diff options
author | Colin Watson <cjwatson@debian.org> | 2006-11-15 00:48:30 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2006-11-15 00:48:30 +0000 |
commit | 0afa4059aa6138214602bf85cf0fc09fa6784882 (patch) | |
tree | 1dfd86b575a5d7a44e2c8b80b73a07cb0cccc0aa /monitor.c | |
parent | e836924abc1da31a9ea47d18bda4353935668902 (diff) |
* Backport from 4.5p1:
- Fix a bug in the sshd privilege separation monitor that weakened its
verification of successful authentication. This bug is not known to be
exploitable in the absence of additional vulnerabilities.
Diffstat (limited to 'monitor.c')
-rw-r--r-- | monitor.c | 6 |
1 files changed, 3 insertions, 3 deletions
@@ -339,7 +339,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) | |||
339 | 339 | ||
340 | /* The first few requests do not require asynchronous access */ | 340 | /* The first few requests do not require asynchronous access */ |
341 | while (!authenticated) { | 341 | while (!authenticated) { |
342 | authenticated = monitor_read(pmonitor, mon_dispatch, &ent); | 342 | authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) == 1); |
343 | if (authenticated) { | 343 | if (authenticated) { |
344 | if (!(ent->flags & MON_AUTHDECIDE)) | 344 | if (!(ent->flags & MON_AUTHDECIDE)) |
345 | fatal("%s: unexpected authentication from %d", | 345 | fatal("%s: unexpected authentication from %d", |
@@ -1220,7 +1220,7 @@ mm_answer_keyverify(int sock, Buffer *m) | |||
1220 | 1220 | ||
1221 | verified = key_verify(key, signature, signaturelen, data, datalen); | 1221 | verified = key_verify(key, signature, signaturelen, data, datalen); |
1222 | debug3("%s: key %p signature %s", | 1222 | debug3("%s: key %p signature %s", |
1223 | __func__, key, verified ? "verified" : "unverified"); | 1223 | __func__, key, (verified == 1) ? "verified" : "unverified"); |
1224 | 1224 | ||
1225 | key_free(key); | 1225 | key_free(key); |
1226 | xfree(blob); | 1226 | xfree(blob); |
@@ -1235,7 +1235,7 @@ mm_answer_keyverify(int sock, Buffer *m) | |||
1235 | buffer_put_int(m, verified); | 1235 | buffer_put_int(m, verified); |
1236 | mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m); | 1236 | mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m); |
1237 | 1237 | ||
1238 | return (verified); | 1238 | return (verified == 1); |
1239 | } | 1239 | } |
1240 | 1240 | ||
1241 | static void | 1241 | static void |