tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-07-28 16:24:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

- djm@cvs.openbsd.org 2009/01/01 21:17:36

Browse Source 
[kexgexs.c]
     fix hash calculation for KEXGEX: hash over the original client-supplied
     values and not the sanity checked versions that we acutally use;
     bz#1540 reported by john.smith AT arrows.demon.co.uk
     ok markus@
This commit is contained in:
Damien Miller 2009-01-28 16:23:06 +11:00
parent 7a60621d13
commit ccf7e224ab
2 changed files with 22 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
ChangeLog
View File

@ -36,6 +36,12 @@
call channel destroy callbacks on receipt of open failure messages. call channel destroy callbacks on receipt of open failure messages.
fixes client hangs when connecting to a server that has MaxSessions=0 fixes client hangs when connecting to a server that has MaxSessions=0
set spotted by imorgan AT nas.nasa.gov; ok markus@ set spotted by imorgan AT nas.nasa.gov; ok markus@
- djm@cvs.openbsd.org 2009/01/01 21:17:36
[kexgexs.c]
fix hash calculation for KEXGEX: hash over the original client-supplied
values and not the sanity checked versions that we acutally use;
bz#1540 reported by john.smith AT arrows.demon.co.uk
ok markus@
20090107 20090107
- (djm) [uidswap.c] bz#1412: Support >16 supplemental groups in OS X. - (djm) [uidswap.c] bz#1412: Support >16 supplemental groups in OS X.
@ -5045,5 +5051,5 @@
OpenServer 6 and add osr5bigcrypt support so when someone migrates OpenServer 6 and add osr5bigcrypt support so when someone migrates
passwords between UnixWare and OpenServer they will still work. OK dtucker@ passwords between UnixWare and OpenServer they will still work. OK dtucker@
$Id: ChangeLog,v 1.5169 2009/01/28 05:22:34 djm Exp $ $Id: ChangeLog,v 1.5170 2009/01/28 05:23:06 djm Exp $

27
kexgexs.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: kexgexs.c,v 1.10 2006/11/06 21:25:28 markus Exp $ */ /* $OpenBSD: kexgexs.c,v 1.11 2009/01/01 21:17:36 djm Exp $ */
/* /*
* Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2000 Niels Provos. All rights reserved.
* Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved.
@ -56,7 +56,8 @@ kexgex_server(Kex *kex)
DH *dh; DH *dh;
u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL; u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
u_int sbloblen, klen, slen, hashlen; u_int sbloblen, klen, slen, hashlen;
int min = -1, max = -1, nbits = -1, type, kout; int omin = -1, min = -1, omax = -1, max = -1, onbits = -1, nbits = -1;
int type, kout;
if (kex->load_host_key == NULL) if (kex->load_host_key == NULL)
fatal("Cannot load hostkey"); fatal("Cannot load hostkey");
@ -68,27 +69,29 @@ kexgex_server(Kex *kex)
switch (type) { switch (type) {
case SSH2_MSG_KEX_DH_GEX_REQUEST: case SSH2_MSG_KEX_DH_GEX_REQUEST:
debug("SSH2_MSG_KEX_DH_GEX_REQUEST received"); debug("SSH2_MSG_KEX_DH_GEX_REQUEST received");
min = packet_get_int(); omin = min = packet_get_int();
nbits = packet_get_int(); onbits = nbits = packet_get_int();
max = packet_get_int(); omax = max = packet_get_int();
min = MAX(DH_GRP_MIN, min); min = MAX(DH_GRP_MIN, min);
max = MIN(DH_GRP_MAX, max); max = MIN(DH_GRP_MAX, max);
nbits = MAX(DH_GRP_MIN, nbits);
nbits = MIN(DH_GRP_MAX, nbits);
break; break;
case SSH2_MSG_KEX_DH_GEX_REQUEST_OLD: case SSH2_MSG_KEX_DH_GEX_REQUEST_OLD:
debug("SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received"); debug("SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received");
nbits = packet_get_int(); onbits = nbits = packet_get_int();
min = DH_GRP_MIN;
max = DH_GRP_MAX;
/* unused for old GEX */ /* unused for old GEX */
omin = min = DH_GRP_MIN;
omax = max = DH_GRP_MAX;
break; break;
default: default:
fatal("protocol error during kex, no DH_GEX_REQUEST: %d", type); fatal("protocol error during kex, no DH_GEX_REQUEST: %d", type);
} }
packet_check_eom(); packet_check_eom();
if (max < min || nbits < min || max < nbits) if (omax < omin || onbits < omin || omax < onbits)
fatal("DH_GEX_REQUEST, bad parameters: %d !< %d !< %d", fatal("DH_GEX_REQUEST, bad parameters: %d !< %d !< %d",
min, nbits, max); omin, onbits, omax);
/* Contact privileged parent */ /* Contact privileged parent */
dh = PRIVSEP(choose_dh(min, nbits, max)); dh = PRIVSEP(choose_dh(min, nbits, max));
@ -149,7 +152,7 @@ kexgex_server(Kex *kex)
key_to_blob(server_host_key, &server_host_key_blob, &sbloblen); key_to_blob(server_host_key, &server_host_key_blob, &sbloblen);
if (type == SSH2_MSG_KEX_DH_GEX_REQUEST_OLD) if (type == SSH2_MSG_KEX_DH_GEX_REQUEST_OLD)
min = max = -1; omin = min = omax = max = -1;
/* calc H */ /* calc H */
kexgex_hash( kexgex_hash(
@ -159,7 +162,7 @@ kexgex_server(Kex *kex)
buffer_ptr(&kex->peer), buffer_len(&kex->peer), buffer_ptr(&kex->peer), buffer_len(&kex->peer),
buffer_ptr(&kex->my), buffer_len(&kex->my), buffer_ptr(&kex->my), buffer_len(&kex->my),
server_host_key_blob, sbloblen, server_host_key_blob, sbloblen,
min, nbits, max, omin, onbits, omax,
dh->p, dh->g, dh->p, dh->g,
dh_client_pub, dh_client_pub,
dh->pub_key, dh->pub_key,