Prevent invalid packets being sent during key-exchange, instead queue

them until afterwards. This could sometimes terminate connections
after 8 hours if (for example) a new TCP forwarded connection
was sent at the KEX timeout.

--HG--
extra : convert_revision : 48426bd66b8f5ba50045f7ba190d1672745132e2

session.h

@@ -81,6 +81,12 @@ struct key_context {
 
 };
 
+struct packetlist;
+struct packetlist {
+	struct packetlist *next;
+	buffer * payload;
+};
+
 struct sshsession {
 
 	/* Is it a client or server? */
@@ -137,6 +143,10 @@ struct sshsession {
 	buffer* kexhashbuf; /* session hash buffer calculated from various packets*/
 	buffer* transkexinit; /* the kexinit packet we send should be kept so we
 							 can add it to the hash when generating keys */
+							
+	/* a list of queued replies that should be sent after a KEX has
+	   concluded (ie, while dataallowed was unset)*/
+	struct packetlist *reply_queue_head, *reply_queue_tail;
 
 	algo_type*(*buf_match_algo)(buffer*buf, algo_type localalgos[],
 			int *goodguess); /* The function to use to choose which algorithm