diff options
author | Ben Lindstrom <mouring@eviladmin.org> | 2002-06-09 20:01:48 +0000 |
---|---|---|
committer | Ben Lindstrom <mouring@eviladmin.org> | 2002-06-09 20:01:48 +0000 |
commit | a20715788dc44ed629e4320d7e9af4e285a559ab (patch) | |
tree | 6ec4f8446e2fee15891f9e3fd32e69a63ec96590 | |
parent | ece420413bbcc272300bc14f8944bb2679e4afd2 (diff) |
- markus@cvs.openbsd.org 2002/06/08 05:07:09
[ssh-keysign.c]
only accept 20 byte session ids
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | ssh-keysign.c | 10 |
2 files changed, 11 insertions, 4 deletions
@@ -3,6 +3,9 @@ | |||
3 | - markus@cvs.openbsd.org 2002/06/08 05:07:56 | 3 | - markus@cvs.openbsd.org 2002/06/08 05:07:56 |
4 | [ssh.c] | 4 | [ssh.c] |
5 | nuke ptrace comment | 5 | nuke ptrace comment |
6 | - markus@cvs.openbsd.org 2002/06/08 05:07:09 | ||
7 | [ssh-keysign.c] | ||
8 | only accept 20 byte session ids | ||
6 | 9 | ||
7 | 20020607 | 10 | 20020607 |
8 | - (bal) Removed --{enable/disable}-suid-ssh | 11 | - (bal) Removed --{enable/disable}-suid-ssh |
@@ -834,4 +837,4 @@ | |||
834 | - (stevesk) entropy.c: typo in debug message | 837 | - (stevesk) entropy.c: typo in debug message |
835 | - (djm) ssh-keygen -i needs seeded RNG; report from markus@ | 838 | - (djm) ssh-keygen -i needs seeded RNG; report from markus@ |
836 | 839 | ||
837 | $Id: ChangeLog,v 1.2189 2002/06/09 20:00:09 mouring Exp $ | 840 | $Id: ChangeLog,v 1.2190 2002/06/09 20:01:48 mouring Exp $ |
diff --git a/ssh-keysign.c b/ssh-keysign.c index 78929b2e0..520927829 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c | |||
@@ -22,7 +22,7 @@ | |||
22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
23 | */ | 23 | */ |
24 | #include "includes.h" | 24 | #include "includes.h" |
25 | RCSID("$OpenBSD: ssh-keysign.c,v 1.2 2002/05/31 10:30:33 markus Exp $"); | 25 | RCSID("$OpenBSD: ssh-keysign.c,v 1.3 2002/06/08 05:07:09 markus Exp $"); |
26 | 26 | ||
27 | #include <openssl/evp.h> | 27 | #include <openssl/evp.h> |
28 | 28 | ||
@@ -60,8 +60,12 @@ valid_request(struct passwd *pw, char *host, Key **ret, u_char *data, | |||
60 | buffer_init(&b); | 60 | buffer_init(&b); |
61 | buffer_append(&b, data, datalen); | 61 | buffer_append(&b, data, datalen); |
62 | 62 | ||
63 | /* session id */ | 63 | /* session id, currently limited to SHA1 (20 bytes) */ |
64 | buffer_skip_string(&b); | 64 | p = buffer_get_string(&b, &len); |
65 | if (len != 20) | ||
66 | fail++; | ||
67 | xfree(p); | ||
68 | |||
65 | if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) | 69 | if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) |
66 | fail++; | 70 | fail++; |
67 | 71 | ||