diff options
| author | Markus Friedl <markus@cvs.openbsd.org> | 2008-11-21 15:47:39 +0000 |
|---|---|---|
| committer | Markus Friedl <markus@cvs.openbsd.org> | 2008-11-21 15:47:39 +0000 |
| commit | dd32276cdbb2e727299695cbc5ccf22b7640502a (patch) | |
| tree | ee20f2f20ef6faa571b3a274cadc9e64a3f33f09 | |
| parent | bc5121249a4309d068e39476b4090f6e8e49912e (diff) | |
packet_disconnect() on padding error, too. should reduce the success
probability for the CPNI-957037 Plaintext Recovery Attack to 2^-18
ok djm@
| -rw-r--r-- | usr.bin/ssh/packet.c | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/usr.bin/ssh/packet.c b/usr.bin/ssh/packet.c index 309b3b49783..5aa6f69a44b 100644 --- a/usr.bin/ssh/packet.c +++ b/usr.bin/ssh/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.157 2008/07/10 18:08:11 markus Exp $ */ +/* $OpenBSD: packet.c,v 1.158 2008/11/21 15:47:38 markus Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -1142,7 +1142,8 @@ packet_read_poll2(u_int32_t *seqnr_p) #ifdef PACKET_DEBUG buffer_dump(&incoming_packet); #endif - packet_disconnect("Bad packet length %u.", packet_length); + packet_disconnect("Bad packet length %-10u", + packet_length); } DBG(debug("input: packet len %u", packet_length+4)); buffer_consume(&input, block_size); @@ -1151,9 +1152,11 @@ packet_read_poll2(u_int32_t *seqnr_p) need = 4 + packet_length - block_size; DBG(debug("partial packet %d, need %d, maclen %d", block_size, need, maclen)); - if (need % block_size != 0) - fatal("padding error: need %d block %d mod %d", + if (need % block_size != 0) { + logit("padding error: need %d block %d mod %d", need, block_size, need % block_size); + packet_disconnect("Bad packet length %-10u", packet_length); + } /* * check if the entire packet has been received and * decrypt into incoming_packet |