Site Navigation

Date:      Wed, 11 Apr 2018 21:27:57 -0700
From:      Craig Leres <leres@freebsd.org>
To:        Bryan Drewery <bdrewery@FreeBSD.org>, ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   Re: svn commit: r466577 - in head/security/openssh-portable: . files
Message-ID:  <c6a16f2a-dcc6-7684-c319-c96fb5653ca2@freebsd.org>
In-Reply-To: <295c901e-d369-fe1b-4f6b-cff59098e166@freebsd.org>
References:  <201804051820.w35IKpi2062956@repo.freebsd.org> <295c901e-d369-fe1b-4f6b-cff59098e166@freebsd.org>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

This is a multi-part message in MIME format.
--------------C356794F9D6559B083B3D6DB
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit

On 04/06/18 18:12, Craig Leres wrote:
> This version breaks sshfp support

I poked at this and the issue is that a block of code that canonicalizes 
the host supplied on the command teleported from main() to 
ssh_session2(). What the VerifyHostKeyDNS yes path now encounters is 
that the non-canonical version of the hostname is used for the SSHFP 
lookup. The base problem is that files/patch-ssh.c has not been updated 
recently and somehow manages to be applied to the wrong part of ssh.c.

Attached is an updated patch.ssh.c

		Craig

--------------C356794F9D6559B083B3D6DB
Content-Type: text/plain; charset=UTF-8;
 name="patch-ssh.c"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
 filename="patch-ssh.c"

LS0tIHNzaC5jLm9yaWcJMjAxOC0wNC0wMiAwNTozODoyOCBVVEMKKysrIHNzaC5jCkBAIC0x
MjgxLDYgKzEyODEsMjMgQEAgbWFpbihpbnQgYWMsIGNoYXIgKiphdikKIAlzc2hfZGlnZXN0
X2ZyZWUobWQpOwogCWNvbm5faGFzaF9oZXggPSB0b2hleChjb25uX2hhc2gsIHNzaF9kaWdl
c3RfYnl0ZXMoU1NIX0RJR0VTVF9TSEExKSk7CiAKKwkvKiBGaW5kIGNhbm9uaWMgaG9zdCBu
YW1lLiAqLworCWlmIChzdHJjaHIoaG9zdCwgJy4nKSA9PSAwKSB7CisJCXN0cnVjdCBhZGRy
aW5mbyBoaW50czsKKwkJc3RydWN0IGFkZHJpbmZvICphaSA9IE5VTEw7CisJCWludCBlcnJn
YWk7CisJCW1lbXNldCgmaGludHMsIDAsIHNpemVvZihoaW50cykpOworCQloaW50cy5haV9m
YW1pbHkgPSBvcHRpb25zLmFkZHJlc3NfZmFtaWx5OworCQloaW50cy5haV9mbGFncyA9IEFJ
X0NBTk9OTkFNRTsKKwkJaGludHMuYWlfc29ja3R5cGUgPSBTT0NLX1NUUkVBTTsKKwkJZXJy
Z2FpID0gZ2V0YWRkcmluZm8oaG9zdCwgTlVMTCwgJmhpbnRzLCAmYWkpOworCQlpZiAoZXJy
Z2FpID09IDApIHsKKwkJCWlmIChhaS0+YWlfY2Fub25uYW1lICE9IE5VTEwpCisJCQkJaG9z
dCA9IHhzdHJkdXAoYWktPmFpX2Nhbm9ubmFtZSk7CisJCQlmcmVlYWRkcmluZm8oYWkpOwor
CQl9CisJfQorCiAJLyoKIAkgKiBFeHBhbmQgdG9rZW5zIGluIGFyZ3VtZW50cy4gTkIuIExv
Y2FsQ29tbWFuZCBpcyBleHBhbmRlZCBsYXRlciwKIAkgKiBhZnRlciBwb3J0LWZvcndhcmRp
bmcgaXMgc2V0IHVwLCBzbyBpdCBtYXkgcGljayB1cCBhbnkgbG9jYWwK
--------------C356794F9D6559B083B3D6DB--

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c6a16f2a-dcc6-7684-c319-c96fb5653ca2>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact