Call for testing: OpenSSH 7.7

Peter Moody mindrot at hda3.com
Sat Mar 24 10:20:29 AEDT 2018


On Fri, Mar 23, 2018 at 4:06 PM, Damien Miller <djm at mindrot.org> wrote:

> Looks like a false positive from the warning code I added recently.
>
> Please try this:
>
> diff --git a/sshconnect2.c b/sshconnect2.c
> index bf0b729..49eb205 100644
> --- a/sshconnect2.c
> +++ b/sshconnect2.c
> @@ -1006,6 +1006,8 @@ check_sigtype(const struct sshkey *key, const u_char *sig, size_t len)
>         char *sigtype = NULL;
>         const char *alg = key_sign_encode(key);
>
> +       if (sshkey_is_cert(key))
> +               return 0;
>         if ((r = sshkey_sigtype(sig, len, &sigtype)) != 0)
>                 return r;
>         if (strcmp(sigtype, alg) != 0) {

$ env SSH_AUTH_SOCK=/tmp/ssh.sock2 ./ssh-add -l
256 SHA256:byQi9IUy4F9Osg/977BQ/zyOHG2Yvlz0nSqpADvlZpQ (ED25519-CERT)

$ env SSH_AUTH_SOCK=/tmp/ssh.sock2 ./ssh host
pmoody at host:~$

looks good.

Thanks!


More information about the openssh-unix-dev mailing list