Fix case where "-K 1" would cause a SSH_MSG_IGNORE packet to be sent

with the wrong encryption key ("bad packet length" symptom) while key exchange was happening. --HG-- extra : convert_revision : f7d27ec094c4aba2a4289c523c722fcb3c3f58ca
author: Matt Johnston <matt@ucc.asn.au> 2011-06-07 11:55:44 +0000
committer: Matt Johnston <matt@ucc.asn.au> 2011-06-07 11:55:44 +0000
commit: 2bcb60fe56b7107d23c00a4aba0a4e0810448ddc (patch)
tree: e5621d96aad5611e969fb6c09c9cee2b5a228e1d /packet.c
parent: 0f83379dc0fff2e71554a147c1c210a8317f50e9 (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/packet.c b/packet.c
index 80eb177..349ed40 100644
--- a/packet.c
+++ b/packet.c
@@ -441,10 +441,16 @@ void encrypt_packet() {
 
 	TRACE(("encrypt_packet type is %d", packet_type))
 	
-	if (!ses.dataallowed && !packet_is_okay_kex(packet_type)) {
+	if ((!ses.dataallowed && !packet_is_okay_kex(packet_type))
+			|| ses.kexstate.sentnewkeys) {
 		/* During key exchange only particular packets are allowed.
 			Since this packet_type isn't OK we just enqueue it to send 
 			after the KEX, see maybe_flush_reply_queue */
+
+		/* We also enqueue packets here when we have sent a MSG_NEWKEYS
+		 * packet but are yet to received one. For simplicity we just switch
+		 * over all the keys at once. This is the 'ses.kexstate.sentnewkeys'
+		 * case. */
 		enqueue_reply_packet();
 		return;
 	}
author	Matt Johnston <matt@ucc.asn.au>	2011-06-07 11:55:44 +0000
committer	Matt Johnston <matt@ucc.asn.au>	2011-06-07 11:55:44 +0000
commit	2bcb60fe56b7107d23c00a4aba0a4e0810448ddc (patch)
tree	e5621d96aad5611e969fb6c09c9cee2b5a228e1d /packet.c
parent	0f83379dc0fff2e71554a147c1c210a8317f50e9 (diff)