add_file(AuthenticationConnection *ac, const char *filename)
{
Key *private, *cert;
- char *comment = NULL;
+ char *comment = NULL, *fp;
char msg[1024], *certpath;
int fd, perms_ok, ret = -1;
Buffer keyblob;
} else {
fprintf(stderr, "Could not add identity: %s\n", filename);
}
+ if (blacklisted_key(private, &fp) == 1) {
+ fprintf(stderr, "Public key %s blacklisted (see "
+ "ssh-vulnkey(1)); refusing to add it\n", fp);
+ xfree(fp);
+ key_free(private);
+ xfree(comment);
+ return -1;
+ }
/* Now try to add the certificate flavour too */