MFH (r261320): upgrade openssh to 6.5p1

MFH (r261340): enable sandboxing by default
author: des <des@FreeBSD.org> 2014-02-27 17:29:02 +0000
committer: des <des@FreeBSD.org> 2014-02-27 17:29:02 +0000
commit: 255d8413daf4c3747aeb37e6a71bf2771beed29d (patch)
tree: 28087af50eaf299f287c7fe4b7050c317771c89e /crypto/openssh/auth2-pubkey.c
parent: ea1005cca47f4d3aace134a0acd6809943e46acc (diff)
download: FreeBSD-src-255d8413daf4c3747aeb37e6a71bf2771beed29d.zip
FreeBSD-src-255d8413daf4c3747aeb37e6a71bf2771beed29d.tar.gz
1 files changed, 7 insertions, 1 deletions
diff --git a/crypto/openssh/auth2-pubkey.c b/crypto/openssh/auth2-pubkey.c
index 2b3ecb1..0fd27bb 100644
--- a/crypto/openssh/auth2-pubkey.c
+++ b/crypto/openssh/auth2-pubkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.38 2013/06/21 00:34:49 djm Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.39 2013/12/30 23:52:27 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -116,6 +116,12 @@ userauth_pubkey(Authctxt *authctxt)
 		    "(received %d, expected %d)", key->type, pktype);
 		goto done;
 	}
+	if (key_type_plain(key->type) == KEY_RSA &&
+	    (datafellows & SSH_BUG_RSASIGMD5) != 0) {
+		logit("Refusing RSA key because client uses unsafe "
+		    "signature scheme");
+		goto done;
+	}
 	if (have_sig) {
 		sig = packet_get_string(&slen);
 		packet_check_eom();
author	des <des@FreeBSD.org>	2014-02-27 17:29:02 +0000
committer	des <des@FreeBSD.org>	2014-02-27 17:29:02 +0000
commit	255d8413daf4c3747aeb37e6a71bf2771beed29d (patch)
tree	28087af50eaf299f287c7fe4b7050c317771c89e /crypto/openssh/auth2-pubkey.c
parent	ea1005cca47f4d3aace134a0acd6809943e46acc (diff)
download	FreeBSD-src-255d8413daf4c3747aeb37e6a71bf2771beed29d.zip FreeBSD-src-255d8413daf4c3747aeb37e6a71bf2771beed29d.tar.gz