upstream: Disable UpdateHostkeys when hostkey checking fails

If host key checking fails (i.e. a wrong host key is recorded for the
server) and the user elects to continue (via StrictHostKeyChecking=no),
then disable UpdateHostkeys for the session.

reminded by Mark D. Baushke; ok markus@

OpenBSD-Commit-ID: 98b524f121f4252309dd21becd8c4cacb0c6042a

diff --git a/sshconnect.c b/sshconnect.c
index c055773f1f89e4fd45ba5db44b1be40efc8345c7..d73cecc809513863d9ce8cc6a27a618e11658a98 100644 (file)
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.338 2020/10/07 02:24:51 djm Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.339 2020/10/07 02:26:28 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1079,6 +1079,11 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
                        options.tun_open = SSH_TUNMODE_NO;
                        cancelled_forwarding = 1;
                }
+               if (options.update_hostkeys != 0) {
+                       error("UpdateHostkeys is disabled because the host "
+                           "key is not trusted.");
+                       options.update_hostkeys = 0;
+               }
                if (options.exit_on_forward_failure && cancelled_forwarding)
                        fatal("Error: forwarding disabled due to host key "
                            "check failure");