From f782cf375a360eff337f3e8ac8e0d61dc17f80a9 Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Sun, 1 Mar 2015 23:02:06 +0800
Subject: [PATCH] Fix pubkey auth after change to reuse ses.readbuf as
 ses.payload (4d7b4c5526c5)

--HG--
branch : nocircbuffer
---
 session.h        |  5 ++++-
 svr-authpubkey.c | 12 +++++++++++-
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/session.h b/session.h
index 0780d51d..478de94e 100644
--- a/session.h
+++ b/session.h
@@ -126,7 +126,10 @@ struct sshsession {
 							 buffer with the packet to send. */
 	struct Queue writequeue; /* A queue of encrypted packets to send */
 	buffer *readbuf; /* From the wire, decrypted in-place */
-	buffer *payload; /* Post-decompression, the actual SSH packet */
+	buffer *payload; /* Post-decompression, the actual SSH packet. 
+						May have extra data at the beginning, will be
+						passed to packet processing functions positioned past
+						that, see payload_beginning */
 	unsigned int payload_beginning;
 	unsigned int transseq, recvseq; /* Sequence IDs */
 
diff --git a/svr-authpubkey.c b/svr-authpubkey.c
index 66fe5e5f..e8af3199 100644
--- a/svr-authpubkey.c
+++ b/svr-authpubkey.c
@@ -86,6 +86,7 @@ void svr_auth_pubkey() {
 	unsigned int algolen;
 	unsigned char* keyblob = NULL;
 	unsigned int keybloblen;
+	unsigned int sign_payload_length;
 	buffer * signbuf = NULL;
 	sign_key * key = NULL;
 	char* fp = NULL;
@@ -125,9 +126,18 @@ void svr_auth_pubkey() {
 
 	/* create the data which has been signed - this a string containing
 	 * session_id, concatenated with the payload packet up to the signature */
+	assert(ses.payload_beginning <= ses.payload->pos);
+	sign_payload_length = ses.payload->pos - ses.payload_beginning;
 	signbuf = buf_new(ses.payload->pos + 4 + ses.session_id->len);
 	buf_putbufstring(signbuf, ses.session_id);
-	buf_putbytes(signbuf, ses.payload->data, ses.payload->pos);
+
+	/* The entire contents of the payload prior. */
+	buf_setpos(ses.payload, ses.payload_beginning);
+	buf_putbytes(signbuf, 
+		buf_getptr(ses.payload, sign_payload_length),
+		sign_payload_length);
+	buf_incrpos(ses.payload, sign_payload_length);
+
 	buf_setpos(signbuf, 0);
 
 	/* ... and finally verify the signature */
-- 
GitLab