diff options
| author | Damien Miller <djm@mindrot.org> | 2002-02-05 12:23:32 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2002-02-05 12:23:32 +1100 |
| commit | 68f45983b29ea1bb70cfe0affd8806c93e2a02e7 (patch) | |
| tree | 9a3aa8d40d15e8b1f507f66f8371e49a661cf302 | |
| parent | 67f0bc043c2d3b4edd1d0cabb10cf3f10f544fb5 (diff) | |
- markus@cvs.openbsd.org 2002/02/03 17:59:23
[sshconnect2.c]
more cross checking if announced vs. used key type; ok stevesk@
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | sshconnect2.c | 12 |
2 files changed, 13 insertions, 4 deletions
| @@ -69,6 +69,9 @@ | |||
| 69 | generic callbacks are not really used, remove and | 69 | generic callbacks are not really used, remove and |
| 70 | add a callback for msg of type SSH2_MSG_CHANNEL_OPEN_CONFIRMATION | 70 | add a callback for msg of type SSH2_MSG_CHANNEL_OPEN_CONFIRMATION |
| 71 | ok djm@ | 71 | ok djm@ |
| 72 | - markus@cvs.openbsd.org 2002/02/03 17:59:23 | ||
| 73 | [sshconnect2.c] | ||
| 74 | more cross checking if announced vs. used key type; ok stevesk@ | ||
| 72 | 75 | ||
| 73 | 20020130 | 76 | 20020130 |
| 74 | - (djm) Delay PRNG seeding until we need it in ssh-keygen, from markus@ | 77 | - (djm) Delay PRNG seeding until we need it in ssh-keygen, from markus@ |
| @@ -7471,4 +7474,4 @@ | |||
| 7471 | - Wrote replacements for strlcpy and mkdtemp | 7474 | - Wrote replacements for strlcpy and mkdtemp |
| 7472 | - Released 1.0pre1 | 7475 | - Released 1.0pre1 |
| 7473 | 7476 | ||
| 7474 | $Id: ChangeLog,v 1.1817 2002/02/05 01:23:08 djm Exp $ | 7477 | $Id: ChangeLog,v 1.1818 2002/02/05 01:23:32 djm Exp $ |
diff --git a/sshconnect2.c b/sshconnect2.c index e4e20cad2..ea8cfa6da 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
| @@ -23,7 +23,7 @@ | |||
| 23 | */ | 23 | */ |
| 24 | 24 | ||
| 25 | #include "includes.h" | 25 | #include "includes.h" |
| 26 | RCSID("$OpenBSD: sshconnect2.c,v 1.94 2002/01/25 21:00:24 markus Exp $"); | 26 | RCSID("$OpenBSD: sshconnect2.c,v 1.95 2002/02/03 17:59:23 markus Exp $"); |
| 27 | 27 | ||
| 28 | #include "ssh.h" | 28 | #include "ssh.h" |
| 29 | #include "ssh2.h" | 29 | #include "ssh2.h" |
| @@ -353,7 +353,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt) | |||
| 353 | Authctxt *authctxt = ctxt; | 353 | Authctxt *authctxt = ctxt; |
| 354 | Key *key = NULL; | 354 | Key *key = NULL; |
| 355 | Buffer b; | 355 | Buffer b; |
| 356 | int alen, blen, sent = 0; | 356 | int pktype, alen, blen, sent = 0; |
| 357 | char *pkalg, *pkblob, *fp; | 357 | char *pkalg, *pkblob, *fp; |
| 358 | 358 | ||
| 359 | if (authctxt == NULL) | 359 | if (authctxt == NULL) |
| @@ -381,7 +381,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt) | |||
| 381 | debug("no last key or no sign cb"); | 381 | debug("no last key or no sign cb"); |
| 382 | break; | 382 | break; |
| 383 | } | 383 | } |
| 384 | if (key_type_from_name(pkalg) == KEY_UNSPEC) { | 384 | if ((pktype = key_type_from_name(pkalg)) == KEY_UNSPEC) { |
| 385 | debug("unknown pkalg %s", pkalg); | 385 | debug("unknown pkalg %s", pkalg); |
| 386 | break; | 386 | break; |
| 387 | } | 387 | } |
| @@ -389,6 +389,12 @@ input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt) | |||
| 389 | debug("no key from blob. pkalg %s", pkalg); | 389 | debug("no key from blob. pkalg %s", pkalg); |
| 390 | break; | 390 | break; |
| 391 | } | 391 | } |
| 392 | if (key->type != pktype) { | ||
| 393 | error("input_userauth_pk_ok: type mismatch " | ||
| 394 | "for decoded key (received %d, expected %d)", | ||
| 395 | key->type, pktype); | ||
| 396 | break; | ||
| 397 | } | ||
| 392 | fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); | 398 | fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); |
| 393 | debug2("input_userauth_pk_ok: fp %s", fp); | 399 | debug2("input_userauth_pk_ok: fp %s", fp); |
| 394 | xfree(fp); | 400 | xfree(fp); |