From 99d11a3ed2eb13e2f3ba13280d416369c45a30a6 Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@zip.com.au>
Date: Mon, 1 Dec 2008 21:40:48 +1100
Subject:    - markus@cvs.openbsd.org 2008/11/21 15:47:38      [packet.c]     
 packet_disconnect() on padding error, too.  should reduce the success     
 probability for the CPNI-957037 Plaintext Recovery Attack to 2^-18      ok
 djm@

---
 ChangeLog |  8 +++++++-
 packet.c  | 11 +++++++----
 2 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 13fd17889..af6b99458 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,12 @@
  - (dtucker) [contrib/cygwin/{Makefile,ssh-host-config}]  Add new doc files
    and tweak the is-sshd-running check in ssh-host-config.  Patch from
    vinschen at redhat com.
+ - (dtucker) OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2008/11/21 15:47:38
+     [packet.c]
+     packet_disconnect() on padding error, too.  should reduce the success
+     probability for the CPNI-957037 Plaintext Recovery Attack to 2^-18
+     ok djm@
 
 20081123
  - (dtucker) [monitor_fdpass.c] Reduce diff vs OpenBSD by moving some
@@ -4936,5 +4942,5 @@
    OpenServer 6 and add osr5bigcrypt support so when someone migrates
    passwords between UnixWare and OpenServer they will still work. OK dtucker@
 
-$Id: ChangeLog,v 1.5145 2008/12/01 10:34:28 dtucker Exp $
+$Id: ChangeLog,v 1.5146 2008/12/01 10:40:48 dtucker Exp $
 
diff --git a/packet.c b/packet.c
index 8abd43eb4..4ded17fac 100644
--- a/packet.c
+++ b/packet.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.c,v 1.157 2008/07/10 18:08:11 markus Exp $ */
+/* $OpenBSD: packet.c,v 1.158 2008/11/21 15:47:38 markus Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1152,7 +1152,8 @@ packet_read_poll2(u_int32_t *seqnr_p)
 #ifdef PACKET_DEBUG
 			buffer_dump(&incoming_packet);
 #endif
-			packet_disconnect("Bad packet length %u.", packet_length);
+			packet_disconnect("Bad packet length %-10u",
+			    packet_length);
 		}
 		DBG(debug("input: packet len %u", packet_length+4));
 		buffer_consume(&input, block_size);
@@ -1161,9 +1162,11 @@ packet_read_poll2(u_int32_t *seqnr_p)
 	need = 4 + packet_length - block_size;
 	DBG(debug("partial packet %d, need %d, maclen %d", block_size,
 	    need, maclen));
-	if (need % block_size != 0)
-		fatal("padding error: need %d block %d mod %d",
+	if (need % block_size != 0) {
+		logit("padding error: need %d block %d mod %d",
 		    need, block_size, need % block_size);
+		packet_disconnect("Bad packet length %-10u", packet_length);
+	}
 	/*
 	 * check if the entire packet has been received and
 	 * decrypt into incoming_packet
-- 
cgit v1.2.3