diff options
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | sshconnect2.c | 10 |
2 files changed, 12 insertions, 3 deletions
| @@ -16,6 +16,9 @@ | |||
| 16 | remote x11 clients are now untrusted by default, uses xauth(8) to generate | 16 | remote x11 clients are now untrusted by default, uses xauth(8) to generate |
| 17 | untrusted cookies; ForwardX11Trusted=yes restores old behaviour. | 17 | untrusted cookies; ForwardX11Trusted=yes restores old behaviour. |
| 18 | ok deraadt; feedback and ok djm/fries | 18 | ok deraadt; feedback and ok djm/fries |
| 19 | - markus@cvs.openbsd.org 2003/10/11 08:26:43 | ||
| 20 | [sshconnect2.c] | ||
| 21 | search keys in reverse order; fixes #684 | ||
| 19 | 22 | ||
| 20 | 20031009 | 23 | 20031009 |
| 21 | - (dtucker) [sshd_config.5] UsePAM defaults to "no". ok djm@ | 24 | - (dtucker) [sshd_config.5] UsePAM defaults to "no". ok djm@ |
| @@ -1333,4 +1336,4 @@ | |||
| 1333 | - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. | 1336 | - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. |
| 1334 | Report from murple@murple.net, diagnosis from dtucker@zip.com.au | 1337 | Report from murple@murple.net, diagnosis from dtucker@zip.com.au |
| 1335 | 1338 | ||
| 1336 | $Id: ChangeLog,v 1.3072 2003/10/15 05:54:32 dtucker Exp $ | 1339 | $Id: ChangeLog,v 1.3073 2003/10/15 05:55:59 dtucker Exp $ |
diff --git a/sshconnect2.c b/sshconnect2.c index 2ef4201ce..f38fdf9a0 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
| @@ -23,7 +23,7 @@ | |||
| 23 | */ | 23 | */ |
| 24 | 24 | ||
| 25 | #include "includes.h" | 25 | #include "includes.h" |
| 26 | RCSID("$OpenBSD: sshconnect2.c,v 1.126 2003/10/07 21:58:28 deraadt Exp $"); | 26 | RCSID("$OpenBSD: sshconnect2.c,v 1.127 2003/10/11 08:26:43 markus Exp $"); |
| 27 | 27 | ||
| 28 | #include "openbsd-compat/sys-queue.h" | 28 | #include "openbsd-compat/sys-queue.h" |
| 29 | 29 | ||
| @@ -453,7 +453,12 @@ input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt) | |||
| 453 | debug2("input_userauth_pk_ok: fp %s", fp); | 453 | debug2("input_userauth_pk_ok: fp %s", fp); |
| 454 | xfree(fp); | 454 | xfree(fp); |
| 455 | 455 | ||
| 456 | TAILQ_FOREACH(id, &authctxt->keys, next) { | 456 | /* |
| 457 | * search keys in the reverse order, because last candidate has been | ||
| 458 | * moved to the end of the queue. this also avoids confusion by | ||
| 459 | * duplicate keys | ||
| 460 | */ | ||
| 461 | TAILQ_FOREACH_REVERSE(id, &authctxt->keys, next, idlist) { | ||
| 457 | if (key_equal(key, id->key)) { | 462 | if (key_equal(key, id->key)) { |
| 458 | sent = sign_and_send_pubkey(authctxt, id); | 463 | sent = sign_and_send_pubkey(authctxt, id); |
| 459 | break; | 464 | break; |
| @@ -1086,6 +1091,7 @@ userauth_pubkey(Authctxt *authctxt) | |||
| 1086 | while ((id = TAILQ_FIRST(&authctxt->keys))) { | 1091 | while ((id = TAILQ_FIRST(&authctxt->keys))) { |
| 1087 | if (id->tried++) | 1092 | if (id->tried++) |
| 1088 | return (0); | 1093 | return (0); |
| 1094 | /* move key to the end of the queue */ | ||
| 1089 | TAILQ_REMOVE(&authctxt->keys, id, next); | 1095 | TAILQ_REMOVE(&authctxt->keys, id, next); |
| 1090 | TAILQ_INSERT_TAIL(&authctxt->keys, id, next); | 1096 | TAILQ_INSERT_TAIL(&authctxt->keys, id, next); |
| 1091 | /* | 1097 | /* |