From 14519086e4d04acec0e0f83e1d31ffdce4419d52 Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Tue, 26 Feb 2002 17:58:29 +0000 Subject: [PATCH] - markus@cvs.openbsd.org 2002/02/23 17:59:02 [kex.c kexdh.c kexgex.c] don't allow garbage after payload. --- ChangeLog | 5 ++++- kex.c | 3 ++- kexdh.c | 3 ++- kexgex.c | 3 ++- 4 files changed, 10 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 3c52d584e..fdd857292 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,6 +23,9 @@ - markus@cvs.openbsd.org 2002/02/22 12:20:34 [log.c log.h ssh-keyscan.c] overwrite fatal() in ssh-keyscan.c; fixes pr 2354; ok provos@ + - markus@cvs.openbsd.org 2002/02/23 17:59:02 + [kex.c kexdh.c kexgex.c] + don't allow garbage after payload. 20020225 - (bal) Last AIX patch. Moved aix_usrinfo() outside of do_setuserconext() @@ -7696,4 +7699,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.1879 2002/02/26 17:52:14 mouring Exp $ +$Id: ChangeLog,v 1.1880 2002/02/26 17:58:29 mouring Exp $ diff --git a/kex.c b/kex.c index e9f944b05..e91b2ee35 100644 --- a/kex.c +++ b/kex.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kex.c,v 1.45 2002/02/14 23:41:01 markus Exp $"); +RCSID("$OpenBSD: kex.c,v 1.46 2002/02/23 17:59:02 markus Exp $"); #include @@ -132,6 +132,7 @@ kex_finish(Kex *kex) debug("waiting for SSH2_MSG_NEWKEYS"); packet_read_expect(SSH2_MSG_NEWKEYS); + packet_check_eom(); debug("SSH2_MSG_NEWKEYS received"); kex->done = 1; diff --git a/kexdh.c b/kexdh.c index f87d52952..2049d6e1b 100644 --- a/kexdh.c +++ b/kexdh.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kexdh.c,v 1.14 2002/01/31 13:35:11 markus Exp $"); +RCSID("$OpenBSD: kexdh.c,v 1.15 2002/02/23 17:59:02 markus Exp $"); #include #include @@ -220,6 +220,7 @@ kexdh_server(Kex *kex) if ((dh_client_pub = BN_new()) == NULL) fatal("dh_client_pub == NULL"); packet_get_bignum2(dh_client_pub); + packet_check_eom(); #ifdef DEBUG_KEXDH fprintf(stderr, "dh_client_pub= "); diff --git a/kexgex.c b/kexgex.c index dc2fa6723..ac377aafc 100644 --- a/kexgex.c +++ b/kexgex.c @@ -24,7 +24,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kexgex.c,v 1.17 2002/01/31 13:35:11 markus Exp $"); +RCSID("$OpenBSD: kexgex.c,v 1.18 2002/02/23 17:59:02 markus Exp $"); #include @@ -319,6 +319,7 @@ kexgex_server(Kex *kex) if ((dh_client_pub = BN_new()) == NULL) fatal("dh_client_pub == NULL"); packet_get_bignum2(dh_client_pub); + packet_check_eom(); #ifdef DEBUG_KEXDH fprintf(stderr, "dh_client_pub= ");