diff common-kex.c @ 1743:7d8462677355 fuzz

Disallow extra kexinit messages
author Matt Johnston <matt@ucc.asn.au>
date Sun, 18 Oct 2020 22:17:54 +0800
parents 8f93f37c01de
children 3bfacfc996cf
line wrap: on
line diff
--- a/common-kex.c	Sun Oct 18 15:08:54 2020 +0800
+++ b/common-kex.c	Sun Oct 18 22:17:54 2020 +0800
@@ -487,6 +487,12 @@
 		TRACE(("continue recv_msg_kexinit: sent kexinit"))
 	}
 
+	/* "Once a party has sent a SSH_MSG_KEXINIT message ...
+	further SSH_MSG_KEXINIT messages MUST NOT be sent" */
+	if (ses.kexstate.recvkexinit) {
+		dropbear_exit("Unexpected KEXINIT");
+	}
+
 	/* start the kex hash */
 	local_ident_len = strlen(LOCAL_IDENT);
 	remote_ident_len = strlen(ses.remoteident);