diff options
Diffstat (limited to 'auth2-pubkey.c')
-rw-r--r-- | auth2-pubkey.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/auth2-pubkey.c b/auth2-pubkey.c index 4d87f4867..7c5692750 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth2-pubkey.c,v 1.38 2013/06/21 00:34:49 djm Exp $ */ | 1 | /* $OpenBSD: auth2-pubkey.c,v 1.39 2013/12/30 23:52:27 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -116,6 +116,12 @@ userauth_pubkey(Authctxt *authctxt) | |||
116 | "(received %d, expected %d)", key->type, pktype); | 116 | "(received %d, expected %d)", key->type, pktype); |
117 | goto done; | 117 | goto done; |
118 | } | 118 | } |
119 | if (key_type_plain(key->type) == KEY_RSA && | ||
120 | (datafellows & SSH_BUG_RSASIGMD5) != 0) { | ||
121 | logit("Refusing RSA key because client uses unsafe " | ||
122 | "signature scheme"); | ||
123 | goto done; | ||
124 | } | ||
119 | if (have_sig) { | 125 | if (have_sig) { |
120 | sig = packet_get_string(&slen); | 126 | sig = packet_get_string(&slen); |
121 | packet_check_eom(); | 127 | packet_check_eom(); |