diff options
author | Markus Friedl <markus@cvs.openbsd.org> | 2002-02-23 17:59:03 +0000 |
---|---|---|
committer | Markus Friedl <markus@cvs.openbsd.org> | 2002-02-23 17:59:03 +0000 |
commit | b69ded7105ae48d5c476230f7b43cd5d745b5182 (patch) | |
tree | 2aa140f791697911e0ec7e86dd012fb3438c0873 | |
parent | e7efe455a2867324da4fa5d3422c3ed94830f313 (diff) |
don't allow garbage after payload.
-rw-r--r-- | usr.bin/ssh/kex.c | 3 | ||||
-rw-r--r-- | usr.bin/ssh/kexdh.c | 3 | ||||
-rw-r--r-- | usr.bin/ssh/kexgex.c | 3 |
3 files changed, 6 insertions, 3 deletions
diff --git a/usr.bin/ssh/kex.c b/usr.bin/ssh/kex.c index e9f944b05ba..e91b2ee35cd 100644 --- a/usr.bin/ssh/kex.c +++ b/usr.bin/ssh/kex.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kex.c,v 1.45 2002/02/14 23:41:01 markus Exp $"); +RCSID("$OpenBSD: kex.c,v 1.46 2002/02/23 17:59:02 markus Exp $"); #include <openssl/crypto.h> @@ -132,6 +132,7 @@ kex_finish(Kex *kex) debug("waiting for SSH2_MSG_NEWKEYS"); packet_read_expect(SSH2_MSG_NEWKEYS); + packet_check_eom(); debug("SSH2_MSG_NEWKEYS received"); kex->done = 1; diff --git a/usr.bin/ssh/kexdh.c b/usr.bin/ssh/kexdh.c index f87d5295211..2049d6e1b26 100644 --- a/usr.bin/ssh/kexdh.c +++ b/usr.bin/ssh/kexdh.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kexdh.c,v 1.14 2002/01/31 13:35:11 markus Exp $"); +RCSID("$OpenBSD: kexdh.c,v 1.15 2002/02/23 17:59:02 markus Exp $"); #include <openssl/crypto.h> #include <openssl/bn.h> @@ -220,6 +220,7 @@ kexdh_server(Kex *kex) if ((dh_client_pub = BN_new()) == NULL) fatal("dh_client_pub == NULL"); packet_get_bignum2(dh_client_pub); + packet_check_eom(); #ifdef DEBUG_KEXDH fprintf(stderr, "dh_client_pub= "); diff --git a/usr.bin/ssh/kexgex.c b/usr.bin/ssh/kexgex.c index dc2fa672393..ac377aafccb 100644 --- a/usr.bin/ssh/kexgex.c +++ b/usr.bin/ssh/kexgex.c @@ -24,7 +24,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kexgex.c,v 1.17 2002/01/31 13:35:11 markus Exp $"); +RCSID("$OpenBSD: kexgex.c,v 1.18 2002/02/23 17:59:02 markus Exp $"); #include <openssl/bn.h> @@ -319,6 +319,7 @@ kexgex_server(Kex *kex) if ((dh_client_pub = BN_new()) == NULL) fatal("dh_client_pub == NULL"); packet_get_bignum2(dh_client_pub); + packet_check_eom(); #ifdef DEBUG_KEXDH fprintf(stderr, "dh_client_pub= "); |