- djm@cvs.openbsd.org 2005/06/17 02:44:33

[openssh.git] / authfd.c

diff --git a/authfd.c b/authfd.c
index 9ce5b5ea8a933fda0020470368c8746a371addae..8976616b4ff67ed37a4d4da098ceaa4f10fc319f 100644 (file)
--- a/authfd.c
+++ b/authfd.c
@@ -35,7 +35,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: authfd.c,v 1.65 2005/05/24 17:32:43 avsm Exp $");
+RCSID("$OpenBSD: authfd.c,v 1.66 2005/06/17 02:44:32 djm Exp $");
 
 #include <openssl/evp.h>
 
@@ -114,8 +114,7 @@ ssh_get_authentication_socket(void)
 static int
 ssh_request_reply(AuthenticationConnection *auth, Buffer *request, Buffer *reply)
 {
-       int l;
-       u_int len;
+       u_int l, len;
        char buf[1024];
 
        /* Get the length of the message, and format it in the buffer. */
@@ -302,6 +301,7 @@ ssh_get_first_identity(AuthenticationConnection *auth, char **comment, int versi
 Key *
 ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int version)
 {
+       int keybits;
        u_int bits;
        u_char *blob;
        u_int blen;
@@ -322,7 +322,8 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio
                buffer_get_bignum(&auth->identities, key->rsa->e);
                buffer_get_bignum(&auth->identities, key->rsa->n);
                *comment = buffer_get_string(&auth->identities, NULL);
-               if (bits != BN_num_bits(key->rsa->n))
+               keybits = BN_num_bits(key->rsa->n);
+               if (keybits < 0 || bits != (u_int)keybits)
                        logit("Warning: identity keysize mismatch: actual %d, announced %u",
                            BN_num_bits(key->rsa->n), bits);
                break;