Prevent sshd from sending DH groups with a primitive generator of zero or

one, even if they are listed in /etc/moduli.  ok markus@

1 files changed, 4 insertions, 1 deletions

diff --git a/usr.bin/ssh/dh.c b/usr.bin/ssh/dh.c
index c7a3e18be82..b58b8bc28c0 100644
--- a/usr.bin/ssh/dh.c
+++ b/usr.bin/ssh/dh.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: dh.c,v 1.26 2003/12/16 15:51:54 markus Exp $");
+RCSID("$OpenBSD: dh.c,v 1.27 2004/02/27 22:42:47 dtucker Exp $");
 
 #include "xmalloc.h"
 
@@ -91,6 +91,9 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg)
 	if (BN_num_bits(dhg->p) != dhg->size)
 		goto failclean;
 
+	if (BN_is_zero(dhg->g) || BN_is_one(dhg->g))
+		goto failclean;
+
 	return (1);
 
  failclean: