- markus@cvs.openbsd.org 2002/06/08 05:07:09
[ssh-keysign.c]
only accept 20 byte session ids
diff --git a/ChangeLog b/ChangeLog
index 9e48cbb..d2250d3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,9 @@
- markus@cvs.openbsd.org 2002/06/08 05:07:56
[ssh.c]
nuke ptrace comment
+ - markus@cvs.openbsd.org 2002/06/08 05:07:09
+ [ssh-keysign.c]
+ only accept 20 byte session ids
20020607
- (bal) Removed --{enable/disable}-suid-ssh
@@ -834,4 +837,4 @@
- (stevesk) entropy.c: typo in debug message
- (djm) ssh-keygen -i needs seeded RNG; report from markus@
-$Id: ChangeLog,v 1.2189 2002/06/09 20:00:09 mouring Exp $
+$Id: ChangeLog,v 1.2190 2002/06/09 20:01:48 mouring Exp $
diff --git a/ssh-keysign.c b/ssh-keysign.c
index 78929b2..5209278 100644
--- a/ssh-keysign.c
+++ b/ssh-keysign.c
@@ -22,7 +22,7 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-keysign.c,v 1.2 2002/05/31 10:30:33 markus Exp $");
+RCSID("$OpenBSD: ssh-keysign.c,v 1.3 2002/06/08 05:07:09 markus Exp $");
#include <openssl/evp.h>
@@ -60,8 +60,12 @@
buffer_init(&b);
buffer_append(&b, data, datalen);
- /* session id */
- buffer_skip_string(&b);
+ /* session id, currently limited to SHA1 (20 bytes) */
+ p = buffer_get_string(&b, &len);
+ if (len != 20)
+ fail++;
+ xfree(p);
+
if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
fail++;