upstream: Do not apply authorized_keys options when signature

verification fails. Prevents restrictive key options being incorrectly applied to subsequent keys in authorized_keys. bz3733, ok markus@ OpenBSD-Commit-ID: ba3776d9da4642443c19dbc015a1333622eb5a4e
author: djm@openbsd.org <djm@openbsd.org> 2024-09-15 02:41:18 +0200
committer: Damien Miller <djm@mindrot.org> 2024-09-15 03:23:07 +0200
commit: 62bbf8f825cc390ecb0523752ddac1435006f206 (patch)
tree: ced3982b69047bf6fd3c991fadf81a3875fdcdf4
parent: Fix without_openssl always being set to 1 (diff)
download: openssh-62bbf8f825cc390ecb0523752ddac1435006f206.tar.xz
openssh-62bbf8f825cc390ecb0523752ddac1435006f206.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/monitor.c b/monitor.c
index f4a835eee..4e68c4f80 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.242 2024/09/09 02:39:57 djm Exp $ */
+/* $OpenBSD: monitor.c,v 1.243 2024/09/15 00:41:18 djm Exp $ */
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -1496,7 +1496,7 @@ mm_answer_keyverify(struct ssh *ssh, int sock, struct sshbuf *m)
 	}
 	auth2_record_key(authctxt, ret == 0, key);
 
-	if (key_blobtype == MM_USERKEY)
+	if (key_blobtype == MM_USERKEY && ret == 0)
 		auth_activate_options(ssh, key_opts);
 	monitor_reset_key_state();
author	djm@openbsd.org <djm@openbsd.org>	2024-09-15 02:41:18 +0200
committer	Damien Miller <djm@mindrot.org>	2024-09-15 03:23:07 +0200
commit	62bbf8f825cc390ecb0523752ddac1435006f206 (patch)
tree	ced3982b69047bf6fd3c991fadf81a3875fdcdf4
parent	Fix without_openssl always being set to 1 (diff)
download	openssh-62bbf8f825cc390ecb0523752ddac1435006f206.tar.xz openssh-62bbf8f825cc390ecb0523752ddac1435006f206.zip