diff options
author | dtucker <dtucker> | 2006-11-07 12:16:08 +0000 |
---|---|---|
committer | dtucker <dtucker> | 2006-11-07 12:16:08 +0000 |
commit | 7f3408bccb9254d6fced1258b6297f5d98c60f94 (patch) | |
tree | 5396cd56792d669c66e27a35aa0b19de41258e29 | |
parent | c2d2a4ce614678bb0cb9195c6b8628782e749093 (diff) | |
download | openssh-7f3408bccb9254d6fced1258b6297f5d98c60f94.tar.gz |
- markus@cvs.openbsd.org 2006/11/07 10:31:31
[monitor.c version.h]
correctly check for bad signatures in the monitor, otherwise the monitor
and the unpriv process can get out of sync. with dtucker@, ok djm@,
dtucker@
-rw-r--r-- | ChangeLog | 7 | ||||
-rw-r--r-- | monitor.c | 8 | ||||
-rw-r--r-- | version.h | 4 |
3 files changed, 12 insertions, 7 deletions
@@ -6,6 +6,11 @@ [auth-rsa.c kexgexc.c kexdhs.c key.c ssh-dss.c sshd.c kexgexs.c ssh-keygen.c bufbn.c moduli.c scard.c kexdhc.c sshconnect1.c dh.c rsa.c] add missing checks for openssl return codes; with & ok djm@ + - markus@cvs.openbsd.org 2006/11/07 10:31:31 + [monitor.c version.h] + correctly check for bad signatures in the monitor, otherwise the monitor + and the unpriv process can get out of sync. with dtucker@, ok djm@, + dtucker@ 20061105 - (djm) OpenBSD CVS Sync @@ -2597,4 +2602,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4585 2006/11/07 12:14:41 dtucker Exp $ +$Id: ChangeLog,v 1.4586 2006/11/07 12:16:08 dtucker Exp $ @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.88 2006/08/12 20:46:46 miod Exp $ */ +/* $OpenBSD: monitor.c,v 1.89 2006/11/07 10:31:31 markus Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Markus Friedl <markus@openbsd.org> @@ -350,7 +350,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) /* The first few requests do not require asynchronous access */ while (!authenticated) { auth_method = "unknown"; - authenticated = monitor_read(pmonitor, mon_dispatch, &ent); + authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) == 1); if (authenticated) { if (!(ent->flags & MON_AUTHDECIDE)) fatal("%s: unexpected authentication from %d", @@ -1217,7 +1217,7 @@ mm_answer_keyverify(int sock, Buffer *m) verified = key_verify(key, signature, signaturelen, data, datalen); debug3("%s: key %p signature %s", - __func__, key, verified ? "verified" : "unverified"); + __func__, key, (verified == 1) ? "verified" : "unverified"); key_free(key); xfree(blob); @@ -1232,7 +1232,7 @@ mm_answer_keyverify(int sock, Buffer *m) buffer_put_int(m, verified); mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m); - return (verified); + return (verified == 1); } static void @@ -1,6 +1,6 @@ -/* $OpenBSD: version.h,v 1.47 2006/08/30 00:14:37 djm Exp $ */ +/* $OpenBSD: version.h,v 1.48 2006/11/07 10:31:31 markus Exp $ */ -#define SSH_VERSION "OpenSSH_4.4" +#define SSH_VERSION "OpenSSH_4.5" #define SSH_PORTABLE "p1" #define SSH_RELEASE SSH_VERSION SSH_PORTABLE |