From 92863e5802abcf84a0c778e2cfd52def42d19f89 Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Tue, 13 Jan 2009 20:17:16 +0000
Subject: * Backport from upstream CVS (Markus Friedl):   - packet_disconnect()
 on padding error, too. Should reduce the success     probability for the
 CPNI-957037 Plaintext Recovery Attack to 2^-18.

---
 debian/changelog | 8 ++++++++
 packet.c         | 9 ++++++---
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 3694235c7..049d0740b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+openssh (1:5.1p1-5) UNRELEASED; urgency=low
+
+  * Backport from upstream CVS (Markus Friedl):
+    - packet_disconnect() on padding error, too. Should reduce the success
+      probability for the CPNI-957037 Plaintext Recovery Attack to 2^-18.
+
+ -- Colin Watson <cjwatson@debian.org>  Mon, 01 Dec 2008 16:13:14 +0000
+
 openssh (1:5.1p1-4) unstable; urgency=low
 
   * ssh-copy-id: Strip trailing colons from hostname (closes: #226172,
diff --git a/packet.c b/packet.c
index 8abd43eb4..3cb3decd9 100644
--- a/packet.c
+++ b/packet.c
@@ -1152,7 +1152,8 @@ packet_read_poll2(u_int32_t *seqnr_p)
 #ifdef PACKET_DEBUG
 			buffer_dump(&incoming_packet);
 #endif
-			packet_disconnect("Bad packet length %u.", packet_length);
+			packet_disconnect("Bad packet length %-10u",
+			    packet_length);
 		}
 		DBG(debug("input: packet len %u", packet_length+4));
 		buffer_consume(&input, block_size);
@@ -1161,9 +1162,11 @@ packet_read_poll2(u_int32_t *seqnr_p)
 	need = 4 + packet_length - block_size;
 	DBG(debug("partial packet %d, need %d, maclen %d", block_size,
 	    need, maclen));
-	if (need % block_size != 0)
-		fatal("padding error: need %d block %d mod %d",
+	if (need % block_size != 0) {
+		logit("padding error: need %d block %d mod %d",
 		    need, block_size, need % block_size);
+		packet_disconnect("Bad packet length %-10u", packet_length);
+	}
 	/*
 	 * check if the entire packet has been received and
 	 * decrypt into incoming_packet
-- 
cgit v1.2.3