- djm@cvs.openbsd.org 2009/01/01 21:17:36

[kexgexs.c] fix hash calculation for KEXGEX: hash over the original client-supplied values and not the sanity checked versions that we acutally use; bz#1540 reported by john.smith AT arrows.demon.co.uk ok markus@
author: Damien Miller <djm@mindrot.org> 2009-01-28 16:23:06 +1100
committer: Damien Miller <djm@mindrot.org> 2009-01-28 16:23:06 +1100
commit: ccf7e224ab73a8134175504ff09d72655ba50fb2 (patch)
tree: 5f55f45db87cfc0f8ae45e5147c35257f7893b70 /kexgexs.c
parent: 7a60621d13de221d3de77784ea14baf72e0233f4 (diff)
1 files changed, 15 insertions, 12 deletions
diff --git a/kexgexs.c b/kexgexs.c
index a037f57f2..76a0f8ca7 100644
--- a/kexgexs.c
+++ b/kexgexs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexgexs.c,v 1.10 2006/11/06 21:25:28 markus Exp $ */
+/* $OpenBSD: kexgexs.c,v 1.11 2009/01/01 21:17:36 djm Exp $ */
 /*
 * Copyright (c) 2000 Niels Provos.  All rights reserved.
 * Copyright (c) 2001 Markus Friedl.  All rights reserved.
@@ -56,7 +56,8 @@ kexgex_server(Kex *kex)
        DH *dh;
        u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
        u_int sbloblen, klen, slen, hashlen;
-        int min = -1, max = -1, nbits = -1, type, kout;
+        int omin = -1, min = -1, omax = -1, max = -1, onbits = -1, nbits = -1;
+        int type, kout;
        if (kex->load_host_key == NULL)
                fatal("Cannot load hostkey");
@@ -68,27 +69,29 @@ kexgex_server(Kex *kex)
        switch (type) {
        case SSH2_MSG_KEX_DH_GEX_REQUEST:
                debug("SSH2_MSG_KEX_DH_GEX_REQUEST received");
-                min = packet_get_int();
+                omin = min = packet_get_int();
-                nbits = packet_get_int();
+                onbits = nbits = packet_get_int();
-                max = packet_get_int();
+                omax = max = packet_get_int();
                min = MAX(DH_GRP_MIN, min);
                max = MIN(DH_GRP_MAX, max);
+                nbits = MAX(DH_GRP_MIN, nbits);
+                nbits = MIN(DH_GRP_MAX, nbits);
                break;
        case SSH2_MSG_KEX_DH_GEX_REQUEST_OLD:
                debug("SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received");
-                nbits = packet_get_int();
+                onbits = nbits = packet_get_int();
-                min = DH_GRP_MIN;
-                max = DH_GRP_MAX;
                /* unused for old GEX */
+                omin = min = DH_GRP_MIN;
+                omax = max = DH_GRP_MAX;
                break;
        default:
                fatal("protocol error during kex, no DH_GEX_REQUEST: %d", type);
        }
        packet_check_eom();
-        if (max < min || nbits < min || max < nbits)
+        if (omax < omin || onbits < omin || omax < onbits)
                fatal("DH_GEX_REQUEST, bad parameters: %d !< %d !< %d",
-                    min, nbits, max);
+                    omin, onbits, omax);
        /* Contact privileged parent */
        dh = PRIVSEP(choose_dh(min, nbits, max));
@@ -149,7 +152,7 @@ kexgex_server(Kex *kex)
        key_to_blob(server_host_key, &server_host_key_blob, &sbloblen);
        if (type == SSH2_MSG_KEX_DH_GEX_REQUEST_OLD)
-                min = max = -1;
+                omin = min = omax = max = -1;
        /* calc H */
        kexgex_hash(
@@ -159,7 +162,7 @@ kexgex_server(Kex *kex)
            buffer_ptr(&kex->peer), buffer_len(&kex->peer),
            buffer_ptr(&kex->my), buffer_len(&kex->my),
            server_host_key_blob, sbloblen,
-            min, nbits, max,
+            omin, onbits, omax,
            dh->p, dh->g,
            dh_client_pub,
            dh->pub_key,
author	Damien Miller <djm@mindrot.org>	2009-01-28 16:23:06 +1100
committer	Damien Miller <djm@mindrot.org>	2009-01-28 16:23:06 +1100
commit	ccf7e224ab73a8134175504ff09d72655ba50fb2 (patch)
tree	5f55f45db87cfc0f8ae45e5147c35257f7893b70 /kexgexs.c
parent	7a60621d13de221d3de77784ea14baf72e0233f4 (diff)