diff options
author | Jakub Jelen <jjelen@redhat.com> | 2018-11-15 11:03:56 +0100 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2019-01-09 10:14:56 +0100 |
commit | 836982358a87f5b8611a95331bfad5cddd4d6c58 (patch) | |
tree | 31e605387538446179c37fba2d74372ecd1c3f5c /src/packet.c | |
parent | a61368a06a827fb7cf33f2c3a24a621acc56fcc6 (diff) | |
download | libssh-836982358a87f5b8611a95331bfad5cddd4d6c58.tar.gz libssh-836982358a87f5b8611a95331bfad5cddd4d6c58.tar.xz libssh-836982358a87f5b8611a95331bfad5cddd4d6c58.zip |
packet: Adjust the packet filter to allow client-initialized rekey
If the rekey is initialized by client, it sends the first KEXINIT
message, changes to the INIT_SENT state and waits for the KEXINIT
message from the server. This was not covered in the current filter.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Daiki Ueno <dueno@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src/packet.c')
-rw-r--r-- | src/packet.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/packet.c b/src/packet.c index d6162432..e8aaf74c 100644 --- a/src/packet.c +++ b/src/packet.c @@ -292,6 +292,7 @@ static enum ssh_packet_filter_result_e ssh_packet_incoming_filter(ssh_session se * - session_state == SSH_SESSION_STATE_AUTHENTICATED * or session_state == SSH_SESSION_STATE_INITIAL_KEX * - dh_handshake_state == DH_STATE_INIT + * or dh_handshake_state == DH_STATE_INIT_SENT (re-exchange) * or dh_handshake_state == DH_STATE_FINISHED (re-exchange) * * Transitions: @@ -310,6 +311,7 @@ static enum ssh_packet_filter_result_e ssh_packet_incoming_filter(ssh_session se } if ((session->dh_handshake_state != DH_STATE_INIT) && + (session->dh_handshake_state != DH_STATE_INIT_SENT) && (session->dh_handshake_state != DH_STATE_FINISHED)) { rc = SSH_PACKET_DENIED; |