The data received from ssh is freed before key_sign is run on it, which results in a bogus signature, at least under Linux. (Solaris and IRIX don't seem to mind.) --- ssh-keysign.c~ Wed Jun 26 17:01:42 2002 +++ ssh-keysign.c Wed Jun 26 17:01:49 2002 @@ -192,7 +192,6 @@ data = buffer_get_string(&b, &dlen); if (valid_request(pw, host, &key, data, dlen) < 0) fatal("not a valid request"); - xfree(data); xfree(host); found = 0; @@ -208,6 +207,7 @@ if (key_sign(keys[i], &signature, &slen, data, dlen) != 0) fatal("key_sign failed"); + xfree(data); /* send reply */ buffer_clear(&b);
thanks, patch applied (post 3.4)
Mass change of RESOLVED bugs to CLOSED