comparison packet.c @ 623:895fbe068f2c

Fix case where "-K 1" would cause a SSH_MSG_IGNORE packet to be sent with the wrong encryption key ("bad packet length" symptom) while key exchange was happening.
author Matt Johnston <matt@ucc.asn.au>
date Tue, 07 Jun 2011 11:55:44 +0000
parents 53c21d4ec98a
children f4232b65b316
comparison
equal deleted inserted replaced
622:e27d7fb23376 623:895fbe068f2c
439 packet_type = buf_getbyte(ses.writepayload); 439 packet_type = buf_getbyte(ses.writepayload);
440 buf_setpos(ses.writepayload, 0); 440 buf_setpos(ses.writepayload, 0);
441 441
442 TRACE(("encrypt_packet type is %d", packet_type)) 442 TRACE(("encrypt_packet type is %d", packet_type))
443 443
444 if (!ses.dataallowed && !packet_is_okay_kex(packet_type)) { 444 if ((!ses.dataallowed && !packet_is_okay_kex(packet_type))
445 || ses.kexstate.sentnewkeys) {
445 /* During key exchange only particular packets are allowed. 446 /* During key exchange only particular packets are allowed.
446 Since this packet_type isn't OK we just enqueue it to send 447 Since this packet_type isn't OK we just enqueue it to send
447 after the KEX, see maybe_flush_reply_queue */ 448 after the KEX, see maybe_flush_reply_queue */
449
450 /* We also enqueue packets here when we have sent a MSG_NEWKEYS
451 * packet but are yet to received one. For simplicity we just switch
452 * over all the keys at once. This is the 'ses.kexstate.sentnewkeys'
453 * case. */
448 enqueue_reply_packet(); 454 enqueue_reply_packet();
449 return; 455 return;
450 } 456 }
451 457
452 blocksize = ses.keys->trans.algo_crypt->blocksize; 458 blocksize = ses.keys->trans.algo_crypt->blocksize;