tomaswolf opened a new pull request #201: URL: https://github.com/apache/mina-sshd/pull/201
There was a window in AbstractSession.requestNewKeyExchange() during which the KEX state was set already to INIT, but the caller's proposal not set yet. If the peer had also decided to start a new key exchange, it was possible that the peer's KEX_INIT message arrived and was handled in that window and then proceeded with wrong or uninitialized data. KEX negotiation must start only when both proposals are indeed available. Thus wait when having received a KEX_INIT from the peer until our own proposal has been prepared before continuing with the negotiation. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
