From fcf2e1c6b894f59d64e4ef11f5c5d4ab2b694ccd Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@cvs.openbsd.org>
Date: Thu, 1 Jan 2009 21:17:37 +0000
Subject: fix hash calculation for KEXGEX: hash over the original
 client-supplied values and not the sanity checked versions that we acutally
 use; bz#1540 reported by john.smith AT arrows.demon.co.uk ok markus@

---
 usr.bin/ssh/kexgexs.c | 27 +++++++++++++++------------
 1 file changed, 15 insertions(+), 12 deletions(-)

(limited to 'usr.bin')

diff --git a/usr.bin/ssh/kexgexs.c b/usr.bin/ssh/kexgexs.c
index 592d35e0688..9263399c4e5 100644
--- a/usr.bin/ssh/kexgexs.c
+++ b/usr.bin/ssh/kexgexs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexgexs.c,v 1.10 2006/11/06 21:25:28 markus Exp $ */
+/* $OpenBSD: kexgexs.c,v 1.11 2009/01/01 21:17:36 djm Exp $ */
 /*
  * Copyright (c) 2000 Niels Provos.  All rights reserved.
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
@@ -53,7 +53,8 @@ kexgex_server(Kex *kex)
 	DH *dh;
 	u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
 	u_int sbloblen, klen, slen, hashlen;
-	int min = -1, max = -1, nbits = -1, type, kout;
+	int omin = -1, min = -1, omax = -1, max = -1, onbits = -1, nbits = -1;
+	int type, kout;
 
 	if (kex->load_host_key == NULL)
 		fatal("Cannot load hostkey");
@@ -65,27 +66,29 @@ kexgex_server(Kex *kex)
 	switch (type) {
 	case SSH2_MSG_KEX_DH_GEX_REQUEST:
 		debug("SSH2_MSG_KEX_DH_GEX_REQUEST received");
-		min = packet_get_int();
-		nbits = packet_get_int();
-		max = packet_get_int();
+		omin = min = packet_get_int();
+		onbits = nbits = packet_get_int();
+		omax = max = packet_get_int();
 		min = MAX(DH_GRP_MIN, min);
 		max = MIN(DH_GRP_MAX, max);
+		nbits = MAX(DH_GRP_MIN, nbits);
+		nbits = MIN(DH_GRP_MAX, nbits);
 		break;
 	case SSH2_MSG_KEX_DH_GEX_REQUEST_OLD:
 		debug("SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received");
-		nbits = packet_get_int();
-		min = DH_GRP_MIN;
-		max = DH_GRP_MAX;
+		onbits = nbits = packet_get_int();
 		/* unused for old GEX */
+		omin = min = DH_GRP_MIN;
+		omax = max = DH_GRP_MAX;
 		break;
 	default:
 		fatal("protocol error during kex, no DH_GEX_REQUEST: %d", type);
 	}
 	packet_check_eom();
 
-	if (max < min || nbits < min || max < nbits)
+	if (omax < omin || onbits < omin || omax < onbits)
 		fatal("DH_GEX_REQUEST, bad parameters: %d !< %d !< %d",
-		    min, nbits, max);
+		    omin, onbits, omax);
 
 	/* Contact privileged parent */
 	dh = PRIVSEP(choose_dh(min, nbits, max));
@@ -146,7 +149,7 @@ kexgex_server(Kex *kex)
 	key_to_blob(server_host_key, &server_host_key_blob, &sbloblen);
 
 	if (type == SSH2_MSG_KEX_DH_GEX_REQUEST_OLD)
-		min = max = -1;
+		omin = min = omax = max = -1;
 
 	/* calc H */
 	kexgex_hash(
@@ -156,7 +159,7 @@ kexgex_server(Kex *kex)
 	    buffer_ptr(&kex->peer), buffer_len(&kex->peer),
 	    buffer_ptr(&kex->my), buffer_len(&kex->my),
 	    server_host_key_blob, sbloblen,
-	    min, nbits, max,
+	    omin, onbits, omax,
 	    dh->p, dh->g,
 	    dh_client_pub,
 	    dh->pub_key,
-- 
cgit v1.2.3