- markus@cvs.openbsd.org 2012/01/25 19:26:43

     [packet.c]
     do not permit SSH2_MSG_SERVICE_REQUEST/ACCEPT during rekeying;
     ok dtucker@, djm@

diff --git a/ChangeLog b/ChangeLog
index 8eebcaffb7e6d6ff4518d5c7bdcc11a39b41181f..460a635ba227f2581029b85330a4b8d8b4a54d9c 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -20,6 +20,10 @@
      Ensure that $DISPLAY contains only valid characters before using it to
      extract xauth data so that it can't be used to play local shell
      metacharacter games.  Report from r00t_ati at ihteam.net, ok markus.
+   - markus@cvs.openbsd.org 2012/01/25 19:26:43
+     [packet.c]
+     do not permit SSH2_MSG_SERVICE_REQUEST/ACCEPT during rekeying;
+     ok dtucker@, djm@
 
 20120206
  - (djm) [ssh-keygen.c] Don't fail in do_gen_all_hostkeys on platforms

diff --git a/packet.c b/packet.c
index 5e82fe7537c1587a4f900d447d0e2277ad4dd0f0..0d29efffd522846da7636a0d52f4166168a9d123 100644 (file)
--- a/packet.c
+++ b/packet.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.c,v 1.174 2011/12/07 05:44:38 djm Exp $ */
+/* $OpenBSD: packet.c,v 1.175 2012/01/25 19:26:43 markus Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -972,8 +972,10 @@ packet_send2(void)
 
        /* during rekeying we can only send key exchange messages */
        if (active_state->rekeying) {
-               if (!((type >= SSH2_MSG_TRANSPORT_MIN) &&
-                   (type <= SSH2_MSG_TRANSPORT_MAX))) {
+               if ((type < SSH2_MSG_TRANSPORT_MIN) ||
+                   (type > SSH2_MSG_TRANSPORT_MAX) ||
+                   (type == SSH2_MSG_SERVICE_REQUEST) ||
+                   (type == SSH2_MSG_SERVICE_ACCEPT)) {
                        debug("enqueue packet: %u", type);
                        p = xmalloc(sizeof(*p));
                        p->type = type;