don't allow garbage after payload.

3 files changed, 6 insertions, 3 deletions

diff --git a/usr.bin/ssh/kex.c b/usr.bin/ssh/kex.c
index e9f944b05ba..e91b2ee35cd 100644
--- a/usr.bin/ssh/kex.c
+++ b/usr.bin/ssh/kex.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: kex.c,v 1.45 2002/02/14 23:41:01 markus Exp $");
+RCSID("$OpenBSD: kex.c,v 1.46 2002/02/23 17:59:02 markus Exp $");
 
 #include <openssl/crypto.h>
 
@@ -132,6 +132,7 @@ kex_finish(Kex *kex)
 
 	debug("waiting for SSH2_MSG_NEWKEYS");
 	packet_read_expect(SSH2_MSG_NEWKEYS);
+	packet_check_eom();
 	debug("SSH2_MSG_NEWKEYS received");
 
 	kex->done = 1;
diff --git a/usr.bin/ssh/kexdh.c b/usr.bin/ssh/kexdh.c
index f87d5295211..2049d6e1b26 100644
--- a/usr.bin/ssh/kexdh.c
+++ b/usr.bin/ssh/kexdh.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: kexdh.c,v 1.14 2002/01/31 13:35:11 markus Exp $");
+RCSID("$OpenBSD: kexdh.c,v 1.15 2002/02/23 17:59:02 markus Exp $");
 
 #include <openssl/crypto.h>
 #include <openssl/bn.h>
@@ -220,6 +220,7 @@ kexdh_server(Kex *kex)
 	if ((dh_client_pub = BN_new()) == NULL)
 		fatal("dh_client_pub == NULL");
 	packet_get_bignum2(dh_client_pub);
+	packet_check_eom();
 
 #ifdef DEBUG_KEXDH
 	fprintf(stderr, "dh_client_pub= ");
diff --git a/usr.bin/ssh/kexgex.c b/usr.bin/ssh/kexgex.c
index dc2fa672393..ac377aafccb 100644
--- a/usr.bin/ssh/kexgex.c
+++ b/usr.bin/ssh/kexgex.c
@@ -24,7 +24,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: kexgex.c,v 1.17 2002/01/31 13:35:11 markus Exp $");
+RCSID("$OpenBSD: kexgex.c,v 1.18 2002/02/23 17:59:02 markus Exp $");
 
 #include <openssl/bn.h>
 
@@ -319,6 +319,7 @@ kexgex_server(Kex *kex)
 	if ((dh_client_pub = BN_new()) == NULL)
 		fatal("dh_client_pub == NULL");
 	packet_get_bignum2(dh_client_pub);
+	packet_check_eom();
 
 #ifdef DEBUG_KEXDH
 	fprintf(stderr, "dh_client_pub= ");