kex: NULL checks for 'first_kex_packet_follows'

Add NULL checks to 'is_first_kex_packet_follows_guess_wrong' to ensure that a 'strdup(NULL)' path can not be taken. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
author: Jon Simons <jon@jonsimons.org> 2014-04-22 01:11:03 -0700
committer: Andreas Schneider <asn@cryptomilk.org> 2014-05-06 09:04:07 +0200
commit: 9e4bc1052577fdbb84c687f1456d12e7caf1dabc (patch)
tree: 4b944d94da58138f8ee155e30404a6496b529862 /src/kex.c
parent: f37c844bf7c94af84dd4d6a32004e03a7edde89b (diff)
download: libssh-9e4bc1052577fdbb84c687f1456d12e7caf1dabc.tar.gz
libssh-9e4bc1052577fdbb84c687f1456d12e7caf1dabc.tar.xz
libssh-9e4bc1052577fdbb84c687f1456d12e7caf1dabc.zip
1 files changed, 17 insertions, 11 deletions
diff --git a/src/kex.c b/src/kex.c
index 88018b06..a88cf579 100644
--- a/src/kex.c
+++ b/src/kex.c
@@ -286,7 +286,13 @@ static int is_first_kex_packet_follows_guess_wrong(const char *client_kex,
                                                    const char *server_kex) {
     int is_wrong = 1;
     char **server_kex_tokens = NULL;
-    char **client_kex_tokens = tokenize(client_kex);
+    char **client_kex_tokens = NULL;
+
+    if ((client_kex == NULL) || (server_kex == NULL)) {
+        goto out;
+    }
+
+    client_kex_tokens = tokenize(client_kex);
 
     if (client_kex_tokens == NULL) {
         goto out;
@@ -416,17 +422,17 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit){
         if (rc < 0) {
             goto error;
         }
-    }
 
-    /*
-     * Remember whether 'first_kex_packet_follows' was set and the client
-     * guess was wrong: in this case the next SSH_MSG_KEXDH_INIT message
-     * must be ignored.
-     */
-    if (server_kex && first_kex_packet_follows) {
-      session->first_kex_follows_guess_wrong =
-        is_first_kex_packet_follows_guess_wrong(session->next_crypto->client_kex.methods[SSH_KEX],
-                                                session->next_crypto->server_kex.methods[SSH_KEX]);
+        /*
+         * Remember whether 'first_kex_packet_follows' was set and the client
+         * guess was wrong: in this case the next SSH_MSG_KEXDH_INIT message
+         * must be ignored.
+         */
+        if (first_kex_packet_follows) {
+          session->first_kex_follows_guess_wrong =
+            is_first_kex_packet_follows_guess_wrong(session->next_crypto->client_kex.methods[SSH_KEX],
+                                                    session->next_crypto->server_kex.methods[SSH_KEX]);
+        }
     }
 
     session->session_state = SSH_SESSION_STATE_KEXINIT_RECEIVED;
author	Jon Simons <jon@jonsimons.org>	2014-04-22 01:11:03 -0700
committer	Andreas Schneider <asn@cryptomilk.org>	2014-05-06 09:04:07 +0200
commit	9e4bc1052577fdbb84c687f1456d12e7caf1dabc (patch)
tree	4b944d94da58138f8ee155e30404a6496b529862 /src/kex.c
parent	f37c844bf7c94af84dd4d6a32004e03a7edde89b (diff)
download	libssh-9e4bc1052577fdbb84c687f1456d12e7caf1dabc.tar.gz libssh-9e4bc1052577fdbb84c687f1456d12e7caf1dabc.tar.xz libssh-9e4bc1052577fdbb84c687f1456d12e7caf1dabc.zip