X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/95d5ebf79e02ba333429d41f9f91ce8530b56d6d..d6133f43beb88ce3fde59f036d3ff962ea40b76d:/ssh-keysign.c

diff --git a/ssh-keysign.c b/ssh-keysign.c
index 660294bc..7f1d25d8 100644
--- a/ssh-keysign.c
+++ b/ssh-keysign.c
@@ -22,7 +22,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keysign.c,v 1.2 2002/05/31 10:30:33 markus Exp $");
+RCSID("$OpenBSD: ssh-keysign.c,v 1.4 2002/06/19 00:27:55 deraadt Exp $");
 
 #include <openssl/evp.h>
 
@@ -59,9 +59,13 @@ valid_request(struct passwd *pw, char *host, Key **ret, u_char *data,
 
 	buffer_init(&b);
 	buffer_append(&b, data, datalen);
- 
-	/* session id */
-	buffer_skip_string(&b);
+
+	/* session id, currently limited to SHA1 (20 bytes) */
+	p = buffer_get_string(&b, &len);
+	if (len != 20)
+		fail++;
+	xfree(p);
+
 	if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
 		fail++;
 
@@ -100,9 +104,9 @@ valid_request(struct passwd *pw, char *host, Key **ret, u_char *data,
 	if (strlen(host) != len - 1)
 		fail++;
 	else if (p[len - 1] != '.')
-	      fail++;
+		fail++;
 	else if (strncasecmp(host, p, len - 1) != 0)
-	      fail++;
+		fail++;
 	xfree(p);
 
 	/* local user */
@@ -143,20 +147,20 @@ main(int argc, char **argv)
 	seteuid(getuid());
 	setuid(getuid());
 
-        init_rng();
-        seed_rng();
-        arc4random_stir();
+	init_rng();
+	seed_rng();
+	arc4random_stir();
 
 #ifdef DEBUG_SSH_KEYSIGN
 	log_init("ssh-keysign", SYSLOG_LEVEL_DEBUG3, SYSLOG_FACILITY_AUTH, 0);
-#endif  
+#endif
 
 	if (key_fd[0] == -1 && key_fd[1] == -1)
 		fatal("could not open any host key");
 
 	if ((pw = getpwuid(getuid())) == NULL)
 		fatal("getpwuid failed");
-	pw = pwcopy(pw); 
+	pw = pwcopy(pw);
 
 	SSLeay_add_all_algorithms();
 
@@ -184,7 +188,7 @@ main(int argc, char **argv)
 		fatal("bad fd");
 	if ((host = get_local_name(fd)) == NULL)
 		fatal("cannot get sockname for fd");
-	
+
 	data = buffer_get_string(&b, &dlen);
 	if (valid_request(pw, host, &key, data, dlen) < 0)
 		fatal("not a valid request");
@@ -204,7 +208,7 @@ main(int argc, char **argv)
 
 	if (key_sign(keys[i], &signature, &slen, data, dlen) != 0)
 		fatal("key_sign failed");
-	
+
 	/* send reply */
 	buffer_clear(&b);
 	buffer_put_string(&b, signature, slen);