]> git.ipfire.org Git - thirdparty/openssh-portable.git/commitdiff
projects / thirdparty / openssh-portable.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: df82072)
upstream commit
authordtucker@openbsd.org <dtucker@openbsd.org>
Tue, 31 May 2016 23:46:14 +0000 (23:46 +0000)
committerDamien Miller <djm@mindrot.org>
Wed, 8 Jun 2016 01:39:31 +0000 (11:39 +1000)
Ensure that the client's proposed DH-GEX max value is at
 least as big as the minimum the server will accept.  ok djm@

Upstream-ID: b4b84fa04aab2de7e79a6fee4a6e1c189c0fe775

kexgexs.c patch | blob | blame | history

diff --git a/kexgexs.c b/kexgexs.c
index 8c5adf7e43058c859efedec59172bb811bc1e129..3caab12deb74b445cc111c190902590822e4f402 100644 (file)
--- a/kexgexs.c
+++ b/kexgexs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexgexs.c,v 1.26 2015/12/04 16:41:28 markus Exp $ */
+/* $OpenBSD: kexgexs.c,v 1.27 2016/05/31 23:46:14 dtucker Exp $ */
 /*
  * Copyright (c) 2000 Niels Provos.  All rights reserved.
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
@@ -89,7 +89,7 @@ input_kex_dh_gex_request(int type, u_int32_t seq, void *ctxt)
        nbits = MIN(DH_GRP_MAX, nbits);
 
        if (kex->max < kex->min || kex->nbits < kex->min ||
-           kex->max < kex->nbits) {
+           kex->max < kex->nbits || kex->max < DH_GRP_MIN) {
                r = SSH_ERR_DH_GEX_OUT_OF_RANGE;
                goto out;
        }
Mirror of https://github.com/openssh/openssh-portable.git