From fbba735aa315532e93a66754b1613c2acf2bde6d Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@zip.com.au>
Date: Tue, 7 Nov 2006 23:16:08 +1100
Subject:    - markus@cvs.openbsd.org 2006/11/07 10:31:31      [monitor.c
 version.h]      correctly check for bad signatures in the monitor, otherwise
 the monitor      and the unpriv process can get out of sync. with dtucker@,
 ok djm@,      dtucker@

---
 ChangeLog | 7 ++++++-
 monitor.c | 8 ++++----
 version.h | 4 ++--
 3 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 8af3cf90..075ba535 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,11 @@
      [auth-rsa.c kexgexc.c kexdhs.c key.c ssh-dss.c sshd.c kexgexs.c
      ssh-keygen.c bufbn.c moduli.c scard.c kexdhc.c sshconnect1.c dh.c rsa.c]
      add missing checks for openssl return codes; with & ok djm@
+   - markus@cvs.openbsd.org 2006/11/07 10:31:31
+     [monitor.c version.h]
+     correctly check for bad signatures in the monitor, otherwise the monitor
+     and the unpriv process can get out of sync. with dtucker@, ok djm@,
+     dtucker@
 
 20061105
  - (djm) OpenBSD CVS Sync
@@ -2597,4 +2602,4 @@
    OpenServer 6 and add osr5bigcrypt support so when someone migrates
    passwords between UnixWare and OpenServer they will still work. OK dtucker@
 
-$Id: ChangeLog,v 1.4585 2006/11/07 12:14:41 dtucker Exp $
+$Id: ChangeLog,v 1.4586 2006/11/07 12:16:08 dtucker Exp $
diff --git a/monitor.c b/monitor.c
index b20d0c72..48ae46cc 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.88 2006/08/12 20:46:46 miod Exp $ */
+/* $OpenBSD: monitor.c,v 1.89 2006/11/07 10:31:31 markus Exp $ */
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -350,7 +350,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
 	/* The first few requests do not require asynchronous access */
 	while (!authenticated) {
 		auth_method = "unknown";
-		authenticated = monitor_read(pmonitor, mon_dispatch, &ent);
+		authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) == 1);
 		if (authenticated) {
 			if (!(ent->flags & MON_AUTHDECIDE))
 				fatal("%s: unexpected authentication from %d",
@@ -1217,7 +1217,7 @@ mm_answer_keyverify(int sock, Buffer *m)
 
 	verified = key_verify(key, signature, signaturelen, data, datalen);
 	debug3("%s: key %p signature %s",
-	    __func__, key, verified ? "verified" : "unverified");
+	    __func__, key, (verified == 1) ? "verified" : "unverified");
 
 	key_free(key);
 	xfree(blob);
@@ -1232,7 +1232,7 @@ mm_answer_keyverify(int sock, Buffer *m)
 	buffer_put_int(m, verified);
 	mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m);
 
-	return (verified);
+	return (verified == 1);
 }
 
 static void
diff --git a/version.h b/version.h
index 363e510b..d16990a2 100644
--- a/version.h
+++ b/version.h
@@ -1,6 +1,6 @@
-/* $OpenBSD: version.h,v 1.47 2006/08/30 00:14:37 djm Exp $ */
+/* $OpenBSD: version.h,v 1.48 2006/11/07 10:31:31 markus Exp $ */
 
-#define SSH_VERSION	"OpenSSH_4.4"
+#define SSH_VERSION	"OpenSSH_4.5"
 
 #define SSH_PORTABLE	"p1"
 #define SSH_RELEASE	SSH_VERSION SSH_PORTABLE
-- 
cgit v1.2.3