[auth-rsa.c kexgexc.c kexdhs.c key.c ssh-dss.c sshd.c kexgexs.c
ssh-keygen.c bufbn.c moduli.c scard.c kexdhc.c sshconnect1.c dh.c rsa.c]
add missing checks for openssl return codes; with & ok djm@
+ - markus@cvs.openbsd.org 2006/11/07 10:31:31
+ [monitor.c version.h]
+ correctly check for bad signatures in the monitor, otherwise the monitor
+ and the unpriv process can get out of sync. with dtucker@, ok djm@,
+ dtucker@
20061105
- (djm) OpenBSD CVS Sync
-/* $OpenBSD: monitor.c,v 1.88 2006/08/12 20:46:46 miod Exp $ */
+/* $OpenBSD: monitor.c,v 1.89 2006/11/07 10:31:31 markus Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org>
/* The first few requests do not require asynchronous access */
while (!authenticated) {
auth_method = "unknown";
- authenticated = monitor_read(pmonitor, mon_dispatch, &ent);
+ authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) == 1);
if (authenticated) {
if (!(ent->flags & MON_AUTHDECIDE))
fatal("%s: unexpected authentication from %d",
verified = key_verify(key, signature, signaturelen, data, datalen);
debug3("%s: key %p signature %s",
- __func__, key, verified ? "verified" : "unverified");
+ __func__, key, (verified == 1) ? "verified" : "unverified");
key_free(key);
xfree(blob);
buffer_put_int(m, verified);
mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m);
- return (verified);
+ return (verified == 1);
}
static void
-/* $OpenBSD: version.h,v 1.47 2006/08/30 00:14:37 djm Exp $ */
+/* $OpenBSD: version.h,v 1.48 2006/11/07 10:31:31 markus Exp $ */
-#define SSH_VERSION "OpenSSH_4.4"
+#define SSH_VERSION "OpenSSH_4.5"
#define SSH_PORTABLE "p1"
#define SSH_RELEASE SSH_VERSION SSH_PORTABLE