===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/sshconnect2.c,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- src/usr.bin/ssh/sshconnect2.c	2000/05/08 17:12:16	1.9
+++ src/usr.bin/ssh/sshconnect2.c	2000/05/08 17:42:25	1.10
@@ -28,7 +28,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.9 2000/05/08 17:12:16 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.10 2000/05/08 17:42:25 markus Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
@@ -345,12 +345,14 @@
 	buffer_append(&b, session_id2, session_id2_len);
 	buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
 	buffer_put_cstring(&b, server_user);
-	buffer_put_cstring(&b, service);
+	buffer_put_cstring(&b,
+	    datafellows & SSH_BUG_PUBKEYAUTH ?
+	    "ssh-userauth" :
+	    service);
 	buffer_put_cstring(&b, "publickey");
 	buffer_put_char(&b, 1);
 	buffer_put_cstring(&b, KEX_DSS); 
 	buffer_put_string(&b, blob, bloblen);
-	xfree(blob);
 
 	/* generate signature */
 	dsa_sign(k, &signature, &slen, buffer_ptr(&b), buffer_len(&b));
@@ -358,6 +360,19 @@
 #ifdef DEBUG_DSS
 	buffer_dump(&b);
 #endif
+	if (datafellows & SSH_BUG_PUBKEYAUTH) {
+		/* e.g. ssh-2.0.13: data-to-be-signed != data-on-the-wire */
+		buffer_clear(&b);
+		buffer_append(&b, session_id2, session_id2_len);
+		buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
+		buffer_put_cstring(&b, server_user);
+		buffer_put_cstring(&b, service);
+		buffer_put_cstring(&b, "publickey");
+		buffer_put_char(&b, 1);
+		buffer_put_cstring(&b, KEX_DSS); 
+		buffer_put_string(&b, blob, bloblen);
+	}
+	xfree(blob);
 	/* append signature */
 	buffer_put_string(&b, signature, slen);
 	xfree(signature);