diff options
| -rw-r--r-- | session.h | 5 | ||||
| -rw-r--r-- | svr-authpubkey.c | 12 |
2 files changed, 15 insertions, 2 deletions
@@ -126,7 +126,10 @@ struct sshsession { buffer with the packet to send. */ struct Queue writequeue; /* A queue of encrypted packets to send */ buffer *readbuf; /* From the wire, decrypted in-place */ - buffer *payload; /* Post-decompression, the actual SSH packet */ + buffer *payload; /* Post-decompression, the actual SSH packet. + May have extra data at the beginning, will be + passed to packet processing functions positioned past + that, see payload_beginning */ unsigned int payload_beginning; unsigned int transseq, recvseq; /* Sequence IDs */ diff --git a/svr-authpubkey.c b/svr-authpubkey.c index 66fe5e5..e8af319 100644 --- a/svr-authpubkey.c +++ b/svr-authpubkey.c @@ -86,6 +86,7 @@ void svr_auth_pubkey() { unsigned int algolen; unsigned char* keyblob = NULL; unsigned int keybloblen; + unsigned int sign_payload_length; buffer * signbuf = NULL; sign_key * key = NULL; char* fp = NULL; @@ -125,9 +126,18 @@ void svr_auth_pubkey() { /* create the data which has been signed - this a string containing * session_id, concatenated with the payload packet up to the signature */ + assert(ses.payload_beginning <= ses.payload->pos); + sign_payload_length = ses.payload->pos - ses.payload_beginning; signbuf = buf_new(ses.payload->pos + 4 + ses.session_id->len); buf_putbufstring(signbuf, ses.session_id); - buf_putbytes(signbuf, ses.payload->data, ses.payload->pos); + + /* The entire contents of the payload prior. */ + buf_setpos(ses.payload, ses.payload_beginning); + buf_putbytes(signbuf, + buf_getptr(ses.payload, sign_payload_length), + sign_payload_length); + buf_incrpos(ses.payload, sign_payload_length); + buf_setpos(signbuf, 0); /* ... and finally verify the signature */ |