diff options
author | Darren Tucker <dtucker@zip.com.au> | 2006-11-07 23:16:08 +1100 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2006-11-07 23:16:08 +1100 |
commit | fbba735aa315532e93a66754b1613c2acf2bde6d (patch) | |
tree | f2077ff5cb311c507b211c6a21393b96a6c6bb2e | |
parent | 0bc85579a9b5a106826169303dd2ee61c63c161e (diff) |
- markus@cvs.openbsd.org 2006/11/07 10:31:31
[monitor.c version.h]
correctly check for bad signatures in the monitor, otherwise the monitor
and the unpriv process can get out of sync. with dtucker@, ok djm@,
dtucker@
-rw-r--r-- | ChangeLog | 7 | ||||
-rw-r--r-- | monitor.c | 8 | ||||
-rw-r--r-- | version.h | 4 |
3 files changed, 12 insertions, 7 deletions
@@ -6,6 +6,11 @@ | |||
6 | [auth-rsa.c kexgexc.c kexdhs.c key.c ssh-dss.c sshd.c kexgexs.c | 6 | [auth-rsa.c kexgexc.c kexdhs.c key.c ssh-dss.c sshd.c kexgexs.c |
7 | ssh-keygen.c bufbn.c moduli.c scard.c kexdhc.c sshconnect1.c dh.c rsa.c] | 7 | ssh-keygen.c bufbn.c moduli.c scard.c kexdhc.c sshconnect1.c dh.c rsa.c] |
8 | add missing checks for openssl return codes; with & ok djm@ | 8 | add missing checks for openssl return codes; with & ok djm@ |
9 | - markus@cvs.openbsd.org 2006/11/07 10:31:31 | ||
10 | [monitor.c version.h] | ||
11 | correctly check for bad signatures in the monitor, otherwise the monitor | ||
12 | and the unpriv process can get out of sync. with dtucker@, ok djm@, | ||
13 | dtucker@ | ||
9 | 14 | ||
10 | 20061105 | 15 | 20061105 |
11 | - (djm) OpenBSD CVS Sync | 16 | - (djm) OpenBSD CVS Sync |
@@ -2597,4 +2602,4 @@ | |||
2597 | OpenServer 6 and add osr5bigcrypt support so when someone migrates | 2602 | OpenServer 6 and add osr5bigcrypt support so when someone migrates |
2598 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ | 2603 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ |
2599 | 2604 | ||
2600 | $Id: ChangeLog,v 1.4585 2006/11/07 12:14:41 dtucker Exp $ | 2605 | $Id: ChangeLog,v 1.4586 2006/11/07 12:16:08 dtucker Exp $ |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: monitor.c,v 1.88 2006/08/12 20:46:46 miod Exp $ */ | 1 | /* $OpenBSD: monitor.c,v 1.89 2006/11/07 10:31:31 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> | 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> |
4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> | 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> |
@@ -350,7 +350,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) | |||
350 | /* The first few requests do not require asynchronous access */ | 350 | /* The first few requests do not require asynchronous access */ |
351 | while (!authenticated) { | 351 | while (!authenticated) { |
352 | auth_method = "unknown"; | 352 | auth_method = "unknown"; |
353 | authenticated = monitor_read(pmonitor, mon_dispatch, &ent); | 353 | authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) == 1); |
354 | if (authenticated) { | 354 | if (authenticated) { |
355 | if (!(ent->flags & MON_AUTHDECIDE)) | 355 | if (!(ent->flags & MON_AUTHDECIDE)) |
356 | fatal("%s: unexpected authentication from %d", | 356 | fatal("%s: unexpected authentication from %d", |
@@ -1217,7 +1217,7 @@ mm_answer_keyverify(int sock, Buffer *m) | |||
1217 | 1217 | ||
1218 | verified = key_verify(key, signature, signaturelen, data, datalen); | 1218 | verified = key_verify(key, signature, signaturelen, data, datalen); |
1219 | debug3("%s: key %p signature %s", | 1219 | debug3("%s: key %p signature %s", |
1220 | __func__, key, verified ? "verified" : "unverified"); | 1220 | __func__, key, (verified == 1) ? "verified" : "unverified"); |
1221 | 1221 | ||
1222 | key_free(key); | 1222 | key_free(key); |
1223 | xfree(blob); | 1223 | xfree(blob); |
@@ -1232,7 +1232,7 @@ mm_answer_keyverify(int sock, Buffer *m) | |||
1232 | buffer_put_int(m, verified); | 1232 | buffer_put_int(m, verified); |
1233 | mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m); | 1233 | mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m); |
1234 | 1234 | ||
1235 | return (verified); | 1235 | return (verified == 1); |
1236 | } | 1236 | } |
1237 | 1237 | ||
1238 | static void | 1238 | static void |
@@ -1,6 +1,6 @@ | |||
1 | /* $OpenBSD: version.h,v 1.47 2006/08/30 00:14:37 djm Exp $ */ | 1 | /* $OpenBSD: version.h,v 1.48 2006/11/07 10:31:31 markus Exp $ */ |
2 | 2 | ||
3 | #define SSH_VERSION "OpenSSH_4.4" | 3 | #define SSH_VERSION "OpenSSH_4.5" |
4 | 4 | ||
5 | #define SSH_PORTABLE "p1" | 5 | #define SSH_PORTABLE "p1" |
6 | #define SSH_RELEASE SSH_VERSION SSH_PORTABLE | 6 | #define SSH_RELEASE SSH_VERSION SSH_PORTABLE |