forked from rpms/openssh
Fix GSSAPI Key Exchange for older clients (#1323622)
Failed with older clients, because server was doing signature over different data than the verifying client. It was caused by bump of minimal DH groups offered by server and a bug in code, which was using max(client_min, server_min) instead of client_min as proposed by RFC4462.
This commit is contained in:
parent
bda184b249
commit
fc0cf7f8d5
@ -2739,3 +2739,41 @@ diff -up openssh-7.2p1/sshkey.h.gsskex openssh-7.2p1/sshkey.h
|
||||
KEY_UNSPEC
|
||||
};
|
||||
|
||||
diff --git a/kexgsss.c b/kexgsss.c
|
||||
index b2f9658..2d33ff7 100644
|
||||
--- a/kexgsss.c
|
||||
+++ b/kexgsss.c
|
||||
@@ -69,6 +69,7 @@ kexgss_server(struct ssh *ssh)
|
||||
u_char *kbuf;
|
||||
DH *dh;
|
||||
int min = -1, max = -1, nbits = -1;
|
||||
+ int cmin = -1, cmax = -1; /* client proposal */
|
||||
BIGNUM *shared_secret = NULL;
|
||||
BIGNUM *dh_client_pub = NULL;
|
||||
int type = 0;
|
||||
@@ -107,11 +108,12 @@ kexgss_server(struct ssh *ssh)
|
||||
case KEX_GSS_GEX_SHA1:
|
||||
debug("Doing group exchange");
|
||||
packet_read_expect(SSH2_MSG_KEXGSS_GROUPREQ);
|
||||
- min = packet_get_int();
|
||||
+ /* store client proposal to provide valid signature */
|
||||
+ cmin = packet_get_int();
|
||||
nbits = packet_get_int();
|
||||
- max = packet_get_int();
|
||||
- min = MAX(DH_GRP_MIN, min);
|
||||
- max = MIN(DH_GRP_MAX, max);
|
||||
+ cmax = packet_get_int();
|
||||
+ min = MAX(DH_GRP_MIN, cmin);
|
||||
+ max = MIN(DH_GRP_MAX, cmax);
|
||||
packet_check_eom();
|
||||
if (max < min || nbits < min || max < nbits)
|
||||
fatal("GSS_GEX, bad parameters: %d !< %d !< %d",
|
||||
@@ -234,7 +236,7 @@ kexgss_server(struct ssh *ssh)
|
||||
buffer_ptr(ssh->kex->peer), buffer_len(ssh->kex->peer),
|
||||
buffer_ptr(ssh->kex->my), buffer_len(ssh->kex->my),
|
||||
NULL, 0,
|
||||
- min, nbits, max,
|
||||
+ cmin, nbits, cmax,
|
||||
dh->p, dh->g,
|
||||
dh_client_pub,
|
||||
dh->pub_key,
|
||||
|
Loading…
Reference in New Issue
Block a user