diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2006-11-07 23:16:08 +1100 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2006-11-07 23:16:08 +1100 |
| commit | fbba735aa315532e93a66754b1613c2acf2bde6d (patch) | |
| tree | f2077ff5cb311c507b211c6a21393b96a6c6bb2e | |
| parent | 0bc85579a9b5a106826169303dd2ee61c63c161e (diff) | |
- markus@cvs.openbsd.org 2006/11/07 10:31:31
[monitor.c version.h]
correctly check for bad signatures in the monitor, otherwise the monitor
and the unpriv process can get out of sync. with dtucker@, ok djm@,
dtucker@
| -rw-r--r-- | ChangeLog | 7 | ||||
| -rw-r--r-- | monitor.c | 8 | ||||
| -rw-r--r-- | version.h | 4 |
3 files changed, 12 insertions, 7 deletions
@@ -6,6 +6,11 @@ [auth-rsa.c kexgexc.c kexdhs.c key.c ssh-dss.c sshd.c kexgexs.c ssh-keygen.c bufbn.c moduli.c scard.c kexdhc.c sshconnect1.c dh.c rsa.c] add missing checks for openssl return codes; with & ok djm@ + - markus@cvs.openbsd.org 2006/11/07 10:31:31 + [monitor.c version.h] + correctly check for bad signatures in the monitor, otherwise the monitor + and the unpriv process can get out of sync. with dtucker@, ok djm@, + dtucker@ 20061105 - (djm) OpenBSD CVS Sync @@ -2597,4 +2602,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4585 2006/11/07 12:14:41 dtucker Exp $ +$Id: ChangeLog,v 1.4586 2006/11/07 12:16:08 dtucker Exp $ @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.88 2006/08/12 20:46:46 miod Exp $ */ +/* $OpenBSD: monitor.c,v 1.89 2006/11/07 10:31:31 markus Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Markus Friedl <markus@openbsd.org> @@ -350,7 +350,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) /* The first few requests do not require asynchronous access */ while (!authenticated) { auth_method = "unknown"; - authenticated = monitor_read(pmonitor, mon_dispatch, &ent); + authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) == 1); if (authenticated) { if (!(ent->flags & MON_AUTHDECIDE)) fatal("%s: unexpected authentication from %d", @@ -1217,7 +1217,7 @@ mm_answer_keyverify(int sock, Buffer *m) verified = key_verify(key, signature, signaturelen, data, datalen); debug3("%s: key %p signature %s", - __func__, key, verified ? "verified" : "unverified"); + __func__, key, (verified == 1) ? "verified" : "unverified"); key_free(key); xfree(blob); @@ -1232,7 +1232,7 @@ mm_answer_keyverify(int sock, Buffer *m) buffer_put_int(m, verified); mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m); - return (verified); + return (verified == 1); } static void @@ -1,6 +1,6 @@ -/* $OpenBSD: version.h,v 1.47 2006/08/30 00:14:37 djm Exp $ */ +/* $OpenBSD: version.h,v 1.48 2006/11/07 10:31:31 markus Exp $ */ -#define SSH_VERSION "OpenSSH_4.4" +#define SSH_VERSION "OpenSSH_4.5" #define SSH_PORTABLE "p1" #define SSH_RELEASE SSH_VERSION SSH_PORTABLE |