diff options
author | Damien Miller <djm@cvs.openbsd.org> | 2012-08-17 01:22:57 +0000 |
---|---|---|
committer | Damien Miller <djm@cvs.openbsd.org> | 2012-08-17 01:22:57 +0000 |
commit | 9fb74db7c330c0fde23a1e8344b5cfc62870c34b (patch) | |
tree | 7cd898a66ef3d25589cb8c78bc3871b3e3e78afd | |
parent | 37fbef7384b7b814152d8b5a2d81c7321b11d454 (diff) |
add some comments about better handling first-KEX-follows notifications
from the server. Nothing uses these right now. No binary change
-rw-r--r-- | usr.bin/ssh/kex.c | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/usr.bin/ssh/kex.c b/usr.bin/ssh/kex.c index 2c04c5899b4..87ccd6bf78e 100644 --- a/usr.bin/ssh/kex.c +++ b/usr.bin/ssh/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.86 2010/09/22 05:01:29 djm Exp $ */ +/* $OpenBSD: kex.c,v 1.87 2012/08/17 01:22:56 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -231,8 +231,18 @@ kex_input_kexinit(int type, u_int32_t seq, void *ctxt) packet_get_char(); for (i = 0; i < PROPOSAL_MAX; i++) xfree(packet_get_string(NULL)); - (void) packet_get_char(); - (void) packet_get_int(); + /* + * XXX RFC4253 sec 7: "each side MAY guess" - currently no supported + * KEX method has the server move first, but a server might be using + * a custom method or one that we otherwise don't support. We should + * be prepared to remember first_kex_follows here so we can eat a + * packet later. + * XXX2 - RFC4253 is kind of ambiguous on what first_kex_follows means + * for cases where the server *doesn't* go first. I guess we should + * ignore it when it is set for these cases, which is what we do now. + */ + (void) packet_get_char(); /* first_kex_follows */ + (void) packet_get_int(); /* reserved */ packet_check_eom(); kex_kexinit_finish(kex); |