userauth_hostbased_fromfile: packet length too short

The packet length calculated in src/userauth.c's userauth_hostbased_fromfile() function is too short by 4 bytes; it forgets to add four bytes for the length of the hostname. This causes hostbased authentication to fail, since the server will read junk data. verified against proftpd's mod_sftp module
2010-06-22 23:34:21 +02:00 · 2010-06-22 23:34:21 +02:00 · 04f90b2265
--- a/src/userauth.c
+++ b/src/userauth.c
@ -657,14 +657,14 @@ userauth_hostbased_fromfile(LIBSSH2_SESSION *session,
            return rc;

        /*
-         * 48 = packet_type(1) + username_len(4) + servicename_len(4) +
+         * 52 = packet_type(1) + username_len(4) + servicename_len(4) +
         * service_name(14)"ssh-connection" + authmethod_len(4) +
         * authmethod(9)"hostbased" + method_len(4) + pubkeydata_len(4) +
-         * local_username_len(4)
+         * hostname_len(4) + local_username_len(4)
         */
        session->userauth_host_packet_len =
            username_len + session->userauth_host_method_len + hostname_len +
-            local_username_len + pubkeydata_len + 48;
+            local_username_len + pubkeydata_len + 52;

        /*
         * Preallocate space for an overall length,  method name again,