From: Loganaden Velvindron <loganaden@gmail.com>
Subject: Re: GHPR689: check sshd privsep cipher state
To: Damien Miller <djm@mindrot.org>
Cc: tech <tech@openbsd.org>, openssh@openssh.com
Date: Mon, 29 Jun 2026 12:22:52 +0400

Makes sense.



On Mon, 29 Jun 2026, 10:45 Damien Miller, <djm@mindrot.org> wrote:

> Hi,
>
> This adds a defence-in-depth check to the sshd privsep state parsing
> that more strictly validates the received cipher key and IV lengths.
> These are already checked for sufficient size later in cipher_init()
> but checking earlier and being more strict doesn't hurt.
>
> ok?
>
> diff --git a/packet.c b/packet.c
> index 29e6b71..fc0d4f9 100644
> --- a/packet.c
> +++ b/packet.c
> @@ -2526,6 +2526,11 @@ newkeys_from_blob(struct sshbuf *m, struct ssh
> *ssh, int mode)
>                 r = SSH_ERR_INVALID_FORMAT;
>                 goto out;
>         }
> +       if (keylen != cipher_keylen(enc->cipher) ||
> +           ivlen != cipher_ivlen(enc->cipher)) {
> +               r = SSH_ERR_INVALID_FORMAT;
> +               goto out;
> +       }
>         if (cipher_authlen(enc->cipher) == 0) {
>                 if ((r = sshbuf_get_cstring(b, &mac->name, NULL)) != 0)
>                         goto out;
>
>