Author: delphij
Date: Wed Nov 2 06:49:25 2016
New Revision: 308197
URL: https://svnweb.freebsd.org/changeset/base/308197
Log:
MFV r308196:
Fix OpenSSH remote Denial of Service vulnerability.
Security: CVE-2016-8858
Modified:
head/crypto/openssh/kex.c
Directory Properties:
head/crypto/openssh/ (props changed)
Modified: head/crypto/openssh/kex.c
==============================================================================
--- head/crypto/openssh/kex.c Wed Nov 2 06:43:20 2016 (r308196)
+++ head/crypto/openssh/kex.c Wed Nov 2 06:49:25 2016 (r308197)
@@ -468,6 +468,7 @@ kex_input_kexinit(int type, u_int32_t se
if (kex == NULL)
return SSH_ERR_INVALID_ARGUMENT;
+ ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, NULL);
ptr = sshpkt_ptr(ssh, &dlen);
if ((r = sshbuf_put(kex->peer, ptr, dlen)) != 0)
return r;
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "[email protected]"
