summaryrefslogtreecommitdiff
path: root/dns.c
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2017-09-14 04:32:21 +0000
committerDamien Miller <djm@mindrot.org>2017-09-14 14:33:06 +1000
commitaea59a0d9f120f2a87c7f494a0d9c51eaa79b8ba (patch)
tree931c66543aa73417ed66342ad988b7bade568149 /dns.c
parent871f1e4374420b07550041b329627c474abc3010 (diff)
upstream commit
Revert commitid: gJtIN6rRTS3CHy9b. ------------- identify the case where SSHFP records are missing but other DNS RR types are present and display a more useful error message for this case; patch by Thordur Bjornsson; bz#2501; ok dtucker@ ------------- This caused unexpected failures when VerifyHostKeyDNS=yes, SSHFP results are missing but the user already has the key in known_hosts Spotted by dtucker@ Upstream-ID: 97e31742fddaf72046f6ffef091ec0d823299920
Diffstat (limited to 'dns.c')
-rw-r--r--dns.c14
1 files changed, 6 insertions, 8 deletions
diff --git a/dns.c b/dns.c
index 9152e8648..6e1abb530 100644
--- a/dns.c
+++ b/dns.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dns.c,v 1.36 2017/09/01 05:53:56 djm Exp $ */ 1/* $OpenBSD: dns.c,v 1.37 2017/09/14 04:32:21 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2003 Wesley Griffin. All rights reserved. 4 * Copyright (c) 2003 Wesley Griffin. All rights reserved.
@@ -294,19 +294,17 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address,
294 free(dnskey_digest); 294 free(dnskey_digest);
295 } 295 }
296 296
297 if (*flags & DNS_VERIFY_FOUND) { 297 free(hostkey_digest); /* from sshkey_fingerprint_raw() */
298 freerrset(fingerprints);
299
300 if (*flags & DNS_VERIFY_FOUND)
298 if (*flags & DNS_VERIFY_MATCH) 301 if (*flags & DNS_VERIFY_MATCH)
299 debug("matching host key fingerprint found in DNS"); 302 debug("matching host key fingerprint found in DNS");
300 else if (counter == fingerprints->rri_nrdatas)
301 *flags |= DNS_VERIFY_MISSING;
302 else 303 else
303 debug("mismatching host key fingerprint found in DNS"); 304 debug("mismatching host key fingerprint found in DNS");
304 } else 305 else
305 debug("no host key fingerprint found in DNS"); 306 debug("no host key fingerprint found in DNS");
306 307
307 free(hostkey_digest); /* from sshkey_fingerprint_raw() */
308 freerrset(fingerprints);
309
310 return 0; 308 return 0;
311} 309}
312 310