From 2f6d6a839de9b9ac1aaaf9e2c00b9bfd3123f3bf Mon Sep 17 00:00:00 2001 From: Simon Tatham Date: Sun, 14 Jul 2013 10:46:27 +0000 Subject: [PATCH] Move the calculation of the exchange hash to above the various warnings about insecure crypto components. The latter may crReturn (though not in any current implementation, I believe), which invalidates pktin, which is used by the former. [originally from svn r9921] --- ssh.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/ssh.c b/ssh.c index db31d389..ea2ad974 100644 --- a/ssh.c +++ b/ssh.c @@ -5909,6 +5909,16 @@ static void do_ssh2_transport(Ssh ssh, void *vin, int inlen, ssh_pkt_getstring(pktin, &str, &len); /* server->client language */ s->ignorepkt = ssh2_pkt_getbool(pktin) && !s->guessok; + ssh->exhash = ssh->kex->hash->init(); + hash_string(ssh->kex->hash, ssh->exhash, ssh->v_c, strlen(ssh->v_c)); + hash_string(ssh->kex->hash, ssh->exhash, ssh->v_s, strlen(ssh->v_s)); + hash_string(ssh->kex->hash, ssh->exhash, + s->our_kexinit, s->our_kexinitlen); + sfree(s->our_kexinit); + if (pktin->length > 5) + hash_string(ssh->kex->hash, ssh->exhash, + pktin->data + 5, pktin->length - 5); + if (s->warn_kex) { ssh_set_frozen(ssh, 1); s->dlgret = askalg(ssh->frontend, "key-exchange algorithm", @@ -5983,16 +5993,6 @@ static void do_ssh2_transport(Ssh ssh, void *vin, int inlen, } } - ssh->exhash = ssh->kex->hash->init(); - hash_string(ssh->kex->hash, ssh->exhash, ssh->v_c, strlen(ssh->v_c)); - hash_string(ssh->kex->hash, ssh->exhash, ssh->v_s, strlen(ssh->v_s)); - hash_string(ssh->kex->hash, ssh->exhash, - s->our_kexinit, s->our_kexinitlen); - sfree(s->our_kexinit); - if (pktin->length > 5) - hash_string(ssh->kex->hash, ssh->exhash, - pktin->data + 5, pktin->length - 5); - if (s->ignorepkt) /* first_kex_packet_follows */ crWaitUntilV(pktin); /* Ignore packet */ }