- djm@cvs.openbsd.org 2005/06/17 02:44:33

   [auth1.c] make this -Wsign-compare clean; ok avsm@ markus@

2 files changed, 7 insertions, 4 deletions

diff --git a/ChangeLog b/ChangeLog
index 76e88a03..d65980b4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,8 @@
    [auth1.c] split protocol 1 auth methods into separate functions, makes 
    authloop much more readable; fixes and ok markus@ (portable ok & 
    polish dtucker@)
+   - djm@cvs.openbsd.org 2005/06/17 02:44:33
+   [auth1.c] make this -Wsign-compare clean; ok avsm@ markus@
 
 20050617
  - (djm) OpenBSD CVS Sync
@@ -2745,4 +2747,4 @@
    - (djm) Trim deprecated options from INSTALL. Mention UsePAM
    - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
 
-$Id: ChangeLog,v 1.3825 2005/06/18 21:31:37 djm Exp $
+$Id: ChangeLog,v 1.3826 2005/06/18 21:36:10 djm Exp $
diff --git a/auth1.c b/auth1.c
index b7dfa987..0f6be820 100644
--- a/auth1.c
+++ b/auth1.c
@@ -10,7 +10,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth1.c,v 1.60 2005/05/20 12:57:01 djm Exp $");
+RCSID("$OpenBSD: auth1.c,v 1.61 2005/06/17 02:44:32 djm Exp $");
 
 #include "xmalloc.h"
 #include "rsa.h"
@@ -140,7 +140,7 @@ auth1_process_rsa(Authctxt *authctxt, char *info, size_t infolen)
 static int
 auth1_process_rhosts_rsa(Authctxt *authctxt, char *info, size_t infolen)
 {
-	int authenticated = 0;
+	int keybits, authenticated = 0;
 	u_int bits;
 	Key *client_host_key;
 	u_int ulen;
@@ -158,7 +158,8 @@ auth1_process_rhosts_rsa(Authctxt *authctxt, char *info, size_t infolen)
 	packet_get_bignum(client_host_key->rsa->e);
 	packet_get_bignum(client_host_key->rsa->n);
 
-	if (bits != BN_num_bits(client_host_key->rsa->n)) {
+	keybits = BN_num_bits(client_host_key->rsa->n);
+	if (keybits < 0 || bits != (u_int)keybits) {
 		verbose("Warning: keysize mismatch for client_host_key: "
 		    "actual %d, announced %d",
 		    BN_num_bits(client_host_key->rsa->n), bits);