- markus@cvs.openbsd.org 2002/02/23 17:59:02

[kex.c kexdh.c kexgex.c] don't allow garbage after payload.
author: Ben Lindstrom <mouring@eviladmin.org> 2002-02-26 17:58:29 +0000
committer: Ben Lindstrom <mouring@eviladmin.org> 2002-02-26 17:58:29 +0000
commit: 14519086e4d04acec0e0f83e1d31ffdce4419d52 (patch)
tree: 2a4c32ac3d83a81991bae34f4a1552fc9b4e0345
parent: 9c8edc96fcb30cb8a9b0bd87fc1903c6fb618c31 (diff)
4 files changed, 10 insertions, 4 deletions
diff --git a/ChangeLog b/ChangeLog
index 3c52d584e..fdd857292 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -23,6 +23,9 @@
   - markus@cvs.openbsd.org 2002/02/22 12:20:34
     [log.c log.h ssh-keyscan.c]
     overwrite fatal() in ssh-keyscan.c; fixes pr 2354; ok provos@
+   - markus@cvs.openbsd.org 2002/02/23 17:59:02
+     [kex.c kexdh.c kexgex.c]
+     don't allow garbage after payload.
 20020225
 - (bal) Last AIX patch.  Moved aix_usrinfo() outside of do_setuserconext()
@@ -7696,4 +7699,4 @@
 - Wrote replacements for strlcpy and mkdtemp
 - Released 1.0pre1
-$Id: ChangeLog,v 1.1879 2002/02/26 17:52:14 mouring Exp $
+$Id: ChangeLog,v 1.1880 2002/02/26 17:58:29 mouring Exp $
diff --git a/kex.c b/kex.c
index e9f944b05..e91b2ee35 100644
--- a/kex.c
+++ b/kex.c
@@ -23,7 +23,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: kex.c,v 1.45 2002/02/14 23:41:01 markus Exp $");
+RCSID("$OpenBSD: kex.c,v 1.46 2002/02/23 17:59:02 markus Exp $");
 #include <openssl/crypto.h>
@@ -132,6 +132,7 @@ kex_finish(Kex *kex)
        debug("waiting for SSH2_MSG_NEWKEYS");
        packet_read_expect(SSH2_MSG_NEWKEYS);
+        packet_check_eom();
        debug("SSH2_MSG_NEWKEYS received");
        kex->done = 1;
diff --git a/kexdh.c b/kexdh.c
index f87d52952..2049d6e1b 100644
--- a/kexdh.c
+++ b/kexdh.c
@@ -23,7 +23,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: kexdh.c,v 1.14 2002/01/31 13:35:11 markus Exp $");
+RCSID("$OpenBSD: kexdh.c,v 1.15 2002/02/23 17:59:02 markus Exp $");
 #include <openssl/crypto.h>
 #include <openssl/bn.h>
@@ -220,6 +220,7 @@ kexdh_server(Kex *kex)
        if ((dh_client_pub = BN_new()) == NULL)
                fatal("dh_client_pub == NULL");
        packet_get_bignum2(dh_client_pub);
+        packet_check_eom();
 #ifdef DEBUG_KEXDH
        fprintf(stderr, "dh_client_pub= ");
diff --git a/kexgex.c b/kexgex.c
index dc2fa6723..ac377aafc 100644
--- a/kexgex.c
+++ b/kexgex.c
@@ -24,7 +24,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: kexgex.c,v 1.17 2002/01/31 13:35:11 markus Exp $");
+RCSID("$OpenBSD: kexgex.c,v 1.18 2002/02/23 17:59:02 markus Exp $");
 #include <openssl/bn.h>
@@ -319,6 +319,7 @@ kexgex_server(Kex *kex)
        if ((dh_client_pub = BN_new()) == NULL)
                fatal("dh_client_pub == NULL");
        packet_get_bignum2(dh_client_pub);
+        packet_check_eom();
 #ifdef DEBUG_KEXDH
        fprintf(stderr, "dh_client_pub= ");
author	Ben Lindstrom <mouring@eviladmin.org>	2002-02-26 17:58:29 +0000
committer	Ben Lindstrom <mouring@eviladmin.org>	2002-02-26 17:58:29 +0000
commit	14519086e4d04acec0e0f83e1d31ffdce4419d52 (patch)
tree	2a4c32ac3d83a81991bae34f4a1552fc9b4e0345
parent	9c8edc96fcb30cb8a9b0bd87fc1903c6fb618c31 (diff)