nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-07-06 05:52:48 -05:00
Code Issues Projects Releases Wiki Activity

Mitigation for VU#958563: When using a CBC-mode server-to-client cipher

Browse Source 
under SSH-2, don't risk looking at the length field of an incoming packet
until we've successfully MAC'ed the packet.

This requires a change to the MAC mechanics so that we can calculate MACs
incrementally, and output a MAC for the packet so far while still being
able to add more data to the packet later.

[originally from svn r8334]
This commit is contained in:
Ben Harris
2008-11-26 12:49:25 +00:00
parent e5eabee3c0
commit 86c183f8e8
4 changed files with 253 additions and 89 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
ssh.h
View File

@ -190,8 +190,14 @@ struct ssh_mac {
void *(*make_context)(void);
void (*free_context)(void *);
void (*setkey) (void *, unsigned char *key);
/* whole-packet operations */
void (*generate) (void *, unsigned char *blk, int len, unsigned long seq);
int (*verify) (void *, unsigned char *blk, int len, unsigned long seq);
/* partial-packet operations */
void (*start) (void *);
void (*bytes) (void *, unsigned char const *, int);
void (*genresult) (void *, unsigned char *);
int (*verresult) (void *, unsigned char const *);
char *name;
int len;
char *text_name;