aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--agent/command-ssh.c10
1 files changed, 9 insertions, 1 deletions
diff --git a/agent/command-ssh.c b/agent/command-ssh.c
index 5317df58a..ac67dd092 100644
--- a/agent/command-ssh.c
+++ b/agent/command-ssh.c
@@ -2864,7 +2864,7 @@ ssh_handler_sign_request (ctrl_t ctrl, estream_t request, estream_t response)
unsigned char *sig = NULL;
size_t sig_n;
u32 data_size;
- u32 flags;
+ u32 flags, known_flags = 0;
gpg_error_t err;
gpg_error_t ret_err;
int hash_algo;
@@ -2890,6 +2890,7 @@ ssh_handler_sign_request (ctrl_t ctrl, estream_t request, estream_t response)
if (spec.algo == GCRY_PK_RSA)
{
+ known_flags = SSH_AGENT_RSA_SHA2_256 | SSH_AGENT_RSA_SHA2_512;
if ((flags & SSH_AGENT_RSA_SHA2_256))
{
spec.ssh_identifier = "rsa-sha2-256";
@@ -2902,6 +2903,13 @@ ssh_handler_sign_request (ctrl_t ctrl, estream_t request, estream_t response)
}
}
+ /* some flag is present that we do not know about. */
+ if (flags & ~known_flags)
+ {
+ err = gpg_error (GPG_ERR_UNKNOWN_OPTION);
+ goto out;
+ }
+
hash_algo = spec.hash_algo;
if (!hash_algo)
hash_algo = GCRY_MD_SHA1; /* Use the default. */
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-27 18:23:49 +0000