upstream commit

revert stricter key type / signature type checking in userauth path; too much software generates inconsistent messages, so we need a better plan. OpenBSD-Commit-ID: 4a44ddc991c803c4ecc8f1ad40e0ab4d22e1c519
author: djm@openbsd.org <djm@openbsd.org> 2017-12-21 00:00:28 +0000
committer: Damien Miller <djm@mindrot.org> 2017-12-21 15:40:19 +1100
commit: d45d69f2a937cea215c7f0424e5a4677b6d8c7fe (patch)
tree: 8808d64b31825f6117237e81f25771ea99ff0c8b /monitor.c
parent: c5a6cbdb79752f7e761074abdb487953ea6db671 (diff)
1 files changed, 8 insertions, 1 deletions
diff --git a/monitor.c b/monitor.c
index 5b8f0ef65..b0227eee1 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.176 2017/12/18 02:25:15 djm Exp $ */
+/* $OpenBSD: monitor.c,v 1.177 2017/12/21 00:00:28 djm Exp $ */
 /*
 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -1353,6 +1353,12 @@ mm_answer_keyverify(int sock, struct sshbuf *m)
          !monitor_allowed_key(blob, bloblen))
                fatal("%s: bad key, not previously allowed", __func__);
+        /* Empty signature algorithm means NULL. */
+        if (*sigalg == '\0') {
+                free(sigalg);
+                sigalg = NULL;
+        }
        /* XXX use sshkey_froms here; need to change key_blob, etc. */
        if ((r = sshkey_from_blob(blob, bloblen, &key)) != 0)
                fatal("%s: bad public key blob: %s", __func__, ssh_err(r));
@@ -1383,6 +1389,7 @@ mm_answer_keyverify(int sock, struct sshbuf *m)
        free(blob);
        free(signature);
        free(data);
+        free(sigalg);
        monitor_reset_key_state();
author	djm@openbsd.org <djm@openbsd.org>	2017-12-21 00:00:28 +0000
committer	Damien Miller <djm@mindrot.org>	2017-12-21 15:40:19 +1100
commit	d45d69f2a937cea215c7f0424e5a4677b6d8c7fe (patch)
tree	8808d64b31825f6117237e81f25771ea99ff0c8b /monitor.c
parent	c5a6cbdb79752f7e761074abdb487953ea6db671 (diff)