diff options
author | Andreas Schneider <asn@cryptomilk.org> | 2013-01-09 13:20:02 +0100 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2013-01-14 14:38:55 +0100 |
commit | 55b09f426417406bb25c0b9c474fbab1398b0dc8 (patch) | |
tree | b94b506da392fdf986c97797c786662dc622ea72 | |
parent | f128338132e727911f049678c443b73a19204b1e (diff) | |
download | libssh-55b09f426417406bb25c0b9c474fbab1398b0dc8.tar.gz libssh-55b09f426417406bb25c0b9c474fbab1398b0dc8.tar.xz libssh-55b09f426417406bb25c0b9c474fbab1398b0dc8.zip |
CVE-2013-0176: Fix a remote DoS if the client doesn't send a matching kex.
Thanks to Yong Chuan Koh, X-Force Research <kohyc@sg.ibm.com>
-rw-r--r-- | src/server.c | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/src/server.c b/src/server.c index 131a2bcd..b4fb1896 100644 --- a/src/server.c +++ b/src/server.c @@ -184,7 +184,11 @@ static int dh_handshake_server(ssh_session session) { prv = session->rsa_key; break; default: - prv = NULL; + ssh_set_error(session, + SSH_FATAL, + "Could determine the specified hostkey"); + ssh_string_free(f); + return -1; } pub = publickey_from_privatekey(prv); @@ -270,6 +274,8 @@ static int dh_handshake_server(ssh_session session) { */ static void ssh_server_connection_callback(ssh_session session){ int ssh1,ssh2; + int rc; + enter_function(); switch(session->session_state){ case SSH_SESSION_STATE_NONE: @@ -338,7 +344,10 @@ static void ssh_server_connection_callback(ssh_session session){ case SSH_SESSION_STATE_KEXINIT_RECEIVED: set_status(session,0.6f); ssh_list_kex(session, &session->client_kex); // log client kex - crypt_set_algorithms_server(session); + rc = crypt_set_algorithms_server(session); + if (rc == SSH_ERROR) { + goto error; + } if (set_kex(session) < 0) { goto error; } |