diff options
author | Darren Tucker <dtucker@zip.com.au> | 2004-02-29 20:12:33 +1100 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2004-02-29 20:12:33 +1100 |
commit | fc113c97a3935896869e8bccf7a70cb7c7ed95d3 (patch) | |
tree | 260ef3c0aa8256344bbc74a04dec593189507be3 | |
parent | d592048c36ee15cef19d6177aeb015b69bfa8833 (diff) |
- dtucker@cvs.openbsd.org 2004/02/27 22:42:47
[dh.c]
Prevent sshd from sending DH groups with a primitive generator of zero or
one, even if they are listed in /etc/moduli. ok markus@
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | dh.c | 5 |
2 files changed, 9 insertions, 2 deletions
@@ -3,6 +3,10 @@ | |||
3 | - djm@cvs.openbsd.org 2004/02/25 00:22:45 | 3 | - djm@cvs.openbsd.org 2004/02/25 00:22:45 |
4 | [sshd.c] | 4 | [sshd.c] |
5 | typo in comment | 5 | typo in comment |
6 | - dtucker@cvs.openbsd.org 2004/02/27 22:42:47 | ||
7 | [dh.c] | ||
8 | Prevent sshd from sending DH groups with a primitive generator of zero or | ||
9 | one, even if they are listed in /etc/moduli. ok markus@ | ||
6 | 10 | ||
7 | 20040226 | 11 | 20040226 |
8 | - (bal) KNF our sshlogin.c even if the code looks nothing like upstream | 12 | - (bal) KNF our sshlogin.c even if the code looks nothing like upstream |
@@ -808,4 +812,4 @@ | |||
808 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM | 812 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM |
809 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | 813 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu |
810 | 814 | ||
811 | $Id: ChangeLog,v 1.3261 2004/02/29 09:11:30 dtucker Exp $ | 815 | $Id: ChangeLog,v 1.3262 2004/02/29 09:12:33 dtucker Exp $ |
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: dh.c,v 1.26 2003/12/16 15:51:54 markus Exp $"); | 26 | RCSID("$OpenBSD: dh.c,v 1.27 2004/02/27 22:42:47 dtucker Exp $"); |
27 | 27 | ||
28 | #include "xmalloc.h" | 28 | #include "xmalloc.h" |
29 | 29 | ||
@@ -91,6 +91,9 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg) | |||
91 | if (BN_num_bits(dhg->p) != dhg->size) | 91 | if (BN_num_bits(dhg->p) != dhg->size) |
92 | goto failclean; | 92 | goto failclean; |
93 | 93 | ||
94 | if (BN_is_zero(dhg->g) || BN_is_one(dhg->g)) | ||
95 | goto failclean; | ||
96 | |||
94 | return (1); | 97 | return (1); |
95 | 98 | ||
96 | failclean: | 99 | failclean: |