From 28b5d376bb9dcf3cab3833d79729e81d43e3d286 Mon Sep 17 00:00:00 2001 From: djm Date: Sat, 14 Feb 2009 05:33:31 +0000 Subject: [PATCH] - djm@cvs.openbsd.org 2009/02/12 03:26:22 [monitor.c] some paranoia: check that the serialised key is really KEY_RSA before diddling its internals --- ChangeLog | 4 ++++ monitor.c | 6 ++++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 529e649f..02c83fd2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -14,6 +14,10 @@ [serverloop.c] tighten check for -R0:... forwarding: only allow dynamic allocation if want_reply is set in the packet + - djm@cvs.openbsd.org 2009/02/12 03:26:22 + [monitor.c] + some paranoia: check that the serialised key is really KEY_RSA before + diddling its internals 20090212 - (djm) [sshpty.c] bz#1419: OSX uses cloning ptys that automagically diff --git a/monitor.c b/monitor.c index 39deedc8..f57e74ba 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.100 2008/11/04 08:22:13 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.101 2009/02/12 03:26:22 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -1500,7 +1500,9 @@ mm_answer_rsa_challenge(int sock, Buffer *m) fatal("%s: key type mismatch", __func__); if ((key = key_from_blob(blob, blen)) == NULL) fatal("%s: received bad key", __func__); - + if (key->type != KEY_RSA) + fatal("%s: received bad key type %d", __func__, key->type); + key->type = KEY_RSA1; if (ssh1_challenge) BN_clear_free(ssh1_challenge); ssh1_challenge = auth_rsa_generate_challenge(key); -- 2.45.2