summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog5
-rw-r--r--packet.c6
-rw-r--r--ssh1.h5
3 files changed, 13 insertions, 3 deletions
diff --git a/ChangeLog b/ChangeLog
index 9e38de0cc..19671a05e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -42,6 +42,9 @@
42 [ssh-agent.c] 42 [ssh-agent.c]
43 don't unlink agent socket when bind() fails, spotted by rich AT 43 don't unlink agent socket when bind() fails, spotted by rich AT
44 rich-paul.net, ok markus@ 44 rich-paul.net, ok markus@
45 - markus@cvs.openbsd.org 2004/10/20 11:48:53
46 [packet.c ssh1.h]
47 disconnect for invalid (out of range) message types.
45 48
4620041102 4920041102
47 - (dtucker) [configure.ac includes.h] Bug #947: Fix compile error on HP-UX 50 - (dtucker) [configure.ac includes.h] Bug #947: Fix compile error on HP-UX
@@ -1821,4 +1824,4 @@
1821 - (djm) Trim deprecated options from INSTALL. Mention UsePAM 1824 - (djm) Trim deprecated options from INSTALL. Mention UsePAM
1822 - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu 1825 - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
1823 1826
1824$Id: ChangeLog,v 1.3573 2004/11/05 09:26:49 dtucker Exp $ 1827$Id: ChangeLog,v 1.3574 2004/11/05 09:27:54 dtucker Exp $
diff --git a/packet.c b/packet.c
index 82a569404..7c150fde7 100644
--- a/packet.c
+++ b/packet.c
@@ -37,7 +37,7 @@
37 */ 37 */
38 38
39#include "includes.h" 39#include "includes.h"
40RCSID("$OpenBSD: packet.c,v 1.115 2004/06/21 17:36:31 avsm Exp $"); 40RCSID("$OpenBSD: packet.c,v 1.116 2004/10/20 11:48:53 markus Exp $");
41 41
42#include "openbsd-compat/sys-queue.h" 42#include "openbsd-compat/sys-queue.h"
43 43
@@ -981,6 +981,8 @@ packet_read_poll1(void)
981 buffer_len(&compression_buffer)); 981 buffer_len(&compression_buffer));
982 } 982 }
983 type = buffer_get_char(&incoming_packet); 983 type = buffer_get_char(&incoming_packet);
984 if (type < SSH_MSG_MIN || type > SSH_MSG_MAX)
985 packet_disconnect("Invalid ssh1 packet type: %d", type);
984 return type; 986 return type;
985} 987}
986 988
@@ -1093,6 +1095,8 @@ packet_read_poll2(u_int32_t *seqnr_p)
1093 * return length of payload (without type field) 1095 * return length of payload (without type field)
1094 */ 1096 */
1095 type = buffer_get_char(&incoming_packet); 1097 type = buffer_get_char(&incoming_packet);
1098 if (type < SSH2_MSG_MIN || type >= SSH2_MSG_LOCAL_MIN)
1099 packet_disconnect("Invalid ssh2 packet type: %d", type);
1096 if (type == SSH2_MSG_NEWKEYS) 1100 if (type == SSH2_MSG_NEWKEYS)
1097 set_newkeys(MODE_IN); 1101 set_newkeys(MODE_IN);
1098#ifdef PACKET_DEBUG 1102#ifdef PACKET_DEBUG
diff --git a/ssh1.h b/ssh1.h
index cc7fbc8b0..1741c229a 100644
--- a/ssh1.h
+++ b/ssh1.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh1.h,v 1.4 2004/07/11 17:48:47 deraadt Exp $ */ 1/* $OpenBSD: ssh1.h,v 1.5 2004/10/20 11:48:53 markus Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -18,6 +18,9 @@
18 * for compatibility. The maximum value is 254; value 255 is reserved for 18 * for compatibility. The maximum value is 254; value 255 is reserved for
19 * future extension. 19 * future extension.
20 */ 20 */
21/* Ranges */
22#define SSH_MSG_MIN 1
23#define SSH_MSG_MAX 254
21/* Message name */ /* msg code */ /* arguments */ 24/* Message name */ /* msg code */ /* arguments */
22#define SSH_MSG_NONE 0 /* no message */ 25#define SSH_MSG_NONE 0 /* no message */
23#define SSH_MSG_DISCONNECT 1 /* cause (string) */ 26#define SSH_MSG_DISCONNECT 1 /* cause (string) */