Mercurial > dropbear
diff process-packet.c @ 910:89555751c489 asm
merge up to 2013.63, improve ASM makefile rules a bit
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Thu, 27 Feb 2014 21:35:58 +0800 |
parents | cbc73a5aefb0 |
children | bae0b34bc059 b8208506322e |
line wrap: on
line diff
--- a/process-packet.c Sun Oct 06 22:32:03 2013 +0800 +++ b/process-packet.c Thu Feb 27 21:35:58 2014 +0800 @@ -30,7 +30,7 @@ #include "algo.h" #include "buffer.h" #include "kex.h" -#include "random.h" +#include "dbrandom.h" #include "service.h" #include "auth.h" #include "channel.h" @@ -74,15 +74,32 @@ /* This applies for KEX, where the spec says the next packet MUST be * NEWKEYS */ - if (ses.requirenext[0] != 0) { - if (ses.requirenext[0] != type - && (ses.requirenext[1] == 0 || ses.requirenext[1] != type)) { - dropbear_exit("Unexpected packet type %d, expected [%d,%d]", type, - ses.requirenext[0], ses.requirenext[1]); - } else { + if (ses.requirenext != 0) { + if (ses.requirenext == type) + { /* Got what we expected */ - ses.requirenext[0] = 0; - ses.requirenext[1] = 0; + TRACE(("got expected packet %d during kexinit", type)) + } + else + { + /* RFC4253 7.1 - various messages are allowed at this point. + The only ones we know about have already been handled though, + so just return "unimplemented" */ + if (type >= 1 && type <= 49 + && type != SSH_MSG_SERVICE_REQUEST + && type != SSH_MSG_SERVICE_ACCEPT + && type != SSH_MSG_KEXINIT) + { + TRACE(("unknown allowed packet during kexinit")) + recv_unimplemented(); + goto out; + } + else + { + TRACE(("disallowed packet during kexinit")) + dropbear_exit("Unexpected packet type %d, expected %d", type, + ses.requirenext); + } } } @@ -94,6 +111,12 @@ goto out; } + /* Only clear the flag after we have checked ignorenext */ + if (ses.requirenext != 0 && ses.requirenext == type) + { + ses.requirenext = 0; + } + /* Kindly the protocol authors gave all the preauth packets type values * less-than-or-equal-to 60 ( == MAX_UNAUTH_PACKET_TYPE ).