Fix pubkey auth after change to reuse ses.readbuf as ses.payload

(4d7b4c5526c5) --HG-- branch : nocircbuffer
2025-03-03 10:41:39 +00:00 · 2015-03-01 23:02:06 +08:00 · 2015-03-01 23:02:06 +08:00 · f782cf375a
commit f782cf375a
parent f367273549
2 changed files with 15 additions and 2 deletions
--- a/session.h
+++ b/session.h
@ -126,7 +126,10 @@ struct sshsession {
 							 buffer with the packet to send. */
 	struct Queue writequeue; /* A queue of encrypted packets to send */
 	buffer *readbuf; /* From the wire, decrypted in-place */
-	buffer *payload; /* Post-decompression, the actual SSH packet */
+	buffer *payload; /* Post-decompression, the actual SSH packet. 
+						May have extra data at the beginning, will be
+						passed to packet processing functions positioned past
+						that, see payload_beginning */
 	unsigned int payload_beginning;
 	unsigned int transseq, recvseq; /* Sequence IDs */

--- a/svr-authpubkey.c
+++ b/svr-authpubkey.c
@ -86,6 +86,7 @@ void svr_auth_pubkey() {
 	unsigned int algolen;
 	unsigned char* keyblob = NULL;
 	unsigned int keybloblen;
+	unsigned int sign_payload_length;
 	buffer * signbuf = NULL;
 	sign_key * key = NULL;
 	char* fp = NULL;
@ -125,9 +126,18 @@ void svr_auth_pubkey() {

 	/* create the data which has been signed - this a string containing
 	 * session_id, concatenated with the payload packet up to the signature */
+	assert(ses.payload_beginning <= ses.payload->pos);
+	sign_payload_length = ses.payload->pos - ses.payload_beginning;
 	signbuf = buf_new(ses.payload->pos + 4 + ses.session_id->len);
 	buf_putbufstring(signbuf, ses.session_id);
-	buf_putbytes(signbuf, ses.payload->data, ses.payload->pos);
+
+	/* The entire contents of the payload prior. */
+	buf_setpos(ses.payload, ses.payload_beginning);
+	buf_putbytes(signbuf, 
+		buf_getptr(ses.payload, sign_payload_length),
+		sign_payload_length);
+	buf_incrpos(ses.payload, sign_payload_length);
+
 	buf_setpos(signbuf, 0);

 	/* ... and finally verify the signature */