CVE-2021-3634: Create a separate length for session_id

Normally, the length of session_id and secret_hash is the same, but if we will get into rekeying with a peer that changes preference of key exchange algorithm, the new secret hash can be larger or smaller than the previous session_id causing invalid reads or writes. Resolves https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35485 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2026-02-09 09:54:25 +09:00 · 2021-06-23 13:16:33 +02:00
parent a3b2229a4e
commit f5211239f9
10 changed files with 23 additions and 18 deletions
--- a/src/kex.c
+++ b/src/kex.c
@@ -1233,11 +1233,13 @@ int ssh_make_sessionid(ssh_session session)
        }
        memcpy(session->next_crypto->session_id, session->next_crypto->secret_hash,
                session->next_crypto->digest_len);
+	/* Initial length is the same as secret hash */
+	session->next_crypto->session_id_len = session->next_crypto->digest_len;
    }
 #ifdef DEBUG_CRYPTO
    SSH_LOG(SSH_LOG_DEBUG, "Session hash: \n");
    ssh_log_hexdump("secret hash", session->next_crypto->secret_hash, session->next_crypto->digest_len);
-    ssh_log_hexdump("session id", session->next_crypto->session_id, session->next_crypto->digest_len);
+    ssh_log_hexdump("session id", session->next_crypto->session_id, session->next_crypto->session_id_len);
 #endif

    rc = SSH_OK;