- grunk@cvs.openbsd.org 2008/06/12 00:13:55

     [sshconnect.c]
     Make ssh print the random art also when ssh'ing to a host using IP only.
     spotted by naddy@, ok and help djm@ dtucker@

diff --git a/ChangeLog b/ChangeLog
index 6bc7b35b2ac5c9778557502b00118dcedce4df9d..56d3faa717fe25350c20f9e45c6a9fdf576a4cbe 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -47,6 +47,23 @@
      will cause trouble in some cases.
      Also do a computation of -1 once, and not in a loop several times.
      spotted by otto@
+   - dtucker@cvs.openbsd.org 2008/06/12 00:03:49
+     [dns.c canohost.c sshconnect.c]
+     Do not pass "0" strings as ports to getaddrinfo because the lookups
+     can slow things down and we never use the service info anyway. bz
+     #859, patch from YOSHIFUJI Hideaki and John Devitofranceschi.  ok
+     deraadt@ djm@
+     djm belives that the reason for the "0" strings is to ensure that
+     it's not possible to call getaddrinfo with both host and port being
+     NULL.  In the case of canohost.c host is a local array.  In the
+     case of sshconnect.c, it's checked for null immediately before use.
+     In dns.c it ultimately comes from ssh.c:main() and is guaranteed to
+     be non-null but it's not obvious, so I added a warning message in
+     case it is ever passed a null.
+   - grunk@cvs.openbsd.org 2008/06/12 00:13:55
+     [sshconnect.c]
+     Make ssh print the random art also when ssh'ing to a host using IP only.
+     spotted by naddy@, ok and help djm@ dtucker@
 
 20080611
  - (djm) [channels.c configure.ac]

diff --git a/sshconnect.c b/sshconnect.c
index 0a4bf36b66168fb7720cc73dd3aedcc69beb1801..7602da3406b3b8e05fe7c5342c902235b6883d6d 100644 (file)
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.205 2008/06/12 00:03:49 dtucker Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.206 2008/06/12 00:13:55 grunk Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -611,6 +611,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
        char msg[1024];
        int len, host_line, ip_line;
        const char *host_file = NULL, *ip_file = NULL;
+       int display_randomart;
 
        /*
         * Force accepting of the host key for loopback/localhost. The
@@ -656,6 +657,13 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
        } else {
                ip = xstrdup("<no hostip for proxy command>");
        }
+
+       /*
+        * check_host_ip may be set to zero in the next step, so if it
+        * conveys a request to display the random art, save it away.
+        */
+       display_randomart = (options.check_host_ip == SSHCTL_CHECKHOSTIP_FPR);
+
        /*
         * Turn off check_host_ip if the connection is to localhost, via proxy
         * command or if we don't have a hostname to compare with
@@ -740,7 +748,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
                                logit("Warning: Permanently added the %s host "
                                    "key for IP address '%.128s' to the list "
                                    "of known hosts.", type, ip);
-               } else if (options.check_host_ip == SSHCTL_CHECKHOSTIP_FPR) {
+               } else if (display_randomart) {
                        fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
                        ra = key_fingerprint(host_key, SSH_FP_MD5,
                            SSH_FP_RANDOMART);