[monitor.c version.h]
     correctly check for bad signatures in the monitor, otherwise the monitor
     and the unpriv process can get out of sync. with dtucker@, ok djm@,
     dtucker@
This commit is contained in:
Darren Tucker 2006-11-07 23:16:08 +11:00
parent 0bc85579a9
commit fbba735aa3
3 changed files with 12 additions and 7 deletions

View File

@ -6,6 +6,11 @@
[auth-rsa.c kexgexc.c kexdhs.c key.c ssh-dss.c sshd.c kexgexs.c [auth-rsa.c kexgexc.c kexdhs.c key.c ssh-dss.c sshd.c kexgexs.c
ssh-keygen.c bufbn.c moduli.c scard.c kexdhc.c sshconnect1.c dh.c rsa.c] ssh-keygen.c bufbn.c moduli.c scard.c kexdhc.c sshconnect1.c dh.c rsa.c]
add missing checks for openssl return codes; with & ok djm@ add missing checks for openssl return codes; with & ok djm@
- markus@cvs.openbsd.org 2006/11/07 10:31:31
[monitor.c version.h]
correctly check for bad signatures in the monitor, otherwise the monitor
and the unpriv process can get out of sync. with dtucker@, ok djm@,
dtucker@
20061105 20061105
- (djm) OpenBSD CVS Sync - (djm) OpenBSD CVS Sync
@ -2597,4 +2602,4 @@
OpenServer 6 and add osr5bigcrypt support so when someone migrates OpenServer 6 and add osr5bigcrypt support so when someone migrates
passwords between UnixWare and OpenServer they will still work. OK dtucker@ passwords between UnixWare and OpenServer they will still work. OK dtucker@
$Id: ChangeLog,v 1.4585 2006/11/07 12:14:41 dtucker Exp $ $Id: ChangeLog,v 1.4586 2006/11/07 12:16:08 dtucker Exp $

View File

@ -1,4 +1,4 @@
/* $OpenBSD: monitor.c,v 1.88 2006/08/12 20:46:46 miod Exp $ */ /* $OpenBSD: monitor.c,v 1.89 2006/11/07 10:31:31 markus Exp $ */
/* /*
* Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org> * Copyright 2002 Markus Friedl <markus@openbsd.org>
@ -350,7 +350,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
/* The first few requests do not require asynchronous access */ /* The first few requests do not require asynchronous access */
while (!authenticated) { while (!authenticated) {
auth_method = "unknown"; auth_method = "unknown";
authenticated = monitor_read(pmonitor, mon_dispatch, &ent); authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) == 1);
if (authenticated) { if (authenticated) {
if (!(ent->flags & MON_AUTHDECIDE)) if (!(ent->flags & MON_AUTHDECIDE))
fatal("%s: unexpected authentication from %d", fatal("%s: unexpected authentication from %d",
@ -1217,7 +1217,7 @@ mm_answer_keyverify(int sock, Buffer *m)
verified = key_verify(key, signature, signaturelen, data, datalen); verified = key_verify(key, signature, signaturelen, data, datalen);
debug3("%s: key %p signature %s", debug3("%s: key %p signature %s",
__func__, key, verified ? "verified" : "unverified"); __func__, key, (verified == 1) ? "verified" : "unverified");
key_free(key); key_free(key);
xfree(blob); xfree(blob);
@ -1232,7 +1232,7 @@ mm_answer_keyverify(int sock, Buffer *m)
buffer_put_int(m, verified); buffer_put_int(m, verified);
mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m); mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m);
return (verified); return (verified == 1);
} }
static void static void

View File

@ -1,6 +1,6 @@
/* $OpenBSD: version.h,v 1.47 2006/08/30 00:14:37 djm Exp $ */ /* $OpenBSD: version.h,v 1.48 2006/11/07 10:31:31 markus Exp $ */
#define SSH_VERSION "OpenSSH_4.4" #define SSH_VERSION "OpenSSH_4.5"
#define SSH_PORTABLE "p1" #define SSH_PORTABLE "p1"
#define SSH_RELEASE SSH_VERSION SSH_PORTABLE #define SSH_RELEASE SSH_VERSION SSH_PORTABLE