summaryrefslogtreecommitdiff
path: root/auth2-pubkey.c
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2017-12-18 02:25:15 +0000
committerDamien Miller <djm@mindrot.org>2017-12-19 15:21:37 +1100
commit04c7e28f83062dc42f2380d1bb3a6bf0190852c0 (patch)
treebc2c59d39a33aba84e0576039474668ada2546d2 /auth2-pubkey.c
parent931c78dfd7fe30669681a59e536bbe66535f3ee9 (diff)
upstream commit
pass negotiated signing algorithm though to sshkey_verify() and check that the negotiated algorithm matches the type in the signature (only matters for RSA SHA1/SHA2 sigs). ok markus@ OpenBSD-Commit-ID: 735fb15bf4adc060d3bee9d047a4bcaaa81b1af9
Diffstat (limited to 'auth2-pubkey.c')
-rw-r--r--auth2-pubkey.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index 169839b0..0707b8ab 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.71 2017/09/07 23:48:09 djm Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.72 2017/12/18 02:25:15 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -198,7 +198,7 @@ userauth_pubkey(struct ssh *ssh)
authenticated = 0;
if (PRIVSEP(user_key_allowed(authctxt->pw, key, 1)) &&
PRIVSEP(sshkey_verify(key, sig, slen, sshbuf_ptr(b),
- sshbuf_len(b), ssh->compat)) == 0) {
+ sshbuf_len(b), pkalg, ssh->compat)) == 0) {
authenticated = 1;
}
sshbuf_free(b);