- markus@cvs.openbsd.org 2003/10/11 08:26:43

     [sshconnect2.c]
     search keys in reverse order; fixes #684

2 files changed, 13 insertions, 3 deletions

diff --git a/ChangeLog b/ChangeLog
index e8ca4cac..d74b4707 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,8 @@
 20031015
+ - (dtucker) OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2003/10/11 08:26:43
+     [sshconnect2.c]
+     search keys in reverse order; fixes #684
  - (dtucker) [auth.c] Check for disabled password expiry on HP-UX Trusted Mode.
 
 20031009
@@ -1240,4 +1244,4 @@
  - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
    Report from murple@murple.net, diagnosis from dtucker@zip.com.au
 
-$Id: ChangeLog,v 1.2994.2.49 2003/10/15 07:47:43 dtucker Exp $
+$Id: ChangeLog,v 1.2994.2.50 2003/10/15 07:51:49 dtucker Exp $
diff --git a/sshconnect2.c b/sshconnect2.c
index 2ef4201c..f38fdf9a 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.126 2003/10/07 21:58:28 deraadt Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.127 2003/10/11 08:26:43 markus Exp $");
 
 #include "openbsd-compat/sys-queue.h"
 
@@ -453,7 +453,12 @@ input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt)
 	debug2("input_userauth_pk_ok: fp %s", fp);
 	xfree(fp);
 
-	TAILQ_FOREACH(id, &authctxt->keys, next) {
+	/*
+	 * search keys in the reverse order, because last candidate has been
+	 * moved to the end of the queue.  this also avoids confusion by
+	 * duplicate keys
+	 */
+	TAILQ_FOREACH_REVERSE(id, &authctxt->keys, next, idlist) {
 		if (key_equal(key, id->key)) {
 			sent = sign_and_send_pubkey(authctxt, id);
 			break;
@@ -1086,6 +1091,7 @@ userauth_pubkey(Authctxt *authctxt)
 	while ((id = TAILQ_FIRST(&authctxt->keys))) {
 		if (id->tried++)
 			return (0);
+		/* move key to the end of the queue */
 		TAILQ_REMOVE(&authctxt->keys, id, next);
 		TAILQ_INSERT_TAIL(&authctxt->keys, id, next);
 		/*