diff options
author | Hans <[email protected]> | 2015-05-26 19:23:04 +0200 |
---|---|---|
committer | Hans <[email protected]> | 2015-05-29 15:00:21 +0200 |
commit | 979b94a3f31697fe06f329660f2ea9e48944490a (patch) | |
tree | 4aa73158d33fef0d014839d90c72333c37ee4dda /lib/ssh/src/ssh_transport.erl | |
parent | f3fefbae24a2569a13b538d80d0e99129963ebef (diff) | |
download | otp-979b94a3f31697fe06f329660f2ea9e48944490a.tar.gz otp-979b94a3f31697fe06f329660f2ea9e48944490a.tar.bz2 otp-979b94a3f31697fe06f329660f2ea9e48944490a.zip |
ssh: Set max num algoritms in msg_kexinit negotiation
This is to prevent some dos-attac scenarios. The limit is hard-coded.
Diffstat (limited to 'lib/ssh/src/ssh_transport.erl')
-rw-r--r-- | lib/ssh/src/ssh_transport.erl | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index 8669be570e..34b76f1b08 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -519,10 +519,15 @@ alg_final(SSH0) -> {ok,SSH6} = decompress_final(SSH5), SSH6. -select_all(CL, SL) -> +select_all(CL, SL) when length(CL) + length(SL) < 50 -> A = CL -- SL, %% algortihms only used by client %% algorithms used by client and server (client pref) - lists:map(fun(ALG) -> list_to_atom(ALG) end, (CL -- A)). + lists:map(fun(ALG) -> list_to_atom(ALG) end, (CL -- A)); +select_all(_CL, _SL) -> + throw(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR, + description = "Too many algorithms", + language = "en"}). + select([], []) -> none; |