git: e374f1ec937f - releng/12.4 - openssh: include destination constraints for smartcard keys
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 21 Jun 2023 05:42:27 UTC
The branch releng/12.4 has been updated by gordon:
URL: https://cgit.FreeBSD.org/src/commit/?id=e374f1ec937f70ab2c89e0b392b45a67752c4172
commit e374f1ec937f70ab2c89e0b392b45a67752c4172
Author: Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2023-06-05 14:49:53 +0000
Commit: Gordon Tetlow <gordon@FreeBSD.org>
CommitDate: 2023-06-21 05:29:49 +0000
openssh: include destination constraints for smartcard keys
From openssh-portable 54ac4ab2b53ce9fcb66b8250dee91c070e4167ed,
OpenBSD-Commit-ID: add879fac6903a1cb1d1e42c4309e5359c3d870f
PR: 271839
Sponsored by: The FreeBSD Foundation
Approved by: so
Security: FreeBSD-SA-23:05.openssh
Security: CVE-2023-28531
(cherry picked from commit 2b4fb1350ceea0f2a0f04b1b8f5bfd3c32329ae4)
---
crypto/openssh/authfd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/openssh/authfd.c b/crypto/openssh/authfd.c
index b633e35eaf8b..b9ae505ad7b2 100644
--- a/crypto/openssh/authfd.c
+++ b/crypto/openssh/authfd.c
@@ -666,7 +666,7 @@ ssh_update_card(int sock, int add, const char *reader_id, const char *pin,
struct dest_constraint **dest_constraints, size_t ndest_constraints)
{
struct sshbuf *msg;
- int r, constrained = (life || confirm);
+ int r, constrained = (life || confirm || dest_constraints);
u_char type;
if (add) {