* Backport from upstream CVS (Markus Friedl):

  - packet_disconnect() on padding error, too. Should reduce the success
    probability for the CPNI-957037 Plaintext Recovery Attack to 2^-18.

1 files changed, 6 insertions, 3 deletions

diff --git a/packet.c b/packet.c
index 8abd43eb4..3cb3decd9 100644
--- a/packet.c
+++ b/packet.c
@@ -1152,7 +1152,8 @@ packet_read_poll2(u_int32_t *seqnr_p)
 #ifdef PACKET_DEBUG
                         buffer_dump(&incoming_packet);
 #endif
-                        packet_disconnect("Bad packet length %u.", packet_length);
+                        packet_disconnect("Bad packet length %-10u",
+                            packet_length);
                 }
                 DBG(debug("input: packet len %u", packet_length+4));
                 buffer_consume(&input, block_size);
@@ -1161,9 +1162,11 @@ packet_read_poll2(u_int32_t *seqnr_p)
         need = 4 + packet_length - block_size;
         DBG(debug("partial packet %d, need %d, maclen %d", block_size,
             need, maclen));
-        if (need % block_size != 0)
-                fatal("padding error: need %d block %d mod %d",
+        if (need % block_size != 0) {
+                logit("padding error: need %d block %d mod %d",
                     need, block_size, need % block_size);
+                packet_disconnect("Bad packet length %-10u", packet_length);
+        }
         /*
          * check if the entire packet has been received and
          * decrypt into incoming_packet