On Wednesday 19 March 2014 19:57:36 Jon Simons wrote:
> Hi,
Hi Jon,
> Attached is a patch which fixes a host key signature validation bug that can
> be hit when testing with dropbear clients at or beyond version 2013.57.
> The issue is that dropbear now always sets the 'first_kex_packet_follows'
> field in its KEXINIT message. Until now libssh would assume this field is
> zero; but, it needs to be used when computing the session ID.
>
> Before the patch I'm able to hit 'Bad hostkey signature' errors with
> dbclient; after, dbclient is working for me.
wow, great catch!!!!
I have a small request, as you're already touch code, I would like to see:
instead of:
if (buffer_add_u32(server_hash, 0) < 0) {
I would like to have:
int rc;
rc = buffer_add_u32(server_hash, 0);
if (rc < 0) {
This is the code style we should have everywhere. I could just fix it in your
patch and push it, but I don't know if you're fine with that. So it would be
great if you could change it and resend the patch.
Thank you very much!
-- andreas
--
Andreas Schneider GPG-ID: CC014E3D
www.cryptomilk.org a...@cryptomilk.org
