- markus@cvs.openbsd.org 2006/10/31 16:33:12

     [kexdhc.c kexdhs.c kexgexc.c kexgexs.c]
     check DH_compute_key() for -1 even if it should not happen because of
     earlier calls to dh_pub_is_valid(); report krahmer at suse.de; ok djm

1 files changed, 5 insertions, 4 deletions

diff --git a/kexgexs.c b/kexgexs.c
index 5373a633..863e1517 100644
--- a/kexgexs.c
+++ b/kexgexs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexgexs.c,v 1.8 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: kexgexs.c,v 1.9 2006/10/31 16:33:12 markus Exp $ */
 /*
  * Copyright (c) 2000 Niels Provos.  All rights reserved.
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
@@ -55,8 +55,8 @@ kexgex_server(Kex *kex)
 	Key *server_host_key;
 	DH *dh;
 	u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
-	u_int sbloblen, klen, kout, slen, hashlen;
-	int min = -1, max = -1, nbits = -1, type;
+	u_int sbloblen, klen, slen, hashlen;
+	int min = -1, max = -1, nbits = -1, type, kout;
 
 	if (kex->load_host_key == NULL)
 		fatal("Cannot load hostkey");
@@ -134,7 +134,8 @@ kexgex_server(Kex *kex)
 
 	klen = DH_size(dh);
 	kbuf = xmalloc(klen);
-	kout = DH_compute_key(kbuf, dh_client_pub, dh);
+	if ((kout = DH_compute_key(kbuf, dh_client_pub, dh)) < 0)
+		fatal("DH_compute_key: failed");
 #ifdef DEBUG_KEXDH
 	dump_digest("shared secret", kbuf, kout);
 #endif