Hi, Attached are a couple of patches which fix 'first_kex_packet_follows' processing, based against master@a4cecf59d568d2b987c16a1209e357d0153a0216. The recent fixes with CVE-2015-3145 exposed these two bugs observable when testing with dropbear clients.
In the first bug, ensure to return SSH_OK when we ignore a KEXDH_INIT packet due to a wrong client guess. Previously the code here was checking its end return value to the uninitialized 'rc' local -- the bug was exposed with the CVE fix at bf0c7ae0aeb0ebe661d11ea6785fff2cbf4f3dbe. The second fix updates the 'first_kex_packet_follows' checking to consider *also* the host key type at hand in addition to the kex algorithm which was already being checked. Before these changes I'm able to observe failures between dropbear clients libssh server; after, things are working again for me. Thanks, -Jon Jon Simons (2): server: return SSH_OK for ignored SSH_MSG_KEXDH_INIT case kex: also compare host keys for 'first_kex_packet_follows' src/kex.c | 44 +++++++++++++++++++++++--------------------- src/server.c | 1 + 2 files changed, 24 insertions(+), 21 deletions(-) -- 1.9.1
