Add the CRC32 compensation attack detector that all other SSH

clients have had for ages and I forgot about. Of course I've got the version with the buffer overflow fixed! [originally from svn r1535]
2025-07-03 04:22:47 -05:00 · 2002-01-08 11:57:32 +00:00
parent 349e2ce9e2
commit d237773599
10 changed files with 183 additions and 11 deletions
--- a/ssh.c
+++ b/ssh.c
@ -724,6 +724,11 @@ static int ssh1_rdpkt(unsigned char **data, int *datalen)
 	st->to_read -= st->chunk;
    }

+    if (cipher && detect_attack(pktin.data, st->biglen, NULL)) {
+        bombout(("Network attack (CRC compensation) detected!"));
+        crReturn(0);
+    }
+
    if (cipher)
 	cipher->decrypt(pktin.data, st->biglen);