diff options
author | djm@openbsd.org <djm@openbsd.org> | 2017-09-14 04:32:21 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2017-09-14 14:33:06 +1000 |
commit | aea59a0d9f120f2a87c7f494a0d9c51eaa79b8ba (patch) | |
tree | 931c66543aa73417ed66342ad988b7bade568149 /dns.c | |
parent | 871f1e4374420b07550041b329627c474abc3010 (diff) |
upstream commit
Revert commitid: gJtIN6rRTS3CHy9b.
-------------
identify the case where SSHFP records are missing but other DNS RR
types are present and display a more useful error message for this
case; patch by Thordur Bjornsson; bz#2501; ok dtucker@
-------------
This caused unexpected failures when VerifyHostKeyDNS=yes, SSHFP results
are missing but the user already has the key in known_hosts
Spotted by dtucker@
Upstream-ID: 97e31742fddaf72046f6ffef091ec0d823299920
Diffstat (limited to 'dns.c')
-rw-r--r-- | dns.c | 14 |
1 files changed, 6 insertions, 8 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: dns.c,v 1.36 2017/09/01 05:53:56 djm Exp $ */ | 1 | /* $OpenBSD: dns.c,v 1.37 2017/09/14 04:32:21 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2003 Wesley Griffin. All rights reserved. | 4 | * Copyright (c) 2003 Wesley Griffin. All rights reserved. |
@@ -294,19 +294,17 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, | |||
294 | free(dnskey_digest); | 294 | free(dnskey_digest); |
295 | } | 295 | } |
296 | 296 | ||
297 | if (*flags & DNS_VERIFY_FOUND) { | 297 | free(hostkey_digest); /* from sshkey_fingerprint_raw() */ |
298 | freerrset(fingerprints); | ||
299 | |||
300 | if (*flags & DNS_VERIFY_FOUND) | ||
298 | if (*flags & DNS_VERIFY_MATCH) | 301 | if (*flags & DNS_VERIFY_MATCH) |
299 | debug("matching host key fingerprint found in DNS"); | 302 | debug("matching host key fingerprint found in DNS"); |
300 | else if (counter == fingerprints->rri_nrdatas) | ||
301 | *flags |= DNS_VERIFY_MISSING; | ||
302 | else | 303 | else |
303 | debug("mismatching host key fingerprint found in DNS"); | 304 | debug("mismatching host key fingerprint found in DNS"); |
304 | } else | 305 | else |
305 | debug("no host key fingerprint found in DNS"); | 306 | debug("no host key fingerprint found in DNS"); |
306 | 307 | ||
307 | free(hostkey_digest); /* from sshkey_fingerprint_raw() */ | ||
308 | freerrset(fingerprints); | ||
309 | |||
310 | return 0; | 308 | return 0; |
311 | } | 309 | } |
312 | 310 | ||