diff options
| -rw-r--r-- | libssh/client.c | 2 | ||||
| -rw-r--r-- | libssh/kex.c | 120 | ||||
| -rw-r--r-- | libssh/server.c | 3 |
3 files changed, 76 insertions, 49 deletions
diff --git a/libssh/client.c b/libssh/client.c index 63c5de6d..d91c55cb 100644 --- a/libssh/client.c +++ b/libssh/client.c @@ -351,7 +351,7 @@ int ssh_connect(SSH_SESSION *session){ set_status(options,0.5); switch(session->version){ case 2: - if(ssh_get_kex(session,0)){ + if(ssh_get_kex(session,0) < 0) { ssh_socket_close(session->socket); session->alive=0; leave_function(); diff --git a/libssh/kex.c b/libssh/kex.c index 803141e6..0d89f305 100644 --- a/libssh/kex.c +++ b/libssh/kex.c @@ -229,57 +229,83 @@ char *ssh_find_matching(const char *in_d, const char *what_d){ return NULL; } -int ssh_get_kex(SSH_SESSION *session,int server_kex ){ - STRING *str; - char *strings[10]; - int i; - enter_function(); - if(packet_wait(session,SSH2_MSG_KEXINIT,1)){ - leave_function(); - return -1; +int ssh_get_kex(SSH_SESSION *session, int server_kex) { + STRING *str = NULL; + char *strings[10]; + int i; + + enter_function(); + + if (packet_wait(session, SSH2_MSG_KEXINIT, 1)) { + leave_function(); + return -1; + } + + if (buffer_get_data(session->in_buffer,session->server_kex.cookie,16) != 16) { + ssh_set_error(session, SSH_FATAL, "get_kex(): no cookie in packet"); + leave_function(); + return -1; + } + + if (hashbufin_add_cookie(session, session->server_kex.cookie) < 0) { + ssh_set_error(session, SSH_FATAL, "get_kex(): adding cookie failed"); + leave_function(); + return -1; + } + + memset(strings, 0, sizeof(char *) * 10); + + for (i = 0; i < 10; i++) { + str = buffer_get_ssh_string(session->in_buffer); + if (str == NULL) { + break; } - if(buffer_get_data(session->in_buffer,session->server_kex.cookie,16)!=16){ - ssh_set_error(session,SSH_FATAL,"get_kex(): no cookie in packet"); - leave_function(); - return -1; + + if (buffer_add_ssh_string(session->in_hashbuf, str) < 0) { + goto error; } - if (hashbufin_add_cookie(session, session->server_kex.cookie) < 0) { - ssh_set_error(session, SSH_FATAL, "get_kex(): adding cookie failed"); - leave_function(); - return -1; + + strings[i] = string_to_char(str); + if (strings[i] == NULL) { + goto error; } - memset(strings,0,sizeof(char *)*10); - for(i=0;i<10;++i){ - str=buffer_get_ssh_string(session->in_buffer); - if(!str) - break; - if(str){ - buffer_add_ssh_string(session->in_hashbuf,str); - strings[i]=string_to_char(str); - free(str); - } else - strings[i]=NULL; - } - /* copy the server kex info into an array of strings */ - if(server_kex){ - session->client_kex.methods = malloc(10 * sizeof(char **)); - if (session->client_kex.methods == NULL) { - leave_function(); - return -1; - } - for(i=0;i<10;++i) - session->client_kex.methods[i]=strings[i]; - } else { // client - session->server_kex.methods = malloc(10 * sizeof(char **)); - if (session->server_kex.methods == NULL) { - leave_function(); - return -1; - } - for(i=0;i<10;++i) - session->server_kex.methods[i]=strings[i]; + string_free(str); + str = NULL; + } + + /* copy the server kex info into an array of strings */ + if (server_kex) { + session->client_kex.methods = malloc(10 * sizeof(char **)); + if (session->client_kex.methods == NULL) { + leave_function(); + return -1; } - leave_function(); - return 0; + + for (i = 0; i < 10; i++) { + session->client_kex.methods[i] = strings[i]; + } + } else { /* client */ + session->server_kex.methods = malloc(10 * sizeof(char **)); + if (session->server_kex.methods == NULL) { + leave_function(); + return -1; + } + + for (i = 0; i < 10; i++) { + session->server_kex.methods[i] = strings[i]; + } + } + + leave_function(); + return 0; +error: + string_free(str); + for (i = 0; i < 10; i++) { + SAFE_FREE(strings[i]); + } + + leave_function(); + return -1; } void ssh_list_kex(struct ssh_session *session, KEX *kex) { diff --git a/libssh/server.c b/libssh/server.c index 6aebf673..88b87286 100644 --- a/libssh/server.c +++ b/libssh/server.c @@ -339,8 +339,9 @@ int ssh_accept(SSH_SESSION *session){ return -1; } ssh_send_kex(session,1); - if(ssh_get_kex(session,1)) + if(ssh_get_kex(session,1) < 0) { return -1; + } ssh_list_kex(session, &session->client_kex); crypt_set_algorithms_server(session); if(dh_handshake_server(session)) |