https://bugzilla.mindrot.org/show_bug.cgi?id=2799
--- Comment #2 from Jakub Jelen <[email protected]> --- Created attachment 3092 --> https://bugzilla.mindrot.org/attachment.cgi?id=3092&action=edit Check signature algorithm while verifying RSA signatures Thank you for having a look into that. This is certainly an improvement and client is doing what it is expected to do now. I believe similar check should also come to the rsa signature verification, which currently uses only the insides of signature, which is wrong in case of other algorithm is negotiated in upper level (as in authentication). Something as I just added as an attachment should do the job. After building your patch, I am getting missing symbols: ./libssh.a(authfd.o): In function `ssh_agent_sign': /home/jjelen/devel/openssh-portable/authfd.c:406: undefined reference to `freezero' /home/jjelen/devel/openssh-portable/authfd.c:395: undefined reference to `freezero' collect2: error: ld returned 1 exit status make: *** [Makefile:165: ssh] Error 1 -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
