upstream commit

author djm@openbsd.org <djm@openbsd.org>

Fri, 11 Aug 2017 04:47:12 +0000 (04:47 +0000)

committer Damien Miller <djm@mindrot.org>

Sat, 12 Aug 2017 06:47:10 +0000 (16:47 +1000)
author djm@openbsd.org <djm@openbsd.org>
Fri, 11 Aug 2017 04:47:12 +0000 (04:47 +0000)
committer Damien Miller <djm@mindrot.org>
Sat, 12 Aug 2017 06:47:10 +0000 (16:47 +1000)
diff --git a/sshconnect2.c b/sshconnect2.c

index d2de5bc9605cb875c729b3e730666fed2fbf5d8f..0638818fd8fa5955996277544aba501b81598da8 100644 (file)
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.264 2017/06/14 00:31:38 dtucker Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.265 2017/08/11 04:47:12 djm Exp $ */
  /*
   * Copyright (c) 2000 Markus Friedl.  All rights reserved.
   * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -1037,6 +1037,11 @@ identity_sign(struct identity *id, u_char **sigp, size_t *lenp,
         /* load the private key from the file */
         if ((prv = load_identity_file(id)) == NULL)
                 return SSH_ERR_KEY_NOT_FOUND;
+       if (id->key != NULL && !sshkey_equal_public(prv, id->key)) {
+               error("%s: private key %s contents do not match public",
+                  __func__, id->filename);
+               return SSH_ERR_KEY_NOT_FOUND;
+       }
         ret = sshkey_sign(prv, sigp, lenp, data, datalen,
             key_sign_encode(prv), compat);
         sshkey_free(prv);
author	djm@openbsd.org <djm@openbsd.org>
	Fri, 11 Aug 2017 04:47:12 +0000 (04:47 +0000)
committer	Damien Miller <djm@mindrot.org>
	Sat, 12 Aug 2017 06:47:10 +0000 (16:47 +1000)