# HG changeset patch # User Matt Johnston # Date 1390487152 -28800 # Node ID cbc73a5aefb0707fd2c7e71027ef147176d34b39 # Parent 19ce21bd198a383098a98799d0373dd7e8fe28eb requirenext doesn't need two values diff -r 19ce21bd198a -r cbc73a5aefb0 cli-kex.c --- a/cli-kex.c Thu Jan 23 21:56:35 2014 +0800 +++ b/cli-kex.c Thu Jan 23 22:25:52 2014 +0800 @@ -177,8 +177,7 @@ hostkey = NULL; send_msg_newkeys(); - ses.requirenext[0] = SSH_MSG_NEWKEYS; - ses.requirenext[1] = 0; + ses.requirenext = SSH_MSG_NEWKEYS; TRACE(("leave recv_msg_kexdh_init")) } diff -r 19ce21bd198a -r cbc73a5aefb0 common-kex.c --- a/common-kex.c Thu Jan 23 21:56:35 2014 +0800 +++ b/common-kex.c Thu Jan 23 22:25:52 2014 +0800 @@ -525,7 +525,7 @@ /* I_S, the payload of the server's SSH_MSG_KEXINIT */ buf_setpos(ses.payload, 0); buf_putstring(ses.kexhashbuf, ses.payload->data, ses.payload->len); - ses.requirenext[0] = SSH_MSG_KEXDH_REPLY; + ses.requirenext = SSH_MSG_KEXDH_REPLY; } else { /* SERVER */ @@ -545,7 +545,7 @@ buf_putstring(ses.kexhashbuf, ses.transkexinit->data, ses.transkexinit->len); - ses.requirenext[0] = SSH_MSG_KEXDH_INIT; + ses.requirenext = SSH_MSG_KEXDH_INIT; } buf_free(ses.transkexinit); diff -r 19ce21bd198a -r cbc73a5aefb0 common-session.c --- a/common-session.c Thu Jan 23 21:56:35 2014 +0800 +++ b/common-session.c Thu Jan 23 22:25:52 2014 +0800 @@ -82,7 +82,7 @@ initqueue(&ses.writequeue); - ses.requirenext[0] = SSH_MSG_KEXINIT; + ses.requirenext = SSH_MSG_KEXINIT; ses.dataallowed = 1; /* we can send data until we actually send the SSH_MSG_KEXINIT */ ses.ignorenext = 0; diff -r 19ce21bd198a -r cbc73a5aefb0 debug.h --- a/debug.h Thu Jan 23 21:56:35 2014 +0800 +++ b/debug.h Thu Jan 23 22:25:52 2014 +0800 @@ -39,7 +39,7 @@ * Caution: Don't use this in an unfriendly environment (ie unfirewalled), * since the printing may not sanitise strings etc. This will add a reasonable * amount to your executable size. */ -/* #define DEBUG_TRACE */ +#define DEBUG_TRACE /* All functions writing to the cleartext payload buffer call * CHECKCLEARTOWRITE() before writing. This is only really useful if you're diff -r 19ce21bd198a -r cbc73a5aefb0 process-packet.c --- a/process-packet.c Thu Jan 23 21:56:35 2014 +0800 +++ b/process-packet.c Thu Jan 23 22:25:52 2014 +0800 @@ -74,13 +74,11 @@ /* This applies for KEX, where the spec says the next packet MUST be * NEWKEYS */ - if (ses.requirenext[0] != 0) { - if (ses.requirenext[0] == type || ses.requirenext[1] == type) + if (ses.requirenext != 0) { + if (ses.requirenext == type) { /* Got what we expected */ - TRACE(("got expeced packet %d during kexinit", type)) - ses.requirenext[0] = 0; - ses.requirenext[1] = 0; + TRACE(("got expected packet %d during kexinit", type)) } else { @@ -99,8 +97,8 @@ else { TRACE(("disallowed packet during kexinit")) - dropbear_exit("Unexpected packet type %d, expected [%d,%d]", type, - ses.requirenext[0], ses.requirenext[1]); + dropbear_exit("Unexpected packet type %d, expected %d", type, + ses.requirenext); } } } @@ -113,6 +111,12 @@ goto out; } + /* Only clear the flag after we have checked ignorenext */ + if (ses.requirenext != 0 && ses.requirenext == type) + { + ses.requirenext = 0; + } + /* Kindly the protocol authors gave all the preauth packets type values * less-than-or-equal-to 60 ( == MAX_UNAUTH_PACKET_TYPE ). diff -r 19ce21bd198a -r cbc73a5aefb0 session.h --- a/session.h Thu Jan 23 21:56:35 2014 +0800 +++ b/session.h Thu Jan 23 22:25:52 2014 +0800 @@ -135,9 +135,8 @@ unsigned dataallowed : 1; /* whether we can send data packets or we are in the middle of a KEX or something */ - unsigned char requirenext[2]; /* bytes indicating what packets we require next, - or 0x00 for any. Second option can only be - used if the first byte is also set */ + unsigned char requirenext; /* byte indicating what packets we require next, + or 0x00 for any. */ unsigned char ignorenext; /* whether to ignore the next packet, used for kex_follows stuff */ diff -r 19ce21bd198a -r cbc73a5aefb0 svr-kex.c --- a/svr-kex.c Thu Jan 23 21:56:35 2014 +0800 +++ b/svr-kex.c Thu Jan 23 22:25:52 2014 +0800 @@ -80,8 +80,7 @@ } send_msg_newkeys(); - ses.requirenext[0] = SSH_MSG_NEWKEYS; - ses.requirenext[1] = 0; + ses.requirenext = SSH_MSG_NEWKEYS; TRACE(("leave recv_msg_kexdh_init")) } diff -r 19ce21bd198a -r cbc73a5aefb0 sysoptions.h --- a/sysoptions.h Thu Jan 23 21:56:35 2014 +0800 +++ b/sysoptions.h Thu Jan 23 22:25:52 2014 +0800 @@ -16,7 +16,7 @@ #define KEX_REKEY_TIMEOUT (3600 * 8) #endif #ifndef KEX_REKEY_DATA -#define KEX_REKEY_DATA (1<<30) /* 2^30 == 1GB, this value must be < INT_MAX */ +#define KEX_REKEY_DATA (1<<20) /* 2^30 == 1GB, this value must be < INT_MAX */ #endif /* Close connections to clients which haven't authorised after AUTH_TIMEOUT */ #ifndef AUTH_TIMEOUT