upstream commit
Ensure that the client's proposed DH-GEX max value is at least as big as the minimum the server will accept. ok djm@ Upstream-ID: b4b84fa04aab2de7e79a6fee4a6e1c189c0fe775
This commit is contained in:
dtucker@openbsd.org
Damien Miller
parent
df820722e4
commit
564cd2a892
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: kexgexs.c,v 1.26 2015/12/04 16:41:28 markus Exp $ */
|
/* $OpenBSD: kexgexs.c,v 1.27 2016/05/31 23:46:14 dtucker Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000 Niels Provos. All rights reserved.
|
* Copyright (c) 2000 Niels Provos. All rights reserved.
|
||||||
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||||
|
|
@ -89,7 +89,7 @@ input_kex_dh_gex_request(int type, u_int32_t seq, void *ctxt)
|
||||||
nbits = MIN(DH_GRP_MAX, nbits);
|
nbits = MIN(DH_GRP_MAX, nbits);
|
||||||
|
|
||||||
if (kex->max < kex->min || kex->nbits < kex->min ||
|
if (kex->max < kex->min || kex->nbits < kex->min ||
|
||||||
kex->max < kex->nbits) {
|
kex->max < kex->nbits || kex->max < DH_GRP_MIN) {
|
||||||
r = SSH_ERR_DH_GEX_OUT_OF_RANGE;
|
r = SSH_ERR_DH_GEX_OUT_OF_RANGE;
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue