From: ben <ben@cda61777-01e9-0310-a592-d414129be87e>
Date: Thu, 20 Sep 2007 21:33:21 +0000 (+0000)
Subject: Don't try SSH-1 RSA authentication unless the server has advertised support
X-Git-Url: https://git.distorted.org.uk/u/mdw/putty/commitdiff_plain/d5b2c8416d6b2fae04af32c43ee3ca0cef79da87?ds=sidebyside

Don't try SSH-1 RSA authentication unless the server has advertised support
for it.  It's possible that this obsoletes BUG_CHOKES_ON_RSA.  Certainly
the one SSH-1.5-Cisco-1.25 server I found was correctly not advertising RSA
auth.  For now, leave it in, because I'm not feeling entirely confident.


git-svn-id: svn://svn.tartarus.org/sgt/putty@7726 cda61777-01e9-0310-a592-d414129be87e
---

diff --git a/ssh.c b/ssh.c
index a1f43edc..38f14958 100644
--- a/ssh.c
+++ b/ssh.c
@@ -3070,6 +3070,8 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen,
     ssh->v1_remote_protoflags = ssh_pkt_getuint32(pktin);
     s->supported_ciphers_mask = ssh_pkt_getuint32(pktin);
     s->supported_auths_mask = ssh_pkt_getuint32(pktin);
+    if ((ssh->remote_bugs & BUG_CHOKES_ON_RSA))
+	s->supported_auths_mask &= ~(1 << SSH1_AUTH_RSA);
 
     ssh->v1_local_protoflags =
 	ssh->v1_remote_protoflags & SSH1_PROTOFLAGS_SUPPORTED;
@@ -3323,7 +3325,7 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen,
 
     crWaitUntil(pktin);
 
-    if ((ssh->remote_bugs & BUG_CHOKES_ON_RSA)) {
+    if ((s->supported_auths_mask & (1 << SSH1_AUTH_RSA)) == 0) {
 	/* We must not attempt PK auth. Pretend we've already tried it. */
 	s->tried_publickey = s->tried_agent = 1;
     } else {