mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-01-25 01:02:24 +00:00
Uppity: clear the right KEXINIT packet at kex startup!
Just spotted this in eyeball review: we're about to construct our new outgoing KEXINIT and write it into the strbuf s->outgoing_kexinit. So we should clear that strbuf first. But in fact we were clearing s->client_kexinit, which aliases s->outgoing_kexinit in an SSH client, but in a server, aliases s->incoming_kexinit. This was harmless in PuTTY (since the strbuf we cleared was the right one anyway). And it was harmless in Uppity's initial kex (since the strbuf we _meant_ to clear was empty anyway). But if Uppity had ever initiated a rekey, this would have exploded messily.
This commit is contained in:
parent
dc875ca0dc
commit
9af705352d
@ -1375,7 +1375,7 @@ static void ssh2_transport_process_queue(PacketProtocolLayer *ppl)
|
||||
* Construct our KEXINIT packet, in a strbuf so we can refer to it
|
||||
* later.
|
||||
*/
|
||||
strbuf_clear(s->client_kexinit);
|
||||
strbuf_clear(s->outgoing_kexinit);
|
||||
put_byte(s->outgoing_kexinit, SSH2_MSG_KEXINIT);
|
||||
random_read(strbuf_append(s->outgoing_kexinit, 16), 16);
|
||||
ssh2_write_kexinit_lists(
|
||||
|
Loading…
Reference in New Issue
Block a user