Module Name: src
Committed By: ryoon
Date: Sat Sep 4 01:47:47 UTC 2021
Modified Files:
src/crypto/external/bsd/openssh/dist: dns.c
Log Message:
Fix inverted logic in OpenSSH SSHFP DNS record verification
To generate a diff of this commit:
cvs rdiff -u -r1.19 -r1.20 src/crypto/external/bsd/openssh/dist/dns.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/external/bsd/openssh/dist/dns.c
diff -u src/crypto/external/bsd/openssh/dist/dns.c:1.19 src/crypto/external/bsd/openssh/dist/dns.c:1.20
--- src/crypto/external/bsd/openssh/dist/dns.c:1.19 Thu Sep 2 11:26:17 2021
+++ src/crypto/external/bsd/openssh/dist/dns.c Sat Sep 4 01:47:47 2021
@@ -1,4 +1,4 @@
-/* $NetBSD: dns.c,v 1.19 2021/09/02 11:26:17 christos Exp $ */
+/* $NetBSD: dns.c,v 1.20 2021/09/04 01:47:47 ryoon Exp $ */
/* $OpenBSD: dns.c,v 1.41 2021/07/19 03:13:28 dtucker Exp $ */
/*
@@ -27,7 +27,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: dns.c,v 1.19 2021/09/02 11:26:17 christos Exp $");
+__RCSID("$NetBSD: dns.c,v 1.20 2021/09/04 01:47:47 ryoon Exp $");
#include <sys/types.h>
#include <sys/socket.h>
@@ -267,7 +267,7 @@ verify_host_key_dns(const char *hostname
/* Check if the current key is the same as the given key */
if (hostkey_algorithm == dnskey_algorithm &&
hostkey_digest_len == dnskey_digest_len) {
- if (consttime_memequal(hostkey_digest, dnskey_digest,
+ if (!consttime_memequal(hostkey_digest, dnskey_digest,
hostkey_digest_len) == 0) {
debug_f("matched SSHFP type %d fptype %d",
dnskey_algorithm, dnskey_digest_type);
