diff options
author | Colin Watson <cjwatson@debian.org> | 2009-01-13 20:17:16 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2009-01-13 20:17:16 +0000 |
commit | 92863e5802abcf84a0c778e2cfd52def42d19f89 (patch) | |
tree | 83405a4dfa62e96f329d2bdfcf17835f5b923d95 | |
parent | 172a1537e7df44054e3bd6d2619cf31759d20d8c (diff) |
* Backport from upstream CVS (Markus Friedl):
- packet_disconnect() on padding error, too. Should reduce the success
probability for the CPNI-957037 Plaintext Recovery Attack to 2^-18.
-rw-r--r-- | debian/changelog | 8 | ||||
-rw-r--r-- | packet.c | 9 |
2 files changed, 14 insertions, 3 deletions
diff --git a/debian/changelog b/debian/changelog index 3694235c7..049d0740b 100644 --- a/debian/changelog +++ b/debian/changelog | |||
@@ -1,3 +1,11 @@ | |||
1 | openssh (1:5.1p1-5) UNRELEASED; urgency=low | ||
2 | |||
3 | * Backport from upstream CVS (Markus Friedl): | ||
4 | - packet_disconnect() on padding error, too. Should reduce the success | ||
5 | probability for the CPNI-957037 Plaintext Recovery Attack to 2^-18. | ||
6 | |||
7 | -- Colin Watson <cjwatson@debian.org> Mon, 01 Dec 2008 16:13:14 +0000 | ||
8 | |||
1 | openssh (1:5.1p1-4) unstable; urgency=low | 9 | openssh (1:5.1p1-4) unstable; urgency=low |
2 | 10 | ||
3 | * ssh-copy-id: Strip trailing colons from hostname (closes: #226172, | 11 | * ssh-copy-id: Strip trailing colons from hostname (closes: #226172, |
@@ -1152,7 +1152,8 @@ packet_read_poll2(u_int32_t *seqnr_p) | |||
1152 | #ifdef PACKET_DEBUG | 1152 | #ifdef PACKET_DEBUG |
1153 | buffer_dump(&incoming_packet); | 1153 | buffer_dump(&incoming_packet); |
1154 | #endif | 1154 | #endif |
1155 | packet_disconnect("Bad packet length %u.", packet_length); | 1155 | packet_disconnect("Bad packet length %-10u", |
1156 | packet_length); | ||
1156 | } | 1157 | } |
1157 | DBG(debug("input: packet len %u", packet_length+4)); | 1158 | DBG(debug("input: packet len %u", packet_length+4)); |
1158 | buffer_consume(&input, block_size); | 1159 | buffer_consume(&input, block_size); |
@@ -1161,9 +1162,11 @@ packet_read_poll2(u_int32_t *seqnr_p) | |||
1161 | need = 4 + packet_length - block_size; | 1162 | need = 4 + packet_length - block_size; |
1162 | DBG(debug("partial packet %d, need %d, maclen %d", block_size, | 1163 | DBG(debug("partial packet %d, need %d, maclen %d", block_size, |
1163 | need, maclen)); | 1164 | need, maclen)); |
1164 | if (need % block_size != 0) | 1165 | if (need % block_size != 0) { |
1165 | fatal("padding error: need %d block %d mod %d", | 1166 | logit("padding error: need %d block %d mod %d", |
1166 | need, block_size, need % block_size); | 1167 | need, block_size, need % block_size); |
1168 | packet_disconnect("Bad packet length %-10u", packet_length); | ||
1169 | } | ||
1167 | /* | 1170 | /* |
1168 | * check if the entire packet has been received and | 1171 | * check if the entire packet has been received and |
1169 | * decrypt into incoming_packet | 1172 | * decrypt into incoming_packet |