RepoMirrors
/
openssh
mirror of git://anongit.mindrot.org/openssh.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

upstream commit 

refuse to a private keys when its corresponding .pub key
does not match. bz#2737 ok dtucker@

Upstream-ID: 54ff5e2db00037f9db8d61690f26ef8f16e0d913
This commit is contained in:
djm@openbsd.org 2017-08-11 04:47:12 +00:00 committed by Damien Miller
parent 4b3ecbb663
commit c4972d0a9b
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
sshconnect2.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshconnect2.c,v 1.264 2017/06/14 00:31:38 dtucker Exp $ */
/* $OpenBSD: sshconnect2.c,v 1.265 2017/08/11 04:47:12 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Damien Miller. All rights reserved.
@ -1037,6 +1037,11 @@ identity_sign(struct identity *id, u_char **sigp, size_t *lenp,
/* load the private key from the file */
if ((prv = load_identity_file(id)) == NULL)
return SSH_ERR_KEY_NOT_FOUND;
if (id->key != NULL && !sshkey_equal_public(prv, id->key)) {
error("%s: private key %s contents do not match public",
__func__, id->filename);
return SSH_ERR_KEY_NOT_FOUND;
}
ret = sshkey_sign(prv, sigp, lenp, data, datalen,
key_sign_encode(prv), compat);
sshkey_free(prv);