summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDarren Tucker <dtucker@zip.com.au>2008-12-01 21:40:48 +1100
committerDarren Tucker <dtucker@zip.com.au>2008-12-01 21:40:48 +1100
commit99d11a3ed2eb13e2f3ba13280d416369c45a30a6 (patch)
tree8634f2188f304a1eca040e653035530e778df2fb
parent83795d61d277df3f090f12336ea3e21b6946ef4f (diff)
- markus@cvs.openbsd.org 2008/11/21 15:47:38
[packet.c] packet_disconnect() on padding error, too. should reduce the success probability for the CPNI-957037 Plaintext Recovery Attack to 2^-18 ok djm@
Diffstat
-rw-r--r--ChangeLog8
-rw-r--r--packet.c11
2 files changed, 14 insertions, 5 deletions
diff --git a/ChangeLog b/ChangeLog
index 13fd17889..af6b99458 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,12 @@
2 - (dtucker) [contrib/cygwin/{Makefile,ssh-host-config}] Add new doc files 2 - (dtucker) [contrib/cygwin/{Makefile,ssh-host-config}] Add new doc files
3 and tweak the is-sshd-running check in ssh-host-config. Patch from 3 and tweak the is-sshd-running check in ssh-host-config. Patch from
4 vinschen at redhat com. 4 vinschen at redhat com.
5 - (dtucker) OpenBSD CVS Sync
6 - markus@cvs.openbsd.org 2008/11/21 15:47:38
7 [packet.c]
8 packet_disconnect() on padding error, too. should reduce the success
9 probability for the CPNI-957037 Plaintext Recovery Attack to 2^-18
10 ok djm@
5 11
620081123 1220081123
7 - (dtucker) [monitor_fdpass.c] Reduce diff vs OpenBSD by moving some 13 - (dtucker) [monitor_fdpass.c] Reduce diff vs OpenBSD by moving some
@@ -4936,5 +4942,5 @@
4936 OpenServer 6 and add osr5bigcrypt support so when someone migrates 4942 OpenServer 6 and add osr5bigcrypt support so when someone migrates
4937 passwords between UnixWare and OpenServer they will still work. OK dtucker@ 4943 passwords between UnixWare and OpenServer they will still work. OK dtucker@
4938 4944
4939$Id: ChangeLog,v 1.5145 2008/12/01 10:34:28 dtucker Exp $ 4945$Id: ChangeLog,v 1.5146 2008/12/01 10:40:48 dtucker Exp $
4940 4946
diff --git a/packet.c b/packet.c
index 8abd43eb4..4ded17fac 100644
--- a/packet.c
+++ b/packet.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: packet.c,v 1.157 2008/07/10 18:08:11 markus Exp $ */ 1/* $OpenBSD: packet.c,v 1.158 2008/11/21 15:47:38 markus Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1152,7 +1152,8 @@ packet_read_poll2(u_int32_t *seqnr_p)
1152#ifdef PACKET_DEBUG 1152#ifdef PACKET_DEBUG
1153 buffer_dump(&incoming_packet); 1153 buffer_dump(&incoming_packet);
1154#endif 1154#endif
1155 packet_disconnect("Bad packet length %u.", packet_length); 1155 packet_disconnect("Bad packet length %-10u",
1156 packet_length);
1156 } 1157 }
1157 DBG(debug("input: packet len %u", packet_length+4)); 1158 DBG(debug("input: packet len %u", packet_length+4));
1158 buffer_consume(&input, block_size); 1159 buffer_consume(&input, block_size);
@@ -1161,9 +1162,11 @@ packet_read_poll2(u_int32_t *seqnr_p)
1161 need = 4 + packet_length - block_size; 1162 need = 4 + packet_length - block_size;
1162 DBG(debug("partial packet %d, need %d, maclen %d", block_size, 1163 DBG(debug("partial packet %d, need %d, maclen %d", block_size,
1163 need, maclen)); 1164 need, maclen));
1164 if (need % block_size != 0) 1165 if (need % block_size != 0) {
1165 fatal("padding error: need %d block %d mod %d", 1166 logit("padding error: need %d block %d mod %d",
1166 need, block_size, need % block_size); 1167 need, block_size, need % block_size);
1168 packet_disconnect("Bad packet length %-10u", packet_length);
1169 }
1167 /* 1170 /*
1168 * check if the entire packet has been received and 1171 * check if the entire packet has been received and
1169 * decrypt into incoming_packet 1172 * decrypt into incoming_packet
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-18 04:49:59 +0000