summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBen Lindstrom <mouring@eviladmin.org>2002-02-26 17:58:29 +0000
committerBen Lindstrom <mouring@eviladmin.org>2002-02-26 17:58:29 +0000
commit14519086e4d04acec0e0f83e1d31ffdce4419d52 (patch)
tree2a4c32ac3d83a81991bae34f4a1552fc9b4e0345
parent9c8edc96fcb30cb8a9b0bd87fc1903c6fb618c31 (diff)
- markus@cvs.openbsd.org 2002/02/23 17:59:02
[kex.c kexdh.c kexgex.c] don't allow garbage after payload.
-rw-r--r--ChangeLog5
-rw-r--r--kex.c3
-rw-r--r--kexdh.c3
-rw-r--r--kexgex.c3
4 files changed, 10 insertions, 4 deletions
diff --git a/ChangeLog b/ChangeLog
index 3c52d584..fdd85729 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -23,6 +23,9 @@
- markus@cvs.openbsd.org 2002/02/22 12:20:34
[log.c log.h ssh-keyscan.c]
overwrite fatal() in ssh-keyscan.c; fixes pr 2354; ok provos@
+ - markus@cvs.openbsd.org 2002/02/23 17:59:02
+ [kex.c kexdh.c kexgex.c]
+ don't allow garbage after payload.
20020225
- (bal) Last AIX patch. Moved aix_usrinfo() outside of do_setuserconext()
@@ -7696,4 +7699,4 @@
- Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1
-$Id: ChangeLog,v 1.1879 2002/02/26 17:52:14 mouring Exp $
+$Id: ChangeLog,v 1.1880 2002/02/26 17:58:29 mouring Exp $
diff --git a/kex.c b/kex.c
index e9f944b0..e91b2ee3 100644
--- a/kex.c
+++ b/kex.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: kex.c,v 1.45 2002/02/14 23:41:01 markus Exp $");
+RCSID("$OpenBSD: kex.c,v 1.46 2002/02/23 17:59:02 markus Exp $");
#include <openssl/crypto.h>
@@ -132,6 +132,7 @@ kex_finish(Kex *kex)
debug("waiting for SSH2_MSG_NEWKEYS");
packet_read_expect(SSH2_MSG_NEWKEYS);
+ packet_check_eom();
debug("SSH2_MSG_NEWKEYS received");
kex->done = 1;
diff --git a/kexdh.c b/kexdh.c
index f87d5295..2049d6e1 100644
--- a/kexdh.c
+++ b/kexdh.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: kexdh.c,v 1.14 2002/01/31 13:35:11 markus Exp $");
+RCSID("$OpenBSD: kexdh.c,v 1.15 2002/02/23 17:59:02 markus Exp $");
#include <openssl/crypto.h>
#include <openssl/bn.h>
@@ -220,6 +220,7 @@ kexdh_server(Kex *kex)
if ((dh_client_pub = BN_new()) == NULL)
fatal("dh_client_pub == NULL");
packet_get_bignum2(dh_client_pub);
+ packet_check_eom();
#ifdef DEBUG_KEXDH
fprintf(stderr, "dh_client_pub= ");
diff --git a/kexgex.c b/kexgex.c
index dc2fa672..ac377aaf 100644
--- a/kexgex.c
+++ b/kexgex.c
@@ -24,7 +24,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: kexgex.c,v 1.17 2002/01/31 13:35:11 markus Exp $");
+RCSID("$OpenBSD: kexgex.c,v 1.18 2002/02/23 17:59:02 markus Exp $");
#include <openssl/bn.h>
@@ -319,6 +319,7 @@ kexgex_server(Kex *kex)
if ((dh_client_pub = BN_new()) == NULL)
fatal("dh_client_pub == NULL");
packet_get_bignum2(dh_client_pub);
+ packet_check_eom();
#ifdef DEBUG_KEXDH
fprintf(stderr, "dh_client_pub= ");