diff options
author | Jon Simons <jon@jonsimons.org> | 2014-04-22 01:11:03 -0700 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2014-05-06 09:04:07 +0200 |
commit | 9e4bc1052577fdbb84c687f1456d12e7caf1dabc (patch) | |
tree | 4b944d94da58138f8ee155e30404a6496b529862 /src/kex.c | |
parent | f37c844bf7c94af84dd4d6a32004e03a7edde89b (diff) | |
download | libssh-9e4bc1052577fdbb84c687f1456d12e7caf1dabc.tar.gz libssh-9e4bc1052577fdbb84c687f1456d12e7caf1dabc.tar.xz libssh-9e4bc1052577fdbb84c687f1456d12e7caf1dabc.zip |
kex: NULL checks for 'first_kex_packet_follows'
Add NULL checks to 'is_first_kex_packet_follows_guess_wrong'
to ensure that a 'strdup(NULL)' path can not be taken.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src/kex.c')
-rw-r--r-- | src/kex.c | 28 |
1 files changed, 17 insertions, 11 deletions
@@ -286,7 +286,13 @@ static int is_first_kex_packet_follows_guess_wrong(const char *client_kex, const char *server_kex) { int is_wrong = 1; char **server_kex_tokens = NULL; - char **client_kex_tokens = tokenize(client_kex); + char **client_kex_tokens = NULL; + + if ((client_kex == NULL) || (server_kex == NULL)) { + goto out; + } + + client_kex_tokens = tokenize(client_kex); if (client_kex_tokens == NULL) { goto out; @@ -416,17 +422,17 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit){ if (rc < 0) { goto error; } - } - /* - * Remember whether 'first_kex_packet_follows' was set and the client - * guess was wrong: in this case the next SSH_MSG_KEXDH_INIT message - * must be ignored. - */ - if (server_kex && first_kex_packet_follows) { - session->first_kex_follows_guess_wrong = - is_first_kex_packet_follows_guess_wrong(session->next_crypto->client_kex.methods[SSH_KEX], - session->next_crypto->server_kex.methods[SSH_KEX]); + /* + * Remember whether 'first_kex_packet_follows' was set and the client + * guess was wrong: in this case the next SSH_MSG_KEXDH_INIT message + * must be ignored. + */ + if (first_kex_packet_follows) { + session->first_kex_follows_guess_wrong = + is_first_kex_packet_follows_guess_wrong(session->next_crypto->client_kex.methods[SSH_KEX], + session->next_crypto->server_kex.methods[SSH_KEX]); + } } session->session_state = SSH_SESSION_STATE_KEXINIT_RECEIVED; |