From owner-cvs-all Fri Jul 13 11:12:19 2001 Delivered-To: cvs-all@freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 6027037B406; Fri, 13 Jul 2001 11:12:14 -0700 (PDT) (envelope-from nectar@FreeBSD.org) Received: (from nectar@localhost) by freefall.freebsd.org (8.11.4/8.11.4) id f6DICEJ43638; Fri, 13 Jul 2001 11:12:14 -0700 (PDT) (envelope-from nectar) Message-Id: <200107131812.f6DICEJ43638@freefall.freebsd.org> From: Jacques Vidrine Date: Fri, 13 Jul 2001 11:12:14 -0700 (PDT) To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/crypto/openssh sshconnect.c X-FreeBSD-CVS-Branch: HEAD Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG nectar 2001/07/13 11:12:14 PDT Modified files: crypto/openssh sshconnect.c Log: Bug fix: When the client connects to a server and Kerberos authentication is enabled, the client effectively ignores any error from krb5_rd_rep due to a missing branch. In theory this could result in an ssh client using Kerberos 5 authentication accepting a spoofed AP-REP. I doubt this is a real possiblity, however, because the AP-REP is passed from the server to the client via the SSH encrypted channel. Any tampering should cause the decryption or MAC to fail. Approved by: green MFC after: 1 week Revision Changes Path 1.18 +2 -1 src/crypto/openssh/sshconnect.c To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message