diff options
| author | Colin Watson <cjwatson@debian.org> | 2009-01-13 20:17:16 +0000 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2009-01-13 20:17:16 +0000 |
| commit | 92863e5802abcf84a0c778e2cfd52def42d19f89 (patch) | |
| tree | 83405a4dfa62e96f329d2bdfcf17835f5b923d95 | |
| parent | 172a1537e7df44054e3bd6d2619cf31759d20d8c (diff) | |
* Backport from upstream CVS (Markus Friedl):
- packet_disconnect() on padding error, too. Should reduce the success
probability for the CPNI-957037 Plaintext Recovery Attack to 2^-18.
| -rw-r--r-- | debian/changelog | 8 | ||||
| -rw-r--r-- | packet.c | 9 |
2 files changed, 14 insertions, 3 deletions
diff --git a/debian/changelog b/debian/changelog index 3694235c7..049d0740b 100644 --- a/debian/changelog +++ b/debian/changelog | |||
| @@ -1,3 +1,11 @@ | |||
| 1 | openssh (1:5.1p1-5) UNRELEASED; urgency=low | ||
| 2 | |||
| 3 | * Backport from upstream CVS (Markus Friedl): | ||
| 4 | - packet_disconnect() on padding error, too. Should reduce the success | ||
| 5 | probability for the CPNI-957037 Plaintext Recovery Attack to 2^-18. | ||
| 6 | |||
| 7 | -- Colin Watson <cjwatson@debian.org> Mon, 01 Dec 2008 16:13:14 +0000 | ||
| 8 | |||
| 1 | openssh (1:5.1p1-4) unstable; urgency=low | 9 | openssh (1:5.1p1-4) unstable; urgency=low |
| 2 | 10 | ||
| 3 | * ssh-copy-id: Strip trailing colons from hostname (closes: #226172, | 11 | * ssh-copy-id: Strip trailing colons from hostname (closes: #226172, |
| @@ -1152,7 +1152,8 @@ packet_read_poll2(u_int32_t *seqnr_p) | |||
| 1152 | #ifdef PACKET_DEBUG | 1152 | #ifdef PACKET_DEBUG |
| 1153 | buffer_dump(&incoming_packet); | 1153 | buffer_dump(&incoming_packet); |
| 1154 | #endif | 1154 | #endif |
| 1155 | packet_disconnect("Bad packet length %u.", packet_length); | 1155 | packet_disconnect("Bad packet length %-10u", |
| 1156 | packet_length); | ||
| 1156 | } | 1157 | } |
| 1157 | DBG(debug("input: packet len %u", packet_length+4)); | 1158 | DBG(debug("input: packet len %u", packet_length+4)); |
| 1158 | buffer_consume(&input, block_size); | 1159 | buffer_consume(&input, block_size); |
| @@ -1161,9 +1162,11 @@ packet_read_poll2(u_int32_t *seqnr_p) | |||
| 1161 | need = 4 + packet_length - block_size; | 1162 | need = 4 + packet_length - block_size; |
| 1162 | DBG(debug("partial packet %d, need %d, maclen %d", block_size, | 1163 | DBG(debug("partial packet %d, need %d, maclen %d", block_size, |
| 1163 | need, maclen)); | 1164 | need, maclen)); |
| 1164 | if (need % block_size != 0) | 1165 | if (need % block_size != 0) { |
| 1165 | fatal("padding error: need %d block %d mod %d", | 1166 | logit("padding error: need %d block %d mod %d", |
| 1166 | need, block_size, need % block_size); | 1167 | need, block_size, need % block_size); |
| 1168 | packet_disconnect("Bad packet length %-10u", packet_length); | ||
| 1169 | } | ||
| 1167 | /* | 1170 | /* |
| 1168 | * check if the entire packet has been received and | 1171 | * check if the entire packet has been received and |
| 1169 | * decrypt into incoming_packet | 1172 | * decrypt into incoming_packet |