[Bug 2803] New: User input for cont.connection w/ new key doesn't checks properly
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Sun Dec 3 11:44:22 AEDT 2017
https://bugzilla.mindrot.org/show_bug.cgi?id=2803
Bug ID: 2803
Summary: User input for cont.connection w/ new key doesn't
checks properly
Product: Portable OpenSSH
Version: 7.6p1
Hardware: All
OS: All
Status: NEW
Severity: minor
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: ntfs.hard at gmail.com
When you connecting to an unknown server you will get a message
"The authenticity of host ABC can't be established.
ECDSA key fingerprint is SHA256:XYZ.
Are you sure you want to continue connecting (yes/no)?"
If you type 'yesno' for example it will be treated as 'yes'
It looks like the issue in `sshconnect.c: static int confirm(const char
*prompt)` function. It checks only 2||3 symbols from user input:
strncasecmp(p, "no", 2)||strncasecmp(p, "yes", 3)
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list