Fix a bug in the sshd privilege separation monitor that weakened its verification of successful authenication. This bug is not known to be exploitable in the absence of additional vulnerabilities. --- openssh-4.3p2/monitor.c.verify 2006-11-10 10:40:37.000000000 +0100 +++ openssh-4.3p2/monitor.c 2006-11-10 10:42:32.000000000 +0100 @@ -330,7 +330,7 @@ /* The first few requests do not require asynchronous access */ while (!authenticated) { auth_method = "unknown"; - authenticated = monitor_read(pmonitor, mon_dispatch, &ent); + authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) == 1); if (authenticated) { if (!(ent->flags & MON_AUTHDECIDE)) fatal("%s: unexpected authentication from %d", @@ -1214,7 +1214,7 @@ verified = key_verify(key, signature, signaturelen, data, datalen); debug3("%s: key %p signature %s", - __func__, key, verified ? "verified" : "unverified"); + __func__, key, (verified == 1) ? "verified" : "unverified"); key_free(key); xfree(blob); @@ -1229,7 +1229,7 @@ buffer_put_int(m, verified); mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m); - return (verified); + return (verified == 1); } static void