From 9afd1d411c36e39b01693e2b38402e6496c55aa8 Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Sun, 18 Oct 2020 22:17:54 +0800
Subject: Disallow extra kexinit messages

---
 common-kex.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/common-kex.c b/common-kex.c
index 4caa06e..39d916b 100644
--- a/common-kex.c
+++ b/common-kex.c
@@ -487,6 +487,12 @@ void recv_msg_kexinit() {
 		TRACE(("continue recv_msg_kexinit: sent kexinit"))
 	}
 
+	/* "Once a party has sent a SSH_MSG_KEXINIT message ...
+	further SSH_MSG_KEXINIT messages MUST NOT be sent" */
+	if (ses.kexstate.recvkexinit) {
+		dropbear_exit("Unexpected KEXINIT");
+	}
+
 	/* start the kex hash */
 	local_ident_len = strlen(LOCAL_IDENT);
 	remote_ident_len = strlen(ses.remoteident);
-- 
cgit v1.2.1