aboutsummaryrefslogtreecommitdiff
path: root/include
diff options
context:
space:
mode:
authorJon Simons <jon@jonsimons.org>2014-04-15 01:48:24 -0700
committerAndreas Schneider <asn@cryptomilk.org>2014-04-22 09:26:59 +0200
commiteb86fd8cdfd69f46c60bf0885a2125285e4a22b3 (patch)
treee245e417d11e54a3cf86c8f83296d565ecdc9383 /include
parent099e2e8438621b2fefb12bd005f273200e03eb34 (diff)
downloadlibssh-eb86fd8cdfd69f46c60bf0885a2125285e4a22b3.tar.gz
libssh-eb86fd8cdfd69f46c60bf0885a2125285e4a22b3.tar.xz
libssh-eb86fd8cdfd69f46c60bf0885a2125285e4a22b3.zip
kex: server fix for first_kex_packet_follows
Ensure to honor the 'first_kex_packet_follow' field when processing KEXINIT messages in the 'ssh_packet_kexinit' callback. Until now libssh would assume that this field is always unset (zero). But some clients may set this (dropbear at or beyond version 2013.57), and it needs to be included when computing the session ID. Also include logic for handling wrongly-guessed key exchange algorithms. Save whether a client's guess is wrong in a new field in the session struct: when set, the next KEX_DHINIT message to be processed will be ignored per RFC 4253, 7.1. While here, update both 'ssh_packet_kexinit' and 'make_sessionid' to use softabs with a 4 space indent level throughout, and also convert various error-checking to store intermediate values into an explicit 'rc'. Patch adjusted from original to ensure that client tests remain passing (ie 'torture_connect'): restrict the changes in 'ssh_packet_kexinit' only for the 'server_kex' case. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'include')
-rw-r--r--include/libssh/session.h9
1 files changed, 9 insertions, 0 deletions
diff --git a/include/libssh/session.h b/include/libssh/session.h
index 8480135d..29bdd60b 100644
--- a/include/libssh/session.h
+++ b/include/libssh/session.h
@@ -127,6 +127,15 @@ struct ssh_session_struct {
struct ssh_agent_state_struct *agent_state;
struct ssh_auth_auto_state_struct *auth_auto_state;
+ /*
+ * RFC 4253, 7.1: if the first_kex_packet_follows flag was set in
+ * the received SSH_MSG_KEXINIT, but the guess was wrong, this
+ * field will be set such that the following guessed packet will
+ * be ignored. Once that packet has been received and ignored,
+ * this field is cleared.
+ */
+ int first_kex_follows_guess_wrong;
+
ssh_buffer in_hashbuf;
ssh_buffer out_hashbuf;
struct ssh_crypto_struct *current_crypto;