From c8669a8cd24952b3f16a44eac63d2b6ce8a6343a Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Thu, 25 Jul 2013 11:52:48 +1000
Subject: [PATCH]    - djm@cvs.openbsd.org 2013/07/20 22:20:42      [krl.c]    
  fix verification error in (as-yet usused) KRL signature checking path

---
 ChangeLog | 6 ++++++
 krl.c     | 4 ++--
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index dc2f73bd9..f6dcc0c0d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+20130725
+ - (djm) OpenBSD CVS Sync
+   - djm@cvs.openbsd.org 2013/07/20 22:20:42
+     [krl.c]
+     fix verification error in (as-yet usused) KRL signature checking path
+
 20130720
  - (djm) OpenBSD CVS Sync
    - markus@cvs.openbsd.org 2013/07/19 07:37:48
diff --git a/krl.c b/krl.c
index bd6d37804..b2d0354f2 100644
--- a/krl.c
+++ b/krl.c
@@ -14,7 +14,7 @@
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $OpenBSD: krl.c,v 1.12 2013/06/20 19:15:06 markus Exp $ */
+/* $OpenBSD: krl.c,v 1.13 2013/07/20 22:20:42 djm Exp $ */
 
 #include "includes.h"
 
@@ -973,7 +973,7 @@ ssh_krl_from_blob(Buffer *buf, struct ssh_krl **krlp,
 		}
 		/* Check signature over entire KRL up to this point */
 		if (key_verify(key, blob, blen,
-		    buffer_ptr(buf), buffer_len(buf) - sig_off) == -1) {
+		    buffer_ptr(buf), buffer_len(buf) - sig_off) != 1) {
 			error("bad signaure on KRL");
 			goto out;
 		}