ssh_key_get_signature_algorithm(session, pubkey->type); + switch (pubkey->type) { + case SSH_KEYTYPE_UNKNOWN: + ssh_set_error(session, + SSH_REQUEST_DENIED, + "Invalid key type (unknown)"); + return SSH_AUTH_DENIED; + case SSH_KEYTYPE_ECDSA: + sig_type_c = ssh_pki_key_ecdsa_name(pubkey); + break; + case SSH_KEYTYPE_DSS: + case SSH_KEYTYPE_RSA: + case SSH_KEYTYPE_RSA1: + case SSH_KEYTYPE_ED25519: + case SSH_KEYTYPE_DSS_CERT01: + case SSH_KEYTYPE_RSA_CERT01: + sig_type_c = ssh_key_get_signature_algorithm(session, pubkey->type); + break; + } /* Check if the given public key algorithm is allowed */ if (!ssh_key_algorithm_allowed(session, sig_type_c)) { @@ -587,7 +604,7 @@ int ssh_userauth_publickey(ssh_session session, { ssh_string str = NULL; int rc; - const char *sig_type_c; + const char *sig_type_c = NULL; enum ssh_keytypes_e key_type; if (session == NULL) { @@ -613,7 +630,25 @@ int ssh_userauth_publickey(ssh_session session, /* Cert auth requires presenting the cert type name (*-cert@openssh.com) */ key_type = privkey->cert != NULL ? privkey->cert_type : privkey->type; - sig_type_c = ssh_key_get_signature_algorithm(session, key_type); + + switch (key_type) { + case SSH_KEYTYPE_UNKNOWN: + ssh_set_error(session, + SSH_REQUEST_DENIED, + "Invalid key type (unknown)"); + return SSH_AUTH_DENIED; + case SSH_KEYTYPE_ECDSA: + sig_type_c = ssh_pki_key_ecdsa_name(privkey); + break; + case SSH_KEYTYPE_DSS: + case SSH_KEYTYPE_RSA: + case SSH_KEYTYPE_RSA1: + case SSH_KEYTYPE_ED25519: + case SSH_KEYTYPE_DSS_CERT01: + case SSH_KEYTYPE_RSA_CERT01: + sig_type_c = ssh_key_get_signature_algorithm(session, key_type); + break; + } /* Check if the given public key algorithm is allowed */ if (!ssh_key_algorithm_allowed(session, sig_type_c)) {