diff options
author | markus@openbsd.org <markus@openbsd.org> | 2017-03-11 13:07:35 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2017-03-12 10:50:19 +1100 |
commit | 0fb1a617a07b8df5de188dd5a0c8bf293d4bfc0e (patch) | |
tree | 3ede38924a9cf5a227db3a5a2157dc77bc31d5f6 /packet.c | |
parent | ef653dd5bd5777132d9f9ee356225f9ee3379504 (diff) |
upstream commit
Don't count the initial block twice when computing how
many bytes to discard for the work around for the attacks against CBC-mode.
ok djm@; report from Jean Paul, Kenny, Martin and Torben @ RHUL
Upstream-ID: f445f509a4e0a7ba3b9c0dae7311cb42458dc1e2
Diffstat (limited to 'packet.c')
-rw-r--r-- | packet.c | 6 |
1 files changed, 3 insertions, 3 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: packet.c,v 1.246 2017/02/28 06:10:08 djm Exp $ */ | 1 | /* $OpenBSD: packet.c,v 1.247 2017/03/11 13:07:35 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -1850,11 +1850,11 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) | |||
1850 | if (r != SSH_ERR_MAC_INVALID) | 1850 | if (r != SSH_ERR_MAC_INVALID) |
1851 | goto out; | 1851 | goto out; |
1852 | logit("Corrupted MAC on input."); | 1852 | logit("Corrupted MAC on input."); |
1853 | if (need > PACKET_MAX_SIZE) | 1853 | if (need + block_size > PACKET_MAX_SIZE) |
1854 | return SSH_ERR_INTERNAL_ERROR; | 1854 | return SSH_ERR_INTERNAL_ERROR; |
1855 | return ssh_packet_start_discard(ssh, enc, mac, | 1855 | return ssh_packet_start_discard(ssh, enc, mac, |
1856 | sshbuf_len(state->incoming_packet), | 1856 | sshbuf_len(state->incoming_packet), |
1857 | PACKET_MAX_SIZE - need); | 1857 | PACKET_MAX_SIZE - need - block_size); |
1858 | } | 1858 | } |
1859 | /* Remove MAC from input buffer */ | 1859 | /* Remove MAC from input buffer */ |
1860 | DBG(debug("MAC #%d ok", state->p_read.seqnr)); | 1860 | DBG(debug("MAC #%d ok", state->p_read.seqnr)); |