From d4609682afffc14242fa04f4f33a1b9f3a9e1aaf Mon Sep 17 00:00:00 2001
From: Catalin Patulea <cat@vv.carleton.ca>
Date: Thu, 1 Jan 2015 17:47:46 -0500
Subject: [PATCH] Handle invalid agent keys by skipping rather than exiting.

My agent exposes both conventional keys and certs (ecdsa-sha2-nistp256-cert-v01@openssh.com) and I want dropbear to be able to use the former.
---
 cli-agentfwd.c | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/cli-agentfwd.c b/cli-agentfwd.c
index 535024fc..7badc887 100644
--- a/cli-agentfwd.c
+++ b/cli-agentfwd.c
@@ -210,13 +210,14 @@ static void agent_get_key_list(m_list * ret_list)
 		ret = buf_get_pub_key(key_buf, pubkey, &key_type);
 		buf_free(key_buf);
 		if (ret != DROPBEAR_SUCCESS) {
-			/* This is slack, properly would cleanup vars etc */
-			dropbear_exit("Bad pubkey received from agent");
-		}
-		pubkey->type = key_type;
-		pubkey->source = SIGNKEY_SOURCE_AGENT;
+			TRACE(("Skipping bad pubkey from agent"));
+			sign_key_free(pubkey);
+		} else {
+			pubkey->type = key_type;
+			pubkey->source = SIGNKEY_SOURCE_AGENT;
 
-		list_append(ret_list, pubkey);
+			list_append(ret_list, pubkey);
+		}
 
 		/* We'll ignore the comment for now. might want it later.*/
 		buf_eatstring(inbuf);
-- 
GitLab