diff options
| author | Jakub Jelen <jjelen@redhat.com> | 2021-06-23 13:16:33 +0200 |
|---|---|---|
| committer | Jakub Jelen <jjelen@redhat.com> | 2021-08-18 14:13:56 +0200 |
| commit | f5211239f918acf405d104b200891ca58130e23e (patch) | |
| tree | ebde66c5d3c2423c919c0aaf143128c5b83df006 /include/libssh/crypto.h | |
| parent | a3b2229a4eeb406d8fc3e98806377fbdb0e995ac (diff) | |
| download | libssh-f5211239f918acf405d104b200891ca58130e23e.tar.gz libssh-f5211239f918acf405d104b200891ca58130e23e.tar.xz libssh-f5211239f918acf405d104b200891ca58130e23e.zip | |
CVE-2021-3634: Create a separate length for session_id
Normally, the length of session_id and secret_hash is the same,
but if we will get into rekeying with a peer that changes preference
of key exchange algorithm, the new secret hash can be larger or
smaller than the previous session_id causing invalid reads or writes.
Resolves https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35485
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'include/libssh/crypto.h')
| -rw-r--r-- | include/libssh/crypto.h | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/include/libssh/crypto.h b/include/libssh/crypto.h index 67d98392..2af55c9a 100644 --- a/include/libssh/crypto.h +++ b/include/libssh/crypto.h @@ -126,8 +126,9 @@ struct ssh_crypto_struct { ssh_curve25519_pubkey curve25519_server_pubkey; #endif ssh_string dh_server_signature; /* information used by dh_handshake. */ - size_t digest_len; /* len of the two fields below */ + size_t session_id_len; unsigned char *session_id; + size_t digest_len; /* len of the secret hash */ unsigned char *secret_hash; /* Secret hash is same as session id until re-kex */ unsigned char *encryptIV; unsigned char *decryptIV; |