- markus@cvs.openbsd.org 2012/01/25 19:26:43

[packet.c] do not permit SSH2_MSG_SERVICE_REQUEST/ACCEPT during rekeying; ok dtucker@, djm@
author: Damien Miller <djm@mindrot.org> 2012-02-11 08:18:43 +1100
committer: Damien Miller <djm@mindrot.org> 2012-02-11 08:18:43 +1100
commit: 1de2cfe9a9304b00900aaa6ff9fe612e2ba51ba8 (patch)
tree: 2bc26f81af62c8aedef9b388c211214e129a4643 /packet.c
parent: 8d60be548778c025db8daa0345f8d77331086fc6 (diff)
1 files changed, 5 insertions, 3 deletions
diff --git a/packet.c b/packet.c
index 5e82fe753..0d29efffd 100644
--- a/packet.c
+++ b/packet.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.c,v 1.174 2011/12/07 05:44:38 djm Exp $ */
+/* $OpenBSD: packet.c,v 1.175 2012/01/25 19:26:43 markus Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -972,8 +972,10 @@ packet_send2(void)
        /* during rekeying we can only send key exchange messages */
        if (active_state->rekeying) {
-                if (!((type >= SSH2_MSG_TRANSPORT_MIN) &&
+                if ((type < SSH2_MSG_TRANSPORT_MIN) ||
-                    (type <= SSH2_MSG_TRANSPORT_MAX))) {
+                    (type > SSH2_MSG_TRANSPORT_MAX) ||
+                    (type == SSH2_MSG_SERVICE_REQUEST) ||
+                    (type == SSH2_MSG_SERVICE_ACCEPT)) {
                        debug("enqueue packet: %u", type);
                        p = xmalloc(sizeof(*p));
                        p->type = type;
author	Damien Miller <djm@mindrot.org>	2012-02-11 08:18:43 +1100
committer	Damien Miller <djm@mindrot.org>	2012-02-11 08:18:43 +1100
commit	1de2cfe9a9304b00900aaa6ff9fe612e2ba51ba8 (patch)
tree	2bc26f81af62c8aedef9b388c211214e129a4643 /packet.c
parent	8d60be548778c025db8daa0345f8d77331086fc6 (diff)