summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatt Johnston <matt@ucc.asn.au>2015-03-01 23:02:06 +0800
committerMatt Johnston <matt@ucc.asn.au>2015-03-01 23:02:06 +0800
commit922cc534fce553b2c1ed39c13d32046fd8703042 (patch)
tree80f2e53fc4f513e4a9a2ae83598150109c4d9dd9
parenta7f360f887d0c7aef387e324f3c4e8f4c94a3d78 (diff)
downloaddropbear-922cc534fce553b2c1ed39c13d32046fd8703042.tar.gz
Fix pubkey auth after change to reuse ses.readbuf as ses.payload
(4d7b4c5526c5)
-rw-r--r--session.h5
-rw-r--r--svr-authpubkey.c12
2 files changed, 15 insertions, 2 deletions
diff --git a/session.h b/session.h
index 0780d51..478de94 100644
--- a/session.h
+++ b/session.h
@@ -126,7 +126,10 @@ struct sshsession {
buffer with the packet to send. */
struct Queue writequeue; /* A queue of encrypted packets to send */
buffer *readbuf; /* From the wire, decrypted in-place */
- buffer *payload; /* Post-decompression, the actual SSH packet */
+ buffer *payload; /* Post-decompression, the actual SSH packet.
+ May have extra data at the beginning, will be
+ passed to packet processing functions positioned past
+ that, see payload_beginning */
unsigned int payload_beginning;
unsigned int transseq, recvseq; /* Sequence IDs */
diff --git a/svr-authpubkey.c b/svr-authpubkey.c
index 66fe5e5..e8af319 100644
--- a/svr-authpubkey.c
+++ b/svr-authpubkey.c
@@ -86,6 +86,7 @@ void svr_auth_pubkey() {
unsigned int algolen;
unsigned char* keyblob = NULL;
unsigned int keybloblen;
+ unsigned int sign_payload_length;
buffer * signbuf = NULL;
sign_key * key = NULL;
char* fp = NULL;
@@ -125,9 +126,18 @@ void svr_auth_pubkey() {
/* create the data which has been signed - this a string containing
* session_id, concatenated with the payload packet up to the signature */
+ assert(ses.payload_beginning <= ses.payload->pos);
+ sign_payload_length = ses.payload->pos - ses.payload_beginning;
signbuf = buf_new(ses.payload->pos + 4 + ses.session_id->len);
buf_putbufstring(signbuf, ses.session_id);
- buf_putbytes(signbuf, ses.payload->data, ses.payload->pos);
+
+ /* The entire contents of the payload prior. */
+ buf_setpos(ses.payload, ses.payload_beginning);
+ buf_putbytes(signbuf,
+ buf_getptr(ses.payload, sign_payload_length),
+ sign_payload_length);
+ buf_incrpos(ses.payload, sign_payload_length);
+
buf_setpos(signbuf, 0);
/* ... and finally verify the signature */