x/crypto/ssh: Corrupting a byte of a clients private key results in panic, rather than authorization failure #42014
Description
What version of Go are you using (go version)?
go version go1.15.3 linux/amd64
Does this issue reproduce with the latest release?
Yes
What operating system and processor architecture are you using (go env)?
go env Output
GO111MODULE="" GOARCH="amd64" GOBIN="" GOCACHE="/home/kc/.cache/go-build" GOENV="/home/kc/.config/go/env" GOEXE="" GOFLAGS="" GOHOSTARCH="amd64" GOHOSTOS="linux" GOINSECURE="" GOMODCACHE="/home/kc/go/pkg/mod" GONOPROXY="" GONOSUMDB="" GOOS="linux" GOPATH="/home/kc/go" GOPRIVATE="" GOPROXY="https://proxy.golang.org,direct" GOROOT="/usr/lib/go-1.15" GOSUMDB="sum.golang.org" GOTMPDIR="" GOTOOLDIR="/usr/lib/go-1.15/pkg/tool/linux_amd64" GCCGO="gccgo" AR="ar" CC="gcc" CXX="g++" CGO_ENABLED="0" GOMOD="" CGO_CFLAGS="-g -O2" CGO_CPPFLAGS="" CGO_CXXFLAGS="-g -O2" CGO_FFLAGS="-g -O2" CGO_LDFLAGS="-g -O2" PKG_CONFIG="pkg-config" GOGCCFLAGS="-fPIC -m64 -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build800146455=/tmp/go-build -gno-record-gcc-switches"
What did you do?
Corrupted a byte in the read key, expecting an authorization failure.
func SSHBug() error {
keyFile := "/home/kc/.ssh/test_ecdsa"
key, err := ioutil.ReadFile(keyFile)
if err != nil {
log.Fatalf("unable to read private key: %v", err)
}
log.Print("Key Size ", len(key))
key[200] = 0x0e
signer, err := ssh.ParsePrivateKey(key)
cred := ssh.PublicKeys(signer)
config := &ssh.ClientConfig{
User: "testSSH",
Auth: []ssh.AuthMethod{
cred,
},
HostKeyCallback: ssh.InsecureIgnoreHostKey(),
}
conn, err := ssh.Dial("tcp", "10.192.170.1:443", config)
if err != nil {
log.Print(err)
return err
}
defer conn.Close()
return err
}
What did you expect to see?
Failed authorization like when using an uncorrupted but unauthorized key
What did you see instead?
elansftp.go:162: Key Size 756
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0x57b435]
goroutine 1 [running]:
golang.org/x/crypto/ssh.publicKeyCallback.auth(0xc00009cb20, 0xc0000186e0, 0x20, 0x20, 0x5f0da6, 0x7, 0x62af20, 0xc000066000, 0x6290e0, 0xc000086540, ...)
/home/kc/go/src/golang.org/x/crypto/ssh/client_auth.go:204 +0xd5
golang.org/x/crypto/ssh.(*connection).clientAuthenticate(0xc000060080, 0xc00005c000, 0x0, 0xa)
/home/kc/go/src/golang.org/x/crypto/ssh/client_auth.go:44 +0x343
golang.org/x/crypto/ssh.(*connection).clientHandshake(0xc000060080, 0x5f2934, 0x10, 0xc00005c000, 0x0, 0x0)
/home/kc/go/src/golang.org/x/crypto/ssh/client.go:113 +0x2c5
golang.org/x/crypto/ssh.NewClientConn(0x62c5c0, 0xc00000e010, 0x5f2934, 0x10, 0xc000041e80, 0x62c5c0, 0xc00000e010, 0x0, 0x0, 0x5c8001, ...)
/home/kc/go/src/golang.org/x/crypto/ssh/client.go:83 +0xf8
golang.org/x/crypto/ssh.Dial(0x5f051c, 0x3, 0x5f2934, 0x10, 0xc000041e80, 0x629140, 0xc000084730, 0xb)
/home/kc/go/src/golang.org/x/crypto/ssh/client.go:177 +0xbb
main.SSHBug(0x0, 0x0)
/home/kc/code/Experiments/GoSSHTest/elansftp.go:175 +0x31d
main.main()
/home/kc/code/Experiments/GoSSHTest/elansftp.go:280 +0x3b