packet_cb: Properly verify the signature type

Issue reported by Tilo Eckert <tilo.eckert@flam.de> Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-22 10:45:20 +01:00 · 2018-11-22 10:45:20 +01:00 · bc91fa98ea
--- a/src/packet_cb.c
+++ b/src/packet_cb.c
@ -194,15 +194,15 @@ SSH_PACKET_CALLBACK(ssh_packet_newkeys){
        goto error;
    }

-    /* check if public key from server matches user preferences */
+    /* Check if signature from server matches user preferences */
    if (session->opts.wanted_methods[SSH_HOSTKEYS]) {
-        if(!ssh_match_group(session->opts.wanted_methods[SSH_HOSTKEYS],
-                            server_key->type_c)) {
+        if (!ssh_match_group(session->opts.wanted_methods[SSH_HOSTKEYS],
+                             sig->type_c)) {
            ssh_set_error(session,
                          SSH_FATAL,
                          "Public key from server (%s) doesn't match user "
                          "preference (%s)",
-                          server_key->type_c,
+                          sig->type_c,
                          session->opts.wanted_methods[SSH_HOSTKEYS]);
            goto error;
        }