From 0afa4059aa6138214602bf85cf0fc09fa6784882 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Wed, 15 Nov 2006 00:48:30 +0000 Subject: * Backport from 4.5p1: - Fix a bug in the sshd privilege separation monitor that weakened its verification of successful authentication. This bug is not known to be exploitable in the absence of additional vulnerabilities. --- monitor.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'monitor.c') diff --git a/monitor.c b/monitor.c index 821722025..867431ff1 100644 --- a/monitor.c +++ b/monitor.c @@ -339,7 +339,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) /* The first few requests do not require asynchronous access */ while (!authenticated) { - authenticated = monitor_read(pmonitor, mon_dispatch, &ent); + authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) == 1); if (authenticated) { if (!(ent->flags & MON_AUTHDECIDE)) fatal("%s: unexpected authentication from %d", @@ -1220,7 +1220,7 @@ mm_answer_keyverify(int sock, Buffer *m) verified = key_verify(key, signature, signaturelen, data, datalen); debug3("%s: key %p signature %s", - __func__, key, verified ? "verified" : "unverified"); + __func__, key, (verified == 1) ? "verified" : "unverified"); key_free(key); xfree(blob); @@ -1235,7 +1235,7 @@ mm_answer_keyverify(int sock, Buffer *m) buffer_put_int(m, verified); mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m); - return (verified); + return (verified == 1); } static void -- cgit v1.2.3