aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndreas Schneider <asn@cryptomilk.org>2013-01-09 13:20:02 +0100
committerAndreas Schneider <asn@cryptomilk.org>2013-01-14 14:38:55 +0100
commit55b09f426417406bb25c0b9c474fbab1398b0dc8 (patch)
treeb94b506da392fdf986c97797c786662dc622ea72
parentf128338132e727911f049678c443b73a19204b1e (diff)
downloadlibssh-55b09f426417406bb25c0b9c474fbab1398b0dc8.tar.gz
libssh-55b09f426417406bb25c0b9c474fbab1398b0dc8.tar.xz
libssh-55b09f426417406bb25c0b9c474fbab1398b0dc8.zip
CVE-2013-0176: Fix a remote DoS if the client doesn't send a matching kex.
Thanks to Yong Chuan Koh, X-Force Research <kohyc@sg.ibm.com>
-rw-r--r--src/server.c13
1 files changed, 11 insertions, 2 deletions
diff --git a/src/server.c b/src/server.c
index 131a2bcd..b4fb1896 100644
--- a/src/server.c
+++ b/src/server.c
@@ -184,7 +184,11 @@ static int dh_handshake_server(ssh_session session) {
prv = session->rsa_key;
break;
default:
- prv = NULL;
+ ssh_set_error(session,
+ SSH_FATAL,
+ "Could determine the specified hostkey");
+ ssh_string_free(f);
+ return -1;
}
pub = publickey_from_privatekey(prv);
@@ -270,6 +274,8 @@ static int dh_handshake_server(ssh_session session) {
*/
static void ssh_server_connection_callback(ssh_session session){
int ssh1,ssh2;
+ int rc;
+
enter_function();
switch(session->session_state){
case SSH_SESSION_STATE_NONE:
@@ -338,7 +344,10 @@ static void ssh_server_connection_callback(ssh_session session){
case SSH_SESSION_STATE_KEXINIT_RECEIVED:
set_status(session,0.6f);
ssh_list_kex(session, &session->client_kex); // log client kex
- crypt_set_algorithms_server(session);
+ rc = crypt_set_algorithms_server(session);
+ if (rc == SSH_ERROR) {
+ goto error;
+ }
if (set_kex(session) < 0) {
goto error;
}