shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-11 02:38:09 +09:00
Code Issues Packages Projects Releases Wiki Activity

CVE-2013-0176: Fix a remote DoS if the client doesn't send a matching kex.

Browse Source 
Thanks to Yong Chuan Koh, X-Force Research <kohyc@sg.ibm.com>
This commit is contained in:
Andreas Schneider
2013-01-09 13:20:02 +01:00
parent f128338132
commit 55b09f4264
1 changed files with 11 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/server.c
View File

@@ -184,7 +184,11 @@ static int dh_handshake_server(ssh_session session) {
prv = session->rsa_key; prv = session->rsa_key;
break; break;
default: default:
prv = NULL; ssh_set_error(session,
SSH_FATAL,
"Could determine the specified hostkey");
ssh_string_free(f);
return -1;
} }
pub = publickey_from_privatekey(prv); pub = publickey_from_privatekey(prv);
@@ -270,6 +274,8 @@ static int dh_handshake_server(ssh_session session) {
*/ */
static void ssh_server_connection_callback(ssh_session session){ static void ssh_server_connection_callback(ssh_session session){
int ssh1,ssh2; int ssh1,ssh2;
int rc;
enter_function(); enter_function();
switch(session->session_state){ switch(session->session_state){
case SSH_SESSION_STATE_NONE: case SSH_SESSION_STATE_NONE:
@@ -338,7 +344,10 @@ static void ssh_server_connection_callback(ssh_session session){
case SSH_SESSION_STATE_KEXINIT_RECEIVED: case SSH_SESSION_STATE_KEXINIT_RECEIVED:
set_status(session,0.6f); set_status(session,0.6f);
ssh_list_kex(session, &session->client_kex); // log client kex ssh_list_kex(session, &session->client_kex); // log client kex
crypt_set_algorithms_server(session); rc = crypt_set_algorithms_server(session);
if (rc == SSH_ERROR) {
goto error;
}
if (set_kex(session) < 0) { if (set_kex(session) < 0) {
goto error; goto error;
} }