upstream: Enforce maximum packet/block limit during
pre-authentication phase
OpenSSH doesn't support rekeying before authentication completes to
minimise pre-auth attack surface.
Given LoginGraceTime, MaxAuthTries and strict KEX, it would be
difficult to send enough data or packets before authentication
completes to reach a point where rekeying is required, but we'd
prefer it to be completely impossible.
So this applies the default volume/packet rekeying limits to the
pre-auth phase. If these limits are exceeded the connection will
simply be closed.
ok dtucker markus
OpenBSD-Commit-ID:
70415098db739058006e4ebd1630b6bae8cc8bf6
projects / thirdparty / openssh-portable.git / commit
