# HG changeset patch # User Matt Johnston # Date 1425222126 -28800 # Node ID 703c7cdd25772445a7d02a1b0d7f66293852e0b3 # Parent 16584026a1f0c8a2af008ed93c8cb88b35e36a6c Fix pubkey auth after change to reuse ses.readbuf as ses.payload (4d7b4c5526c5) diff -r 16584026a1f0 -r 703c7cdd2577 session.h --- a/session.h Sun Mar 01 21:16:09 2015 +0800 +++ b/session.h Sun Mar 01 23:02:06 2015 +0800 @@ -126,7 +126,10 @@ buffer with the packet to send. */ struct Queue writequeue; /* A queue of encrypted packets to send */ buffer *readbuf; /* From the wire, decrypted in-place */ - buffer *payload; /* Post-decompression, the actual SSH packet */ + buffer *payload; /* Post-decompression, the actual SSH packet. + May have extra data at the beginning, will be + passed to packet processing functions positioned past + that, see payload_beginning */ unsigned int payload_beginning; unsigned int transseq, recvseq; /* Sequence IDs */ diff -r 16584026a1f0 -r 703c7cdd2577 svr-authpubkey.c --- a/svr-authpubkey.c Sun Mar 01 21:16:09 2015 +0800 +++ b/svr-authpubkey.c Sun Mar 01 23:02:06 2015 +0800 @@ -86,6 +86,7 @@ unsigned int algolen; unsigned char* keyblob = NULL; unsigned int keybloblen; + unsigned int sign_payload_length; buffer * signbuf = NULL; sign_key * key = NULL; char* fp = NULL; @@ -125,9 +126,18 @@ /* create the data which has been signed - this a string containing * session_id, concatenated with the payload packet up to the signature */ + assert(ses.payload_beginning <= ses.payload->pos); + sign_payload_length = ses.payload->pos - ses.payload_beginning; signbuf = buf_new(ses.payload->pos + 4 + ses.session_id->len); buf_putbufstring(signbuf, ses.session_id); - buf_putbytes(signbuf, ses.payload->data, ses.payload->pos); + + /* The entire contents of the payload prior. */ + buf_setpos(ses.payload, ses.payload_beginning); + buf_putbytes(signbuf, + buf_getptr(ses.payload, sign_payload_length), + sign_payload_length); + buf_incrpos(ses.payload, sign_payload_length); + buf_setpos(signbuf, 0); /* ... and finally verify the signature */