[openssh-commits] [openssh] 01/08: upstream: Do not apply authorized_keys options when signature
git+noreply at mindrot.org
git+noreply at mindrot.org
Sun Sep 15 11:23:17 AEST 2024
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit 62bbf8f825cc390ecb0523752ddac1435006f206
Author: djm at openbsd.org <djm at openbsd.org>
AuthorDate: Sun Sep 15 00:41:18 2024 +0000
upstream: Do not apply authorized_keys options when signature
verification fails. Prevents restrictive key options being incorrectly
applied to subsequent keys in authorized_keys. bz3733, ok markus@
OpenBSD-Commit-ID: ba3776d9da4642443c19dbc015a1333622eb5a4e
---
monitor.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/monitor.c b/monitor.c
index f4a835ee..4e68c4f8 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.242 2024/09/09 02:39:57 djm Exp $ */
+/* $OpenBSD: monitor.c,v 1.243 2024/09/15 00:41:18 djm Exp $ */
/*
* Copyright 2002 Niels Provos <provos at citi.umich.edu>
* Copyright 2002 Markus Friedl <markus at openbsd.org>
@@ -1496,7 +1496,7 @@ mm_answer_keyverify(struct ssh *ssh, int sock, struct sshbuf *m)
}
auth2_record_key(authctxt, ret == 0, key);
- if (key_blobtype == MM_USERKEY)
+ if (key_blobtype == MM_USERKEY && ret == 0)
auth_activate_options(ssh, key_opts);
monitor_reset_key_state();
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list