Date: Fri, 13 Jul 2001 11:12:14 -0700 (PDT) From: Jacques Vidrine <nectar@FreeBSD.org> To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/crypto/openssh sshconnect.c Message-ID: <200107131812.f6DICEJ43638@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
nectar 2001/07/13 11:12:14 PDT
Modified files:
crypto/openssh sshconnect.c
Log:
Bug fix: When the client connects to a server and Kerberos
authentication is enabled, the client effectively ignores any error
from krb5_rd_rep due to a missing branch.
In theory this could result in an ssh client using Kerberos 5
authentication accepting a spoofed AP-REP. I doubt this is a real
possiblity, however, because the AP-REP is passed from the server to
the client via the SSH encrypted channel. Any tampering should cause
the decryption or MAC to fail.
Approved by: green
MFC after: 1 week
Revision Changes Path
1.18 +2 -1 src/crypto/openssh/sshconnect.c
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200107131812.f6DICEJ43638>