summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/sshconnect2.c
diff options
context:
space:
mode:
authormarkus <markus@openbsd.org>2001-10-29 19:27:15 +0000
committermarkus <markus@openbsd.org>2001-10-29 19:27:15 +0000
commit0d4d284e611fedf9a85b4a143ba15f05dcdb6652 (patch)
tree1a1fc8ef39d44429c9639cb158b4ab650f4e41aa /usr.bin/ssh/sshconnect2.c
parenthandle pflogd_flags better; openbsd@davidkrause.com (diff)
downloadwireguard-openbsd-0d4d284e611fedf9a85b4a143ba15f05dcdb6652.tar.xz
wireguard-openbsd-0d4d284e611fedf9a85b4a143ba15f05dcdb6652.zip
hostbased: check for client hostkey before building chost
Diffstat (limited to 'usr.bin/ssh/sshconnect2.c')
-rw-r--r--usr.bin/ssh/sshconnect2.c29
1 files changed, 15 insertions, 14 deletions
diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c
index 705aa4561ae..66dccf600a7 100644
--- a/usr.bin/ssh/sshconnect2.c
+++ b/usr.bin/ssh/sshconnect2.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.83 2001/10/06 11:18:19 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.84 2001/10/29 19:27:15 markus Exp $");
#include <openssl/bn.h>
#include <openssl/md5.h>
@@ -836,16 +836,6 @@ userauth_hostbased(Authctxt *authctxt)
u_int blen, slen;
int ok, i, len, found = 0;
- p = get_local_name(packet_get_connection_in());
- if (p == NULL) {
- error("userauth_hostbased: cannot get local ipaddr/name");
- return 0;
- }
- len = strlen(p) + 2;
- chost = xmalloc(len);
- strlcpy(chost, p, len);
- strlcat(chost, ".", len);
- debug2("userauth_hostbased: chost %s", chost);
/* check for a useful key */
for (i = 0; i < authctxt->nkeys; i++) {
private = authctxt->keys[i];
@@ -857,14 +847,26 @@ userauth_hostbased(Authctxt *authctxt)
}
}
if (!found) {
- xfree(chost);
+ debug("userauth_hostbased: no more client hostkeys");
return 0;
}
if (key_to_blob(private, &blob, &blen) == 0) {
key_free(private);
- xfree(chost);
return 0;
}
+ /* figure out a name for the client host */
+ p = get_local_name(packet_get_connection_in());
+ if (p == NULL) {
+ error("userauth_hostbased: cannot get local ipaddr/name");
+ key_free(private);
+ return 0;
+ }
+ len = strlen(p) + 2;
+ chost = xmalloc(len);
+ strlcpy(chost, p, len);
+ strlcat(chost, ".", len);
+ debug2("userauth_hostbased: chost %s", chost);
+
service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" :
authctxt->service;
pkalg = xstrdup(key_ssh_name(private));
@@ -882,7 +884,6 @@ userauth_hostbased(Authctxt *authctxt)
#ifdef DEBUG_PK
buffer_dump(&b);
#endif
- debug2("xxx: chost %s", chost);
ok = key_sign(private, &signature, &slen, buffer_ptr(&b), buffer_len(&b));
key_free(private);
buffer_free(&b);
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.