[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 0/2] Fix 'first_kex_packet_follows' for Dropbear
[Thread Prev] | [Thread Next]
- Subject: [PATCH 0/2] Fix 'first_kex_packet_follows' for Dropbear
- From: Jon Simons <jon@xxxxxxxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Mon, 04 May 2015 19:41:52 -0400
- To: libssh@xxxxxxxxxx
Hi, Attached are a couple of patches which fix 'first_kex_packet_follows' processing, based against master@a4cecf59d568d2b987c16a1209e357d0153a0216. The recent fixes with CVE-2015-3145 exposed these two bugs observable when testing with dropbear clients. In the first bug, ensure to return SSH_OK when we ignore a KEXDH_INIT packet due to a wrong client guess. Previously the code here was checking its end return value to the uninitialized 'rc' local -- the bug was exposed with the CVE fix at bf0c7ae0aeb0ebe661d11ea6785fff2cbf4f3dbe. The second fix updates the 'first_kex_packet_follows' checking to consider *also* the host key type at hand in addition to the kex algorithm which was already being checked. Before these changes I'm able to observe failures between dropbear clients libssh server; after, things are working again for me. Thanks, -Jon Jon Simons (2): server: return SSH_OK for ignored SSH_MSG_KEXDH_INIT case kex: also compare host keys for 'first_kex_packet_follows' src/kex.c | 44 +++++++++++++++++++++++--------------------- src/server.c | 1 + 2 files changed, 24 insertions(+), 21 deletions(-) -- 1.9.1
Archive administrator: postmaster@lists.cynapses.org