From a20715788dc44ed629e4320d7e9af4e285a559ab Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Sun, 9 Jun 2002 20:01:48 +0000 Subject: - markus@cvs.openbsd.org 2002/06/08 05:07:09 [ssh-keysign.c] only accept 20 byte session ids --- ChangeLog | 5 ++++- ssh-keysign.c | 10 +++++++--- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9e48cbbab..d2250d37d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,9 @@ - markus@cvs.openbsd.org 2002/06/08 05:07:56 [ssh.c] nuke ptrace comment + - markus@cvs.openbsd.org 2002/06/08 05:07:09 + [ssh-keysign.c] + only accept 20 byte session ids 20020607 - (bal) Removed --{enable/disable}-suid-ssh @@ -834,4 +837,4 @@ - (stevesk) entropy.c: typo in debug message - (djm) ssh-keygen -i needs seeded RNG; report from markus@ -$Id: ChangeLog,v 1.2189 2002/06/09 20:00:09 mouring Exp $ +$Id: ChangeLog,v 1.2190 2002/06/09 20:01:48 mouring Exp $ diff --git a/ssh-keysign.c b/ssh-keysign.c index 78929b2e0..520927829 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -22,7 +22,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: ssh-keysign.c,v 1.2 2002/05/31 10:30:33 markus Exp $"); +RCSID("$OpenBSD: ssh-keysign.c,v 1.3 2002/06/08 05:07:09 markus Exp $"); #include @@ -60,8 +60,12 @@ valid_request(struct passwd *pw, char *host, Key **ret, u_char *data, buffer_init(&b); buffer_append(&b, data, datalen); - /* session id */ - buffer_skip_string(&b); + /* session id, currently limited to SHA1 (20 bytes) */ + p = buffer_get_string(&b, &len); + if (len != 20) + fail++; + xfree(p); + if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) fail++; -- cgit v1.2.3