diff options
author | markus@openbsd.org <markus@openbsd.org> | 2017-03-11 13:07:35 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2017-03-12 10:50:19 +1100 |
commit | 0fb1a617a07b8df5de188dd5a0c8bf293d4bfc0e (patch) | |
tree | 3ede38924a9cf5a227db3a5a2157dc77bc31d5f6 /packet.c | |
parent | ef653dd5bd5777132d9f9ee356225f9ee3379504 (diff) |
upstream commit
Don't count the initial block twice when computing how
many bytes to discard for the work around for the attacks against CBC-mode.
ok djm@; report from Jean Paul, Kenny, Martin and Torben @ RHUL
Upstream-ID: f445f509a4e0a7ba3b9c0dae7311cb42458dc1e2
Diffstat (limited to 'packet.c')
-rw-r--r-- | packet.c | 6 |
1 files changed, 3 insertions, 3 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.246 2017/02/28 06:10:08 djm Exp $ */ +/* $OpenBSD: packet.c,v 1.247 2017/03/11 13:07:35 markus Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -1850,11 +1850,11 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) if (r != SSH_ERR_MAC_INVALID) goto out; logit("Corrupted MAC on input."); - if (need > PACKET_MAX_SIZE) + if (need + block_size > PACKET_MAX_SIZE) return SSH_ERR_INTERNAL_ERROR; return ssh_packet_start_discard(ssh, enc, mac, sshbuf_len(state->incoming_packet), - PACKET_MAX_SIZE - need); + PACKET_MAX_SIZE - need - block_size); } /* Remove MAC from input buffer */ DBG(debug("MAC #%d ok", state->p_read.seqnr)); |