- djm@cvs.openbsd.org 2014/06/05 22:17:50

     [sshconnect2.c]
     fix inverted test that caused PKCS#11 keys that were explicitly listed
     not to be preferred. Reported by Dirk-Willem van Gulik

2 files changed, 7 insertions, 2 deletions

diff --git a/ChangeLog b/ChangeLog
index e2171ec1b..c04af4aa8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,11 @@
    the proposal if the version of OpenSSL we're using doesn't support ECC.
  - (dtucker) [regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c] ifdef
    ECC variable too.
+ - (dtucker) OpenBSD CVS Sync
+   - djm@cvs.openbsd.org 2014/06/05 22:17:50
+     [sshconnect2.c]
+     fix inverted test that caused PKCS#11 keys that were explicitly listed
+     not to be preferred. Reported by Dirk-Willem van Gulik
 
 20140527
  - (djm) [cipher.c] Fix merge botch.
diff --git a/sshconnect2.c b/sshconnect2.c
index f71b7d226..658398436 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.207 2014/04/29 18:01:49 markus Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.208 2014/06/05 22:17:50 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -1183,7 +1183,7 @@ pubkey_prepare(Authctxt *authctxt)
                 found = 0;
                 TAILQ_FOREACH(id2, &files, next) {
                         if (id2->key == NULL ||
-                            (id2->key->flags & KEY_FLAG_EXT) != 0)
+                            (id2->key->flags & KEY_FLAG_EXT) == 0)
                                 continue;
                         if (key_equal(id->key, id2->key)) {
                                 TAILQ_REMOVE(&files, id, next);