Download raw body.
GHPR689: check sshd privsep cipher state
Hi,
This adds a defence-in-depth check to the sshd privsep state parsing
that more strictly validates the received cipher key and IV lengths.
These are already checked for sufficient size later in cipher_init()
but checking earlier and being more strict doesn't hurt.
ok?
diff --git a/packet.c b/packet.c
index 29e6b71..fc0d4f9 100644
--- a/packet.c
+++ b/packet.c
@@ -2526,6 +2526,11 @@ newkeys_from_blob(struct sshbuf *m, struct ssh *ssh, int mode)
r = SSH_ERR_INVALID_FORMAT;
goto out;
}
+ if (keylen != cipher_keylen(enc->cipher) ||
+ ivlen != cipher_ivlen(enc->cipher)) {
+ r = SSH_ERR_INVALID_FORMAT;
+ goto out;
+ }
if (cipher_authlen(enc->cipher) == 0) {
if ((r = sshbuf_get_cstring(b, &mac->name, NULL)) != 0)
goto out;
GHPR689: check sshd privsep cipher state