Skip to content
Permalink
Browse files
SSH: check md5 fingerprint case sensitively
  • Loading branch information
@bagder
bagder committed Oct 31, 2016
1 parent b3ee26c commit ce8d09483eea2fcb1b50e323e1a8ed1f3613b2e3
Showing 1 changed file with 1 addition and 1 deletion.
2 lib/ssh.c
View file
@@ -676,7 +676,7 @@ static CURLcode ssh_check_fingerprint(struct connectdata *conn)
* against a known fingerprint, if available.
*/
if(pubkey_md5 && strlen(pubkey_md5) == 32) {
if(!fingerprint || !strequal(md5buffer, pubkey_md5)) {
if(!fingerprint || strcmp(md5buffer, pubkey_md5)) {
if(fingerprint)
failf(data,
"Denied establishing ssh session: mismatch md5 fingerprint. "

3 comments on commit ce8d094

@kdudka
Copy link
Collaborator

@kdudka kdudka commented on ce8d094 Nov 2, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why should we check MD5 fingerprint case-sensitively? Is not it going to cause regressions for nothing?

@bagder
Copy link
Member Author

@bagder bagder commented on ce8d094 Nov 7, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That was a stupid change. It should rather use strcasecompare now, as it needs to be done case insensitive to be compatible with what worked before.

@kdudka
Copy link
Collaborator

@kdudka kdudka commented on ce8d094 Nov 7, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed via 50aded1. Thanks!

Please sign in to comment.