diff options
author | des <des@FreeBSD.org> | 2014-02-27 17:29:02 +0000 |
---|---|---|
committer | des <des@FreeBSD.org> | 2014-02-27 17:29:02 +0000 |
commit | 255d8413daf4c3747aeb37e6a71bf2771beed29d (patch) | |
tree | 28087af50eaf299f287c7fe4b7050c317771c89e /crypto/openssh/auth2-pubkey.c | |
parent | ea1005cca47f4d3aace134a0acd6809943e46acc (diff) | |
download | FreeBSD-src-255d8413daf4c3747aeb37e6a71bf2771beed29d.zip FreeBSD-src-255d8413daf4c3747aeb37e6a71bf2771beed29d.tar.gz |
MFH (r261320): upgrade openssh to 6.5p1
MFH (r261340): enable sandboxing by default
Diffstat (limited to 'crypto/openssh/auth2-pubkey.c')
-rw-r--r-- | crypto/openssh/auth2-pubkey.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/crypto/openssh/auth2-pubkey.c b/crypto/openssh/auth2-pubkey.c index 2b3ecb1..0fd27bb 100644 --- a/crypto/openssh/auth2-pubkey.c +++ b/crypto/openssh/auth2-pubkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-pubkey.c,v 1.38 2013/06/21 00:34:49 djm Exp $ */ +/* $OpenBSD: auth2-pubkey.c,v 1.39 2013/12/30 23:52:27 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -116,6 +116,12 @@ userauth_pubkey(Authctxt *authctxt) "(received %d, expected %d)", key->type, pktype); goto done; } + if (key_type_plain(key->type) == KEY_RSA && + (datafellows & SSH_BUG_RSASIGMD5) != 0) { + logit("Refusing RSA key because client uses unsafe " + "signature scheme"); + goto done; + } if (have_sig) { sig = packet_get_string(&slen); packet_check_eom(); |