From 399dfbc499f54bccb81318cbe86acddcd4bdfeee Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Sun, 25 May 2008 19:57:41 +0000
Subject: Check for blacklists in /usr/share/ssh/ as well as /etc/ssh/ (see
 #481283).

---
 ssh-vulnkey.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

(limited to 'ssh-vulnkey.c')

diff --git a/ssh-vulnkey.c b/ssh-vulnkey.c
index 3c7985448..f78615478 100644
--- a/ssh-vulnkey.c
+++ b/ssh-vulnkey.c
@@ -90,26 +90,25 @@ do_key(const char *filename, u_long linenum,
     const Key *key, const char *comment)
 {
 	Key *public;
-	char *blacklist_file;
 	struct stat st;
+	int blacklist_status;
 	int ret = 1;
 
 	public = key_demote(key);
 	if (public->type == KEY_RSA1)
 		public->type = KEY_RSA;
 
-	blacklist_file = blacklist_filename(public);
-	if (stat(blacklist_file, &st) < 0)
+	blacklist_status = blacklisted_key(public);
+	if (blacklist_status == -1)
 		describe_key(filename, linenum,
 		    "Unknown (no blacklist information)", key, comment);
-	else if (blacklisted_key(public)) {
+	else if (blacklist_status == 1) {
 		describe_key(filename, linenum,
 		    "COMPROMISED", key, comment);
 		ret = 0;
 	} else
 		describe_key(filename, linenum,
 		    "Not blacklisted", key, comment);
-	xfree(blacklist_file);
 
 	key_free(public);
 
-- 
cgit v1.2.3