From: djm Date: Sun, 15 Sep 2024 00:41:18 +0000 (+0000) Subject: Do not apply authorized_keys options when signature verification X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=043e9fe1e47c70feb660971c20eb6b9da90418b3;p=openbsd Do not apply authorized_keys options when signature verification fails. Prevents restrictive key options being incorrectly applied to subsequent keys in authorized_keys. bz3733, ok markus@ --- diff --git a/usr.bin/ssh/monitor.c b/usr.bin/ssh/monitor.c index eea5600230a..be2981eca99 100644 --- a/usr.bin/ssh/monitor.c +++ b/usr.bin/ssh/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.242 2024/09/09 02:39:57 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.243 2024/09/15 00:41:18 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -1243,7 +1243,7 @@ mm_answer_keyverify(struct ssh *ssh, int sock, struct sshbuf *m) } auth2_record_key(authctxt, ret == 0, key); - if (key_blobtype == MM_USERKEY) + if (key_blobtype == MM_USERKEY && ret == 0) auth_activate_options(ssh, key_opts); monitor_reset_key_state();