send and handle SSH_MSG_EXT_INFO only at the correct point

- other fixes for rsa pubkey auth - only include ext-info handling when rsa pubkey auth is compiled
author: Matt Johnston <matt@ucc.asn.au> 2020-05-24 14:16:58 +0800
committer: Matt Johnston <matt@ucc.asn.au> 2020-05-24 14:16:58 +0800
commit: 7871273feb1a2e76857ddcc80b1fe7e7081b60b1 (patch)
tree: 092ae0172714b15d062ed9c47a1ae913321a0c96 /cli-kex.c
parent: 71a3cec2995291047445255e3159a7867f05f947 (diff)
download: dropbear-7871273feb1a2e76857ddcc80b1fe7e7081b60b1.tar.gz
1 files changed, 10 insertions, 0 deletions
diff --git a/cli-kex.c b/cli-kex.c
index 99370eb..98b0245 100644
--- a/cli-kex.c
+++ b/cli-kex.c
@@ -418,6 +418,15 @@ void recv_msg_ext_info(void) {
 	unsigned int num_ext;
 	unsigned int i;
 
+	TRACE(("enter recv_msg_ext_info"))
+
+	/* Must be after the first SSH_MSG_NEWKEYS */
+	TRACE(("last %d, donefirst %d, donescond %d", ses.lastpacket, ses.kexstate.donefirstkex, ses.kexstate.donesecondkex))
+	if (!(ses.lastpacket == SSH_MSG_NEWKEYS && !ses.kexstate.donesecondkex)) {
+		TRACE(("leave recv_msg_ext_info: ignoring packet received at the wrong time"))
+		return;
+	}
+
 	num_ext = buf_getint(ses.payload);
 	TRACE(("received SSH_MSG_EXT_INFO with %d items", num_ext))
 
@@ -435,4 +444,5 @@ void recv_msg_ext_info(void) {
 		}
 		m_free(ext_name);
 	}
+	TRACE(("leave recv_msg_ext_info"))
 }
author	Matt Johnston <matt@ucc.asn.au>	2020-05-24 14:16:58 +0800
committer	Matt Johnston <matt@ucc.asn.au>	2020-05-24 14:16:58 +0800
commit	7871273feb1a2e76857ddcc80b1fe7e7081b60b1 (patch)
tree	092ae0172714b15d062ed9c47a1ae913321a0c96 /cli-kex.c
parent	71a3cec2995291047445255e3159a7867f05f947 (diff)
download	dropbear-7871273feb1a2e76857ddcc80b1fe7e7081b60b1.tar.gz