shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-11 10:40:27 +09:00
Code Issues Packages Projects Releases Wiki Activity

packet_cb: Properly verify the signature type

Browse Source 
Issue reported by Tilo Eckert <tilo.eckert@flam.de>

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit bc91fa98ea)
This commit is contained in:
Jakub Jelen
2018-11-22 10:45:20 +01:00
committed by Andreas Schneider
parent c3a57fe2dc
commit 1df272c3cc
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/packet_cb.c
View File

@@ -194,15 +194,15 @@ SSH_PACKET_CALLBACK(ssh_packet_newkeys){
goto error; goto error;
} }
/* check if public key from server matches user preferences */ /* Check if signature from server matches user preferences */
if (session->opts.wanted_methods[SSH_HOSTKEYS]) { if (session->opts.wanted_methods[SSH_HOSTKEYS]) {
if (!ssh_match_group(session->opts.wanted_methods[SSH_HOSTKEYS], if (!ssh_match_group(session->opts.wanted_methods[SSH_HOSTKEYS],
server_key->type_c)) { sig->type_c)) {
ssh_set_error(session, ssh_set_error(session,
SSH_FATAL, SSH_FATAL,
"Public key from server (%s) doesn't match user " "Public key from server (%s) doesn't match user "
"preference (%s)", "preference (%s)",
server_key->type_c, sig->type_c,
session->opts.wanted_methods[SSH_HOSTKEYS]); session->opts.wanted_methods[SSH_HOSTKEYS]);
goto error; goto error;
} }