summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--debian/changelog4
-rw-r--r--monitor.c6
2 files changed, 7 insertions, 3 deletions
diff --git a/debian/changelog b/debian/changelog
index 3722c921b..a018ed003 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,10 @@
1openssh (1:4.3p2-6) UNRELEASED; urgency=low 1openssh (1:4.3p2-6) UNRELEASED; urgency=low
2 2
3 * Acknowledge NMU (thanks, Manoj; closes: #394795). 3 * Acknowledge NMU (thanks, Manoj; closes: #394795).
4 * Backport from 4.5p1:
5 - Fix a bug in the sshd privilege separation monitor that weakened its
6 verification of successful authentication. This bug is not known to be
7 exploitable in the absence of additional vulnerabilities.
4 * openssh-server Suggests: molly-guard (closes: #395473). 8 * openssh-server Suggests: molly-guard (closes: #395473).
5 * debconf template translations: 9 * debconf template translations:
6 - Update German (thanks, Helge Kreutzmann; closes: #395947). 10 - Update German (thanks, Helge Kreutzmann; closes: #395947).
diff --git a/monitor.c b/monitor.c
index 821722025..867431ff1 100644
--- a/monitor.c
+++ b/monitor.c
@@ -339,7 +339,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
339 339
340 /* The first few requests do not require asynchronous access */ 340 /* The first few requests do not require asynchronous access */
341 while (!authenticated) { 341 while (!authenticated) {
342 authenticated = monitor_read(pmonitor, mon_dispatch, &ent); 342 authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) == 1);
343 if (authenticated) { 343 if (authenticated) {
344 if (!(ent->flags & MON_AUTHDECIDE)) 344 if (!(ent->flags & MON_AUTHDECIDE))
345 fatal("%s: unexpected authentication from %d", 345 fatal("%s: unexpected authentication from %d",
@@ -1220,7 +1220,7 @@ mm_answer_keyverify(int sock, Buffer *m)
1220 1220
1221 verified = key_verify(key, signature, signaturelen, data, datalen); 1221 verified = key_verify(key, signature, signaturelen, data, datalen);
1222 debug3("%s: key %p signature %s", 1222 debug3("%s: key %p signature %s",
1223 __func__, key, verified ? "verified" : "unverified"); 1223 __func__, key, (verified == 1) ? "verified" : "unverified");
1224 1224
1225 key_free(key); 1225 key_free(key);
1226 xfree(blob); 1226 xfree(blob);
@@ -1235,7 +1235,7 @@ mm_answer_keyverify(int sock, Buffer *m)
1235 buffer_put_int(m, verified); 1235 buffer_put_int(m, verified);
1236 mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m); 1236 mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m);
1237 1237
1238 return (verified); 1238 return (verified == 1);
1239} 1239}
1240 1240
1241static void 1241static void