[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] kex: server fix to include first_kex_packet_follows
[Thread Prev] | [Thread Next]
- Subject: Re: [PATCH] kex: server fix to include first_kex_packet_follows
- From: Andreas Schneider <asn@xxxxxxxxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Thu, 27 Mar 2014 10:45:13 +0100
- To: libssh@xxxxxxxxxx
On Wednesday 19 March 2014 19:57:36 Jon Simons wrote:
> Hi,
Hi Jon,
> Attached is a patch which fixes a host key signature validation bug that can
> be hit when testing with dropbear clients at or beyond version 2013.57.
> The issue is that dropbear now always sets the 'first_kex_packet_follows'
> field in its KEXINIT message. Until now libssh would assume this field is
> zero; but, it needs to be used when computing the session ID.
>
> Before the patch I'm able to hit 'Bad hostkey signature' errors with
> dbclient; after, dbclient is working for me.
wow, great catch!!!!
I have a small request, as you're already touch code, I would like to see:
instead of:
if (buffer_add_u32(server_hash, 0) < 0) {
I would like to have:
int rc;
rc = buffer_add_u32(server_hash, 0);
if (rc < 0) {
This is the code style we should have everywhere. I could just fix it in your
patch and push it, but I don't know if you're fine with that. So it would be
great if you could change it and resend the patch.
Thank you very much!
-- andreas
--
Andreas Schneider GPG-ID: CC014E3D
www.cryptomilk.org asn@xxxxxxxxxxxxxx
| Re: [PATCH] kex: server fix to include first_kex_packet_follows | Jon Simons <jon@xxxxxxxxxxxxx> |
| [PATCH] kex: server fix to include first_kex_packet_follows | Jon Simons <jon@xxxxxxxxxxxxx> |