diff options
Diffstat (limited to 'auth2-hostbased.c')
-rw-r--r-- | auth2-hostbased.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/auth2-hostbased.c b/auth2-hostbased.c index a344dcc1f..488008f62 100644 --- a/auth2-hostbased.c +++ b/auth2-hostbased.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth2-hostbased.c,v 1.16 2013/06/21 00:34:49 djm Exp $ */ | 1 | /* $OpenBSD: auth2-hostbased.c,v 1.17 2013/12/30 23:52:27 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -100,6 +100,12 @@ userauth_hostbased(Authctxt *authctxt) | |||
100 | "(received %d, expected %d)", key->type, pktype); | 100 | "(received %d, expected %d)", key->type, pktype); |
101 | goto done; | 101 | goto done; |
102 | } | 102 | } |
103 | if (key_type_plain(key->type) == KEY_RSA && | ||
104 | (datafellows & SSH_BUG_RSASIGMD5) != 0) { | ||
105 | error("Refusing RSA key because peer uses unsafe " | ||
106 | "signature format"); | ||
107 | goto done; | ||
108 | } | ||
103 | service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" : | 109 | service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" : |
104 | authctxt->service; | 110 | authctxt->service; |
105 | buffer_init(&b); | 111 | buffer_init(&b); |