Home Explore Help
Register Sign In
Apq
/
winscp
mirror of https://github.com/winscp/winscp.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Merge branch 'hotfix'

Source commit: 0468b026d0e253ff7cc376323cb0670df76fb5a0
Martin Prikryl 6 years ago
parent
67eac2d74d a21a1e034e
commit
fe31e7f930
5 changed files with 22 additions and 4 deletions
Split View Show Diff Stats
  1. 11 1
      source/putty/ssh.c
  2. 3 0
      source/putty/ssh.h
  3. 2 0
      source/putty/sshrand.c
  4. 5 2
      source/putty/sshrsa.c
  5. 1 1
      source/putty/version.h

+ 11 - 1
source/putty/ssh.c
View File 

@@ -7277,11 +7277,21 @@ static void do_ssh2_transport(Ssh ssh, const void *vin, int inlen,
 
          */

         {

             int klen = ssh_rsakex_klen(s->rsakey);

-            int nbits = klen - (2*ssh->kex->hash->hlen*8 + 49);

+

+            int nbits;

             int i, byte = 0;

             unsigned char *kstr1, *kstr2, *outstr;

             int kstr1len, kstr2len, outstrlen;

 

+            const struct ssh_rsa_kex_extra *extra =

+                (const struct ssh_rsa_kex_extra *)ssh->kex->extra;

+            if (klen < extra->minklen) {

+                bombout(("Server sent RSA key with less bits than the minimum size for key exchange"));

+                crStopV;

+            }

+

+            nbits = klen - (2*ssh->kex->hash->hlen*8 + 49);

+

             s->K = bn_power_2(nbits - 1);

 

             for (i = 0; i < nbits; i++) {

+ 3 - 0
source/putty/ssh.h
View File 

@@ -211,6 +211,9 @@ int detect_attack(void *handle, unsigned char *buf, uint32 len,
 
  * SSH2 RSA key exchange functions

  */

 struct ssh_hash;

+struct ssh_rsa_kex_extra {

+    int minklen;

+};

 void *ssh_rsakex_newkey(char *data, int len);

 void ssh_rsakex_freekey(void *key);

 int ssh_rsakex_klen(void *key);

+ 2 - 0
source/putty/sshrand.c
View File 

@@ -240,6 +240,8 @@ void random_add_noise(void *noise, int length)
 
 	length -= HASHINPUT - pool.incomingpos;

 	SHATransform((word32 *) pool.incoming, (word32 *) pool.incomingb);

 	for (i = 0; i < HASHSIZE; i++) {

+	    if (pool.poolpos >= POOLSIZE)

+		pool.poolpos = 0;

 	    pool.pool[pool.poolpos++] ^= pool.incoming[i];

 	    if (pool.poolpos >= POOLSIZE)

 		pool.poolpos = 0;

+ 5 - 2
source/putty/sshrsa.c
View File 

@@ -1059,12 +1059,15 @@ void ssh_rsakex_encrypt(const struct ssh_hash *h, unsigned char *in, int inlen,
 
      */

 }

 

+static const struct ssh_rsa_kex_extra ssh_rsa_kex_extra_sha1 = { 1024 };

+static const struct ssh_rsa_kex_extra ssh_rsa_kex_extra_sha256 = { 2048 };

+

 static const struct ssh_kex ssh_rsa_kex_sha1 = {

-    "rsa1024-sha1", NULL, KEXTYPE_RSA, &ssh_sha1, NULL,

+    "rsa1024-sha1", NULL, KEXTYPE_RSA, &ssh_sha1, &ssh_rsa_kex_extra_sha1,

 };

 

 static const struct ssh_kex ssh_rsa_kex_sha256 = {

-    "rsa2048-sha256", NULL, KEXTYPE_RSA, &ssh_sha256, NULL,

+    "rsa2048-sha256", NULL, KEXTYPE_RSA, &ssh_sha256, &ssh_rsa_kex_extra_sha256,

 };

 

 static const struct ssh_kex *const rsa_kex_list[] = {

+ 1 - 1
source/putty/version.h
View File 

@@ -1,6 +1,6 @@
 
 /* Generated by automated build script */

 #define RELEASE 0.70

-#define TEXTVER "Release 0.70"

+#define TEXTVER "Release 0.70+"

 #define SSHVER "PuTTY-Release-0.70"

 #define BINARY_VERSION 0,70,0,0

 #define SOURCE_COMMIT "3cd10509a51edf5a21cdc80aabf7e6a934522d47"