summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2012-02-11 08:18:43 +1100
committerDamien Miller <djm@mindrot.org>2012-02-11 08:18:43 +1100
commit1de2cfe9a9304b00900aaa6ff9fe612e2ba51ba8 (patch)
tree2bc26f81af62c8aedef9b388c211214e129a4643
parent8d60be548778c025db8daa0345f8d77331086fc6 (diff)
- markus@cvs.openbsd.org 2012/01/25 19:26:43
[packet.c] do not permit SSH2_MSG_SERVICE_REQUEST/ACCEPT during rekeying; ok dtucker@, djm@
-rw-r--r--ChangeLog4
-rw-r--r--packet.c8
2 files changed, 9 insertions, 3 deletions
diff --git a/ChangeLog b/ChangeLog
index 8eebcaff..460a635b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -20,6 +20,10 @@
Ensure that $DISPLAY contains only valid characters before using it to
extract xauth data so that it can't be used to play local shell
metacharacter games. Report from r00t_ati at ihteam.net, ok markus.
+ - markus@cvs.openbsd.org 2012/01/25 19:26:43
+ [packet.c]
+ do not permit SSH2_MSG_SERVICE_REQUEST/ACCEPT during rekeying;
+ ok dtucker@, djm@
20120206
- (djm) [ssh-keygen.c] Don't fail in do_gen_all_hostkeys on platforms
diff --git a/packet.c b/packet.c
index 5e82fe75..0d29efff 100644
--- a/packet.c
+++ b/packet.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.c,v 1.174 2011/12/07 05:44:38 djm Exp $ */
+/* $OpenBSD: packet.c,v 1.175 2012/01/25 19:26:43 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -972,8 +972,10 @@ packet_send2(void)
/* during rekeying we can only send key exchange messages */
if (active_state->rekeying) {
- if (!((type >= SSH2_MSG_TRANSPORT_MIN) &&
- (type <= SSH2_MSG_TRANSPORT_MAX))) {
+ if ((type < SSH2_MSG_TRANSPORT_MIN) ||
+ (type > SSH2_MSG_TRANSPORT_MAX) ||
+ (type == SSH2_MSG_SERVICE_REQUEST) ||
+ (type == SSH2_MSG_SERVICE_ACCEPT)) {
debug("enqueue packet: %u", type);
p = xmalloc(sizeof(*p));
p->type = type;