summaryrefslogtreecommitdiff
path: root/packet.c
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2009-01-13 20:17:16 +0000
committerColin Watson <cjwatson@debian.org>2009-01-13 20:17:16 +0000
commit92863e5802abcf84a0c778e2cfd52def42d19f89 (patch)
tree83405a4dfa62e96f329d2bdfcf17835f5b923d95 /packet.c
parent172a1537e7df44054e3bd6d2619cf31759d20d8c (diff)
* Backport from upstream CVS (Markus Friedl):
- packet_disconnect() on padding error, too. Should reduce the success probability for the CPNI-957037 Plaintext Recovery Attack to 2^-18.
Diffstat (limited to 'packet.c')
-rw-r--r--packet.c9
1 files changed, 6 insertions, 3 deletions
diff --git a/packet.c b/packet.c
index 8abd43eb4..3cb3decd9 100644
--- a/packet.c
+++ b/packet.c
@@ -1152,7 +1152,8 @@ packet_read_poll2(u_int32_t *seqnr_p)
1152#ifdef PACKET_DEBUG 1152#ifdef PACKET_DEBUG
1153 buffer_dump(&incoming_packet); 1153 buffer_dump(&incoming_packet);
1154#endif 1154#endif
1155 packet_disconnect("Bad packet length %u.", packet_length); 1155 packet_disconnect("Bad packet length %-10u",
1156 packet_length);
1156 } 1157 }
1157 DBG(debug("input: packet len %u", packet_length+4)); 1158 DBG(debug("input: packet len %u", packet_length+4));
1158 buffer_consume(&input, block_size); 1159 buffer_consume(&input, block_size);
@@ -1161,9 +1162,11 @@ packet_read_poll2(u_int32_t *seqnr_p)
1161 need = 4 + packet_length - block_size; 1162 need = 4 + packet_length - block_size;
1162 DBG(debug("partial packet %d, need %d, maclen %d", block_size, 1163 DBG(debug("partial packet %d, need %d, maclen %d", block_size,
1163 need, maclen)); 1164 need, maclen));
1164 if (need % block_size != 0) 1165 if (need % block_size != 0) {
1165 fatal("padding error: need %d block %d mod %d", 1166 logit("padding error: need %d block %d mod %d",
1166 need, block_size, need % block_size); 1167 need, block_size, need % block_size);
1168 packet_disconnect("Bad packet length %-10u", packet_length);
1169 }
1167 /* 1170 /*
1168 * check if the entire packet has been received and 1171 * check if the entire packet has been received and
1169 * decrypt into incoming_packet 1172 * decrypt into incoming_packet