diff options
-rw-r--r-- | ChangeLog | 8 | ||||
-rw-r--r-- | kexgexs.c | 27 |
2 files changed, 22 insertions, 13 deletions
@@ -36,6 +36,12 @@ | |||
36 | call channel destroy callbacks on receipt of open failure messages. | 36 | call channel destroy callbacks on receipt of open failure messages. |
37 | fixes client hangs when connecting to a server that has MaxSessions=0 | 37 | fixes client hangs when connecting to a server that has MaxSessions=0 |
38 | set spotted by imorgan AT nas.nasa.gov; ok markus@ | 38 | set spotted by imorgan AT nas.nasa.gov; ok markus@ |
39 | - djm@cvs.openbsd.org 2009/01/01 21:17:36 | ||
40 | [kexgexs.c] | ||
41 | fix hash calculation for KEXGEX: hash over the original client-supplied | ||
42 | values and not the sanity checked versions that we acutally use; | ||
43 | bz#1540 reported by john.smith AT arrows.demon.co.uk | ||
44 | ok markus@ | ||
39 | 45 | ||
40 | 20090107 | 46 | 20090107 |
41 | - (djm) [uidswap.c] bz#1412: Support >16 supplemental groups in OS X. | 47 | - (djm) [uidswap.c] bz#1412: Support >16 supplemental groups in OS X. |
@@ -5045,5 +5051,5 @@ | |||
5045 | OpenServer 6 and add osr5bigcrypt support so when someone migrates | 5051 | OpenServer 6 and add osr5bigcrypt support so when someone migrates |
5046 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ | 5052 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ |
5047 | 5053 | ||
5048 | $Id: ChangeLog,v 1.5169 2009/01/28 05:22:34 djm Exp $ | 5054 | $Id: ChangeLog,v 1.5170 2009/01/28 05:23:06 djm Exp $ |
5049 | 5055 | ||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kexgexs.c,v 1.10 2006/11/06 21:25:28 markus Exp $ */ | 1 | /* $OpenBSD: kexgexs.c,v 1.11 2009/01/01 21:17:36 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Niels Provos. All rights reserved. | 3 | * Copyright (c) 2000 Niels Provos. All rights reserved. |
4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
@@ -56,7 +56,8 @@ kexgex_server(Kex *kex) | |||
56 | DH *dh; | 56 | DH *dh; |
57 | u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL; | 57 | u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL; |
58 | u_int sbloblen, klen, slen, hashlen; | 58 | u_int sbloblen, klen, slen, hashlen; |
59 | int min = -1, max = -1, nbits = -1, type, kout; | 59 | int omin = -1, min = -1, omax = -1, max = -1, onbits = -1, nbits = -1; |
60 | int type, kout; | ||
60 | 61 | ||
61 | if (kex->load_host_key == NULL) | 62 | if (kex->load_host_key == NULL) |
62 | fatal("Cannot load hostkey"); | 63 | fatal("Cannot load hostkey"); |
@@ -68,27 +69,29 @@ kexgex_server(Kex *kex) | |||
68 | switch (type) { | 69 | switch (type) { |
69 | case SSH2_MSG_KEX_DH_GEX_REQUEST: | 70 | case SSH2_MSG_KEX_DH_GEX_REQUEST: |
70 | debug("SSH2_MSG_KEX_DH_GEX_REQUEST received"); | 71 | debug("SSH2_MSG_KEX_DH_GEX_REQUEST received"); |
71 | min = packet_get_int(); | 72 | omin = min = packet_get_int(); |
72 | nbits = packet_get_int(); | 73 | onbits = nbits = packet_get_int(); |
73 | max = packet_get_int(); | 74 | omax = max = packet_get_int(); |
74 | min = MAX(DH_GRP_MIN, min); | 75 | min = MAX(DH_GRP_MIN, min); |
75 | max = MIN(DH_GRP_MAX, max); | 76 | max = MIN(DH_GRP_MAX, max); |
77 | nbits = MAX(DH_GRP_MIN, nbits); | ||
78 | nbits = MIN(DH_GRP_MAX, nbits); | ||
76 | break; | 79 | break; |
77 | case SSH2_MSG_KEX_DH_GEX_REQUEST_OLD: | 80 | case SSH2_MSG_KEX_DH_GEX_REQUEST_OLD: |
78 | debug("SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received"); | 81 | debug("SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received"); |
79 | nbits = packet_get_int(); | 82 | onbits = nbits = packet_get_int(); |
80 | min = DH_GRP_MIN; | ||
81 | max = DH_GRP_MAX; | ||
82 | /* unused for old GEX */ | 83 | /* unused for old GEX */ |
84 | omin = min = DH_GRP_MIN; | ||
85 | omax = max = DH_GRP_MAX; | ||
83 | break; | 86 | break; |
84 | default: | 87 | default: |
85 | fatal("protocol error during kex, no DH_GEX_REQUEST: %d", type); | 88 | fatal("protocol error during kex, no DH_GEX_REQUEST: %d", type); |
86 | } | 89 | } |
87 | packet_check_eom(); | 90 | packet_check_eom(); |
88 | 91 | ||
89 | if (max < min || nbits < min || max < nbits) | 92 | if (omax < omin || onbits < omin || omax < onbits) |
90 | fatal("DH_GEX_REQUEST, bad parameters: %d !< %d !< %d", | 93 | fatal("DH_GEX_REQUEST, bad parameters: %d !< %d !< %d", |
91 | min, nbits, max); | 94 | omin, onbits, omax); |
92 | 95 | ||
93 | /* Contact privileged parent */ | 96 | /* Contact privileged parent */ |
94 | dh = PRIVSEP(choose_dh(min, nbits, max)); | 97 | dh = PRIVSEP(choose_dh(min, nbits, max)); |
@@ -149,7 +152,7 @@ kexgex_server(Kex *kex) | |||
149 | key_to_blob(server_host_key, &server_host_key_blob, &sbloblen); | 152 | key_to_blob(server_host_key, &server_host_key_blob, &sbloblen); |
150 | 153 | ||
151 | if (type == SSH2_MSG_KEX_DH_GEX_REQUEST_OLD) | 154 | if (type == SSH2_MSG_KEX_DH_GEX_REQUEST_OLD) |
152 | min = max = -1; | 155 | omin = min = omax = max = -1; |
153 | 156 | ||
154 | /* calc H */ | 157 | /* calc H */ |
155 | kexgex_hash( | 158 | kexgex_hash( |
@@ -159,7 +162,7 @@ kexgex_server(Kex *kex) | |||
159 | buffer_ptr(&kex->peer), buffer_len(&kex->peer), | 162 | buffer_ptr(&kex->peer), buffer_len(&kex->peer), |
160 | buffer_ptr(&kex->my), buffer_len(&kex->my), | 163 | buffer_ptr(&kex->my), buffer_len(&kex->my), |
161 | server_host_key_blob, sbloblen, | 164 | server_host_key_blob, sbloblen, |
162 | min, nbits, max, | 165 | omin, onbits, omax, |
163 | dh->p, dh->g, | 166 | dh->p, dh->g, |
164 | dh_client_pub, | 167 | dh_client_pub, |
165 | dh->pub_key, | 168 | dh->pub_key, |