diff options
author | Damien Miller <djm@mindrot.org> | 2009-01-28 06:23:06 +0100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2009-01-28 06:23:06 +0100 |
commit | ccf7e224ab73a8134175504ff09d72655ba50fb2 (patch) | |
tree | 5f55f45db87cfc0f8ae45e5147c35257f7893b70 /kexgexs.c | |
parent | - djm@cvs.openbsd.org 2009/01/01 21:14:35 (diff) | |
download | openssh-ccf7e224ab73a8134175504ff09d72655ba50fb2.tar.xz openssh-ccf7e224ab73a8134175504ff09d72655ba50fb2.zip |
- djm@cvs.openbsd.org 2009/01/01 21:17:36
[kexgexs.c]
fix hash calculation for KEXGEX: hash over the original client-supplied
values and not the sanity checked versions that we acutally use;
bz#1540 reported by john.smith AT arrows.demon.co.uk
ok markus@
Diffstat (limited to 'kexgexs.c')
-rw-r--r-- | kexgexs.c | 27 |
1 files changed, 15 insertions, 12 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexs.c,v 1.10 2006/11/06 21:25:28 markus Exp $ */ +/* $OpenBSD: kexgexs.c,v 1.11 2009/01/01 21:17:36 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -56,7 +56,8 @@ kexgex_server(Kex *kex) DH *dh; u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL; u_int sbloblen, klen, slen, hashlen; - int min = -1, max = -1, nbits = -1, type, kout; + int omin = -1, min = -1, omax = -1, max = -1, onbits = -1, nbits = -1; + int type, kout; if (kex->load_host_key == NULL) fatal("Cannot load hostkey"); @@ -68,27 +69,29 @@ kexgex_server(Kex *kex) switch (type) { case SSH2_MSG_KEX_DH_GEX_REQUEST: debug("SSH2_MSG_KEX_DH_GEX_REQUEST received"); - min = packet_get_int(); - nbits = packet_get_int(); - max = packet_get_int(); + omin = min = packet_get_int(); + onbits = nbits = packet_get_int(); + omax = max = packet_get_int(); min = MAX(DH_GRP_MIN, min); max = MIN(DH_GRP_MAX, max); + nbits = MAX(DH_GRP_MIN, nbits); + nbits = MIN(DH_GRP_MAX, nbits); break; case SSH2_MSG_KEX_DH_GEX_REQUEST_OLD: debug("SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received"); - nbits = packet_get_int(); - min = DH_GRP_MIN; - max = DH_GRP_MAX; + onbits = nbits = packet_get_int(); /* unused for old GEX */ + omin = min = DH_GRP_MIN; + omax = max = DH_GRP_MAX; break; default: fatal("protocol error during kex, no DH_GEX_REQUEST: %d", type); } packet_check_eom(); - if (max < min || nbits < min || max < nbits) + if (omax < omin || onbits < omin || omax < onbits) fatal("DH_GEX_REQUEST, bad parameters: %d !< %d !< %d", - min, nbits, max); + omin, onbits, omax); /* Contact privileged parent */ dh = PRIVSEP(choose_dh(min, nbits, max)); @@ -149,7 +152,7 @@ kexgex_server(Kex *kex) key_to_blob(server_host_key, &server_host_key_blob, &sbloblen); if (type == SSH2_MSG_KEX_DH_GEX_REQUEST_OLD) - min = max = -1; + omin = min = omax = max = -1; /* calc H */ kexgex_hash( @@ -159,7 +162,7 @@ kexgex_server(Kex *kex) buffer_ptr(&kex->peer), buffer_len(&kex->peer), buffer_ptr(&kex->my), buffer_len(&kex->my), server_host_key_blob, sbloblen, - min, nbits, max, + omin, onbits, omax, dh->p, dh->g, dh_client_pub, dh->pub_key, |