- markus@cvs.openbsd.org 2006/11/07 10:31:31

[monitor.c version.h] correctly check for bad signatures in the monitor, otherwise the monitor and the unpriv process can get out of sync. with dtucker@, ok djm@, dtucker@
author: Darren Tucker <dtucker@zip.com.au> 2006-11-07 23:16:08 +1100
committer: Darren Tucker <dtucker@zip.com.au> 2006-11-07 23:16:08 +1100
commit: fbba735aa315532e93a66754b1613c2acf2bde6d (patch)
tree: f2077ff5cb311c507b211c6a21393b96a6c6bb2e
parent: 0bc85579a9b5a106826169303dd2ee61c63c161e (diff)
3 files changed, 12 insertions, 7 deletions
diff --git a/ChangeLog b/ChangeLog
index 8af3cf900..075ba5359 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,11 @@
     [auth-rsa.c kexgexc.c kexdhs.c key.c ssh-dss.c sshd.c kexgexs.c
     ssh-keygen.c bufbn.c moduli.c scard.c kexdhc.c sshconnect1.c dh.c rsa.c]
     add missing checks for openssl return codes; with & ok djm@
+   - markus@cvs.openbsd.org 2006/11/07 10:31:31
+     [monitor.c version.h]
+     correctly check for bad signatures in the monitor, otherwise the monitor
+     and the unpriv process can get out of sync. with dtucker@, ok djm@,
+     dtucker@
 20061105
 - (djm) OpenBSD CVS Sync
@@ -2597,4 +2602,4 @@
   OpenServer 6 and add osr5bigcrypt support so when someone migrates
   passwords between UnixWare and OpenServer they will still work. OK dtucker@
-$Id: ChangeLog,v 1.4585 2006/11/07 12:14:41 dtucker Exp $
+$Id: ChangeLog,v 1.4586 2006/11/07 12:16:08 dtucker Exp $
diff --git a/monitor.c b/monitor.c
index b20d0c726..48ae46ccc 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.88 2006/08/12 20:46:46 miod Exp $ */
+/* $OpenBSD: monitor.c,v 1.89 2006/11/07 10:31:31 markus Exp $ */
 /*
 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -350,7 +350,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
        /* The first few requests do not require asynchronous access */
        while (!authenticated) {
                auth_method = "unknown";
-                authenticated = monitor_read(pmonitor, mon_dispatch, &ent);
+                authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) == 1);
                if (authenticated) {
                        if (!(ent->flags & MON_AUTHDECIDE))
                                fatal("%s: unexpected authentication from %d",
@@ -1217,7 +1217,7 @@ mm_answer_keyverify(int sock, Buffer *m)
        verified = key_verify(key, signature, signaturelen, data, datalen);
        debug3("%s: key %p signature %s",
-            __func__, key, verified ? "verified" : "unverified");
+            __func__, key, (verified == 1) ? "verified" : "unverified");
        key_free(key);
        xfree(blob);
@@ -1232,7 +1232,7 @@ mm_answer_keyverify(int sock, Buffer *m)
        buffer_put_int(m, verified);
        mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m);
-        return (verified);
+        return (verified == 1);
 }
 static void
diff --git a/version.h b/version.h
index 363e510ba..d16990a21 100644
--- a/version.h
+++ b/version.h
@@ -1,6 +1,6 @@
-/* $OpenBSD: version.h,v 1.47 2006/08/30 00:14:37 djm Exp $ */
+/* $OpenBSD: version.h,v 1.48 2006/11/07 10:31:31 markus Exp $ */
-#define SSH_VERSION     "OpenSSH_4.4"
+#define SSH_VERSION     "OpenSSH_4.5"
 #define SSH_PORTABLE    "p1"
 #define SSH_RELEASE     SSH_VERSION SSH_PORTABLE
author	Darren Tucker <dtucker@zip.com.au>	2006-11-07 23:16:08 +1100
committer	Darren Tucker <dtucker@zip.com.au>	2006-11-07 23:16:08 +1100
commit	fbba735aa315532e93a66754b1613c2acf2bde6d (patch)
tree	f2077ff5cb311c507b211c6a21393b96a6c6bb2e
parent	0bc85579a9b5a106826169303dd2ee61c63c161e (diff)