dropbear: process-packet.c comparison

Fix failing rekeying when we receive a still-in-flight packet

comparison

equal deleted inserted replaced

-:dd0bd9231fc2
+:19ce21bd198a
 	}
 	/* This applies for KEX, where the spec says the next packet MUST be
 	 * NEWKEYS */
 	if (ses.requirenext[0] != 0) {
-		if (ses.requirenext[0] != type
+		if (ses.requirenext[0] == type || ses.requirenext[1] == type)
-				&& (ses.requirenext[1] == 0 || ses.requirenext[1] != type)) {
+		{
-			dropbear_exit("Unexpected packet type %d, expected [%d,%d]", type,
-					ses.requirenext[0], ses.requirenext[1]);
-		} else {
 			/* Got what we expected */
+			TRACE(("got expeced packet %d during kexinit", type))
 			ses.requirenext[0] = 0;
 			ses.requirenext[1] = 0;
+		}
+		else
+		{
+			/* RFC4253 7.1 - various messages are allowed at this point.
+			The only ones we know about have already been handled though,
+			so just return "unimplemented" */
+			if (type >= 1 && type <= 49
+				&& type != SSH_MSG_SERVICE_REQUEST
+				&& type != SSH_MSG_SERVICE_ACCEPT
+				&& type != SSH_MSG_KEXINIT)
+			{
+				TRACE(("unknown allowed packet during kexinit"))
+				recv_unimplemented();
+				goto out;
+			}
+			else
+			{
+				TRACE(("disallowed packet during kexinit"))
+				dropbear_exit("Unexpected packet type %d, expected [%d,%d]", type,
+						ses.requirenext[0], ses.requirenext[1]);
+			}
 		}
 	}
 	/* Check if we should ignore this packet. Used currently only for
 	 * KEX code, with first_kex_packet_follows */

Mercurial > dropbear