tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-07-26 07:15:36 +02:00
Code Issues Packages Projects Releases Wiki Activity

- markus@cvs.openbsd.org 2002/02/04 11:58:10

Browse Source 
[auth2.c]
     cross checking of announced vs actual pktype in pubkey/hostbaed auth; ok stevesk@
This commit is contained in:
Damien Miller 2002-02-05 12:26:03 +11:00
parent 4d4d53f399
commit 9b74bfc5be
2 changed files with 86 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -81,6 +81,10 @@
- stevesk@cvs.openbsd.org 2002/02/04 00:53:39 - stevesk@cvs.openbsd.org 2002/02/04 00:53:39
[ssh-agent.c] [ssh-agent.c]
unneeded includes unneeded includes
- markus@cvs.openbsd.org 2002/02/04 11:58:10
[auth2.c]
cross checking of announced vs actual pktype in pubkey/hostbaed auth;
ok stevesk@
20020130 20020130
- (djm) Delay PRNG seeding until we need it in ssh-keygen, from markus@ - (djm) Delay PRNG seeding until we need it in ssh-keygen, from markus@
@ -7483,4 +7487,4 @@
- Wrote replacements for strlcpy and mkdtemp - Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1 - Released 1.0pre1
$Id: ChangeLog,v 1.1821 2002/02/05 01:25:28 djm Exp $ $Id: ChangeLog,v 1.1822 2002/02/05 01:26:03 djm Exp $

39
auth2.c
View File

@ -23,7 +23,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: auth2.c,v 1.83 2002/01/29 14:32:03 markus Exp $"); RCSID("$OpenBSD: auth2.c,v 1.84 2002/02/04 11:58:10 markus Exp $");
#include <openssl/evp.h> #include <openssl/evp.h>
@ -397,7 +397,7 @@ static int
userauth_pubkey(Authctxt *authctxt) userauth_pubkey(Authctxt *authctxt)
{ {
Buffer b; Buffer b;
Key *key; Key *key = NULL;
char *pkalg, *pkblob, *sig; char *pkalg, *pkblob, *sig;
u_int alen, blen, slen; u_int alen, blen, slen;
int have_sig, pktype; int have_sig, pktype;
@ -424,13 +424,20 @@ userauth_pubkey(Authctxt *authctxt)
pktype = key_type_from_name(pkalg); pktype = key_type_from_name(pkalg);
if (pktype == KEY_UNSPEC) { if (pktype == KEY_UNSPEC) {
/* this is perfectly legal */ /* this is perfectly legal */
log("userauth_pubkey: unsupported public key algorithm: %s", pkalg); log("userauth_pubkey: unsupported public key algorithm: %s",
xfree(pkalg); pkalg);
xfree(pkblob); goto done;
return 0;
} }
key = key_from_blob(pkblob, blen); key = key_from_blob(pkblob, blen);
if (key != NULL) { if (key == NULL) {
error("userauth_pubkey: cannot decode key: %s", pkalg);
goto done;
}
if (key->type != pktype) {
error("userauth_pubkey: type mismatch for decoded key "
"(received %d, expected %d)", key->type, pktype);
goto done;
}
if (have_sig) { if (have_sig) {
sig = packet_get_string(&slen); sig = packet_get_string(&slen);
packet_check_eom(); packet_check_eom();
@ -487,9 +494,10 @@ userauth_pubkey(Authctxt *authctxt)
} }
if (authenticated != 1) if (authenticated != 1)
auth_clear_options(); auth_clear_options();
key_free(key); done:
}
debug2("userauth_pubkey: authenticated %d pkalg %s", authenticated, pkalg); debug2("userauth_pubkey: authenticated %d pkalg %s", authenticated, pkalg);
if (key != NULL)
key_free(key);
xfree(pkalg); xfree(pkalg);
xfree(pkblob); xfree(pkblob);
#ifdef HAVE_CYGWIN #ifdef HAVE_CYGWIN
@ -503,7 +511,7 @@ static int
userauth_hostbased(Authctxt *authctxt) userauth_hostbased(Authctxt *authctxt)
{ {
Buffer b; Buffer b;
Key *key; Key *key = NULL;
char *pkalg, *pkblob, *sig, *cuser, *chost, *service; char *pkalg, *pkblob, *sig, *cuser, *chost, *service;
u_int alen, blen, slen; u_int alen, blen, slen;
int pktype; int pktype;
@ -537,7 +545,12 @@ userauth_hostbased(Authctxt *authctxt)
} }
key = key_from_blob(pkblob, blen); key = key_from_blob(pkblob, blen);
if (key == NULL) { if (key == NULL) {
debug("userauth_hostbased: cannot decode key: %s", pkalg); error("userauth_hostbased: cannot decode key: %s", pkalg);
goto done;
}
if (key->type != pktype) {
error("userauth_hostbased: type mismatch for decoded key "
"(received %d, expected %d)", key->type, pktype);
goto done; goto done;
} }
service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" : service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" :
@ -562,10 +575,10 @@ userauth_hostbased(Authctxt *authctxt)
authenticated = 1; authenticated = 1;
buffer_clear(&b); buffer_clear(&b);
key_free(key);
done: done:
debug2("userauth_hostbased: authenticated %d", authenticated); debug2("userauth_hostbased: authenticated %d", authenticated);
if (key != NULL)
key_free(key);
xfree(pkalg); xfree(pkalg);
xfree(pkblob); xfree(pkblob);
xfree(cuser); xfree(cuser);