diff options
| author | dtucker@openbsd.org <dtucker@openbsd.org> | 2016-06-08 02:13:01 +0000 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2016-06-14 13:43:59 +1000 |
| commit | 68777faf271efb2713960605c748f6c8a4b26d55 (patch) | |
| tree | 2895764aee26c12fe8d2213807aca618df16aa70 /kexgexs.c | |
| parent | a86ec4d0737ac5879223e7cd9d68c448df46e169 (diff) | |
upstream commit
Back out rev 1.28 "Check min and max sizes sent by the
client" change. It caused "key_verify failed for server_host_key" in clients
that send a DH-GEX min value less that DH_GRP_MIN, eg old OpenSSH and PuTTY.
ok djm@
Upstream-ID: 452979d3ca5c1e9dff063287ea0a5314dd091f65
Diffstat (limited to 'kexgexs.c')
| -rw-r--r-- | kexgexs.c | 18 |
1 files changed, 9 insertions, 9 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexs.c,v 1.28 2016/06/01 04:19:49 dtucker Exp $ */ +/* $OpenBSD: kexgexs.c,v 1.29 2016/06/08 02:13:01 dtucker Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -83,21 +83,21 @@ input_kex_dh_gex_request(int type, u_int32_t seq, void *ctxt) kex->nbits = nbits; kex->min = min; kex->max = max; + min = MAX(DH_GRP_MIN, min); + max = MIN(DH_GRP_MAX, max); + nbits = MAX(DH_GRP_MIN, nbits); + nbits = MIN(DH_GRP_MAX, nbits); + if (kex->max < kex->min || kex->nbits < kex->min || - kex->max < kex->nbits || kex->max < DH_GRP_MIN || - kex->min > DH_GRP_MAX) { + kex->max < kex->nbits || kex->max < DH_GRP_MIN) { r = SSH_ERR_DH_GEX_OUT_OF_RANGE; goto out; } - kex->min = MAX(DH_GRP_MIN, kex->min); - kex->max = MIN(DH_GRP_MAX, kex->max); - kex->nbits = MAX(DH_GRP_MIN, kex->nbits); - kex->nbits = MIN(DH_GRP_MAX, kex->nbits); /* Contact privileged parent */ - kex->dh = PRIVSEP(choose_dh(kex->min, kex->nbits, kex->max)); + kex->dh = PRIVSEP(choose_dh(min, nbits, max)); if (kex->dh == NULL) { - sshpkt_disconnect(ssh, "no matching DH group found"); + sshpkt_disconnect(ssh, "no matching DH grp found"); r = SSH_ERR_ALLOC_FAIL; goto out; } |