CVE-2021-3634: Create a separate length for session_id

Normally, the length of session_id and secret_hash is the same, but if we will get into rekeying with a peer that changes preference of key exchange algorithm, the new secret hash can be larger or smaller than the previous session_id causing invalid reads or writes. Resolves https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35485 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2025-12-17 06:18:58 +03:00 · 2021-06-23 13:16:33 +02:00
parent a3b2229a4e
commit f5211239f9
10 changed files with 23 additions and 18 deletions
--- a/src/messages.c
+++ b/src/messages.c
@@ -714,8 +714,8 @@ static ssh_buffer ssh_msg_userauth_build_digest(ssh_session session,

    rc = ssh_buffer_pack(buffer,
                         "dPbsssbsS",
-                         crypto->digest_len, /* session ID string */
-                         (size_t)crypto->digest_len, crypto->session_id,
+                         crypto->session_id_len, /* session ID string */
+                         crypto->session_id_len, crypto->session_id,
                         SSH2_MSG_USERAUTH_REQUEST, /* type */
                         msg->auth_request.username,
                         service,