commit 9ab47eeb229761173ce5da5b4976d9ea9a7b75e4
author Damien Miller <djm@mindrot.org> Tue Feb 05 12:19:52 2002 +1100
committer Damien Miller <djm@mindrot.org> Tue Feb 05 12:19:52 2002 +1100
tree 4c6a56b641c77b2d728cf6dd2f77bc1058020efb
parent 07a2d429b2aafe273056f71ab150456fe3ff31ef

   - markus@cvs.openbsd.org 2002/01/31 13:35:11
     [kexdh.c kexgex.c]
     cross check announced key type and type from key blob

ChangeLog

diff --git a/ChangeLog b/ChangeLog
index 52d0eb7..4c68665 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -48,6 +48,9 @@
    - markus@cvs.openbsd.org 2002/01/29 23:50:37
      [scp.1 ssh.1]
      mention exit status; ok stevesk@
+   - markus@cvs.openbsd.org 2002/01/31 13:35:11
+     [kexdh.c kexgex.c]
+     cross check announced key type and type from key blob
 
 20020130
  - (djm) Delay PRNG seeding until we need it in ssh-keygen, from markus@
@@ -7450,4 +7453,4 @@
  - Wrote replacements for strlcpy and mkdtemp
  - Released 1.0pre1
 
-$Id: ChangeLog,v 1.1812 2002/02/05 01:16:15 djm Exp $
+$Id: ChangeLog,v 1.1813 2002/02/05 01:19:52 djm Exp $

kexdh.c

diff --git a/kexdh.c b/kexdh.c
index 60d13a8..f87d529 100644
--- a/kexdh.c
+++ b/kexdh.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: kexdh.c,v 1.13 2002/01/25 22:07:40 markus Exp $");
+RCSID("$OpenBSD: kexdh.c,v 1.14 2002/01/31 13:35:11 markus Exp $");
 
 #include <openssl/crypto.h>
 #include <openssl/bn.h>
@@ -121,7 +121,8 @@
 	server_host_key = key_from_blob(server_host_key_blob, sbloblen);
 	if (server_host_key == NULL)
 		fatal("cannot decode server_host_key_blob");
-
+	if (server_host_key->type != kex->hostkey_type)
+		fatal("type mismatch for decoded server_host_key_blob");
 	if (kex->verify_host_key == NULL)
 		fatal("cannot verify server_host_key");
 	if (kex->verify_host_key(server_host_key) == -1)

kexgex.c

diff --git a/kexgex.c b/kexgex.c
index b50a711..dc2fa67 100644
--- a/kexgex.c
+++ b/kexgex.c
@@ -24,7 +24,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: kexgex.c,v 1.16 2002/01/25 22:07:40 markus Exp $");
+RCSID("$OpenBSD: kexgex.c,v 1.17 2002/01/31 13:35:11 markus Exp $");
 
 #include <openssl/bn.h>
 
@@ -176,7 +176,8 @@
 	server_host_key = key_from_blob(server_host_key_blob, sbloblen);
 	if (server_host_key == NULL)
 		fatal("cannot decode server_host_key_blob");
-
+	if (server_host_key->type != kex->hostkey_type)
+		fatal("type mismatch for decoded server_host_key_blob");
 	if (kex->verify_host_key == NULL)
 		fatal("cannot verify server_host_key");
 	if (kex->verify_host_key(server_host_key) == -1)