diff options
| -rw-r--r-- | cli-kex.c | 3 | ||||
| -rw-r--r-- | common-kex.c | 4 | ||||
| -rw-r--r-- | common-session.c | 2 | ||||
| -rw-r--r-- | debug.h | 2 | ||||
| -rw-r--r-- | process-packet.c | 18 | ||||
| -rw-r--r-- | session.h | 5 | ||||
| -rw-r--r-- | svr-kex.c | 3 | ||||
| -rw-r--r-- | sysoptions.h | 2 |
8 files changed, 20 insertions, 19 deletions
@@ -177,8 +177,7 @@ void recv_msg_kexdh_reply() { hostkey = NULL; send_msg_newkeys(); - ses.requirenext[0] = SSH_MSG_NEWKEYS; - ses.requirenext[1] = 0; + ses.requirenext = SSH_MSG_NEWKEYS; TRACE(("leave recv_msg_kexdh_init")) } diff --git a/common-kex.c b/common-kex.c index 3c1e604..9373aa2 100644 --- a/common-kex.c +++ b/common-kex.c @@ -525,7 +525,7 @@ void recv_msg_kexinit() { /* I_S, the payload of the server's SSH_MSG_KEXINIT */ buf_setpos(ses.payload, 0); buf_putstring(ses.kexhashbuf, ses.payload->data, ses.payload->len); - ses.requirenext[0] = SSH_MSG_KEXDH_REPLY; + ses.requirenext = SSH_MSG_KEXDH_REPLY; } else { /* SERVER */ @@ -545,7 +545,7 @@ void recv_msg_kexinit() { buf_putstring(ses.kexhashbuf, ses.transkexinit->data, ses.transkexinit->len); - ses.requirenext[0] = SSH_MSG_KEXDH_INIT; + ses.requirenext = SSH_MSG_KEXDH_INIT; } buf_free(ses.transkexinit); diff --git a/common-session.c b/common-session.c index f4016b5..40c66e8 100644 --- a/common-session.c +++ b/common-session.c @@ -82,7 +82,7 @@ void common_session_init(int sock_in, int sock_out) { initqueue(&ses.writequeue); - ses.requirenext[0] = SSH_MSG_KEXINIT; + ses.requirenext = SSH_MSG_KEXINIT; ses.dataallowed = 1; /* we can send data until we actually send the SSH_MSG_KEXINIT */ ses.ignorenext = 0; @@ -39,7 +39,7 @@ * Caution: Don't use this in an unfriendly environment (ie unfirewalled), * since the printing may not sanitise strings etc. This will add a reasonable * amount to your executable size. */ -/* #define DEBUG_TRACE */ +#define DEBUG_TRACE /* All functions writing to the cleartext payload buffer call * CHECKCLEARTOWRITE() before writing. This is only really useful if you're diff --git a/process-packet.c b/process-packet.c index 97de203..1c2ca7b 100644 --- a/process-packet.c +++ b/process-packet.c @@ -74,13 +74,11 @@ void process_packet() { /* This applies for KEX, where the spec says the next packet MUST be * NEWKEYS */ - if (ses.requirenext[0] != 0) { - if (ses.requirenext[0] == type || ses.requirenext[1] == type) + if (ses.requirenext != 0) { + if (ses.requirenext == type) { /* Got what we expected */ - TRACE(("got expeced packet %d during kexinit", type)) - ses.requirenext[0] = 0; - ses.requirenext[1] = 0; + TRACE(("got expected packet %d during kexinit", type)) } else { @@ -99,8 +97,8 @@ void process_packet() { else { TRACE(("disallowed packet during kexinit")) - dropbear_exit("Unexpected packet type %d, expected [%d,%d]", type, - ses.requirenext[0], ses.requirenext[1]); + dropbear_exit("Unexpected packet type %d, expected %d", type, + ses.requirenext); } } } @@ -113,6 +111,12 @@ void process_packet() { goto out; } + /* Only clear the flag after we have checked ignorenext */ + if (ses.requirenext != 0 && ses.requirenext == type) + { + ses.requirenext = 0; + } + /* Kindly the protocol authors gave all the preauth packets type values * less-than-or-equal-to 60 ( == MAX_UNAUTH_PACKET_TYPE ). @@ -135,9 +135,8 @@ struct sshsession { unsigned dataallowed : 1; /* whether we can send data packets or we are in the middle of a KEX or something */ - unsigned char requirenext[2]; /* bytes indicating what packets we require next, - or 0x00 for any. Second option can only be - used if the first byte is also set */ + unsigned char requirenext; /* byte indicating what packets we require next, + or 0x00 for any. */ unsigned char ignorenext; /* whether to ignore the next packet, used for kex_follows stuff */ @@ -80,8 +80,7 @@ void recv_msg_kexdh_init() { } send_msg_newkeys(); - ses.requirenext[0] = SSH_MSG_NEWKEYS; - ses.requirenext[1] = 0; + ses.requirenext = SSH_MSG_NEWKEYS; TRACE(("leave recv_msg_kexdh_init")) } diff --git a/sysoptions.h b/sysoptions.h index 3bb8e92..189b158 100644 --- a/sysoptions.h +++ b/sysoptions.h @@ -16,7 +16,7 @@ #define KEX_REKEY_TIMEOUT (3600 * 8) #endif #ifndef KEX_REKEY_DATA -#define KEX_REKEY_DATA (1<<30) /* 2^30 == 1GB, this value must be < INT_MAX */ +#define KEX_REKEY_DATA (1<<20) /* 2^30 == 1GB, this value must be < INT_MAX */ #endif /* Close connections to clients which haven't authorised after AUTH_TIMEOUT */ #ifndef AUTH_TIMEOUT |