1 files changed, 9 insertions, 6 deletions

diff --git a/common-session.c b/common-session.c
index 06cdbd1..4c15391 100644
--- a/common-session.c
+++ b/common-session.c
@@ -62,7 +62,6 @@ void common_session_init(int sock, char* remotehost) {
 	ses.connecttimeout = 0;
 	
 	kexfirstinitialise(); /* initialise the kex state */
-	chaninitialise(); /* initialise the channel state */
 
 	ses.writepayload = buf_new(MAX_TRANS_PAYLOAD_LEN);
 	ses.transseq = 0;
@@ -126,7 +125,7 @@ void session_loop(void(*loophandler)()) {
 		timeout.tv_usec = 0;
 		FD_ZERO(&writefd);
 		FD_ZERO(&readfd);
-		assert(ses.payload == NULL);
+		dropbear_assert(ses.payload == NULL);
 		if (ses.sock != -1) {
 			FD_SET(ses.sock, &readfd);
 			if (!isempty(&ses.writequeue)) {
@@ -233,10 +232,8 @@ void session_identification() {
 		dropbear_exit("Error writing ident string");
 	}
 
-	/* We allow up to 9 lines before the actual version string, to
-	 * account for wrappers/cruft etc. According to the spec only the client
-	 * needs to handle this, but no harm in letting the server handle it too */
-	for (i = 0; i < 10; i++) {
+    /* If they send more than 50 lines, something is wrong */
+	for (i = 0; i < 50; i++) {
 		len = ident_readln(ses.sock, linebuf, sizeof(linebuf));
 
 		if (len < 0 && errno != EINTR) {
@@ -260,6 +257,12 @@ void session_identification() {
 		memcpy(ses.remoteident, linebuf, len);
 	}
 
+    /* Shall assume that 2.x will be backwards compatible. */
+    if (strncmp(ses.remoteident, "SSH-2.", 6) != 0
+            && strncmp(ses.remoteident, "SSH-1.99-", 9) != 0) {
+        dropbear_exit("Incompatible remote version '%s'", ses.remoteident);
+    }
+
 	TRACE(("remoteident: %s", ses.remoteident))
 
 }