- markus@cvs.openbsd.org 2003/10/11 08:26:43
[sshconnect2.c]
search keys in reverse order; fixes #684
diff --git a/ChangeLog b/ChangeLog
index dc58858..4eda171 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -16,6 +16,9 @@
remote x11 clients are now untrusted by default, uses xauth(8) to generate
untrusted cookies; ForwardX11Trusted=yes restores old behaviour.
ok deraadt; feedback and ok djm/fries
+ - markus@cvs.openbsd.org 2003/10/11 08:26:43
+ [sshconnect2.c]
+ search keys in reverse order; fixes #684
20031009
- (dtucker) [sshd_config.5] UsePAM defaults to "no". ok djm@
@@ -1333,4 +1336,4 @@
- Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
Report from murple@murple.net, diagnosis from dtucker@zip.com.au
-$Id: ChangeLog,v 1.3072 2003/10/15 05:54:32 dtucker Exp $
+$Id: ChangeLog,v 1.3073 2003/10/15 05:55:59 dtucker Exp $
diff --git a/sshconnect2.c b/sshconnect2.c
index 2ef4201..f38fdf9 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.126 2003/10/07 21:58:28 deraadt Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.127 2003/10/11 08:26:43 markus Exp $");
#include "openbsd-compat/sys-queue.h"
@@ -453,7 +453,12 @@
debug2("input_userauth_pk_ok: fp %s", fp);
xfree(fp);
- TAILQ_FOREACH(id, &authctxt->keys, next) {
+ /*
+ * search keys in the reverse order, because last candidate has been
+ * moved to the end of the queue. this also avoids confusion by
+ * duplicate keys
+ */
+ TAILQ_FOREACH_REVERSE(id, &authctxt->keys, next, idlist) {
if (key_equal(key, id->key)) {
sent = sign_and_send_pubkey(authctxt, id);
break;
@@ -1086,6 +1091,7 @@
while ((id = TAILQ_FIRST(&authctxt->keys))) {
if (id->tried++)
return (0);
+ /* move key to the end of the queue */
TAILQ_REMOVE(&authctxt->keys, id, next);
TAILQ_INSERT_TAIL(&authctxt->keys, id, next);
/*