SFTP: login() must be called after getServerPublicHostKey(). #9718

merged 1 commit into from Jul 18, 2014

8 participants

ownCloud member

Otherwise the password may be given away even if the public host key has changed.

Tested "nothing breaks" on master
Needs backport to stable7
Needs backport to stable6 (and testing nothing breaks)

@PVince81 @LukasReschke

@LukasReschke LukasReschke added this to the ownCloud 7 CE milestone Jul 18, 2014
ownCloud member

@karlitschek This needs to be into CE.

@LukasReschke LukasReschke added Bug and removed Security labels Jul 18, 2014

The inspection completed: No new issues


SFTP still works.
I ran the unit tests and there are no new failing test. 👍


🚀 Test Passed. 🚀
Refer to this link for build results: https://ci.owncloud.org/job/pull-request-analyser/6311/

ownCloud member

Code makes sense 👍


SFTP continues to work here as well. 👍

@blizzz blizzz merged commit 6c28c9b into master Jul 18, 2014

1 check passed

Details default Merged build finished.
@blizzz blizzz deleted the sftp-early-login branch Jul 18, 2014

backport to stable7: 0b8de80
backport to stable6 (works for me): 3e2e766

ownCloud member

thanks guys

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment