From 675d85e538093f18d53d395fb445482710241452 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Thu, 31 Oct 2019 13:58:35 +0100 Subject: [PATCH] kex: Use a len variable for length checks in ssh_packet_kexinit() Fixes T188 Signed-off-by: Andreas Schneider Reviewed-by: Jakub Jelen (cherry picked from commit be34ff967f561ce53f8588d4439ef5633a233f62) --- src/kex.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/src/kex.c b/src/kex.c index a0e14266..ac52a19b 100644 --- a/src/kex.c +++ b/src/kex.c @@ -334,6 +334,7 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit) char *strings[SSH_KEX_METHODS] = {0}; char *rsa_sig_ext = NULL; int rc = SSH_ERROR; + size_t len; uint8_t first_kex_packet_follows = 0; uint32_t kexinit_reserved = 0; @@ -349,26 +350,26 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit) } if (server_kex) { - rc = ssh_buffer_get_data(packet,session->next_crypto->client_kex.cookie, 16); - if (rc != 16) { + len = ssh_buffer_get_data(packet,session->next_crypto->client_kex.cookie, 16); + if (len != 16) { ssh_set_error(session, SSH_FATAL, "ssh_packet_kexinit: no cookie in packet"); goto error; } - rc = ssh_hashbufin_add_cookie(session, session->next_crypto->client_kex.cookie); - if (rc < 0) { + len = ssh_hashbufin_add_cookie(session, session->next_crypto->client_kex.cookie); + if (len < 0) { ssh_set_error(session, SSH_FATAL, "ssh_packet_kexinit: adding cookie failed"); goto error; } } else { - rc = ssh_buffer_get_data(packet,session->next_crypto->server_kex.cookie, 16); - if (rc != 16) { + len = ssh_buffer_get_data(packet,session->next_crypto->server_kex.cookie, 16); + if (len != 16) { ssh_set_error(session, SSH_FATAL, "ssh_packet_kexinit: no cookie in packet"); goto error; } - rc = ssh_hashbufin_add_cookie(session, session->next_crypto->server_kex.cookie); - if (rc < 0) { + len = ssh_hashbufin_add_cookie(session, session->next_crypto->server_kex.cookie); + if (len < 0) { ssh_set_error(session, SSH_FATAL, "ssh_packet_kexinit: adding cookie failed"); goto error; }