From e3e434537da5e0a42fed71b9c684f1f5176cb726 Mon Sep 17 00:00:00 2001 From: Simon Tatham Date: Sun, 7 Oct 2018 20:37:30 +0100 Subject: [PATCH] Fix crash when disconnecting in verstring phase. If we disconnect because the two ends' SSH protocol versions don't match, ssh_initiate_connection_close triggers a call to the BPP's handle_output method, and sshverstring's one of those unconditionally fails an assertion on the basis that nobody should be trying to send SSH packets at that stage of the connection. In fact this call to handle_output is only precautionary, and it's unproblematic because there aren't any packets on the output queue. So the assertion is now conditional on there actually being an erroneous packet. --- sshverstring.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/sshverstring.c b/sshverstring.c index 66db98b6..68cee61c 100644 --- a/sshverstring.c +++ b/sshverstring.c @@ -409,8 +409,10 @@ static PktOut *ssh_verstring_new_pktout(int type) static void ssh_verstring_handle_output(BinaryPacketProtocol *bpp) { - assert(0 && "Should never try to send packets during SSH version " - "string exchange"); + if (pq_peek(&bpp->out_pq)) { + assert(0 && "Should never try to send packets during SSH version " + "string exchange"); + } } /*