tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

upstream commit 

Check min and max sizes sent by the client against what
 we support before passing them to the monitor.  ok djm@

Upstream-ID: 750627e8117084215412bff00a25b1586ab17ece
This commit is contained in:
dtucker@openbsd.org 2016-06-01 04:19:49 +00:00 committed by Damien Miller
parent 564cd2a892
commit 6b87311d3a
1 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
kexgexs.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: kexgexs.c,v 1.27 2016/05/31 23:46:14 dtucker Exp $ */ /* $OpenBSD: kexgexs.c,v 1.28 2016/06/01 04:19:49 dtucker Exp $ */
/* /*
* Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2000 Niels Provos. All rights reserved.
* Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved.
@ -83,21 +83,21 @@ input_kex_dh_gex_request(int type, u_int32_t seq, void *ctxt)
kex->nbits = nbits; kex->nbits = nbits;
kex->min = min; kex->min = min;
kex->max = max; kex->max = max;
min = MAX(DH_GRP_MIN, min);
max = MIN(DH_GRP_MAX, max);
nbits = MAX(DH_GRP_MIN, nbits);
nbits = MIN(DH_GRP_MAX, nbits);
if (kex->max < kex->min || kex->nbits < kex->min || if (kex->max < kex->min || kex->nbits < kex->min ||
kex->max < kex->nbits || kex->max < DH_GRP_MIN) { kex->max < kex->nbits || kex->max < DH_GRP_MIN ||
kex->min > DH_GRP_MAX) {
r = SSH_ERR_DH_GEX_OUT_OF_RANGE; r = SSH_ERR_DH_GEX_OUT_OF_RANGE;
goto out; goto out;
} }
kex->min = MAX(DH_GRP_MIN, kex->min);
kex->max = MIN(DH_GRP_MAX, kex->max);
kex->nbits = MAX(DH_GRP_MIN, kex->nbits);
kex->nbits = MIN(DH_GRP_MAX, kex->nbits);
/* Contact privileged parent */ /* Contact privileged parent */
kex->dh = PRIVSEP(choose_dh(min, nbits, max)); kex->dh = PRIVSEP(choose_dh(kex->min, kex->nbits, kex->max));
if (kex->dh == NULL) { if (kex->dh == NULL) {
sshpkt_disconnect(ssh, "no matching DH grp found"); sshpkt_disconnect(ssh, "no matching DH group found");
r = SSH_ERR_ALLOC_FAIL; r = SSH_ERR_ALLOC_FAIL;
goto out; goto out;
} }