diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2004-02-29 20:12:33 +1100 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2004-02-29 20:12:33 +1100 |
| commit | fc113c97a3935896869e8bccf7a70cb7c7ed95d3 (patch) | |
| tree | 260ef3c0aa8256344bbc74a04dec593189507be3 | |
| parent | d592048c36ee15cef19d6177aeb015b69bfa8833 (diff) | |
- dtucker@cvs.openbsd.org 2004/02/27 22:42:47
[dh.c]
Prevent sshd from sending DH groups with a primitive generator of zero or
one, even if they are listed in /etc/moduli. ok markus@
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | dh.c | 5 |
2 files changed, 9 insertions, 2 deletions
@@ -3,6 +3,10 @@ - djm@cvs.openbsd.org 2004/02/25 00:22:45 [sshd.c] typo in comment + - dtucker@cvs.openbsd.org 2004/02/27 22:42:47 + [dh.c] + Prevent sshd from sending DH groups with a primitive generator of zero or + one, even if they are listed in /etc/moduli. ok markus@ 20040226 - (bal) KNF our sshlogin.c even if the code looks nothing like upstream @@ -808,4 +812,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3261 2004/02/29 09:11:30 dtucker Exp $ +$Id: ChangeLog,v 1.3262 2004/02/29 09:12:33 dtucker Exp $ @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: dh.c,v 1.26 2003/12/16 15:51:54 markus Exp $"); +RCSID("$OpenBSD: dh.c,v 1.27 2004/02/27 22:42:47 dtucker Exp $"); #include "xmalloc.h" @@ -91,6 +91,9 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg) if (BN_num_bits(dhg->p) != dhg->size) goto failclean; + if (BN_is_zero(dhg->g) || BN_is_one(dhg->g)) + goto failclean; + return (1); failclean: |