summaryrefslogtreecommitdiffstats
path: root/dns.c
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2017-09-01 07:53:56 +0200
committerDamien Miller <djm@mindrot.org>2017-09-04 01:38:57 +0200
commitb828605d51f57851316d7ba402b4ae06cf37c55d (patch)
treecec2c9c32c860e87c7a643aea1abd6c587dcd5de /dns.c
parentupstream commit (diff)
downloadopenssh-b828605d51f57851316d7ba402b4ae06cf37c55d.tar.xz
openssh-b828605d51f57851316d7ba402b4ae06cf37c55d.zip
upstream commit
identify the case where SSHFP records are missing but other DNS RR types are present and display a more useful error message for this case; patch by Thordur Bjornsson; bz#2501; ok dtucker@ Upstream-ID: 8f7a5a8344f684823d8317a9708b63e75be2c244
Diffstat (limited to 'dns.c')
-rw-r--r--dns.c14
1 files changed, 8 insertions, 6 deletions
diff --git a/dns.c b/dns.c
index e813afeae..9152e8648 100644
--- a/dns.c
+++ b/dns.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dns.c,v 1.35 2015/08/20 22:32:42 deraadt Exp $ */
+/* $OpenBSD: dns.c,v 1.36 2017/09/01 05:53:56 djm Exp $ */
/*
* Copyright (c) 2003 Wesley Griffin. All rights reserved.
@@ -294,17 +294,19 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address,
free(dnskey_digest);
}
- free(hostkey_digest); /* from sshkey_fingerprint_raw() */
- freerrset(fingerprints);
-
- if (*flags & DNS_VERIFY_FOUND)
+ if (*flags & DNS_VERIFY_FOUND) {
if (*flags & DNS_VERIFY_MATCH)
debug("matching host key fingerprint found in DNS");
+ else if (counter == fingerprints->rri_nrdatas)
+ *flags |= DNS_VERIFY_MISSING;
else
debug("mismatching host key fingerprint found in DNS");
- else
+ } else
debug("no host key fingerprint found in DNS");
+ free(hostkey_digest); /* from sshkey_fingerprint_raw() */
+ freerrset(fingerprints);
+
return 0;
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-18 08:38:57 +0100