- djm@cvs.openbsd.org 2005/03/02 01:00:06

[sshconnect.c] fix addition of new hashed hostnames when CheckHostIP=yes; found and ok dtucker@
2005-03-02 12:06:51 +11:00 · 2005-03-02 12:06:51 +11:00 · 1227d4c93c
parent 265d309ebc
commit 1227d4c93c
2 changed files with 30 additions and 11 deletions
--- a/6
+++ b/6
@ -35,6 +35,10 @@
     spelling (occurance -> occurrence);
     use prompt before examples;
     grammar;
+   - djm@cvs.openbsd.org 2005/03/02 01:00:06
+     [sshconnect.c]
+     fix addition of new hashed hostnames when CheckHostIP=yes;
+     found and ok dtucker@

 20050301
 - (djm) OpenBSD CVS sync:
@ -2254,4 +2258,4 @@
   - (djm) Trim deprecated options from INSTALL. Mention UsePAM
   - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu

-$Id: ChangeLog,v 1.3684 2005/03/02 01:05:06 djm Exp $
+$Id: ChangeLog,v 1.3685 2005/03/02 01:06:51 djm Exp $
--- a/sshconnect.c
+++ b/sshconnect.c
@ -13,7 +13,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.160 2005/03/01 10:40:27 djm Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.161 2005/03/02 01:00:06 djm Exp $");

 #include <openssl/bn.h>

@ -554,7 +554,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
 	char hostline[1000], *hostp, *fp;
 	HostStatus host_status;
 	HostStatus ip_status;
-	int local = 0, host_ip_differ = 0;
+	int r, local = 0, host_ip_differ = 0;
 	int salen;
 	char ntop[NI_MAXHOST];
 	char msg[1024];
@ -734,18 +734,33 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
 			if (!confirm(msg))
 				goto fail;
 		}
-		if (options.check_host_ip && ip_status == HOST_NEW) {
-			snprintf(hostline, sizeof(hostline), "%s,%s", host, ip);
-			hostp = hostline;
-		} else
-			hostp = host;
-
 		/*
 		 * If not in strict mode, add the key automatically to the
 		 * local known_hosts file.
 		 */
-		if (!add_host_to_hostfile(user_hostfile, hostp, host_key,
-		    options.hash_known_hosts))
+		if (options.check_host_ip && ip_status == HOST_NEW) {
+			snprintf(hostline, sizeof(hostline), "%s,%s",
+			    host, ip);
+			hostp = hostline;
+			if (options.hash_known_hosts) {
+				/* Add hash of host and IP separately */
+				r = add_host_to_hostfile(user_hostfile, host,
+				    host_key, options.hash_known_hosts) &&
+				    add_host_to_hostfile(user_hostfile, ip,
+				    host_key, options.hash_known_hosts);
+			} else {
+				/* Add unhashed "host,ip" */
+				r = add_host_to_hostfile(user_hostfile,
+				    hostline, host_key,
+				    options.hash_known_hosts);
+			}
+		} else {
+			r = add_host_to_hostfile(user_hostfile, host, host_key,
+			    options.hash_known_hosts);
+			hostp = host;
+		}
+
+		if (!r)
 			logit("Failed to add the host to the list of known "
 			    "hosts (%.500s).", user_hostfile);
 		else