- grunk@cvs.openbsd.org 2008/06/12 00:13:55

     [sshconnect.c]
     Make ssh print the random art also when ssh'ing to a host using IP only.
     spotted by naddy@, ok and help djm@ dtucker@

2 files changed, 28 insertions, 3 deletions

diff --git a/ChangeLog b/ChangeLog
index c62492eb1..83b74d13b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -47,6 +47,23 @@
      will cause trouble in some cases.
      Also do a computation of -1 once, and not in a loop several times.
      spotted by otto@
+   - dtucker@cvs.openbsd.org 2008/06/12 00:03:49
+     [dns.c canohost.c sshconnect.c]
+     Do not pass "0" strings as ports to getaddrinfo because the lookups
+     can slow things down and we never use the service info anyway. bz
+     #859, patch from YOSHIFUJI Hideaki and John Devitofranceschi.  ok
+     deraadt@ djm@
+     djm belives that the reason for the "0" strings is to ensure that
+     it's not possible to call getaddrinfo with both host and port being
+     NULL.  In the case of canohost.c host is a local array.  In the
+     case of sshconnect.c, it's checked for null immediately before use.
+     In dns.c it ultimately comes from ssh.c:main() and is guaranteed to
+     be non-null but it's not obvious, so I added a warning message in
+     case it is ever passed a null.
+   - grunk@cvs.openbsd.org 2008/06/12 00:13:55
+     [sshconnect.c]
+     Make ssh print the random art also when ssh'ing to a host using IP only.
+     spotted by naddy@, ok and help djm@ dtucker@
 
 20080611
  - (djm) [channels.c configure.ac]
@@ -4209,4 +4226,4 @@
    OpenServer 6 and add osr5bigcrypt support so when someone migrates
    passwords between UnixWare and OpenServer they will still work. OK dtucker@
 
-$Id: ChangeLog,v 1.4974 2008/06/12 18:45:50 dtucker Exp $
+$Id: ChangeLog,v 1.4975 2008/06/12 18:47:34 dtucker Exp $
diff --git a/sshconnect.c b/sshconnect.c
index 0a4bf36b6..7602da340 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.205 2008/06/12 00:03:49 dtucker Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.206 2008/06/12 00:13:55 grunk Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -611,6 +611,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
         char msg[1024];
         int len, host_line, ip_line;
         const char *host_file = NULL, *ip_file = NULL;
+        int display_randomart;
 
         /*
          * Force accepting of the host key for loopback/localhost. The
@@ -656,6 +657,13 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
         } else {
                 ip = xstrdup("<no hostip for proxy command>");
         }
+
+        /*
+         * check_host_ip may be set to zero in the next step, so if it
+         * conveys a request to display the random art, save it away.
+         */
+        display_randomart = (options.check_host_ip == SSHCTL_CHECKHOSTIP_FPR);
+
         /*
          * Turn off check_host_ip if the connection is to localhost, via proxy
          * command or if we don't have a hostname to compare with
@@ -740,7 +748,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
                                 logit("Warning: Permanently added the %s host "
                                     "key for IP address '%.128s' to the list "
                                     "of known hosts.", type, ip);
-                } else if (options.check_host_ip == SSHCTL_CHECKHOSTIP_FPR) {
+                } else if (display_randomart) {
                         fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
                         ra = key_fingerprint(host_key, SSH_FP_MD5,
                             SSH_FP_RANDOMART);