summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorMatt Johnston <matt@ucc.asn.au>2020-10-18 22:17:54 +0800
committerMatt Johnston <matt@ucc.asn.au>2020-10-18 22:17:54 +0800
commit5567c238a749b992faa9dce4a1df05861dd14f7c (patch)
tree6fe588eebb6820ff4af85e8c2314a3aa37a7b25c
parent33eba22966a897cb4fca2395912176e2713b050d (diff)
Disallow extra kexinit messages
--HG-- branch : fuzz
-rw-r--r--common-kex.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/common-kex.c b/common-kex.c
index 4caa06e..39d916b 100644
--- a/common-kex.c
+++ b/common-kex.c
@@ -487,6 +487,12 @@ void recv_msg_kexinit() {
TRACE(("continue recv_msg_kexinit: sent kexinit"))
}
+ /* "Once a party has sent a SSH_MSG_KEXINIT message ...
+ further SSH_MSG_KEXINIT messages MUST NOT be sent" */
+ if (ses.kexstate.recvkexinit) {
+ dropbear_exit("Unexpected KEXINIT");
+ }
+
/* start the kex hash */
local_ident_len = strlen(LOCAL_IDENT);
remote_ident_len = strlen(ses.remoteident);