summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog5
-rw-r--r--sshconnect2.c10
2 files changed, 12 insertions, 3 deletions
diff --git a/ChangeLog b/ChangeLog
index dc5885854..4eda171ef 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -16,6 +16,9 @@
16 remote x11 clients are now untrusted by default, uses xauth(8) to generate 16 remote x11 clients are now untrusted by default, uses xauth(8) to generate
17 untrusted cookies; ForwardX11Trusted=yes restores old behaviour. 17 untrusted cookies; ForwardX11Trusted=yes restores old behaviour.
18 ok deraadt; feedback and ok djm/fries 18 ok deraadt; feedback and ok djm/fries
19 - markus@cvs.openbsd.org 2003/10/11 08:26:43
20 [sshconnect2.c]
21 search keys in reverse order; fixes #684
19 22
2020031009 2320031009
21 - (dtucker) [sshd_config.5] UsePAM defaults to "no". ok djm@ 24 - (dtucker) [sshd_config.5] UsePAM defaults to "no". ok djm@
@@ -1333,4 +1336,4 @@
1333 - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. 1336 - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
1334 Report from murple@murple.net, diagnosis from dtucker@zip.com.au 1337 Report from murple@murple.net, diagnosis from dtucker@zip.com.au
1335 1338
1336$Id: ChangeLog,v 1.3072 2003/10/15 05:54:32 dtucker Exp $ 1339$Id: ChangeLog,v 1.3073 2003/10/15 05:55:59 dtucker Exp $
diff --git a/sshconnect2.c b/sshconnect2.c
index 2ef4201ce..f38fdf9a0 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: sshconnect2.c,v 1.126 2003/10/07 21:58:28 deraadt Exp $"); 26RCSID("$OpenBSD: sshconnect2.c,v 1.127 2003/10/11 08:26:43 markus Exp $");
27 27
28#include "openbsd-compat/sys-queue.h" 28#include "openbsd-compat/sys-queue.h"
29 29
@@ -453,7 +453,12 @@ input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt)
453 debug2("input_userauth_pk_ok: fp %s", fp); 453 debug2("input_userauth_pk_ok: fp %s", fp);
454 xfree(fp); 454 xfree(fp);
455 455
456 TAILQ_FOREACH(id, &authctxt->keys, next) { 456 /*
457 * search keys in the reverse order, because last candidate has been
458 * moved to the end of the queue. this also avoids confusion by
459 * duplicate keys
460 */
461 TAILQ_FOREACH_REVERSE(id, &authctxt->keys, next, idlist) {
457 if (key_equal(key, id->key)) { 462 if (key_equal(key, id->key)) {
458 sent = sign_and_send_pubkey(authctxt, id); 463 sent = sign_and_send_pubkey(authctxt, id);
459 break; 464 break;
@@ -1086,6 +1091,7 @@ userauth_pubkey(Authctxt *authctxt)
1086 while ((id = TAILQ_FIRST(&authctxt->keys))) { 1091 while ((id = TAILQ_FIRST(&authctxt->keys))) {
1087 if (id->tried++) 1092 if (id->tried++)
1088 return (0); 1093 return (0);
1094 /* move key to the end of the queue */
1089 TAILQ_REMOVE(&authctxt->keys, id, next); 1095 TAILQ_REMOVE(&authctxt->keys, id, next);
1090 TAILQ_INSERT_TAIL(&authctxt->keys, id, next); 1096 TAILQ_INSERT_TAIL(&authctxt->keys, id, next);
1091 /* 1097 /*