X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/ea067773e7c51e90cd791dc3946834dd804fa844..e45da4d6928b5f35b9add90897665eaec43ac108:/auth-rsa.c

diff --git a/auth-rsa.c b/auth-rsa.c
index 2060f839..d9c9652d 100644
--- a/auth-rsa.c
+++ b/auth-rsa.c
@@ -14,7 +14,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth-rsa.c,v 1.61 2004/12/06 11:41:03 dtucker Exp $");
+RCSID("$OpenBSD: auth-rsa.c,v 1.63 2005/06/17 02:44:32 djm Exp $");
 
 #include <openssl/rsa.h>
 #include <openssl/md5.h>
@@ -33,6 +33,7 @@ RCSID("$OpenBSD: auth-rsa.c,v 1.61 2004/12/06 11:41:03 dtucker Exp $");
 #include "hostfile.h"
 #include "monitor_wrap.h"
 #include "ssh.h"
+#include "misc.h"
 
 /* import */
 extern ServerOptions options;
@@ -204,6 +205,7 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
 	while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
 		char *cp;
 		char *key_options;
+		int keybits;
 
 		/* Skip leading whitespace, empty and comment lines. */
 		for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
@@ -242,7 +244,8 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
 			continue;
 
 		/* check the real bits  */
-		if (bits != BN_num_bits(key->rsa->n))
+		keybits = BN_num_bits(key->rsa->n);
+		if (keybits < 0 || bits != (u_int)keybits)
 			logit("Warning: %s, line %lu: keysize mismatch: "
 			    "actual %d vs. announced %d.",
 			    file, linenum, BN_num_bits(key->rsa->n), bits);