diff options
author | Damien Miller <djm@mindrot.org> | 2012-02-11 08:18:43 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2012-02-11 08:18:43 +1100 |
commit | 1de2cfe9a9304b00900aaa6ff9fe612e2ba51ba8 (patch) | |
tree | 2bc26f81af62c8aedef9b388c211214e129a4643 | |
parent | 8d60be548778c025db8daa0345f8d77331086fc6 (diff) | |
download | openssh-git-1de2cfe9a9304b00900aaa6ff9fe612e2ba51ba8.tar.gz |
- markus@cvs.openbsd.org 2012/01/25 19:26:43
[packet.c]
do not permit SSH2_MSG_SERVICE_REQUEST/ACCEPT during rekeying;
ok dtucker@, djm@
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | packet.c | 8 |
2 files changed, 9 insertions, 3 deletions
@@ -20,6 +20,10 @@ Ensure that $DISPLAY contains only valid characters before using it to extract xauth data so that it can't be used to play local shell metacharacter games. Report from r00t_ati at ihteam.net, ok markus. + - markus@cvs.openbsd.org 2012/01/25 19:26:43 + [packet.c] + do not permit SSH2_MSG_SERVICE_REQUEST/ACCEPT during rekeying; + ok dtucker@, djm@ 20120206 - (djm) [ssh-keygen.c] Don't fail in do_gen_all_hostkeys on platforms @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.174 2011/12/07 05:44:38 djm Exp $ */ +/* $OpenBSD: packet.c,v 1.175 2012/01/25 19:26:43 markus Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -972,8 +972,10 @@ packet_send2(void) /* during rekeying we can only send key exchange messages */ if (active_state->rekeying) { - if (!((type >= SSH2_MSG_TRANSPORT_MIN) && - (type <= SSH2_MSG_TRANSPORT_MAX))) { + if ((type < SSH2_MSG_TRANSPORT_MIN) || + (type > SSH2_MSG_TRANSPORT_MAX) || + (type == SSH2_MSG_SERVICE_REQUEST) || + (type == SSH2_MSG_SERVICE_ACCEPT)) { debug("enqueue packet: %u", type); p = xmalloc(sizeof(*p)); p->type = type; |