diff options
author | Colin Watson <cjwatson@debian.org> | 2010-01-01 17:15:23 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2010-01-01 17:15:23 +0000 |
commit | 99b402ea4c8457b0a3cafff37f5b3410a8dc6476 (patch) | |
tree | 1d24ce54c9981ea8cbb4c5a9309964a0e4c4b320 /kexgexs.c | |
parent | 87552344215a38d3a2b0d4d63dc151e05978bbe1 (diff) | |
parent | 54af7a4ae8d455791a631bdfaade4b64436ae16a (diff) |
import openssh-5.2p1-gsskex-all-20090726.patch
Diffstat (limited to 'kexgexs.c')
-rw-r--r-- | kexgexs.c | 27 |
1 files changed, 15 insertions, 12 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kexgexs.c,v 1.10 2006/11/06 21:25:28 markus Exp $ */ | 1 | /* $OpenBSD: kexgexs.c,v 1.11 2009/01/01 21:17:36 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Niels Provos. All rights reserved. | 3 | * Copyright (c) 2000 Niels Provos. All rights reserved. |
4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
@@ -56,7 +56,8 @@ kexgex_server(Kex *kex) | |||
56 | DH *dh; | 56 | DH *dh; |
57 | u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL; | 57 | u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL; |
58 | u_int sbloblen, klen, slen, hashlen; | 58 | u_int sbloblen, klen, slen, hashlen; |
59 | int min = -1, max = -1, nbits = -1, type, kout; | 59 | int omin = -1, min = -1, omax = -1, max = -1, onbits = -1, nbits = -1; |
60 | int type, kout; | ||
60 | 61 | ||
61 | if (kex->load_host_key == NULL) | 62 | if (kex->load_host_key == NULL) |
62 | fatal("Cannot load hostkey"); | 63 | fatal("Cannot load hostkey"); |
@@ -68,27 +69,29 @@ kexgex_server(Kex *kex) | |||
68 | switch (type) { | 69 | switch (type) { |
69 | case SSH2_MSG_KEX_DH_GEX_REQUEST: | 70 | case SSH2_MSG_KEX_DH_GEX_REQUEST: |
70 | debug("SSH2_MSG_KEX_DH_GEX_REQUEST received"); | 71 | debug("SSH2_MSG_KEX_DH_GEX_REQUEST received"); |
71 | min = packet_get_int(); | 72 | omin = min = packet_get_int(); |
72 | nbits = packet_get_int(); | 73 | onbits = nbits = packet_get_int(); |
73 | max = packet_get_int(); | 74 | omax = max = packet_get_int(); |
74 | min = MAX(DH_GRP_MIN, min); | 75 | min = MAX(DH_GRP_MIN, min); |
75 | max = MIN(DH_GRP_MAX, max); | 76 | max = MIN(DH_GRP_MAX, max); |
77 | nbits = MAX(DH_GRP_MIN, nbits); | ||
78 | nbits = MIN(DH_GRP_MAX, nbits); | ||
76 | break; | 79 | break; |
77 | case SSH2_MSG_KEX_DH_GEX_REQUEST_OLD: | 80 | case SSH2_MSG_KEX_DH_GEX_REQUEST_OLD: |
78 | debug("SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received"); | 81 | debug("SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received"); |
79 | nbits = packet_get_int(); | 82 | onbits = nbits = packet_get_int(); |
80 | min = DH_GRP_MIN; | ||
81 | max = DH_GRP_MAX; | ||
82 | /* unused for old GEX */ | 83 | /* unused for old GEX */ |
84 | omin = min = DH_GRP_MIN; | ||
85 | omax = max = DH_GRP_MAX; | ||
83 | break; | 86 | break; |
84 | default: | 87 | default: |
85 | fatal("protocol error during kex, no DH_GEX_REQUEST: %d", type); | 88 | fatal("protocol error during kex, no DH_GEX_REQUEST: %d", type); |
86 | } | 89 | } |
87 | packet_check_eom(); | 90 | packet_check_eom(); |
88 | 91 | ||
89 | if (max < min || nbits < min || max < nbits) | 92 | if (omax < omin || onbits < omin || omax < onbits) |
90 | fatal("DH_GEX_REQUEST, bad parameters: %d !< %d !< %d", | 93 | fatal("DH_GEX_REQUEST, bad parameters: %d !< %d !< %d", |
91 | min, nbits, max); | 94 | omin, onbits, omax); |
92 | 95 | ||
93 | /* Contact privileged parent */ | 96 | /* Contact privileged parent */ |
94 | dh = PRIVSEP(choose_dh(min, nbits, max)); | 97 | dh = PRIVSEP(choose_dh(min, nbits, max)); |
@@ -149,7 +152,7 @@ kexgex_server(Kex *kex) | |||
149 | key_to_blob(server_host_key, &server_host_key_blob, &sbloblen); | 152 | key_to_blob(server_host_key, &server_host_key_blob, &sbloblen); |
150 | 153 | ||
151 | if (type == SSH2_MSG_KEX_DH_GEX_REQUEST_OLD) | 154 | if (type == SSH2_MSG_KEX_DH_GEX_REQUEST_OLD) |
152 | min = max = -1; | 155 | omin = min = omax = max = -1; |
153 | 156 | ||
154 | /* calc H */ | 157 | /* calc H */ |
155 | kexgex_hash( | 158 | kexgex_hash( |
@@ -159,7 +162,7 @@ kexgex_server(Kex *kex) | |||
159 | buffer_ptr(&kex->peer), buffer_len(&kex->peer), | 162 | buffer_ptr(&kex->peer), buffer_len(&kex->peer), |
160 | buffer_ptr(&kex->my), buffer_len(&kex->my), | 163 | buffer_ptr(&kex->my), buffer_len(&kex->my), |
161 | server_host_key_blob, sbloblen, | 164 | server_host_key_blob, sbloblen, |
162 | min, nbits, max, | 165 | omin, onbits, omax, |
163 | dh->p, dh->g, | 166 | dh->p, dh->g, |
164 | dh_client_pub, | 167 | dh_client_pub, |
165 | dh->pub_key, | 168 | dh->pub_key, |