tomaswolf commented on code in PR #902:
URL: https://github.com/apache/mina-sshd/pull/902#discussion_r3444134947
##########
sshd-core/src/main/java/org/apache/sshd/agent/common/AbstractAgentProxy.java:
##########
@@ -175,7 +176,11 @@ public Map.Entry<String, byte[]> sign(SessionContext
session, PublicKey key, Str
} else {
Buffer buf = new ByteArrayBuffer(signature);
String algorithm = buf.getString();
- signature = buf.getBytes();
+ if (key instanceof SecurityKeyPublicKey<?>) {
+ signature = signature.clone();
Review Comment:
I don't think this is correct. `signature` here should not contain the
algorithm name. This should be `signature = buf.getCompactData()`, and then
there is no change at all needed in `AbstractAgentClient` or in
`UserAuthPublicKey`.
And in fact we should probably check that there is no trailing garbage:
```
if (key instanceof SecurityKeyPublicKey<?>) {
signature = buf.getCompactData();
long sigLength = buf.getUInt() + 5; // 1 byte flag, 4 bytes counter
if (signature.length > sigLength) {
throw new SshException("Trailing garbage in signing response, expected "
+ sigLength + " but got " + signature.length + " bytes");
} else if (signature.length < sigLength) {
throw new SshException("Signing response too short");
}
} else {
signature = buf.getString();
if (buf.avaliable() > 0) {
throw new SshException("Trailing garbage in signing response, got" +
buf.available() + " extra bytes");
}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
