nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-07-12 08:43:53 -05:00
Code Issues Projects Releases Wiki Activity

Enforce acceptable range for Diffie-Hellman server value.

Browse Source 
Florent Daigniere of Matta points out that RFC 4253 actually
_requires_ us to refuse to accept out-of-range values, though it isn't
completely clear to me why this should be a MUST on the receiving end.

Matta considers this to be a security vulnerability, on the grounds
that if a server should accidentally send an obviously useless value
such as 1 then we will fail to reject it and agree a key that an
eavesdropper could also figure out. Their id for this vulnerability is
MATTA-2015-002.
This commit is contained in:
Simon Tatham
2015-02-05 19:39:17 +00:00
parent db9385b3ce
commit 174476813f
3 changed files with 31 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ssh.h
View File

@ -536,6 +536,7 @@ void *dh_setup_group(const struct ssh_kex *kex);
void *dh_setup_gex(Bignum pval, Bignum gval);
void dh_cleanup(void *);
Bignum dh_create_e(void *, int nbits);
const char *dh_validate_f(void *handle, Bignum f);
Bignum dh_find_K(void *, Bignum f);
int loadrsakey(const Filename *filename, struct RSAKey *key,