- dtucker@cvs.openbsd.org 2004/02/27 22:42:47

[dh.c] Prevent sshd from sending DH groups with a primitive generator of zero or one, even if they are listed in /etc/moduli. ok markus@
2004-02-29 20:12:33 +11:00 · 2004-02-29 20:12:33 +11:00 · fc113c97a3
parent d592048c36
commit fc113c97a3
2 changed files with 9 additions and 2 deletions
--- a/6
+++ b/6
@ -3,6 +3,10 @@
   - djm@cvs.openbsd.org 2004/02/25 00:22:45
     [sshd.c]
     typo in comment
   - dtucker@cvs.openbsd.org 2004/02/27 22:42:47
     [dh.c]
     Prevent sshd from sending DH groups with a primitive generator of zero or
     one, even if they are listed in /etc/moduli.  ok markus@
 20040226
 - (bal) KNF our sshlogin.c even if the code looks nothing like upstream
@ -808,4 +812,4 @@
   - (djm) Trim deprecated options from INSTALL. Mention UsePAM
   - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
-$Id: ChangeLog,v 1.3261 2004/02/29 09:11:30 dtucker Exp $
+$Id: ChangeLog,v 1.3262 2004/02/29 09:12:33 dtucker Exp $
--- a/dh.c
+++ b/dh.c
@ -23,7 +23,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: dh.c,v 1.26 2003/12/16 15:51:54 markus Exp $");
+RCSID("$OpenBSD: dh.c,v 1.27 2004/02/27 22:42:47 dtucker Exp $");
 #include "xmalloc.h"
@ -91,6 +91,9 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg)
 	if (BN_num_bits(dhg->p) != dhg->size)
 		goto failclean;
 	if (BN_is_zero(dhg->g) || BN_is_one(dhg->g))
 		goto failclean;
 	return (1);
 failclean: