OpenSSHKey: when writing to agent, ensure comment string is at least one byte #1681
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
The username field of an entry is used as the comment if there is none with the key. |
|
And if the username field is blank, as is the case for mine, then it breaks gpg-agent... |
hifi
requested changes
Mar 8, 2018
tycho
force-pushed
the
openssh-gpg-agent-fix
branch
from
fc1cab2 to
7ce2e1d
Compare
|
How's this? |
hifi
approved these changes
Mar 8, 2018
|
👍 |
tycho
force-pushed
the
openssh-gpg-agent-fix
branch
from
7ce2e1d to
05135d5
Compare
…one byte This unbreaks adding keys to gpg-agent. Signed-off-by: Steven Noonan <[email protected]>
tycho
force-pushed
the
openssh-gpg-agent-fix
branch
from
05135d5 to
6a2f7bf
Compare
droidmonkey
added a commit
that referenced
this pull request
May 8, 2018
- Enable high entropy ASLR on Windows [#1747] - Enhance favicon fetching [#1786] - Fix crash on Windows due to autotype [#1691] - Fix dark tray icon changing all icons [#1680] - Fix --pw-stdin not using getPassword function [#1686] - Fix placeholders being resolved in notes [#1907] - Enable auto-type start delay to be configurable [#1908] - Browser: Fix native messaging reply size [#1719] - Browser: Increase maximum buffer size [#1720] - Browser: Enhance usability and functionality [#1810, #1822, #1830, #1884, #1906] - SSH Agent: Parse aes-256-cbc/ctr keys [#1682] - SSH Agent: Enhance usability and functionality [#1677, #1679, #1681, #1787]
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
gpg-agent doesn't understand how to handle comment strings that are zero-length. It correctly reads the length of the comment string, but then requests a read of 0 bytes, which stupidly returns an EOF error code:
I looked at ensuring the
m_commentstring is always at least length 1, but that turned out to be a much uglier change.Motivation and context
I'm not able to use the OpenSSH-provided ssh-agent, because most of my SSH keypairs are actually PGP keys stored on YubiKeys -- and those require gpg-agent to use. For the remainder of my on-disk PEM keys, I can load those into KeePassXC... But only if gpg-agent will accept the keys.
How has this been tested?
I found the issue by trying to add my SSH keypairs to KeePassXC and found that gpg-agent was rejecting all of them. I added a bunch of printf debugging to gpg-agent to pin down why it was rejecting them, and it ended up being the comment string.
By sending a comment string that is not zero bytes long, gpg-agent will happily accept the key. I tested this with two unencrypted RSA keys stored in my KeePassXC database.
Types of changes
Checklist:
-DWITH_ASAN=ON. [REQUIRED]