From: dtucker <dtucker>
Date: Sun, 29 Feb 2004 09:12:33 +0000 (+0000)
Subject:    - dtucker@cvs.openbsd.org 2004/02/27 22:42:47
X-Git-Tag: V_3_8_1_P1~60
X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/commitdiff_plain/8b0a55acefa42abaa6cb2412ffd3783bdaa9946c

   - dtucker@cvs.openbsd.org 2004/02/27 22:42:47
     [dh.c]
     Prevent sshd from sending DH groups with a primitive generator of zero or
     one, even if they are listed in /etc/moduli.  ok markus@
---

diff --git a/ChangeLog b/ChangeLog
index e9cda2a0..9fa11f5f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,10 @@
    - djm@cvs.openbsd.org 2004/02/25 00:22:45
      [sshd.c]
      typo in comment
+   - dtucker@cvs.openbsd.org 2004/02/27 22:42:47
+     [dh.c]
+     Prevent sshd from sending DH groups with a primitive generator of zero or
+     one, even if they are listed in /etc/moduli.  ok markus@
 
 20040226
  - (bal) KNF our sshlogin.c even if the code looks nothing like upstream
diff --git a/dh.c b/dh.c
index c7a3e18b..b58b8bc2 100644
--- a/dh.c
+++ b/dh.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: dh.c,v 1.26 2003/12/16 15:51:54 markus Exp $");
+RCSID("$OpenBSD: dh.c,v 1.27 2004/02/27 22:42:47 dtucker Exp $");
 
 #include "xmalloc.h"
 
@@ -91,6 +91,9 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg)
 	if (BN_num_bits(dhg->p) != dhg->size)
 		goto failclean;
 
+	if (BN_is_zero(dhg->g) || BN_is_one(dhg->g))
+		goto failclean;
+
 	return (1);
 
  failclean: