Fix duplicate packets in CBC mode.

Yesterday's reinstatement of ssh_free_pktout revealed - via valgrind spotting the use-after-free - that the code that prefixed sensible packets with IV-muddling SSH_MSG_IGNOREs was actually sending a second copy of the sensible packet in place of the IGNORE, due to a typo.
2025-04-11 08:08:06 -05:00 · 2018-07-10 21:04:32 +01:00 · 2018-07-10 21:04:32 +01:00 · 445fa12da7
commit 445fa12da7
parent d4abff521a
1 changed files with 1 additions and 1 deletions
--- a/ssh.c
+++ b/ssh.c
@ -1216,7 +1216,7 @@ static void ssh_pkt_write(Ssh ssh, PktOut *pkt)
         */
 	PktOut *ipkt = ssh_bpp_new_pktout(ssh->bpp, SSH2_MSG_IGNORE);
 	put_stringz(ipkt, "");
-        ssh_bpp_format_packet(ssh->bpp, pkt);
+        ssh_bpp_format_packet(ssh->bpp, ipkt);
    }

    ssh_bpp_format_packet(ssh->bpp, pkt);