[Bug 2929] OpenSSH server should not send the SSH_MSG_EXT_INFO message after rekeying
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Wed Sep 4 06:04:35 AEST 2019
https://bugzilla.mindrot.org/show_bug.cgi?id=2929
Pawel Jakub Dawidek <openssh at dawidek.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|FIXED |---
Status|RESOLVED |REOPENED
CC| |openssh at dawidek.net
--- Comment #5 from Pawel Jakub Dawidek <openssh at dawidek.net> ---
Hi Damian,
I think the fix is incomplete. It probably only works with the OpenSSH
server when sandboxing is enabled, but it doesn't work with ssh_api.c.
When using API, the kex structure is allocated only once and during the
first KEX the ext_info_c field is set to 1. It is then never set to 0,
so during next rekeying, even though KEX_INITIAL is no longer set, the
SSH_MSG_EXT_INFO will be send again as ext_info_c remains 1.
To fix that it would be enough to add:
kex->ext_info_c = 0;
right after:
kex->flags &= ~KEX_INITIAL;
in the kex_input_newkeys() function.
Thank you.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list