From 53ae2502f44f8fb8a34b620a7c6cbb53d80ed150 Mon Sep 17 00:00:00 2001 From: Anderson Toshiyuki Sasaki Date: Wed, 12 Jun 2019 18:00:34 +0200 Subject: [PATCH] kex: Only advertise allowed signature types Previously, if the client supported rsa-sha2-256 or rsa-sha2-512, the server would advertise the extensions as supported without checking its own list of allowed algorithms. Now the server will only advertise allowed signature algorithms. Signed-off-by: Anderson Toshiyuki Sasaki Reviewed-by: Andreas Schneider --- src/kex.c | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/src/kex.c b/src/kex.c index af95987b..6ea5e8ba 100644 --- a/src/kex.c +++ b/src/kex.c @@ -454,11 +454,29 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit) hostkeys = session->next_crypto->client_kex.methods[SSH_HOSTKEYS]; ok = ssh_match_group(hostkeys, "rsa-sha2-512"); if (ok) { - session->extensions |= SSH_EXT_SIG_RSA_SHA512; + /* Check if rsa-sha2-512 is allowed by config */ + if (session->opts.wanted_methods[SSH_HOSTKEYS] != NULL) { + char *is_allowed = + ssh_find_matching(session->opts.wanted_methods[SSH_HOSTKEYS], + "rsa-sha2-512"); + if (is_allowed != NULL) { + session->extensions |= SSH_EXT_SIG_RSA_SHA512; + } + SAFE_FREE(is_allowed); + } } ok = ssh_match_group(hostkeys, "rsa-sha2-256"); if (ok) { - session->extensions |= SSH_EXT_SIG_RSA_SHA256; + /* Check if rsa-sha2-256 is allowed by config */ + if (session->opts.wanted_methods[SSH_HOSTKEYS] != NULL) { + char *is_allowed = + ssh_find_matching(session->opts.wanted_methods[SSH_HOSTKEYS], + "rsa-sha2-256"); + if (is_allowed != NULL) { + session->extensions |= SSH_EXT_SIG_RSA_SHA256; + } + SAFE_FREE(is_allowed); + } } /*