- markus@cvs.openbsd.org 2002/06/08 05:07:09

     [ssh-keysign.c]
     only accept 20 byte session ids

diff --git a/ChangeLog b/ChangeLog
index dea745c4028b122c253cab8854e4a119a9eafd08..a46aa82457d71e9c66e381b8e5f399e1bdd2199d 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,9 @@
    - markus@cvs.openbsd.org 2002/06/08 05:07:56
      [ssh.c]
      nuke ptrace comment
+   - markus@cvs.openbsd.org 2002/06/08 05:07:09
+     [ssh-keysign.c]
+     only accept 20 byte session ids
 
 20020607
  - (bal) Removed --{enable/disable}-suid-ssh

diff --git a/ssh-keysign.c b/ssh-keysign.c
index 78929b2e0a4051b6de68e90583420da9205b3574..520927829130306eaad21f996da7d182b6b86036 100644 (file)
--- a/ssh-keysign.c
+++ b/ssh-keysign.c
@@ -22,7 +22,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keysign.c,v 1.2 2002/05/31 10:30:33 markus Exp $");
+RCSID("$OpenBSD: ssh-keysign.c,v 1.3 2002/06/08 05:07:09 markus Exp $");
 
 #include <openssl/evp.h>
 
@@ -60,8 +60,12 @@ valid_request(struct passwd *pw, char *host, Key **ret, u_char *data,
        buffer_init(&b);
        buffer_append(&b, data, datalen);
  
-       /* session id */
-       buffer_skip_string(&b);
+       /* session id, currently limited to SHA1 (20 bytes) */
+       p = buffer_get_string(&b, &len);
+       if (len != 20)
+               fail++;
+       xfree(p);
+
        if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
                fail++;