diff options
author | Markus Friedl <markus@cvs.openbsd.org> | 2001-10-29 19:27:16 +0000 |
---|---|---|
committer | Markus Friedl <markus@cvs.openbsd.org> | 2001-10-29 19:27:16 +0000 |
commit | d121914081ca7460cfd767059d4bbbc2cad75de6 (patch) | |
tree | 432d256f906f42808f6f96d3346bf6cd46c904ec | |
parent | de9aadfff9f8172075e398005fca8da68ff12dc5 (diff) |
hostbased: check for client hostkey before building chost
-rw-r--r-- | usr.bin/ssh/sshconnect2.c | 29 |
1 files changed, 15 insertions, 14 deletions
diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c index 705aa4561ae..66dccf600a7 100644 --- a/usr.bin/ssh/sshconnect2.c +++ b/usr.bin/ssh/sshconnect2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.83 2001/10/06 11:18:19 markus Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.84 2001/10/29 19:27:15 markus Exp $"); #include <openssl/bn.h> #include <openssl/md5.h> @@ -836,16 +836,6 @@ userauth_hostbased(Authctxt *authctxt) u_int blen, slen; int ok, i, len, found = 0; - p = get_local_name(packet_get_connection_in()); - if (p == NULL) { - error("userauth_hostbased: cannot get local ipaddr/name"); - return 0; - } - len = strlen(p) + 2; - chost = xmalloc(len); - strlcpy(chost, p, len); - strlcat(chost, ".", len); - debug2("userauth_hostbased: chost %s", chost); /* check for a useful key */ for (i = 0; i < authctxt->nkeys; i++) { private = authctxt->keys[i]; @@ -857,14 +847,26 @@ userauth_hostbased(Authctxt *authctxt) } } if (!found) { - xfree(chost); + debug("userauth_hostbased: no more client hostkeys"); return 0; } if (key_to_blob(private, &blob, &blen) == 0) { key_free(private); - xfree(chost); return 0; } + /* figure out a name for the client host */ + p = get_local_name(packet_get_connection_in()); + if (p == NULL) { + error("userauth_hostbased: cannot get local ipaddr/name"); + key_free(private); + return 0; + } + len = strlen(p) + 2; + chost = xmalloc(len); + strlcpy(chost, p, len); + strlcat(chost, ".", len); + debug2("userauth_hostbased: chost %s", chost); + service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" : authctxt->service; pkalg = xstrdup(key_ssh_name(private)); @@ -882,7 +884,6 @@ userauth_hostbased(Authctxt *authctxt) #ifdef DEBUG_PK buffer_dump(&b); #endif - debug2("xxx: chost %s", chost); ok = key_sign(private, &signature, &slen, buffer_ptr(&b), buffer_len(&b)); key_free(private); buffer_free(&b); |