- markus@cvs.openbsd.org 2001/04/04 22:04:35

[kex.c kexgex.c serverloop.c]
     parse full kexinit packet.
     make server-side more robust, too.

ChangeLog

@@ -20,6 +20,10 @@
    - markus@cvs.openbsd.org 2001/04/04 20:32:56
      [auth2.c]
      we don't care about missing bannerfiles; from tsoome@ut.ee, ok deraadt@
+   - markus@cvs.openbsd.org 2001/04/04 22:04:35
+     [kex.c kexgex.c serverloop.c]
+     parse full kexinit packet.
+     make server-side more robust, too.
 
 20010404
  - OpenBSD CVS Sync
@@ -4859,4 +4863,4 @@
  - Wrote replacements for strlcpy and mkdtemp
  - Released 1.0pre1
 
-$Id: ChangeLog,v 1.1059 2001/04/04 23:47:52 mouring Exp $
+$Id: ChangeLog,v 1.1060 2001/04/04 23:50:21 mouring Exp $

kex.c

@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: kex.c,v 1.30 2001/04/04 20:25:37 markus Exp $");
+RCSID("$OpenBSD: kex.c,v 1.31 2001/04/04 22:04:34 markus Exp $");
 
 #include <openssl/crypto.h>
 
@@ -166,6 +166,7 @@ kex_input_kexinit(int type, int plen, void *ctxt)
 {
 	char *ptr;
 	int dlen;
+	int i;
 	Kex *kex = (Kex *)ctxt;
 
 	debug("SSH2_MSG_KEXINIT received");
@@ -175,6 +176,15 @@ kex_input_kexinit(int type, int plen, void *ctxt)
 	ptr = packet_get_raw(&dlen);
 	buffer_append(&kex->peer, ptr, dlen);
 
+	/* discard packet */
+	for (i = 0; i < KEX_COOKIE_LEN; i++)
+		packet_get_char();
+	for (i = 0; i < PROPOSAL_MAX; i++)
+		xfree(packet_get_string(NULL));
+	packet_get_char();
+	packet_get_int();
+	packet_done();
+
 	kex_kexinit_finish(kex);
 }
 

kexgex.c

@@ -24,7 +24,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: kexgex.c,v 1.3 2001/04/04 09:48:34 markus Exp $");
+RCSID("$OpenBSD: kexgex.c,v 1.4 2001/04/04 22:04:35 markus Exp $");
 
 #include <openssl/bn.h>
 
@@ -286,7 +286,7 @@ kexgex_server(Kex *kex)
 		/* unused for old GEX */
 		break;
 	default:
-		fatal("protocol error during kex, no DH_GEX_REQUEST");
+		fatal("protocol error during kex, no DH_GEX_REQUEST: %d", type);
 	}
 	packet_done();
 

serverloop.c

@@ -35,7 +35,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: serverloop.c,v 1.57 2001/04/04 20:25:37 markus Exp $");
+RCSID("$OpenBSD: serverloop.c,v 1.58 2001/04/04 22:04:35 markus Exp $");
 
 #include "xmalloc.h"
 #include "packet.h"
@@ -650,9 +650,7 @@ void
 server_loop2(void)
 {
 	fd_set *readset = NULL, *writeset = NULL;
-	int max_fd;
-	int had_channel = 0;
-	int status;
+	int had_channel = 0, rekeying = 0, max_fd, status;
 	pid_t pid;
 
 	debug("Entering interactive session for SSH2.");
@@ -668,21 +666,26 @@ server_loop2(void)
 
 	for (;;) {
 		process_buffered_input_packets();
+
+                rekeying = (xxx_kex != NULL && !xxx_kex->done);
+
 		if (!had_channel && channel_still_open())
 			had_channel = 1;
 		if (had_channel && !channel_still_open()) {
 			debug("!channel_still_open.");
 			break;
 		}
-		if (packet_not_very_much_data_to_write())
+		if (!rekeying && packet_not_very_much_data_to_write())
 			channel_output_poll();
-		wait_until_can_do_something(&readset, &writeset, &max_fd, 0);
+		wait_until_can_do_something(&readset, &writeset, &max_fd,
+		    rekeying);
 		if (child_terminated) {
 			while ((pid = waitpid(-1, &status, WNOHANG)) > 0)
 				session_close_by_pid(pid, status);
 			child_terminated = 0;
 		}
-		channel_after_select(readset, writeset);
+		if (!rekeying)
+			channel_after_select(readset, writeset);
 		process_input(readset);
 		process_output(writeset);
 	}