- grunk@cvs.openbsd.org 2008/06/12 00:13:55

[sshconnect.c]
     Make ssh print the random art also when ssh'ing to a host using IP only.
     spotted by naddy@, ok and help djm@ dtucker@

ChangeLog

@@ -47,6 +47,23 @@
      will cause trouble in some cases.
      Also do a computation of -1 once, and not in a loop several times.
      spotted by otto@
+   - dtucker@cvs.openbsd.org 2008/06/12 00:03:49
+     [dns.c canohost.c sshconnect.c]
+     Do not pass "0" strings as ports to getaddrinfo because the lookups
+     can slow things down and we never use the service info anyway. bz
+     #859, patch from YOSHIFUJI Hideaki and John Devitofranceschi.  ok
+     deraadt@ djm@
+     djm belives that the reason for the "0" strings is to ensure that
+     it's not possible to call getaddrinfo with both host and port being
+     NULL.  In the case of canohost.c host is a local array.  In the
+     case of sshconnect.c, it's checked for null immediately before use.
+     In dns.c it ultimately comes from ssh.c:main() and is guaranteed to
+     be non-null but it's not obvious, so I added a warning message in
+     case it is ever passed a null.
+   - grunk@cvs.openbsd.org 2008/06/12 00:13:55
+     [sshconnect.c]
+     Make ssh print the random art also when ssh'ing to a host using IP only.
+     spotted by naddy@, ok and help djm@ dtucker@
 
 20080611
  - (djm) [channels.c configure.ac]
@@ -4209,4 +4226,4 @@
    OpenServer 6 and add osr5bigcrypt support so when someone migrates
    passwords between UnixWare and OpenServer they will still work. OK dtucker@
 
-$Id: ChangeLog,v 1.4974 2008/06/12 18:45:50 dtucker Exp $
+$Id: ChangeLog,v 1.4975 2008/06/12 18:47:34 dtucker Exp $

sshconnect.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.205 2008/06/12 00:03:49 dtucker Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.206 2008/06/12 00:13:55 grunk Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -611,6 +611,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
 	char msg[1024];
 	int len, host_line, ip_line;
 	const char *host_file = NULL, *ip_file = NULL;
+	int display_randomart;
 
 	/*
 	 * Force accepting of the host key for loopback/localhost. The
@@ -656,6 +657,13 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
 	} else {
 		ip = xstrdup("<no hostip for proxy command>");
 	}
+
+	/*
+	 * check_host_ip may be set to zero in the next step, so if it
+	 * conveys a request to display the random art, save it away.
+	 */
+	display_randomart = (options.check_host_ip == SSHCTL_CHECKHOSTIP_FPR);
+
 	/*
 	 * Turn off check_host_ip if the connection is to localhost, via proxy
 	 * command or if we don't have a hostname to compare with
@@ -740,7 +748,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
 				logit("Warning: Permanently added the %s host "
 				    "key for IP address '%.128s' to the list "
 				    "of known hosts.", type, ip);
-		} else if (options.check_host_ip == SSHCTL_CHECKHOSTIP_FPR) {
+		} else if (display_randomart) {
 			fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
 			ra = key_fingerprint(host_key, SSH_FP_MD5,
 			    SSH_FP_RANDOMART);