upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-08 16:22:46 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Apply upstream fix for CVE-2016-8858:

Browse source 
Unregister the KEXINIT handler after message has been received.
  Otherwise an unauthenticated peer can repeat the KEXINIT and cause
  allocation of up to 128MB -- until the connection is closed.
  Reported by shilei-c at 360.cn

Obtained from:	OpenBSD
This commit is contained in:
Xin LI 2016-11-02 06:43:20 +00:00
parent b5a1df4a77
commit 642a1c3843
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
kex.c
View file

@ -468,6 +468,7 @@ kex_input_kexinit(int type, u_int32_t seq, void *ctxt)
if (kex == NULL)
return SSH_ERR_INVALID_ARGUMENT;
ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, NULL);
ptr = sshpkt_ptr(ssh, &dlen);
if ((r = sshbuf_put(kex->peer, ptr, dlen)) != 0)
return r;