1
0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-10 01:48:00 +00:00

ssh_pkt_defersend: don't call do_ssh2_transport when using SSH-1.

Also add an assertion to do_ssh2_transport to catch this.

This bug would be highly unlikely to manifest accidentally, but I
think you could trigger it by setting the data-based rekey threshold
very low.
This commit is contained in:
Ben Harris 2016-05-01 19:16:22 +02:00
parent 561f97874b
commit 8a2797cf0f

17
ssh.c
View File

@ -2521,13 +2521,15 @@ static void ssh_pkt_defersend(Ssh ssh)
if (backlog > SSH_MAX_BACKLOG) if (backlog > SSH_MAX_BACKLOG)
ssh_throttle_all(ssh, 1, backlog); ssh_throttle_all(ssh, 1, backlog);
ssh->outgoing_data_size += ssh->deferred_data_size; if (ssh->version == 2) {
if (!ssh->kex_in_progress && ssh->outgoing_data_size += ssh->deferred_data_size;
!ssh->bare_connection && ssh->deferred_data_size = 0;
ssh->max_data_size != 0 && if (!ssh->kex_in_progress &&
ssh->outgoing_data_size > ssh->max_data_size) !ssh->bare_connection &&
do_ssh2_transport(ssh, "too much data sent", -1, NULL); ssh->max_data_size != 0 &&
ssh->deferred_data_size = 0; ssh->outgoing_data_size > ssh->max_data_size)
do_ssh2_transport(ssh, "too much data sent", -1, NULL);
}
} }
/* /*
@ -6332,6 +6334,7 @@ static void do_ssh2_transport(Ssh ssh, const void *vin, int inlen,
crState(do_ssh2_transport_state); crState(do_ssh2_transport_state);
assert(!ssh->bare_connection); assert(!ssh->bare_connection);
assert(ssh->version == 2);
crBeginState; crBeginState;