summaryrefslogtreecommitdiff
path: root/kexgexs.c
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2010-01-01 17:15:23 +0000
committerColin Watson <cjwatson@debian.org>2010-01-01 17:15:23 +0000
commit99b402ea4c8457b0a3cafff37f5b3410a8dc6476 (patch)
tree1d24ce54c9981ea8cbb4c5a9309964a0e4c4b320 /kexgexs.c
parent87552344215a38d3a2b0d4d63dc151e05978bbe1 (diff)
parent54af7a4ae8d455791a631bdfaade4b64436ae16a (diff)
import openssh-5.2p1-gsskex-all-20090726.patch
Diffstat (limited to 'kexgexs.c')
-rw-r--r--kexgexs.c27
1 files changed, 15 insertions, 12 deletions
diff --git a/kexgexs.c b/kexgexs.c
index a037f57f2..76a0f8ca7 100644
--- a/kexgexs.c
+++ b/kexgexs.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kexgexs.c,v 1.10 2006/11/06 21:25:28 markus Exp $ */ 1/* $OpenBSD: kexgexs.c,v 1.11 2009/01/01 21:17:36 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Niels Provos. All rights reserved. 3 * Copyright (c) 2000 Niels Provos. All rights reserved.
4 * Copyright (c) 2001 Markus Friedl. All rights reserved. 4 * Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -56,7 +56,8 @@ kexgex_server(Kex *kex)
56 DH *dh; 56 DH *dh;
57 u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL; 57 u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
58 u_int sbloblen, klen, slen, hashlen; 58 u_int sbloblen, klen, slen, hashlen;
59 int min = -1, max = -1, nbits = -1, type, kout; 59 int omin = -1, min = -1, omax = -1, max = -1, onbits = -1, nbits = -1;
60 int type, kout;
60 61
61 if (kex->load_host_key == NULL) 62 if (kex->load_host_key == NULL)
62 fatal("Cannot load hostkey"); 63 fatal("Cannot load hostkey");
@@ -68,27 +69,29 @@ kexgex_server(Kex *kex)
68 switch (type) { 69 switch (type) {
69 case SSH2_MSG_KEX_DH_GEX_REQUEST: 70 case SSH2_MSG_KEX_DH_GEX_REQUEST:
70 debug("SSH2_MSG_KEX_DH_GEX_REQUEST received"); 71 debug("SSH2_MSG_KEX_DH_GEX_REQUEST received");
71 min = packet_get_int(); 72 omin = min = packet_get_int();
72 nbits = packet_get_int(); 73 onbits = nbits = packet_get_int();
73 max = packet_get_int(); 74 omax = max = packet_get_int();
74 min = MAX(DH_GRP_MIN, min); 75 min = MAX(DH_GRP_MIN, min);
75 max = MIN(DH_GRP_MAX, max); 76 max = MIN(DH_GRP_MAX, max);
77 nbits = MAX(DH_GRP_MIN, nbits);
78 nbits = MIN(DH_GRP_MAX, nbits);
76 break; 79 break;
77 case SSH2_MSG_KEX_DH_GEX_REQUEST_OLD: 80 case SSH2_MSG_KEX_DH_GEX_REQUEST_OLD:
78 debug("SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received"); 81 debug("SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received");
79 nbits = packet_get_int(); 82 onbits = nbits = packet_get_int();
80 min = DH_GRP_MIN;
81 max = DH_GRP_MAX;
82 /* unused for old GEX */ 83 /* unused for old GEX */
84 omin = min = DH_GRP_MIN;
85 omax = max = DH_GRP_MAX;
83 break; 86 break;
84 default: 87 default:
85 fatal("protocol error during kex, no DH_GEX_REQUEST: %d", type); 88 fatal("protocol error during kex, no DH_GEX_REQUEST: %d", type);
86 } 89 }
87 packet_check_eom(); 90 packet_check_eom();
88 91
89 if (max < min || nbits < min || max < nbits) 92 if (omax < omin || onbits < omin || omax < onbits)
90 fatal("DH_GEX_REQUEST, bad parameters: %d !< %d !< %d", 93 fatal("DH_GEX_REQUEST, bad parameters: %d !< %d !< %d",
91 min, nbits, max); 94 omin, onbits, omax);
92 95
93 /* Contact privileged parent */ 96 /* Contact privileged parent */
94 dh = PRIVSEP(choose_dh(min, nbits, max)); 97 dh = PRIVSEP(choose_dh(min, nbits, max));
@@ -149,7 +152,7 @@ kexgex_server(Kex *kex)
149 key_to_blob(server_host_key, &server_host_key_blob, &sbloblen); 152 key_to_blob(server_host_key, &server_host_key_blob, &sbloblen);
150 153
151 if (type == SSH2_MSG_KEX_DH_GEX_REQUEST_OLD) 154 if (type == SSH2_MSG_KEX_DH_GEX_REQUEST_OLD)
152 min = max = -1; 155 omin = min = omax = max = -1;
153 156
154 /* calc H */ 157 /* calc H */
155 kexgex_hash( 158 kexgex_hash(
@@ -159,7 +162,7 @@ kexgex_server(Kex *kex)
159 buffer_ptr(&kex->peer), buffer_len(&kex->peer), 162 buffer_ptr(&kex->peer), buffer_len(&kex->peer),
160 buffer_ptr(&kex->my), buffer_len(&kex->my), 163 buffer_ptr(&kex->my), buffer_len(&kex->my),
161 server_host_key_blob, sbloblen, 164 server_host_key_blob, sbloblen,
162 min, nbits, max, 165 omin, onbits, omax,
163 dh->p, dh->g, 166 dh->p, dh->g,
164 dh_client_pub, 167 dh_client_pub,
165 dh->pub_key, 168 dh->pub_key,