openssh unix dev - Jun 2002 - [Bug 290] New: auth_method set incorrectly in mm_answer_keyverify()

http://bugzilla.mindrot.org/show_bug.cgi?id=290

           Summary: auth_method set incorrectly in mm_answer_keyverify()
           Product: Portable OpenSSH
           Version: -current
          Platform: ix86
        OS/Version: Linux
            Status: NEW
          Severity: major
          Priority: P2
         Component: sshd
        AssignedTo: openssh-unix-dev at mindrot.org
        ReportedBy: halley at play-bow.org


Some friends pointed out some logging weirdness with OpenSSH 3.3;
I check it out on my system and saw the same thing.  It says:

sshd[24182]: Accepted hostbased for halley from 127.0.0.1 port 52472 ssh2

even though it was using publickey authentication (and tracing via the 
client verifies that the publickey was used).  Hostbased authentication is 
disabled in my config file.

Figuring this was a logging bug, I went hunting in the code.  In 
mm_answer_keyverify() is the line:

auth_method = key_blobtype == MM_USERKEY ? "publickey" :
"hostbased";

But this line occurs *after* the call to monitor_reset_key_state(), which
sets key_blobtype to MM_NOKEY.

Moving the auth_method assignment before the call to 
monitor_reset_key_state() fixed the problem.  I don't think anything else 
bad happens because of this bug, but I don't know the code well enough to 
be sure.  I also don't think there are any side effects from moving the
assignment, but again, I can't be certain.

Keep up the good work on OpenSSH!

/Bob



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.