From 03f8b2224d18048c27d93d9cf84b59c427cdc8ca Mon Sep 17 00:00:00 2001 From: kegelh <1587490+kegelh@users.noreply.github.com> Date: Fri, 26 Jan 2024 13:36:29 +0100 Subject: [PATCH] known_hosts parsing does not ignore malformed base64 strings since 0.36.0 (#922) --- .../transport/verification/OpenSSHKnownHosts.java | 4 ++-- .../verification/OpenSSHKnownHostsTest.java | 12 ++++++++++-- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/src/main/java/net/schmizz/sshj/transport/verification/OpenSSHKnownHosts.java b/src/main/java/net/schmizz/sshj/transport/verification/OpenSSHKnownHosts.java index 7d71e1aa..c41b83d7 100644 --- a/src/main/java/net/schmizz/sshj/transport/verification/OpenSSHKnownHosts.java +++ b/src/main/java/net/schmizz/sshj/transport/verification/OpenSSHKnownHosts.java @@ -292,8 +292,8 @@ public KnownHostEntry parseEntry(String line) try { byte[] keyBytes = Base64.getDecoder().decode(sKey); key = new Buffer.PlainBuffer(keyBytes).readPublicKey(); - } catch (IOException ioe) { - log.warn("Error decoding Base64 key bytes", ioe); + } catch (IOException | IllegalArgumentException exception) { + log.warn("Error decoding Base64 key bytes", exception); return new BadHostEntry(line); } } else if (isBits(sType)) { diff --git a/src/test/java/com/hierynomus/sshj/transport/verification/OpenSSHKnownHostsTest.java b/src/test/java/com/hierynomus/sshj/transport/verification/OpenSSHKnownHostsTest.java index e509656e..01dbe2f5 100644 --- a/src/test/java/com/hierynomus/sshj/transport/verification/OpenSSHKnownHostsTest.java +++ b/src/test/java/com/hierynomus/sshj/transport/verification/OpenSSHKnownHostsTest.java @@ -23,11 +23,9 @@ import java.io.File; import java.io.IOException; -import java.lang.module.ModuleDescriptor.Opens; import java.nio.charset.StandardCharsets; import java.nio.file.Files; import java.security.PublicKey; -import java.security.Security; import java.util.Base64; import java.util.stream.Stream; @@ -110,6 +108,16 @@ public void shouldNotFailOnBadBase64Entry() throws Exception { assertTrue(ohk.verify("host1", 22, k)); } + @Test + public void shouldNotFailOnMalformedBase64String() throws IOException { + File knownHosts = knownHosts( + "1.1.1.1 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBA/CkqWXSlbdo7jPshvIWT/m3FAdpSIKUx/uTmz87ObpBxXsfF8aMSiwGMKHjqviTV4cG6F7vFf28ll+9CbGsbs=192\n" + ); + OpenSSHKnownHosts ohk = new OpenSSHKnownHosts(knownHosts); + assertEquals(1, ohk.entries().size()); + assertThat(ohk.entries().get(0)).isInstanceOf(OpenSSHKnownHosts.BadHostEntry.class); + } + @Test public void shouldMarkBadLineAndNotFail() throws Exception { File knownHosts = knownHosts(