mirror of
git://anongit.mindrot.org/openssh.git
synced 2024-12-24 02:42:25 +00:00
- djm@cvs.openbsd.org 2009/01/01 21:17:36
[kexgexs.c] fix hash calculation for KEXGEX: hash over the original client-supplied values and not the sanity checked versions that we acutally use; bz#1540 reported by john.smith AT arrows.demon.co.uk ok markus@
This commit is contained in:
parent
7a60621d13
commit
ccf7e224ab
@ -36,6 +36,12 @@
|
||||
call channel destroy callbacks on receipt of open failure messages.
|
||||
fixes client hangs when connecting to a server that has MaxSessions=0
|
||||
set spotted by imorgan AT nas.nasa.gov; ok markus@
|
||||
- djm@cvs.openbsd.org 2009/01/01 21:17:36
|
||||
[kexgexs.c]
|
||||
fix hash calculation for KEXGEX: hash over the original client-supplied
|
||||
values and not the sanity checked versions that we acutally use;
|
||||
bz#1540 reported by john.smith AT arrows.demon.co.uk
|
||||
ok markus@
|
||||
|
||||
20090107
|
||||
- (djm) [uidswap.c] bz#1412: Support >16 supplemental groups in OS X.
|
||||
@ -5045,5 +5051,5 @@
|
||||
OpenServer 6 and add osr5bigcrypt support so when someone migrates
|
||||
passwords between UnixWare and OpenServer they will still work. OK dtucker@
|
||||
|
||||
$Id: ChangeLog,v 1.5169 2009/01/28 05:22:34 djm Exp $
|
||||
$Id: ChangeLog,v 1.5170 2009/01/28 05:23:06 djm Exp $
|
||||
|
||||
|
27
kexgexs.c
27
kexgexs.c
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: kexgexs.c,v 1.10 2006/11/06 21:25:28 markus Exp $ */
|
||||
/* $OpenBSD: kexgexs.c,v 1.11 2009/01/01 21:17:36 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Niels Provos. All rights reserved.
|
||||
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||
@ -56,7 +56,8 @@ kexgex_server(Kex *kex)
|
||||
DH *dh;
|
||||
u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
|
||||
u_int sbloblen, klen, slen, hashlen;
|
||||
int min = -1, max = -1, nbits = -1, type, kout;
|
||||
int omin = -1, min = -1, omax = -1, max = -1, onbits = -1, nbits = -1;
|
||||
int type, kout;
|
||||
|
||||
if (kex->load_host_key == NULL)
|
||||
fatal("Cannot load hostkey");
|
||||
@ -68,27 +69,29 @@ kexgex_server(Kex *kex)
|
||||
switch (type) {
|
||||
case SSH2_MSG_KEX_DH_GEX_REQUEST:
|
||||
debug("SSH2_MSG_KEX_DH_GEX_REQUEST received");
|
||||
min = packet_get_int();
|
||||
nbits = packet_get_int();
|
||||
max = packet_get_int();
|
||||
omin = min = packet_get_int();
|
||||
onbits = nbits = packet_get_int();
|
||||
omax = max = packet_get_int();
|
||||
min = MAX(DH_GRP_MIN, min);
|
||||
max = MIN(DH_GRP_MAX, max);
|
||||
nbits = MAX(DH_GRP_MIN, nbits);
|
||||
nbits = MIN(DH_GRP_MAX, nbits);
|
||||
break;
|
||||
case SSH2_MSG_KEX_DH_GEX_REQUEST_OLD:
|
||||
debug("SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received");
|
||||
nbits = packet_get_int();
|
||||
min = DH_GRP_MIN;
|
||||
max = DH_GRP_MAX;
|
||||
onbits = nbits = packet_get_int();
|
||||
/* unused for old GEX */
|
||||
omin = min = DH_GRP_MIN;
|
||||
omax = max = DH_GRP_MAX;
|
||||
break;
|
||||
default:
|
||||
fatal("protocol error during kex, no DH_GEX_REQUEST: %d", type);
|
||||
}
|
||||
packet_check_eom();
|
||||
|
||||
if (max < min || nbits < min || max < nbits)
|
||||
if (omax < omin || onbits < omin || omax < onbits)
|
||||
fatal("DH_GEX_REQUEST, bad parameters: %d !< %d !< %d",
|
||||
min, nbits, max);
|
||||
omin, onbits, omax);
|
||||
|
||||
/* Contact privileged parent */
|
||||
dh = PRIVSEP(choose_dh(min, nbits, max));
|
||||
@ -149,7 +152,7 @@ kexgex_server(Kex *kex)
|
||||
key_to_blob(server_host_key, &server_host_key_blob, &sbloblen);
|
||||
|
||||
if (type == SSH2_MSG_KEX_DH_GEX_REQUEST_OLD)
|
||||
min = max = -1;
|
||||
omin = min = omax = max = -1;
|
||||
|
||||
/* calc H */
|
||||
kexgex_hash(
|
||||
@ -159,7 +162,7 @@ kexgex_server(Kex *kex)
|
||||
buffer_ptr(&kex->peer), buffer_len(&kex->peer),
|
||||
buffer_ptr(&kex->my), buffer_len(&kex->my),
|
||||
server_host_key_blob, sbloblen,
|
||||
min, nbits, max,
|
||||
omin, onbits, omax,
|
||||
dh->p, dh->g,
|
||||
dh_client_pub,
|
||||
dh->pub_key,
|
||||
|
Loading…
Reference in New Issue
Block a user