- markus@cvs.openbsd.org 2003/02/02 10:56:08

     [kex.c]
     add support for key exchange guesses; based on work by
     avraham.fraenkel@commatch.com; fixes bug #148; ok deraadt@

2 files changed, 42 insertions, 5 deletions

diff --git a/ChangeLog b/ChangeLog
index c36f52055..bea81ad19 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -24,6 +24,10 @@
      [scp.c]
      call okname() only when using system(3) for remote-remote copy;
      fixes bugs #483, #472; ok deraadt@, mouring@
+   - markus@cvs.openbsd.org 2003/02/02 10:56:08
+     [kex.c]
+     add support for key exchange guesses; based on work by
+     avraham.fraenkel@commatch.com; fixes bug #148; ok deraadt@
 
 20030211
  - (djm) Cygwin needs libcrypt too. Patch from vinschen@redhat.com
@@ -1124,4 +1128,4 @@
      save auth method before monitor_reset_key_state(); bugzilla bug #284;
      ok provos@
 
-$Id: ChangeLog,v 1.2599 2003/02/24 00:52:58 djm Exp $
+$Id: ChangeLog,v 1.2600 2003/02/24 00:53:32 djm Exp $
diff --git a/kex.c b/kex.c
index 113663598..0a861fb97 100644
--- a/kex.c
+++ b/kex.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: kex.c,v 1.52 2002/11/21 22:45:31 markus Exp $");
+RCSID("$OpenBSD: kex.c,v 1.53 2003/02/02 10:56:08 markus Exp $");
 
 #include <openssl/crypto.h>
 
@@ -74,7 +74,7 @@ kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX])
 
 /* parse buffer and return algorithm proposal */
 static char **
-kex_buf2prop(Buffer *raw)
+kex_buf2prop(Buffer *raw, int *first_kex_follows)
 {
         Buffer b;
         int i;
@@ -94,6 +94,8 @@ kex_buf2prop(Buffer *raw)
         }
         /* first kex follows / reserved */
         i = buffer_get_char(&b);
+        if (first_kex_follows != NULL)
+                *first_kex_follows = i;
         debug2("kex_parse_kexinit: first_kex_follows %d ", i);
         i = buffer_get_int(&b);
         debug2("kex_parse_kexinit: reserved %d ", i);
@@ -317,6 +319,30 @@ choose_hostkeyalg(Kex *k, char *client, char *server)
         xfree(hostkeyalg);
 }
 
+static int 
+proposals_match(char *my[PROPOSAL_MAX], char *peer[PROPOSAL_MAX])
+{
+        static int check[] = {
+                PROPOSAL_KEX_ALGS, PROPOSAL_SERVER_HOST_KEY_ALGS, -1
+        };
+        int *idx;
+        char *p;
+
+        for (idx = &check[0]; *idx != -1; idx++) {
+                if ((p = strchr(my[*idx], ',')) != NULL)
+                        *p = '\0';
+                if ((p = strchr(peer[*idx], ',')) != NULL)
+                        *p = '\0';
+                if (strcmp(my[*idx], peer[*idx]) != 0) {
+                        debug2("proposal mismatch: my %s peer %s",
+                            my[*idx], peer[*idx]);
+                        return (0);
+                }
+        }
+        debug2("proposals match");
+        return (1);
+}
+
 static void
 kex_choose_conf(Kex *kex)
 {
@@ -327,9 +353,10 @@ kex_choose_conf(Kex *kex)
         int mode;
         int ctos;                               /* direction: if true client-to-server */
         int need;
+        int first_kex_follows, type;
 
-        my   = kex_buf2prop(&kex->my);
-        peer = kex_buf2prop(&kex->peer);
+        my   = kex_buf2prop(&kex->my, NULL);
+        peer = kex_buf2prop(&kex->peer, &first_kex_follows);
 
         if (kex->server) {
                 cprop=peer;
@@ -373,6 +400,12 @@ kex_choose_conf(Kex *kex)
         /* XXX need runden? */
         kex->we_need = need;
 
+        /* ignore the next message if the proposals do not match */
+        if (first_kex_follows && !proposals_match(my, peer)) {
+                type = packet_read();
+                debug2("skipping next packet (type %u)", type);
+        }
+
         kex_prop_free(my);
         kex_prop_free(peer);
 }