20070326

[openssh.git] / packet.c

diff --git a/packet.c b/packet.c
index a20e4ed02b85c662200ac9530724d249aabb7713..7d8fab1e90d92257718c4b142cb95da5488967e7 100644 (file)
--- a/packet.c
+++ b/packet.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.c,v 1.138 2006/07/25 02:59:21 stevesk Exp $ */
+/* $OpenBSD: packet.c,v 1.145 2006/09/19 21:14:08 markus Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -41,35 +41,36 @@
  
 #include <sys/types.h>
 #include "openbsd-compat/sys-queue.h"
+#include <sys/param.h>
 #include <sys/socket.h>
 #ifdef HAVE_SYS_TIME_H
 # include <sys/time.h>
 #endif
 
-#include <netinet/in_systm.h>
 #include <netinet/in.h>
 #include <netinet/ip.h>
+#include <arpa/inet.h>
 
 #include <errno.h>
 #include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
+#include <signal.h>
 
 #include "xmalloc.h"
 #include "buffer.h"
 #include "packet.h"
-#include "bufaux.h"
 #include "crc32.h"
-
 #include "compress.h"
 #include "deattack.h"
 #include "channels.h"
-
 #include "compat.h"
 #include "ssh1.h"
 #include "ssh2.h"
-
 #include "cipher.h"
+#include "key.h"
 #include "kex.h"
 #include "mac.h"
 #include "log.h"
@@ -675,7 +676,7 @@ set_newkeys(int mode)
 
 /*
  * Delayed compression for SSH2 is enabled after authentication:
- * This happans on the server side after a SSH2_MSG_USERAUTH_SUCCESS is sent,
+ * This happens on the server side after a SSH2_MSG_USERAUTH_SUCCESS is sent,
  * and on the client side after a SSH2_MSG_USERAUTH_SUCCESS is received.
  */
 static void
@@ -690,6 +691,9 @@ packet_enable_delayed_compress(void)
         */
        after_authentication = 1;
        for (mode = 0; mode < MODE_MAX; mode++) {
+               /* protocol error: USERAUTH_SUCCESS received before NEWKEYS */
+               if (newkeys[mode] == NULL)
+                       continue;
                comp = &newkeys[mode]->comp;
                if (comp && !comp->enabled && comp->type == COMP_DELAYED) {
                        packet_init_compression();
@@ -999,9 +1003,16 @@ packet_read_poll1(void)
         * (C)1998 CORE-SDI, Buenos Aires Argentina
         * Ariel Futoransky(futo@core-sdi.com)
         */
-       if (!receive_context.plaintext &&
-           detect_attack(buffer_ptr(&input), padded_len) == DEATTACK_DETECTED)
-               packet_disconnect("crc32 compensation attack: network attack detected");
+       if (!receive_context.plaintext) {
+               switch (detect_attack(buffer_ptr(&input), padded_len)) {
+               case DEATTACK_DETECTED:
+                       packet_disconnect("crc32 compensation attack: "
+                           "network attack detected");
+               case DEATTACK_DOS_DETECTED:
+                       packet_disconnect("deattack denial of "
+                           "service detected");
+               }
+       }
 
        /* Decrypt data to incoming_packet. */
        buffer_clear(&incoming_packet);