diff options
| author | Damien Miller <djm@mindrot.org> | 2001-11-12 01:02:03 +0100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2001-11-12 01:02:03 +0100 |
| commit | 91c1847733ea76286cb43e0c1dfe0a18f62e35a8 (patch) | |
| tree | 1f147f2fcee99a88439bf1563504d58855048119 | |
| parent | - markus@cvs.openbsd.org 2001/10/25 21:14:32 (diff) | |
| download | openssh-91c1847733ea76286cb43e0c1dfe0a18f62e35a8.tar.xz openssh-91c1847733ea76286cb43e0c1dfe0a18f62e35a8.zip | |
- markus@cvs.openbsd.org 2001/10/29 19:27:15
[sshconnect2.c]
hostbased: check for client hostkey before building chost
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | sshconnect2.c | 29 |
2 files changed, 19 insertions, 15 deletions
@@ -17,6 +17,9 @@ - markus@cvs.openbsd.org 2001/10/25 21:14:32 [ssh-keygen.1 ssh-keygen.c] better docu for fingerprinting, ok deraadt@ + - markus@cvs.openbsd.org 2001/10/29 19:27:15 + [sshconnect2.c] + hostbased: check for client hostkey before building chost 20011109 - (stevesk) auth-pam.c: use do_pam_authenticate(PAM_DISALLOW_NULL_AUTHTOK) @@ -6826,4 +6829,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.1639 2001/11/11 23:52:44 djm Exp $ +$Id: ChangeLog,v 1.1640 2001/11/12 00:02:03 djm Exp $ diff --git a/sshconnect2.c b/sshconnect2.c index 705aa4561..66dccf600 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.83 2001/10/06 11:18:19 markus Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.84 2001/10/29 19:27:15 markus Exp $"); #include <openssl/bn.h> #include <openssl/md5.h> @@ -836,16 +836,6 @@ userauth_hostbased(Authctxt *authctxt) u_int blen, slen; int ok, i, len, found = 0; - p = get_local_name(packet_get_connection_in()); - if (p == NULL) { - error("userauth_hostbased: cannot get local ipaddr/name"); - return 0; - } - len = strlen(p) + 2; - chost = xmalloc(len); - strlcpy(chost, p, len); - strlcat(chost, ".", len); - debug2("userauth_hostbased: chost %s", chost); /* check for a useful key */ for (i = 0; i < authctxt->nkeys; i++) { private = authctxt->keys[i]; @@ -857,14 +847,26 @@ userauth_hostbased(Authctxt *authctxt) } } if (!found) { - xfree(chost); + debug("userauth_hostbased: no more client hostkeys"); return 0; } if (key_to_blob(private, &blob, &blen) == 0) { key_free(private); - xfree(chost); return 0; } + /* figure out a name for the client host */ + p = get_local_name(packet_get_connection_in()); + if (p == NULL) { + error("userauth_hostbased: cannot get local ipaddr/name"); + key_free(private); + return 0; + } + len = strlen(p) + 2; + chost = xmalloc(len); + strlcpy(chost, p, len); + strlcat(chost, ".", len); + debug2("userauth_hostbased: chost %s", chost); + service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" : authctxt->service; pkalg = xstrdup(key_ssh_name(private)); @@ -882,7 +884,6 @@ userauth_hostbased(Authctxt *authctxt) #ifdef DEBUG_PK buffer_dump(&b); #endif - debug2("xxx: chost %s", chost); ok = key_sign(private, &signature, &slen, buffer_ptr(&b), buffer_len(&b)); key_free(private); buffer_free(&b); |