diff options
author | Simon Cornish <[email protected]> | 2015-05-11 15:47:06 -0700 |
---|---|---|
committer | Hans Nilsson <[email protected]> | 2015-05-21 10:40:39 +0200 |
commit | 5e71fae6329a8cfa82ac5d5f9146e947fc92f542 (patch) | |
tree | 09bddcf545c473b220c39ca34b4ed45e42474c33 | |
parent | db7446a0235f5379ed230a51cc1d55475549f36b (diff) | |
download | otp-5e71fae6329a8cfa82ac5d5f9146e947fc92f542.tar.gz otp-5e71fae6329a8cfa82ac5d5f9146e947fc92f542.tar.bz2 otp-5e71fae6329a8cfa82ac5d5f9146e947fc92f542.zip |
Fix rekeying according to RFC 4253
When in the connected state, an received KEXINIT
message MUST be responded to with KEXINIT. After that,
the client may continue with KEXDH_INIT (or similar).
See the first paragraph on RFC 4253 sec. 9.
-rw-r--r-- | lib/ssh/src/ssh_connection_handler.erl | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index 2c7f132916..9b11cadab6 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -559,11 +559,13 @@ userauth(#ssh_msg_userauth_banner{message = Msg}, -spec connected({#ssh_msg_kexinit{}, binary()}, %%| %% #ssh_msg_kexdh_init{}, #state{}) -> gen_fsm_state_return(). %%-------------------------------------------------------------------- -connected({#ssh_msg_kexinit{}, _Payload} = Event, State) -> - kexinit(Event, State#state{renegotiate = true}). -%% ; -%% connected(#ssh_msg_kexdh_init{} = Event, State) -> -%% key_exchange(Event, State#state{renegotiate = true}). +connected({#ssh_msg_kexinit{}, _Payload} = Event, #state{ssh_params = Ssh0} = State0) -> + {KeyInitMsg, SshPacket, Ssh} = ssh_transport:key_exchange_init_msg(Ssh0), + State = State0#state{ssh_params = Ssh, + key_exchange_init_msg = KeyInitMsg, + renegotiate = true}, + send_msg(SshPacket, State), + kexinit(Event, State). %%-------------------------------------------------------------------- -spec handle_event(#ssh_msg_disconnect{} | #ssh_msg_ignore{} | #ssh_msg_debug{} | |