Mercurial > dropbear
comparison session.h @ 452:4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
them until afterwards. This could sometimes terminate connections
after 8 hours if (for example) a new TCP forwarded connection
was sent at the KEX timeout.
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Fri, 27 Jul 2007 17:13:42 +0000 |
| parents | c216212001fc |
| children | 7e43f5e473b9 |
comparison
equal
deleted
inserted
replaced
| 451:f2aa5aeea619 | 452:4cab61369879 |
|---|---|
| 79 unsigned char recvmackey[MAX_MAC_KEY]; | 79 unsigned char recvmackey[MAX_MAC_KEY]; |
| 80 unsigned char transmackey[MAX_MAC_KEY]; | 80 unsigned char transmackey[MAX_MAC_KEY]; |
| 81 | 81 |
| 82 }; | 82 }; |
| 83 | 83 |
| 84 struct packetlist; | |
| 85 struct packetlist { | |
| 86 struct packetlist *next; | |
| 87 buffer * payload; | |
| 88 }; | |
| 89 | |
| 84 struct sshsession { | 90 struct sshsession { |
| 85 | 91 |
| 86 /* Is it a client or server? */ | 92 /* Is it a client or server? */ |
| 87 unsigned char isserver; | 93 unsigned char isserver; |
| 88 | 94 |
| 135 mp_int * dh_K; /* SSH_MSG_KEXDH_REPLY and sending SSH_MSH_NEWKEYS */ | 141 mp_int * dh_K; /* SSH_MSG_KEXDH_REPLY and sending SSH_MSH_NEWKEYS */ |
| 136 unsigned char hash[SHA1_HASH_SIZE]; /* the hash*/ | 142 unsigned char hash[SHA1_HASH_SIZE]; /* the hash*/ |
| 137 buffer* kexhashbuf; /* session hash buffer calculated from various packets*/ | 143 buffer* kexhashbuf; /* session hash buffer calculated from various packets*/ |
| 138 buffer* transkexinit; /* the kexinit packet we send should be kept so we | 144 buffer* transkexinit; /* the kexinit packet we send should be kept so we |
| 139 can add it to the hash when generating keys */ | 145 can add it to the hash when generating keys */ |
| 146 | |
| 147 /* a list of queued replies that should be sent after a KEX has | |
| 148 concluded (ie, while dataallowed was unset)*/ | |
| 149 struct packetlist *reply_queue_head, *reply_queue_tail; | |
| 140 | 150 |
| 141 algo_type*(*buf_match_algo)(buffer*buf, algo_type localalgos[], | 151 algo_type*(*buf_match_algo)(buffer*buf, algo_type localalgos[], |
| 142 int *goodguess); /* The function to use to choose which algorithm | 152 int *goodguess); /* The function to use to choose which algorithm |
| 143 to use from the ones presented by the remote | 153 to use from the ones presented by the remote |
| 144 side. Is specific to the client/server mode, | 154 side. Is specific to the client/server mode, |