rpms
/
libssh
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix CVE patch

This commit is contained in:
Andreas Schneider 2016-02-25 16:55:04 +01:00
parent e84163101e
commit 7822adaf41
1 changed files with 8 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
CVE-2016-0739-v0-5.patch
View File

@ -1,4 +1,4 @@
From 2f86aac9599c4e08ab04fcc8bf86726ae76e12f6 Mon Sep 17 00:00:00 2001
From dd422639afefbdd1c562b922f2188cd570eef264 Mon Sep 17 00:00:00 2001
From: Aris Adamantiadis <aris@0xbadc0de.be>
Date: Tue, 9 Feb 2016 15:09:27 +0100
Subject: [PATCH] dh: Fix CVE-2016-0739
@ -9,23 +9,18 @@ completely reworked and will be commited in a future version.
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
src/dh.c | 22 +++++++++++++++++-----
1 file changed, 17 insertions(+), 5 deletions(-)
src/dh.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/src/dh.c b/src/dh.c
index 9b9d203..4eadef1 100644
index 9b9d203..a60cb6d 100644
--- a/src/dh.c
+++ b/src/dh.c
@@ -237,15 +237,21 @@ void ssh_print_hexa(const char *descr, const unsigned char *what, size_t len) {
@@ -237,15 +237,16 @@ void ssh_print_hexa(const char *descr, const unsigned char *what, size_t len) {
}
int dh_generate_x(ssh_session session) {
+ int keysize;
+ if (session->next_crypto->kex_type == SSH_KEX_DH_GROUP1_SHA1) {
+ keysize = 1023;
+ } else {
+ keysize = 2047;
+ }
+ int keysize = 1023;
session->next_crypto->x = bignum_new();
if (session->next_crypto->x == NULL) {
return -1;
@ -40,17 +35,12 @@ index 9b9d203..4eadef1 100644
#endif
/* not harder than this */
@@ -258,15 +264,21 @@ int dh_generate_x(ssh_session session) {
@@ -258,15 +259,16 @@ int dh_generate_x(ssh_session session) {
/* used by server */
int dh_generate_y(ssh_session session) {
- session->next_crypto->y = bignum_new();
+ int keysize;
+ if (session->next_crypto->kex_type == SSH_KEX_DH_GROUP1_SHA1) {
+ keysize = 1023;
+ } else {
+ keysize = 2047;
+ }
+ int keysize = 1023;
+ session->next_crypto->y = bignum_new();
if (session->next_crypto->y == NULL) {
return -1;