2 files changed, 7 insertions, 3 deletions

diff --git a/debian/changelog b/debian/changelog
index 3722c921b..a018ed003 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,10 @@
 openssh (1:4.3p2-6) UNRELEASED; urgency=low
 
   * Acknowledge NMU (thanks, Manoj; closes: #394795).
+  * Backport from 4.5p1:
+    - Fix a bug in the sshd privilege separation monitor that weakened its
+      verification of successful authentication. This bug is not known to be
+      exploitable in the absence of additional vulnerabilities.
   * openssh-server Suggests: molly-guard (closes: #395473).
   * debconf template translations:
     - Update German (thanks, Helge Kreutzmann; closes: #395947).
diff --git a/monitor.c b/monitor.c
index 821722025..867431ff1 100644
--- a/monitor.c
+++ b/monitor.c
@@ -339,7 +339,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
 
         /* The first few requests do not require asynchronous access */
         while (!authenticated) {
-                authenticated = monitor_read(pmonitor, mon_dispatch, &ent);
+                authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) == 1);
                 if (authenticated) {
                         if (!(ent->flags & MON_AUTHDECIDE))
                                 fatal("%s: unexpected authentication from %d",
@@ -1220,7 +1220,7 @@ mm_answer_keyverify(int sock, Buffer *m)
 
         verified = key_verify(key, signature, signaturelen, data, datalen);
         debug3("%s: key %p signature %s",
-            __func__, key, verified ? "verified" : "unverified");
+            __func__, key, (verified == 1) ? "verified" : "unverified");
 
         key_free(key);
         xfree(blob);
@@ -1235,7 +1235,7 @@ mm_answer_keyverify(int sock, Buffer *m)
         buffer_put_int(m, verified);
         mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m);
 
-        return (verified);
+        return (verified == 1);
 }
 
 static void