diff options
author | Andreas Schneider <asn@cryptomilk.org> | 2018-05-07 20:09:56 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2018-05-07 20:09:56 +0200 |
commit | 362b20a0bc02330949bf49da5973228e875fc0b0 (patch) | |
tree | 046d78b026030b7f52c4574baffc7a7220439fe5 /src | |
parent | 72f6b34dbc7fd8d2d48206ed807c2e5bd3f24419 (diff) | |
download | libssh-362b20a0bc02330949bf49da5973228e875fc0b0.tar.gz libssh-362b20a0bc02330949bf49da5973228e875fc0b0.tar.xz libssh-362b20a0bc02330949bf49da5973228e875fc0b0.zip |
server: Fix segfault in dh_handshake_server()
Thanks to Felix Jones
Fixes T91
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/server.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/src/server.c b/src/server.c index 2ff6f0cc..1be948f1 100644 --- a/src/server.c +++ b/src/server.c @@ -293,6 +293,7 @@ static int dh_handshake_server(ssh_session session) { ssh_key privkey; ssh_string sig_blob; ssh_string f; + ssh_string pubkey_blob = NULL; int rc; if (ssh_dh_generate_y(session) < 0) { @@ -334,14 +335,23 @@ static int dh_handshake_server(ssh_session session) { return -1; } + rc = ssh_dh_get_next_server_publickey_blob(session, &pubkey_blob); + if (rc != SSH_OK) { + ssh_set_error_oom(session); + ssh_string_free(f); + ssh_string_free(sig_blob); + return -1; + } + rc = ssh_buffer_pack(session->out_buffer, "bSSS", SSH2_MSG_KEXDH_REPLY, - session->next_crypto->server_pubkey, + pubkey_blob, f, sig_blob); ssh_string_free(f); ssh_string_free(sig_blob); + ssh_string_free(pubkey_blob); if(rc != SSH_OK){ ssh_set_error_oom(session); ssh_buffer_reinit(session->out_buffer); |