nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-09 17:38:00 +00:00
Code Issues Projects Releases Wiki Activity

Add missing dh_validate_f in GSSAPI key exchange.

Browse Source 
This checks that the public Diffie-Hellman value sent by the server is
not an obviously silly one like 1 or -1 (mod p). We already had the
validation function, and were using it in standard DH key exchange,
but the parallel code in the GSSAPI case missed it out.
This commit is contained in:
Simon Tatham 2019-02-16 17:03:32 +00:00
parent 03777723e5
commit 5fbd294c20
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
ssh2kex-client.c
View File

@ -474,6 +474,15 @@ void ssh2kex_coroutine(struct ssh2_transport_state *s, bool *aborted)
s->gss_stat == SSH_GSS_S_CONTINUE_NEEDED ||
!s->complete_rcvd);
{
const char *err = dh_validate_f(s->dh_ctx, s->f);
if (err) {
ssh_proto_error(s->ppl.ssh, "GSSAPI reply failed "
"validation: %s", err);
*aborted = true;
return;
}
}
s->K = dh_find_K(s->dh_ctx, s->f);
/* We assume everything from now on will be quick, and it might