23 lines
860 B
Diff
23 lines
860 B
Diff
Description: CVE-2016-0787: Truncated Difffie-Hellman secret length
|
|
Convert bytes to bits in diffie_hellman_sha1. Otherwise we get far too
|
|
small numbers.
|
|
Origin: backport, http://www.libssh2.org/CVE-2016-0787.patch
|
|
Forwarded: not-needed
|
|
Author: Daniel Stenberg <daniel@haxx.se>
|
|
Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
|
|
Last-Update: 2016-02-18
|
|
Applied-Upstream: 1.7.0
|
|
---
|
|
|
|
--- a/src/kex.c
|
|
+++ b/src/kex.c
|
|
@@ -103,7 +103,7 @@ static int diffie_hellman_sha1(LIBSSH2_S
|
|
memset(&exchange_state->req_state, 0, sizeof(packet_require_state_t));
|
|
|
|
/* Generate x and e */
|
|
- _libssh2_bn_rand(exchange_state->x, group_order, 0, -1);
|
|
+ _libssh2_bn_rand(exchange_state->x, group_order * 8 - 1, 0, -1);
|
|
_libssh2_bn_mod_exp(exchange_state->e, g, exchange_state->x, p,
|
|
exchange_state->ctx);
|
|
|