ssh/knownhosts: reject lines with multiple or unknown markers Previously, parseLine would accept lines with multiple markers (e.g., "@cert-authority @revoked ...") or unknown markers (e.g., "@unknown ..."). In these cases, the second or unknown marker was incorrectly parsed as the hostname. This often resulted in confusing downstream errors (like "illegal base64 data") because field positions were shifted. OpenSSH's hostfile.c strictly enforces a limit of one marker per line and validates that markers must be exactly "@cert-authority" or "@revoked". This change adds a check to ensure that the parsed hostname does not start with '@'. This effectively catches both multiple markers (where the second marker becomes the host) and unknown markers (which are not consumed as markers and thus become the host), enforcing strict compliance with the OpenSSH format. This issue was found during a security audit by NCC Group Cryptography Services, sponsored by Teleport, and was assessed and is being fixed as a non-security bug. Change-Id: I13bb04d1f2610483ad9c6d1020e5100b6feded90 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/782428 Reviewed-by: David Chase <drchase@google.com> LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Mark Freeman <markfreeman@google.com> Reviewed-by: Filippo Valsorda <filippo@golang.org>
This repository holds supplementary Go cryptography packages.
This repository uses Gerrit for code changes. To learn how to submit changes to this repository, see https://go.dev/doc/contribute.
The git repository is https://go.googlesource.com/crypto.
The main issue tracker for the crypto repository is located at https://go.dev/issues. Prefix your issue with “x/crypto:” in the subject line, so it is easy to find.
Note that contributions to the cryptography package receive additional scrutiny due to their sensitive nature. Patches may take longer than normal to receive feedback.