bug compat w/ ssh-2.0.13 x11, split out bugs

1 files changed, 18 insertions, 3 deletions

diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c
index 6ea804d0c17..99ffb2c478d 100644
--- a/usr.bin/ssh/sshconnect2.c
+++ b/usr.bin/ssh/sshconnect2.c
@@ -28,7 +28,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.9 2000/05/08 17:12:16 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.10 2000/05/08 17:42:25 markus Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
@@ -345,12 +345,14 @@ ssh2_try_pubkey(char *filename,
 	buffer_append(&b, session_id2, session_id2_len);
 	buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
 	buffer_put_cstring(&b, server_user);
-	buffer_put_cstring(&b, service);
+	buffer_put_cstring(&b,
+	    datafellows & SSH_BUG_PUBKEYAUTH ?
+	    "ssh-userauth" :
+	    service);
 	buffer_put_cstring(&b, "publickey");
 	buffer_put_char(&b, 1);
 	buffer_put_cstring(&b, KEX_DSS); 
 	buffer_put_string(&b, blob, bloblen);
-	xfree(blob);
 
 	/* generate signature */
 	dsa_sign(k, &signature, &slen, buffer_ptr(&b), buffer_len(&b));
@@ -358,6 +360,19 @@ ssh2_try_pubkey(char *filename,
 #ifdef DEBUG_DSS
 	buffer_dump(&b);
 #endif
+	if (datafellows & SSH_BUG_PUBKEYAUTH) {
+		/* e.g. ssh-2.0.13: data-to-be-signed != data-on-the-wire */
+		buffer_clear(&b);
+		buffer_append(&b, session_id2, session_id2_len);
+		buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
+		buffer_put_cstring(&b, server_user);
+		buffer_put_cstring(&b, service);
+		buffer_put_cstring(&b, "publickey");
+		buffer_put_char(&b, 1);
+		buffer_put_cstring(&b, KEX_DSS); 
+		buffer_put_string(&b, blob, bloblen);
+	}
+	xfree(blob);
 	/* append signature */
 	buffer_put_string(&b, signature, slen);
 	xfree(signature);