From a33f6b7c61692d3ea8a978c67cc9c061e200d485 Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Fri, 3 Nov 2017 19:04:07 +0000
Subject: [PATCH] Fix SSH publickey auth checking: result was not returned.

---
 nselib/libssh2-utility.lua           | 16 +++++++++++++---
 scripts/ssh-publickey-acceptance.nse | 11 ++++++++---
 2 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/nselib/libssh2-utility.lua b/nselib/libssh2-utility.lua
index 2176564eb..bfe7bf051 100644
--- a/nselib/libssh2-utility.lua
+++ b/nselib/libssh2-utility.lua
@@ -163,12 +163,22 @@ end
 --
 -- @param username A username to authenticate as.
 -- @param key Base64 decrypted public key.
+-- @return true if the public key can be used to authenticate as the user, false otherwise
+-- @return Error message if an error occurs.
 function SSHConnection:publickey_canauth (username, key)
+  local status, err
   if self.session then
-    libssh2.publickey_canauth(self.session, username, key)
+    status, err = pcall(libssh2.publickey_canauth, self.session, username, key)
+    if status then
+      -- no error thrown; return the actual result
+      status = err
+      err = nil
+    end
+  else
+    status = false
+    err = "No session established"
   end
+  return status, err
 end
 
 return _ENV
-
-
diff --git a/scripts/ssh-publickey-acceptance.nse b/scripts/ssh-publickey-acceptance.nse
index 6c985e9c7..f124cc705 100644
--- a/scripts/ssh-publickey-acceptance.nse
+++ b/scripts/ssh-publickey-acceptance.nse
@@ -60,9 +60,14 @@ function action (host, port)
         local status, result = helper:read_publickey(publickeys[i])
         if not status then
           stdnse.verbose("Error reading key: " .. result)
-        elseif helper:publickey_canauth(usernames[j], result) then
-          table.insert(r, "Key " .. publickeys[i] .. " accepted for user " .. usernames[j])
-          stdnse.verbose("Found accepted key: " .. publickeys[i] .. " for user " .. usernames[j])
+        else
+          local status, err = helper:publickey_canauth(usernames[j], result)
+          if status then
+            table.insert(r, "Key " .. publickeys[i] .. " accepted for user " .. usernames[j])
+            stdnse.verbose("Found accepted key: " .. publickeys[i] .. " for user " .. usernames[j])
+          elseif err then
+            stdnse.debug("Error in publickey_canauth: %s", err)
+          end
           helper:disconnect()
           helper:connect(host, port)
         end