From 7a5cb2838fd04711a0bcfd73f24099d7e2e05bb4 Mon Sep 17 00:00:00 2001
From: Ben Harris <bjh21@bjh21.me.uk>
Date: Sun, 18 Oct 2015 20:16:39 +0100
Subject: [PATCH] Emit a distinct error message when the SSH server's host key
 is invalid.

This also means that FUZZING can just ignore host-key verification
failure while preserving invalid-host-key errors.
---
 ssh.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/ssh.c b/ssh.c
index 288616fd..de8259ed 100644
--- a/ssh.c
+++ b/ssh.c
@@ -7126,13 +7126,17 @@ static void do_ssh2_transport(Ssh ssh, const void *vin, int inlen,
     dmemdump(s->exchange_hash, ssh->kex->hash->hlen);
 #endif
 
-    if (!s->hkey ||
-	!ssh->hostkey->verifysig(s->hkey, s->sigdata, s->siglen,
+    if (!s->hkey) {
+	bombout(("Server's host key is invalid"));
+	crStopV;
+    }
+
+    if (!ssh->hostkey->verifysig(s->hkey, s->sigdata, s->siglen,
 				 (char *)s->exchange_hash,
 				 ssh->kex->hash->hlen)) {
 #ifndef FUZZING
 	bombout(("Server's host key did not match the signature supplied"));
-	crStopV;
+	crStopV;f 
 #endif
     }