Re: auth_fn segfaults when reading encrypted private key in new openssh format

[Jeroen Ooms <jeroen@xxxxxxxxxxxx>]

On Tue, Mar 26, 2019 at 10:40 AM Jakub Jelen <jjelen@xxxxxxxxxx> wrote:
>
> On Mon, 2019-03-25 at 14:16 +0100, Jeroen Ooms wrote:
> > I'm running into a crash with libssh 0.8.6 / 0.8.90 that appears when
> > reading an encrypted (passphrased) id_rsa in the new openssh private
> > key format. My code looks like this:
> >
> >   ssh_key privkey = NULL;
> >   ssh_pki_import_privkey_file("path/to/id_rsa, NULL,
> > my_auth_callback,
> > passfun, &privkey)
> >
> > Here my_auth_callback prompts the user for a passphrase, copies that
> > into *buf and then returns SSH_OK. This works as expected when the
> > private key is encypted using the classic pkcs1 format, i.e. the one
> > that starts with:
> >
> >   -----BEGIN RSA PRIVATE KEY-----
> >   Proc-Type: 4,ENCRYPTED
> >   DEK-Info: DES-EDE3-CBC,E5E17B572446A169
> >
> > However, keys generated with recent versions of ssh-keygen are using
> > the new bcrypt encrypted format, which starts with:
> >
> >   -----BEGIN OPENSSH PRIVATE KEY-----
> >
> > For these keys,  ssh_pki_import_privkey_file() segfaults immediately
> > after the my_auth_callback has returned the password.
>
> I just tried to write simple reproducer, but it works for me
> flawlessly:
>
> https://github.com/Jakuje/stuff/blob/master/readkey.c
>
> The only thing that is missing from your example is passing the
> userdata, but that should really not be a problem. Are you sure you are
> not handling some memory wrongly?

OK maybe you are right. I was ignoring the 'len' parameter in the
my_auth_callback (are these parameters documented somewhere?). The
callback had a line like this:

  strncpy(buf, password, 1024);

So I assumed there would be at least 1024 bytes in the buffer. But it
seems that for the new openssh keys, the target buffer for the
passphrase is only 128 bytes.