packet: Allow SSH2_MSG_EXT_INFO when authenticated

When the server requests rekey, it can send the SSH2_MSG_EXT_INFO. This message was being filtered out by the packet filtering. This includes a test to enforce the filtering rules for this packet type. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit fe309ba43f)
2026-02-09 09:54:25 +09:00 · 2018-12-07 18:19:33 +01:00
parent 32221ea9fb
commit a6e055c42b
2 changed files with 36 additions and 1 deletions
--- a/tests/unittests/torture_packet_filter.c
+++ b/tests/unittests/torture_packet_filter.c
@@ -462,6 +462,36 @@ static void torture_packet_filter_check_auth_success(void **state)
    assert_int_equal(rc, 0);
 }

+static void torture_packet_filter_check_msg_ext_info(void **state)
+{
+    int rc;
+
+    global_state accepted[] = {
+        {
+            .flags = (COMPARE_SESSION_STATE |
+                    COMPARE_DH_STATE),
+            .session = SSH_SESSION_STATE_AUTHENTICATING,
+            .dh = DH_STATE_FINISHED,
+        },
+        {
+            .flags = (COMPARE_SESSION_STATE |
+                    COMPARE_DH_STATE),
+            .session = SSH_SESSION_STATE_AUTHENTICATED,
+            .dh = DH_STATE_FINISHED,
+        },
+    };
+
+    int accepted_count = 2;
+
+    /* Unused */
+    (void) state;
+
+    rc = check_message_in_all_states(accepted, accepted_count,
+            SSH2_MSG_EXT_INFO);
+
+    assert_int_equal(rc, 0);
+}
+
 static void torture_packet_filter_check_channel_open(void **state)
 {
    int rc;
@@ -492,6 +522,7 @@ int torture_run_tests(void)
        cmocka_unit_test(torture_packet_filter_check_auth_success),
        cmocka_unit_test(torture_packet_filter_check_channel_open),
        cmocka_unit_test(torture_packet_filter_check_unfiltered),
+        cmocka_unit_test(torture_packet_filter_check_msg_ext_info)
    };

    ssh_init();