aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssh/src/ssh_transport.erl
diff options
context:
space:
mode:
authorHans <[email protected]>2015-05-26 19:23:04 +0200
committerHans <[email protected]>2015-05-29 15:00:21 +0200
commit979b94a3f31697fe06f329660f2ea9e48944490a (patch)
tree4aa73158d33fef0d014839d90c72333c37ee4dda /lib/ssh/src/ssh_transport.erl
parentf3fefbae24a2569a13b538d80d0e99129963ebef (diff)
downloadotp-979b94a3f31697fe06f329660f2ea9e48944490a.tar.gz
otp-979b94a3f31697fe06f329660f2ea9e48944490a.tar.bz2
otp-979b94a3f31697fe06f329660f2ea9e48944490a.zip
ssh: Set max num algoritms in msg_kexinit negotiation
This is to prevent some dos-attac scenarios. The limit is hard-coded.
Diffstat (limited to 'lib/ssh/src/ssh_transport.erl')
-rw-r--r--lib/ssh/src/ssh_transport.erl9
1 files changed, 7 insertions, 2 deletions
diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl
index 8669be570e..34b76f1b08 100644
--- a/lib/ssh/src/ssh_transport.erl
+++ b/lib/ssh/src/ssh_transport.erl
@@ -519,10 +519,15 @@ alg_final(SSH0) ->
{ok,SSH6} = decompress_final(SSH5),
SSH6.
-select_all(CL, SL) ->
+select_all(CL, SL) when length(CL) + length(SL) < 50 ->
A = CL -- SL, %% algortihms only used by client
%% algorithms used by client and server (client pref)
- lists:map(fun(ALG) -> list_to_atom(ALG) end, (CL -- A)).
+ lists:map(fun(ALG) -> list_to_atom(ALG) end, (CL -- A));
+select_all(_CL, _SL) ->
+ throw(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR,
+ description = "Too many algorithms",
+ language = "en"}).
+
select([], []) ->
none;