diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2006-09-16 19:53:38 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2006-09-16 19:53:38 +0000 |
| commit | 3e9f8886b68514d68fc7df95e3981f1b4c6d6ccd (patch) | |
| tree | e6691b38656b3b07ae6c4095300da73818d311be /usr.bin/ssh/packet.c | |
| parent | 95f2f8d758e2824bf9990f4c571d1bb1d8ca3ac2 (diff) | |
limit maximum work performed by the CRC compensation attack detector,
problem reported by Tavis Ormandy, Google Security Team;
ok markus@ deraadt@
Diffstat (limited to 'usr.bin/ssh/packet.c')
| -rw-r--r-- | usr.bin/ssh/packet.c | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/usr.bin/ssh/packet.c b/usr.bin/ssh/packet.c index eacbd89642f..278948c8351 100644 --- a/usr.bin/ssh/packet.c +++ b/usr.bin/ssh/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.143 2006/08/05 08:34:04 dtucker Exp $ */ +/* $OpenBSD: packet.c,v 1.144 2006/09/16 19:53:37 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -991,9 +991,16 @@ packet_read_poll1(void) * (C)1998 CORE-SDI, Buenos Aires Argentina * Ariel Futoransky(futo@core-sdi.com) */ - if (!receive_context.plaintext && - detect_attack(buffer_ptr(&input), padded_len) == DEATTACK_DETECTED) - packet_disconnect("crc32 compensation attack: network attack detected"); + if (!receive_context.plaintext) { + switch (detect_attack(buffer_ptr(&input), padded_len)) { + case DEATTACK_DETECTED: + packet_disconnect("crc32 compensation attack: " + "network attack detected"); + case DEATTACK_DOS_DETECTED: + packet_disconnect("deattack denial of " + "service detected"); + } + } /* Decrypt data to incoming_packet. */ buffer_clear(&incoming_packet); |