diff options
| author |   markus <markus@openbsd.org> | 2017-03-15 07:07:39 +0000 |
|---|---|---|
| committer | markus <markus@openbsd.org> | 2017-03-15 07:07:39 +0000 |
| commit | f48366ae3d136b8683e26a790c9c0b2a3d39f7b7 (patch) | |
| tree | 78cdfb5d3c372392f6de97239f098712613ef7d1 | |
| parent | Collapse underflow and overflow checks into a single block. (diff) | |
| download | wireguard-openbsd-f48366ae3d136b8683e26a790c9c0b2a3d39f7b7.tar.xz wireguard-openbsd-f48366ae3d136b8683e26a790c9c0b2a3d39f7b7.zip | |
disallow KEXINIT before NEWKEYS; ok djm; report by vegard.nossum at oracle.com
| -rw-r--r-- | usr.bin/ssh/kex.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/usr.bin/ssh/kex.c b/usr.bin/ssh/kex.c index 8178fead7a8..064fc3b0858 100644 --- a/usr.bin/ssh/kex.c +++ b/usr.bin/ssh/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.130 2017/03/10 04:07:20 djm Exp $ */ +/* $OpenBSD: kex.c,v 1.131 2017/03/15 07:07:39 markus Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -321,7 +321,6 @@ kex_reset_dispatch(struct ssh *ssh) { ssh_dispatch_range(ssh, SSH2_MSG_TRANSPORT_MIN, SSH2_MSG_TRANSPORT_MAX, &kex_protocol_error); - ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_input_kexinit); } static int @@ -411,6 +410,7 @@ kex_input_newkeys(int type, u_int32_t seq, void *ctxt) debug("SSH2_MSG_NEWKEYS received"); ssh_dispatch_set(ssh, SSH2_MSG_NEWKEYS, &kex_protocol_error); + ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_input_kexinit); if ((r = sshpkt_get_end(ssh)) != 0) return r; if ((r = ssh_set_newkeys(ssh, MODE_IN)) != 0) @@ -525,6 +525,7 @@ kex_new(struct ssh *ssh, char *proposal[PROPOSAL_MAX], struct kex **kexp) goto out; kex->done = 0; kex_reset_dispatch(ssh); + ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_input_kexinit); r = 0; *kexp = kex; out: |