Blame SOURCES/openssh-7.4p1-cbc-weakness.patch
|
 |
1d31ef |
commit 0fb1a617a07b8df5de188dd5a0c8bf293d4bfc0e
|
|
|
1d31ef |
Author: markus@openbsd.org <markus@openbsd.org>
|
|
|
1d31ef |
Date: Sat Mar 11 13:07:35 2017 +0000
|
|
|
1d31ef |
|
|
|
1d31ef |
upstream commit
|
|
|
1d31ef |
|
|
|
1d31ef |
Don't count the initial block twice when computing how
|
|
|
1d31ef |
many bytes to discard for the work around for the attacks against CBC-mode.
|
|
|
1d31ef |
ok djm@; report from Jean Paul, Kenny, Martin and Torben @ RHUL
|
|
|
1d31ef |
|
|
|
1d31ef |
Upstream-ID: f445f509a4e0a7ba3b9c0dae7311cb42458dc1e2
|
|
|
1d31ef |
|
|
|
1d31ef |
diff --git a/packet.c b/packet.c
|
|
|
1d31ef |
index 01e2d45..2f3a2ec 100644
|
|
|
1d31ef |
--- a/packet.c
|
|
|
1d31ef |
+++ b/packet.c
|
|
|
1d31ef |
@@ -1850,11 +1850,11 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
|
|
|
1d31ef |
if (r != SSH_ERR_MAC_INVALID)
|
|
|
1d31ef |
goto out;
|
|
|
1d31ef |
logit("Corrupted MAC on input.");
|
|
|
1d31ef |
- if (need > PACKET_MAX_SIZE)
|
|
|
1d31ef |
+ if (need + block_size > PACKET_MAX_SIZE)
|
|
|
1d31ef |
return SSH_ERR_INTERNAL_ERROR;
|
|
|
1d31ef |
return ssh_packet_start_discard(ssh, enc, mac,
|
|
|
1d31ef |
sshbuf_len(state->incoming_packet),
|
|
|
1d31ef |
- PACKET_MAX_SIZE - need);
|
|
|
1d31ef |
+ PACKET_MAX_SIZE - need - block_size);
|
|
|
1d31ef |
}
|
|
|
1d31ef |
/* Remove MAC from input buffer */
|
|
|
1d31ef |
DBG(debug("MAC #%d ok", state->p_read.seqnr));
|