ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-02-14 16:35:05 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix failing rekeying when we receive a still-in-flight packet

Browse Source
This commit is contained in:
Matt Johnston 2014-01-23 21:56:35 +08:00
parent 8081b0e033
commit 8128b15e41
3 changed files with 25 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cli-kex.c
View File

@ -86,8 +86,6 @@ void send_msg_kexdh_init() {
cli_ses.param_kex_algo = ses.newkeys->algo_kex; cli_ses.param_kex_algo = ses.newkeys->algo_kex;
encrypt_packet(); encrypt_packet();
ses.requirenext[0] = SSH_MSG_KEXDH_REPLY;
ses.requirenext[1] = SSH_MSG_KEXINIT;
} }
/* Handle a diffie-hellman key exchange reply. */ /* Handle a diffie-hellman key exchange reply. */

5
common-kex.c
View File

@ -483,9 +483,6 @@ static void gen_new_zstream_trans() {
* and we calculate the first portion of the key-exchange-hash for used * and we calculate the first portion of the key-exchange-hash for used
* later in the key exchange. No response is sent, as the client should * later in the key exchange. No response is sent, as the client should
* initiate the diffie-hellman key exchange */ * initiate the diffie-hellman key exchange */
/* Originally from kex.c, generalized for cli/svr mode --mihnea */
/* Belongs in common_kex.c where it should be moved after review */
void recv_msg_kexinit() { void recv_msg_kexinit() {
unsigned int kexhashbuf_len = 0; unsigned int kexhashbuf_len = 0;
@ -528,7 +525,7 @@ void recv_msg_kexinit() {
/* I_S, the payload of the server's SSH_MSG_KEXINIT */ /* I_S, the payload of the server's SSH_MSG_KEXINIT */
buf_setpos(ses.payload, 0); buf_setpos(ses.payload, 0);
buf_putstring(ses.kexhashbuf, ses.payload->data, ses.payload->len); buf_putstring(ses.kexhashbuf, ses.payload->data, ses.payload->len);
ses.requirenext[0] = SSH_MSG_KEXDH_REPLY;
} else { } else {
/* SERVER */ /* SERVER */

29
process-packet.c
View File

@ -75,15 +75,34 @@ void process_packet() {
/* This applies for KEX, where the spec says the next packet MUST be /* This applies for KEX, where the spec says the next packet MUST be
* NEWKEYS */ * NEWKEYS */
if (ses.requirenext[0] != 0) { if (ses.requirenext[0] != 0) {
if (ses.requirenext[0] != type if (ses.requirenext[0] == type || ses.requirenext[1] == type)
&& (ses.requirenext[1] == 0 || ses.requirenext[1] != type)) { {
dropbear_exit("Unexpected packet type %d, expected [%d,%d]", type,
ses.requirenext[0], ses.requirenext[1]);
} else {
/* Got what we expected */ /* Got what we expected */
TRACE(("got expeced packet %d during kexinit", type))
ses.requirenext[0] = 0; ses.requirenext[0] = 0;
ses.requirenext[1] = 0; ses.requirenext[1] = 0;
} }
else
{
/* RFC4253 7.1 - various messages are allowed at this point.
The only ones we know about have already been handled though,
so just return "unimplemented" */
if (type >= 1 && type <= 49
&& type != SSH_MSG_SERVICE_REQUEST
&& type != SSH_MSG_SERVICE_ACCEPT
&& type != SSH_MSG_KEXINIT)
{
TRACE(("unknown allowed packet during kexinit"))
recv_unimplemented();
goto out;
}
else
{
TRACE(("disallowed packet during kexinit"))
dropbear_exit("Unexpected packet type %d, expected [%d,%d]", type,
ses.requirenext[0], ses.requirenext[1]);
}
}
} }
/* Check if we should ignore this packet. Used currently only for /* Check if we should ignore this packet. Used currently only for