[openssh-commits] [openssh] 04/06: upstream commit
git+noreply at mindrot.org
git+noreply at mindrot.org
Sat Aug 12 16:47:37 AEST 2017
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit c4972d0a9bd6f898462906b4827e09b7caea2d9b
Author: djm at openbsd.org <djm at openbsd.org>
Date: Fri Aug 11 04:47:12 2017 +0000
upstream commit
refuse to a private keys when its corresponding .pub key
does not match. bz#2737 ok dtucker@
Upstream-ID: 54ff5e2db00037f9db8d61690f26ef8f16e0d913
---
sshconnect2.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/sshconnect2.c b/sshconnect2.c
index d2de5bc9..0638818f 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.264 2017/06/14 00:31:38 dtucker Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.265 2017/08/11 04:47:12 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Damien Miller. All rights reserved.
@@ -1037,6 +1037,11 @@ identity_sign(struct identity *id, u_char **sigp, size_t *lenp,
/* load the private key from the file */
if ((prv = load_identity_file(id)) == NULL)
return SSH_ERR_KEY_NOT_FOUND;
+ if (id->key != NULL && !sshkey_equal_public(prv, id->key)) {
+ error("%s: private key %s contents do not match public",
+ __func__, id->filename);
+ return SSH_ERR_KEY_NOT_FOUND;
+ }
ret = sshkey_sign(prv, sigp, lenp, data, datalen,
key_sign_encode(prv), compat);
sshkey_free(prv);
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list