- markus@cvs.openbsd.org 2012/01/25 19:26:43

     [packet.c]
     do not permit SSH2_MSG_SERVICE_REQUEST/ACCEPT during rekeying;
     ok dtucker@, djm@

2 files changed, 9 insertions, 3 deletions

diff --git a/ChangeLog b/ChangeLog
index 8eebcaffb..460a635ba 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -20,6 +20,10 @@
      Ensure that $DISPLAY contains only valid characters before using it to
      extract xauth data so that it can't be used to play local shell
      metacharacter games.  Report from r00t_ati at ihteam.net, ok markus.
+   - markus@cvs.openbsd.org 2012/01/25 19:26:43
+     [packet.c]
+     do not permit SSH2_MSG_SERVICE_REQUEST/ACCEPT during rekeying;
+     ok dtucker@, djm@
 
 20120206
  - (djm) [ssh-keygen.c] Don't fail in do_gen_all_hostkeys on platforms
diff --git a/packet.c b/packet.c
index 5e82fe753..0d29efffd 100644
--- a/packet.c
+++ b/packet.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.c,v 1.174 2011/12/07 05:44:38 djm Exp $ */
+/* $OpenBSD: packet.c,v 1.175 2012/01/25 19:26:43 markus Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -972,8 +972,10 @@ packet_send2(void)
 
         /* during rekeying we can only send key exchange messages */
         if (active_state->rekeying) {
-                if (!((type >= SSH2_MSG_TRANSPORT_MIN) &&
-                    (type <= SSH2_MSG_TRANSPORT_MAX))) {
+                if ((type < SSH2_MSG_TRANSPORT_MIN) ||
+                    (type > SSH2_MSG_TRANSPORT_MAX) ||
+                    (type == SSH2_MSG_SERVICE_REQUEST) ||
+                    (type == SSH2_MSG_SERVICE_ACCEPT)) {
                         debug("enqueue packet: %u", type);
                         p = xmalloc(sizeof(*p));
                         p->type = type;