From 92863e5802abcf84a0c778e2cfd52def42d19f89 Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Tue, 13 Jan 2009 20:17:16 +0000
Subject: * Backport from upstream CVS (Markus Friedl):   - packet_disconnect()
 on padding error, too. Should reduce the success     probability for the
 CPNI-957037 Plaintext Recovery Attack to 2^-18.

---
 packet.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'packet.c')

diff --git a/packet.c b/packet.c
index 8abd43eb4..3cb3decd9 100644
--- a/packet.c
+++ b/packet.c
@@ -1152,7 +1152,8 @@ packet_read_poll2(u_int32_t *seqnr_p)
 #ifdef PACKET_DEBUG
 			buffer_dump(&incoming_packet);
 #endif
-			packet_disconnect("Bad packet length %u.", packet_length);
+			packet_disconnect("Bad packet length %-10u",
+			    packet_length);
 		}
 		DBG(debug("input: packet len %u", packet_length+4));
 		buffer_consume(&input, block_size);
@@ -1161,9 +1162,11 @@ packet_read_poll2(u_int32_t *seqnr_p)
 	need = 4 + packet_length - block_size;
 	DBG(debug("partial packet %d, need %d, maclen %d", block_size,
 	    need, maclen));
-	if (need % block_size != 0)
-		fatal("padding error: need %d block %d mod %d",
+	if (need % block_size != 0) {
+		logit("padding error: need %d block %d mod %d",
 		    need, block_size, need % block_size);
+		packet_disconnect("Bad packet length %-10u", packet_length);
+	}
 	/*
 	 * check if the entire packet has been received and
 	 * decrypt into incoming_packet
-- 
cgit v1.2.3