Fix a bug in the sshd privilege separation monitor that weakened its
verification of successful authenication. This bug is not known to be
exploitable in the absence of additional vulnerabilities.
--- openssh-4.3p2/monitor.c.verify 2006-11-10 10:40:37.000000000 +0100
+++ openssh-4.3p2/monitor.c 2006-11-10 10:42:32.000000000 +0100
@@ -330,7 +330,7 @@
/* The first few requests do not require asynchronous access */
while (!authenticated) {
auth_method = "unknown";
- authenticated = monitor_read(pmonitor, mon_dispatch, &ent);
+ authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) == 1);
if (authenticated) {
if (!(ent->flags & MON_AUTHDECIDE))
fatal("%s: unexpected authentication from %d",
@@ -1214,7 +1214,7 @@
verified = key_verify(key, signature, signaturelen, data, datalen);
debug3("%s: key %p signature %s",
- __func__, key, verified ? "verified" : "unverified");
+ __func__, key, (verified == 1) ? "verified" : "unverified");
key_free(key);
xfree(blob);
@@ -1229,7 +1229,7 @@
buffer_put_int(m, verified);
mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m);
- return (verified);
+ return (verified == 1);
}
static void
distrib
>
Scientific%20Linux
>
5x
>
x86_64
>
by-pkgid
>
8f2cd3b6c09ef7c3eecaade501aafeec
>
files
>
25
